Overview

overview

7

Static

static

3

00c3a1698b...18.exe

windows7-x64

7

00c3a1698b...18.exe

windows10-2004-x64

7

$PLUGINSDIR/INetC.dll

windows7-x64

3

$PLUGINSDIR/INetC.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    67s
  • max time network
    50s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/04/2024, 12:23

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    00c3a1698b4d6cf2bae39795c2b59df1_JaffaCakes118.exe

  • Size

    123KB

  • MD5

    00c3a1698b4d6cf2bae39795c2b59df1

  • SHA1

    e5197f7c0604ec4b61adae7a129983f1ee7d07bb

  • SHA256

    ee55dacebd6ebd588ba29ead76277024feefd1cb43ce20c9d7c29fd8ea79212a

  • SHA512

    bbdbfcb2272794c22174128f44fbfaf427b89b5692762831fb11fc12a088fa92aa3d5efa0886add3fe8dbbcb89bebd973c3d381117d79b510246afc3000fa49d

  • SSDEEP

    1536:SU+dcy3fxBk9UmZHs/hcnHSEx03E0kWZaPHQ/7WDyQ5aoi0Eg7Eeo/lpsC:SNzPHk9MpcHB0Uk7YZar0seoN1

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\00c3a1698b4d6cf2bae39795c2b59df1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\00c3a1698b4d6cf2bae39795c2b59df1_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:1528

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\nsj44CB.tmp\INetC.dll
          Filesize

          21KB

          MD5

          92ec4dd8c0ddd8c4305ae1684ab65fb0

          SHA1

          d850013d582a62e502942f0dd282cc0c29c4310e

          SHA256

          5520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934

          SHA512

          581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsj44CB.tmp\nsProcess.dll
          Filesize

          4KB

          MD5

          faa7f034b38e729a983965c04cc70fc1

          SHA1

          df8bda55b498976ea47d25d8a77539b049dab55e

          SHA256

          579a034ff5ab9b732a318b1636c2902840f604e8e664f5b93c07a99253b3c9cf

          SHA512

          7868f9b437fcf829ad993ff57995f58836ad578458994361c72ae1bf1dfb74022f9f9e948b48afd3361ed3426c4f85b4bb0d595e38ee278fee5c4425c4491dbf

          Download Submit