14dcf16ecda93e0b750e97406d3f992210cc5c0ccc90a4b48c9ca46e38877d6b

Analysis

max time kernel
67s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
01/05/2024, 08:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0b682da624d128391ce25d2901338ec8_JaffaCakes118.exe
Size

283KB
MD5

0b682da624d128391ce25d2901338ec8
SHA1

b619f297ebb4c54e4feee5d1fb98bc21d071a17d
SHA256

14dcf16ecda93e0b750e97406d3f992210cc5c0ccc90a4b48c9ca46e38877d6b
SHA512

b043d8280c7340ca89e2d288b2f7ef57d32ed29bf53ac4b4287d00e39520425e1a0fd4971313a2881d04dfc50c3fff57cbc581cf7cb13353130cac56d914bb53
SSDEEP

6144:SUp/B8APOTBj5zzZVTB6JENPDXclQ9DK9mBaUZhDRPYk:SGO1Vz3TB6UTclQ9v9Yk

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 3 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x000b000000023ba2-2.dat	acprotect
behavioral2/files/0x000a000000023ba6-56.dat	acprotect
behavioral2/files/0x000a000000023ba7-69.dat	acprotect

Loads dropped DLL 35 IoCs

pid	Process
1124	0b682da624d128391ce25d2901338ec8_JaffaCakes118.exe
1124	0b682da624d128391ce25d2901338ec8_JaffaCakes118.exe
1124	0b682da624d128391ce25d2901338ec8_JaffaCakes118.exe
1124	0b682da624d128391ce25d2901338ec8_JaffaCakes118.exe
1124	0b682da624d128391ce25d2901338ec8_JaffaCakes118.exe
1124	0b682da624d128391ce25d2901338ec8_JaffaCakes118.exe
1124	0b682da624d128391ce25d2901338ec8_JaffaCakes118.exe
1124	0b682da624d128391ce25d2901338ec8_JaffaCakes118.exe
1124	0b682da624d128391ce25d2901338ec8_JaffaCakes118.exe
1124	0b682da624d128391ce25d2901338ec8_JaffaCakes118.exe
1124	0b682da624d128391ce25d2901338ec8_JaffaCakes118.exe
1124	0b682da624d128391ce25d2901338ec8_JaffaCakes118.exe
1124	0b682da624d128391ce25d2901338ec8_JaffaCakes118.exe
1124	0b682da624d128391ce25d2901338ec8_JaffaCakes118.exe
1124	0b682da624d128391ce25d2901338ec8_JaffaCakes118.exe
1124	0b682da624d128391ce25d2901338ec8_JaffaCakes118.exe
1124	0b682da624d128391ce25d2901338ec8_JaffaCakes118.exe
1124	0b682da624d128391ce25d2901338ec8_JaffaCakes118.exe
1124	0b682da624d128391ce25d2901338ec8_JaffaCakes118.exe
1124	0b682da624d128391ce25d2901338ec8_JaffaCakes118.exe
1124	0b682da624d128391ce25d2901338ec8_JaffaCakes118.exe
1124	0b682da624d128391ce25d2901338ec8_JaffaCakes118.exe
1124	0b682da624d128391ce25d2901338ec8_JaffaCakes118.exe
1124	0b682da624d128391ce25d2901338ec8_JaffaCakes118.exe
1124	0b682da624d128391ce25d2901338ec8_JaffaCakes118.exe
1124	0b682da624d128391ce25d2901338ec8_JaffaCakes118.exe
1124	0b682da624d128391ce25d2901338ec8_JaffaCakes118.exe
1124	0b682da624d128391ce25d2901338ec8_JaffaCakes118.exe
1124	0b682da624d128391ce25d2901338ec8_JaffaCakes118.exe
1124	0b682da624d128391ce25d2901338ec8_JaffaCakes118.exe
1124	0b682da624d128391ce25d2901338ec8_JaffaCakes118.exe
1124	0b682da624d128391ce25d2901338ec8_JaffaCakes118.exe
1124	0b682da624d128391ce25d2901338ec8_JaffaCakes118.exe
1124	0b682da624d128391ce25d2901338ec8_JaffaCakes118.exe
1124	0b682da624d128391ce25d2901338ec8_JaffaCakes118.exe

UPX packed file 14 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x000b000000023ba2-2.dat	upx
behavioral2/files/0x000a000000023ba6-56.dat	upx
behavioral2/files/0x000a000000023ba7-69.dat	upx
behavioral2/memory/1124-6-0x0000000074DD0000-0x0000000074E39000-memory.dmp	upx
behavioral2/memory/1124-109-0x0000000074B70000-0x0000000074BD9000-memory.dmp	upx
behavioral2/memory/1124-111-0x0000000074E30000-0x0000000074E3A000-memory.dmp	upx
behavioral2/memory/1124-148-0x0000000074B70000-0x0000000074BD9000-memory.dmp	upx
behavioral2/memory/1124-144-0x0000000074B70000-0x0000000074BD9000-memory.dmp	upx
behavioral2/memory/1124-142-0x0000000074B70000-0x0000000074BD9000-memory.dmp	upx
behavioral2/memory/1124-137-0x0000000074B70000-0x0000000074BD9000-memory.dmp	upx
behavioral2/memory/1124-158-0x0000000074B70000-0x0000000074BD9000-memory.dmp	upx
behavioral2/memory/1124-157-0x0000000074B70000-0x0000000074BD9000-memory.dmp	upx
behavioral2/memory/1124-209-0x0000000074B70000-0x0000000074BD9000-memory.dmp	upx
behavioral2/memory/1124-244-0x0000000074B70000-0x0000000074BD9000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\0b682da624d128391ce25d2901338ec8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0b682da624d128391ce25d2901338ec8_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
PID:1124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsx417E.tmp\extra.dll

Filesize
177KB

MD5
ddc0cd4c52586a7d90e498a660f4c771

SHA1
493f0f3d65018a7e659bef143665f495ad9251ed

SHA256
2df15d16e5b37de207c58f86770e82b1bbc21788c9560f34450acb48a9c5c208

SHA512
3e2f8cce4a9469cd94472ffa96217d6279cea2326c738460aa5d111b9b1036a728cccd47fab561d564b26a8187f4fd527cc1d16070eb6f9fb0e296cd4b3a24cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx417E.tmp\nsJSON.dll

Filesize
7KB

MD5
78b913fcd04259634a5e901c616e6074

SHA1
ad5e1c651851a1125bcad79b01ccdcfa45df4799

SHA256
e3ce60666bb88c2412615ef9f432ec24e219532dee5cc1c7aebc65ed9ec94d59

SHA512
cbe07179dd93011f3d9a8f83541961ff34fb83d96658ac82a433ef0aa3399b183eaec3e6a49ec1c1e478d1eada2d3ebc78ffb1ae0574984ae66a7a9cab5d59e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx417E.tmp\sign.dll

Filesize
32KB

MD5
d30b6c8d2f38e6abbb2f39bac0808bc0

SHA1
f1bca6416ae0f4c52e5b076381c72b18472954d8

SHA256
1f2b4549129c1b98c5674fe363a0267376dfd623323c5815216043dfa7fe1f2a

SHA512
3bf03d839ffa04c1d5eeb89a6405820ab2eea3548050e730255df7e84dfc729157c0d5c7eceeead5e8e1f4aa23777fe78a5582f0772c85bf0f793dd245a887e8

Download Submit
memory/1124-116-0x0000000074DD0000-0x0000000074E39000-memory.dmp

Filesize
420KB

Download
memory/1124-100-0x0000000074DD0000-0x0000000074E39000-memory.dmp

Filesize
420KB

Download
memory/1124-97-0x0000000074DD0000-0x0000000074E39000-memory.dmp

Filesize
420KB

Download
memory/1124-109-0x0000000074B70000-0x0000000074BD9000-memory.dmp

Filesize
420KB

Download
memory/1124-111-0x0000000074E30000-0x0000000074E3A000-memory.dmp

Filesize
40KB

Download
memory/1124-110-0x0000000074E20000-0x0000000074E37000-memory.dmp

Filesize
92KB

Download
memory/1124-108-0x0000000074E20000-0x0000000074E37000-memory.dmp

Filesize
92KB

Download
memory/1124-107-0x0000000074DD0000-0x0000000074E39000-memory.dmp

Filesize
420KB

Download
memory/1124-106-0x0000000074DD0000-0x0000000074E39000-memory.dmp

Filesize
420KB

Download
memory/1124-105-0x0000000074DD0000-0x0000000074E39000-memory.dmp

Filesize
420KB

Download
memory/1124-104-0x0000000074DD0000-0x0000000074E39000-memory.dmp

Filesize
420KB

Download
memory/1124-103-0x0000000074DD0000-0x0000000074E39000-memory.dmp

Filesize
420KB

Download
memory/1124-102-0x0000000074DD0000-0x0000000074E39000-memory.dmp

Filesize
420KB

Download
memory/1124-101-0x0000000074DD0000-0x0000000074E39000-memory.dmp

Filesize
420KB

Download
memory/1124-128-0x0000000074E20000-0x0000000074E37000-memory.dmp

Filesize
92KB

Download
memory/1124-99-0x0000000074DD0000-0x0000000074E39000-memory.dmp

Filesize
420KB

Download
memory/1124-98-0x0000000074DD0000-0x0000000074E39000-memory.dmp

Filesize
420KB

Download
memory/1124-6-0x0000000074DD0000-0x0000000074E39000-memory.dmp

Filesize
420KB

Download
memory/1124-96-0x0000000074DD0000-0x0000000074E39000-memory.dmp

Filesize
420KB

Download
memory/1124-117-0x0000000074DD0000-0x0000000074E39000-memory.dmp

Filesize
420KB

Download
memory/1124-122-0x0000000074DD0000-0x0000000074E39000-memory.dmp

Filesize
420KB

Download
memory/1124-126-0x0000000074DD0000-0x0000000074E39000-memory.dmp

Filesize
420KB

Download
memory/1124-125-0x0000000074DD0000-0x0000000074E39000-memory.dmp

Filesize
420KB

Download
memory/1124-124-0x0000000074DD0000-0x0000000074E39000-memory.dmp

Filesize
420KB

Download
memory/1124-123-0x0000000074DD0000-0x0000000074E39000-memory.dmp

Filesize
420KB

Download
memory/1124-127-0x0000000074DD0000-0x0000000074E39000-memory.dmp

Filesize
420KB

Download
memory/1124-121-0x0000000074DD0000-0x0000000074E39000-memory.dmp

Filesize
420KB

Download
memory/1124-120-0x0000000074DD0000-0x0000000074E39000-memory.dmp

Filesize
420KB

Download
memory/1124-119-0x0000000074DD0000-0x0000000074E39000-memory.dmp

Filesize
420KB

Download
memory/1124-118-0x0000000074DD0000-0x0000000074E39000-memory.dmp

Filesize
420KB

Download
memory/1124-148-0x0000000074B70000-0x0000000074BD9000-memory.dmp

Filesize
420KB

Download
memory/1124-144-0x0000000074B70000-0x0000000074BD9000-memory.dmp

Filesize
420KB

Download
memory/1124-142-0x0000000074B70000-0x0000000074BD9000-memory.dmp

Filesize
420KB

Download
memory/1124-137-0x0000000074B70000-0x0000000074BD9000-memory.dmp

Filesize
420KB

Download
memory/1124-158-0x0000000074B70000-0x0000000074BD9000-memory.dmp

Filesize
420KB

Download
memory/1124-157-0x0000000074B70000-0x0000000074BD9000-memory.dmp

Filesize
420KB

Download
memory/1124-209-0x0000000074B70000-0x0000000074BD9000-memory.dmp

Filesize
420KB

Download
memory/1124-242-0x0000000074B70000-0x0000000074BD9000-memory.dmp

Filesize
420KB

Download
memory/1124-244-0x0000000074B70000-0x0000000074BD9000-memory.dmp

Filesize
420KB

Download
memory/1124-251-0x0000000074E20000-0x0000000074E28000-memory.dmp

Filesize
32KB

Download