Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    04-05-2024 11:02

General

  • Target

    126fff08a5955d42438875e98c23487e_JaffaCakes118.exe

  • Size

    4.6MB

  • MD5

    126fff08a5955d42438875e98c23487e

  • SHA1

    c358de8d49e52feb00342e2413b67448ec620ea5

  • SHA256

    5c8976657c81b6efedcccafafc4fa3a9ad53f2c72abde0e8256ee9c1de0cbdf2

  • SHA512

    32fdcd5d68dc367febd26a076f2db003f98fbf5248bac33b87904ec818e5bc43cad4904ce54307a652dcc5cce699ca854f539f8807520902ff5c865cbed0392e

  • SSDEEP

    98304:qwoiFIZ3et8abLGAQfBIqtO/ZIpBrfhuM/etsIcqC3qK:qwl/hPQfBIf6phZx/osJqCh

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\126fff08a5955d42438875e98c23487e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\126fff08a5955d42438875e98c23487e_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2328

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nso13FF.tmp\ioSpecial.ini

    Filesize

    647B

    MD5

    80c9c8ff813de139c62aeb073cb8e890

    SHA1

    1897eca4e10986ecdf9c65ad15919e150069abfb

    SHA256

    dd05f71301cb6ad4fa9a7fc01c00c3c0bf39932c34bbe365b52e3a4202326bad

    SHA512

    80cd5f81ab2c0fa4fb5b6ff44ec8bcbc630b107a05a8e8315f11796c0bf28a285526c23ff385b6bb3c78b2f8598762e4524138e4589a9fcaef36093a21be71d7

  • \Users\Admin\AppData\Local\Temp\nso13FF.tmp\InstallOptions.dll

    Filesize

    14KB

    MD5

    296a5f3179fa8d7a7a855eaf696ede44

    SHA1

    57aa5b71553ed282dd22c768e039a187f5c13f63

    SHA256

    ee0ad77e681c4d0fdf1d67df5f4ca03e6bdd8e3b05dfb47a83ad5c733ed62960

    SHA512

    bc527d1485f468e8d098057e0e38e8cb7aa6eb64d4ca30927b99b1552a3177b132b989015ff95bdf2ca046bf11a54b4b456f51e024fbc734fbb548c3499e53f6