Analysis
-
max time kernel
16s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
22-07-2024 08:46
General
-
Target
62902db8994a5807c218009e89450b03_JaffaCakes118.exe
-
Size
216KB
-
MD5
62902db8994a5807c218009e89450b03
-
SHA1
4671392157e62707ca6eb8b1af3091be68669465
-
SHA256
f31210786cbabbdea7382aeab2b4b52083c0f089b42bc9afd646c262eef68236
-
SHA512
4c5ef75020e15e28c7ae076ad7061ff0a231fcb50e2a38264ac6e4910c732b475cd79cfe2a7cb185acfb325adffdd4f446f2ec7ab153d4f6bc7d3c98bf8e84af
-
SSDEEP
3072:TMpb5LjxcYtMgUeVKFlqOngFIzNKPMWhSA+FudyiJEDyJ:T2b5LY7IilqlCsK7FuDEmJ
Malware Config
Signatures
-
Drops file in Windows directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\62902db8994a5807c218009e89450b03_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\62902db8994a5807c218009e89450b03_JaffaCakes118.exe"1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe"C:\Windows\System32\regsvr32.exe" C:\Windows\win32_77c.dll /s2⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 4762⤵
- Program crash
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
159KB
MD5a262799a06011e2e2e049bba43a3f3c1
SHA1eecd4286f2cf9bc48f3e2fa6bca15eb0a21b65d5
SHA2566b1c217f7a5220a5e2fd1d1a1a403c46a30dbe6d5c7b3ce5a8b14a1b9d91f1ce
SHA512aa891c43e9b8129a5e3886dd1f1379ff8b15bae8c5cdcb04657be3a2039e06bde72abe5b809f192c9242e1208fd1a66c68c2925b1f4e87eb258106fc65f8ec84