210208179e5b58d849558ed55409a45dbc276935a4da1b5e53ec4745c7eb831c

Analysis

max time kernel
135s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
04/05/2024, 07:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

11b33f7d609534d8b66f5a0822e4de3e_JaffaCakes118.exe
Size

347KB
MD5

11b33f7d609534d8b66f5a0822e4de3e
SHA1

54cc7edad01925b04322dac8098c6dda87cefa06
SHA256

210208179e5b58d849558ed55409a45dbc276935a4da1b5e53ec4745c7eb831c
SHA512

5bcc15d139987691f797fc51e59bb7749ac605247137a56ed351404b01b07c34a4b7b09554a62485bd1194c13376c7442138f64fd33f1fd2d72806dda3100067
SSDEEP

3072:94URpNUUX6z/DBXJfo/wGP2z5hS9u5rO+IpemPQ+Qir+2v:94SUjhto00HemPJrv

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 4 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x000a000000023b8a-12.dat	acprotect
behavioral2/memory/3816-22-0x0000000074230000-0x0000000074239000-memory.dmp	acprotect
behavioral2/memory/3816-21-0x0000000074230000-0x0000000074239000-memory.dmp	acprotect
behavioral2/memory/3816-17-0x0000000074230000-0x0000000074239000-memory.dmp	acprotect

Loads dropped DLL 16 IoCs

pid	Process
3816	11b33f7d609534d8b66f5a0822e4de3e_JaffaCakes118.exe
3816	11b33f7d609534d8b66f5a0822e4de3e_JaffaCakes118.exe
3816	11b33f7d609534d8b66f5a0822e4de3e_JaffaCakes118.exe
3816	11b33f7d609534d8b66f5a0822e4de3e_JaffaCakes118.exe
3816	11b33f7d609534d8b66f5a0822e4de3e_JaffaCakes118.exe
3816	11b33f7d609534d8b66f5a0822e4de3e_JaffaCakes118.exe
3816	11b33f7d609534d8b66f5a0822e4de3e_JaffaCakes118.exe
3816	11b33f7d609534d8b66f5a0822e4de3e_JaffaCakes118.exe
3816	11b33f7d609534d8b66f5a0822e4de3e_JaffaCakes118.exe
3816	11b33f7d609534d8b66f5a0822e4de3e_JaffaCakes118.exe
3816	11b33f7d609534d8b66f5a0822e4de3e_JaffaCakes118.exe
3816	11b33f7d609534d8b66f5a0822e4de3e_JaffaCakes118.exe
3816	11b33f7d609534d8b66f5a0822e4de3e_JaffaCakes118.exe
3816	11b33f7d609534d8b66f5a0822e4de3e_JaffaCakes118.exe
3816	11b33f7d609534d8b66f5a0822e4de3e_JaffaCakes118.exe
3816	11b33f7d609534d8b66f5a0822e4de3e_JaffaCakes118.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x000a000000023b8a-12.dat	upx
behavioral2/memory/3816-22-0x0000000074230000-0x0000000074239000-memory.dmp	upx
behavioral2/memory/3816-21-0x0000000074230000-0x0000000074239000-memory.dmp	upx
behavioral2/memory/3816-17-0x0000000074230000-0x0000000074239000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\11b33f7d609534d8b66f5a0822e4de3e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\11b33f7d609534d8b66f5a0822e4de3e_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
PID:3816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsw3E23.tmp\InstallOptions.dll

Filesize
14KB

MD5
34466cab38abcbc09ffac768d526f896

SHA1
2684f5f6c2b005cba812fc8cc1157777554fa3a3

SHA256
8b4a1e7bf076c20240eb0a46cbdc8b835cfd89265fb78a3c1c5339ab820d2c1c

SHA512
5c6ae996a81f0fd9d3efe4e61c8683eb833cb203a476772c06eadb48e10e34d05a8fc2c837cf663dcc3a37713bd86694c8eb251868aa5bb42c4b21ba8c8e8fc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw3E23.tmp\c03lbdler.ini

Filesize
2KB

MD5
15bc05254befee3f2e2a80ff8569a956

SHA1
4628b2d50b22b03334ee55f6f120ad90698ddea0

SHA256
c6e61e998270aafbf71a482675ba4e449625e70a2bf574d3c7487c6dbf141b9d

SHA512
177cf714ee16864ceb235a2b7623a3cc3de1defae913342736d11897093524302a390cc9efb79f17fc613d2c8c96bce1bf14c6d7bb012d45069b916d4eb3fed9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw3E23.tmp\nsResize.dll

Filesize
4KB

MD5
aa849e7407cf349021812f62c001e097

SHA1
4cbb55b1d1dd95dcb7a36b5a44121ad4934539af

SHA256
29b0e5792679756a79d501e3a9b317971b08e876fac1c2476180d0ae83b77ba5

SHA512
4556baa49e8182d72e29e8d809635312142eb127039f5803ca0bf011b4359f0b584a670a3bd26a9969165a332cfa14a39abeaeae0b4d90519f91fdea755c54de

Download Submit
memory/3816-22-0x0000000074230000-0x0000000074239000-memory.dmp

Filesize
36KB

Download
memory/3816-17-0x0000000074230000-0x0000000074239000-memory.dmp

Filesize
36KB

Download
memory/3816-84-0x0000000074230000-0x0000000074239000-memory.dmp

Filesize
36KB

Download
memory/3816-83-0x0000000074230000-0x0000000074239000-memory.dmp

Filesize
36KB

Download
memory/3816-73-0x0000000074230000-0x0000000074239000-memory.dmp

Filesize
36KB

Download
memory/3816-72-0x0000000074230000-0x0000000074239000-memory.dmp

Filesize
36KB

Download
memory/3816-71-0x0000000074230000-0x0000000074239000-memory.dmp

Filesize
36KB

Download
memory/3816-89-0x0000000074230000-0x0000000074239000-memory.dmp

Filesize
36KB

Download
memory/3816-88-0x0000000074230000-0x0000000074239000-memory.dmp

Filesize
36KB

Download
memory/3816-87-0x0000000074230000-0x0000000074239000-memory.dmp

Filesize
36KB

Download
memory/3816-74-0x0000000074230000-0x0000000074239000-memory.dmp

Filesize
36KB

Download
memory/3816-86-0x0000000074230000-0x0000000074239000-memory.dmp

Filesize
36KB

Download
memory/3816-21-0x0000000074230000-0x0000000074239000-memory.dmp

Filesize
36KB

Download
memory/3816-85-0x0000000074230000-0x0000000074239000-memory.dmp

Filesize
36KB

Download
memory/3816-263-0x0000000074230000-0x0000000074239000-memory.dmp

Filesize
36KB

Download
memory/3816-265-0x0000000074230000-0x0000000074239000-memory.dmp

Filesize
36KB

Download
memory/3816-264-0x0000000074230000-0x0000000074239000-memory.dmp

Filesize
36KB

Download
memory/3816-266-0x0000000074230000-0x0000000074239000-memory.dmp

Filesize
36KB

Download
memory/3816-267-0x0000000074230000-0x0000000074239000-memory.dmp

Filesize
36KB

Download
memory/3816-274-0x0000000074230000-0x0000000074239000-memory.dmp

Filesize
36KB

Download
memory/3816-273-0x0000000074230000-0x0000000074239000-memory.dmp

Filesize
36KB

Download
memory/3816-272-0x0000000074230000-0x0000000074239000-memory.dmp

Filesize
36KB

Download
memory/3816-271-0x0000000074230000-0x0000000074239000-memory.dmp

Filesize
36KB

Download
memory/3816-270-0x0000000074230000-0x0000000074239000-memory.dmp

Filesize
36KB

Download
memory/3816-269-0x0000000074230000-0x0000000074239000-memory.dmp

Filesize
36KB

Download
memory/3816-268-0x0000000074230000-0x0000000074239000-memory.dmp

Filesize
36KB

Download