65d3d9758767ee80af3439f529e4c18f72054996807353364c77d8773f83e851

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2024, 12:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

679234ccb006383a6a7df20b674a47e8_JaffaCakes118.exe
Size

2.5MB
MD5

679234ccb006383a6a7df20b674a47e8
SHA1

e06d18fc8030d877cedea8905716c7c63c94acfe
SHA256

65d3d9758767ee80af3439f529e4c18f72054996807353364c77d8773f83e851
SHA512

c728fa8704af2b34d67c19904b8fbfb820aaf5c2e25d480a59951c2112af310512fd074363988582be9676606b278c1e7a0715bedb7a0da14043cfaa62c1d85b
SSDEEP

49152:S0qUQBTNMAa9q4fzvIT/XHmFE77U6iValcd:SkQtN9alfo3kEc6Ed

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4292	679234ccb006383a6a7df20b674a47e8_JaffaCakes118.exe
4292	679234ccb006383a6a7df20b674a47e8_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\679234ccb006383a6a7df20b674a47e8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\679234ccb006383a6a7df20b674a47e8_JaffaCakes118.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4292-0-0x0000000000400000-0x000000000069F000-memory.dmp

Filesize
2.6MB

Download
memory/4292-12-0x0000000002540000-0x0000000002541000-memory.dmp

Filesize
4KB

Download
memory/4292-13-0x00000000004C6000-0x00000000004C7000-memory.dmp

Filesize
4KB

Download
memory/4292-14-0x0000000000400000-0x000000000069F000-memory.dmp

Filesize
2.6MB

Download
memory/4292-15-0x0000000000400000-0x000000000069F000-memory.dmp

Filesize
2.6MB

Download
memory/4292-16-0x0000000002540000-0x0000000002541000-memory.dmp

Filesize
4KB

Download