Analysis

  • max time kernel
    134s
  • max time network
    104s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/05/2024, 12:28

General

  • Target

    12bcdb449b0071b8451c4887a87efef9_JaffaCakes118.exe

  • Size

    5.5MB

  • MD5

    12bcdb449b0071b8451c4887a87efef9

  • SHA1

    34f179932ac93e0bf92c2fd8cd9fd44d479742fe

  • SHA256

    7d93356ce79e5c931bc2951c4284d42fc9210c8e130ffec7833463f3d7aaaa75

  • SHA512

    7be9f14b0535f8b43789136349d6725af474b5ab3820f74928a4ec2bcdd6df4747b8644937908a1a87c7d8e7d88db88505a6954861705077ab2bebdbf8ccc0a8

  • SSDEEP

    98304:l7vDN1vO9D5WE8YvH/UoGPiYaq1g5ox28qHIHic0SKVdIcVOteMO9hLQPZFTXjOF:l7bsfP/FGPEox25Hcwgc8eR9qtOFjeGb

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\12bcdb449b0071b8451c4887a87efef9_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\12bcdb449b0071b8451c4887a87efef9_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Modifies registry class
    PID:1416

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsa2D4C.tmp\System.dll

    Filesize

    11KB

    MD5

    c17103ae9072a06da581dec998343fc1

    SHA1

    b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    SHA256

    dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    SHA512

    d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

  • C:\opal\bin\NMSDVDXU.dll

    Filesize

    1.2MB

    MD5

    8f2e118719c0a8329ef00b58bb256483

    SHA1

    a9b426f52a7f931e2a268e28b25d93249ac515ee

    SHA256

    5fdbd14f8b88d21b58a138433c035031fb6a8c6be756b828dc126fce426dee70

    SHA512

    9ebe4c54556ab09f7fb7792f35ceb7459b7c306c08f3806bc28f7345020eac44f0a88ad9fab631bed5523112eddeb28d3cca03734ede4443cde4660b35f05007

  • C:\opal\bin\OpalWebKicker.dll

    Filesize

    552KB

    MD5

    a4bde4b2b0c5423a05fc497057a64fbb

    SHA1

    3f0d2862c31fe4fc018cb48ca202e87e6b15046f

    SHA256

    d4d980aa2ffcdb68a9984f31fa49f64bd491476a39d1169b0a5efe153a4f7f4a

    SHA512

    53b68a903ef916ccfa39e39b32cfba4da914879e6fea6946ced74e0320b475d5798dd297991bca1af71e63074d5611ef64c6f2e5bbb0d0de89b2f81188bd6c29

  • C:\opal\bin\VizMMC.ocx

    Filesize

    1.1MB

    MD5

    9e27fa1bbb7bf9a826d9092c69e79e4b

    SHA1

    78a0f434aec0e14e4654dce1fd7515ac22a9daaa

    SHA256

    b5fd602a3f7228fc2978e00dc7c50869f9bde6c351391894a299c186301454c8

    SHA512

    c29acfbe00e416667880d0d2c37ff1ad75f27dbb209129a9bc451c5c7df409c597c38fa26245b57b7e46f4dc39315e4647313c6762f45462cc258a12aa4ee165

  • memory/1416-19-0x0000000002EC0000-0x0000000002FEB000-memory.dmp

    Filesize

    1.2MB

  • memory/1416-30-0x0000000002EC0000-0x0000000002F4C000-memory.dmp

    Filesize

    560KB

  • memory/1416-39-0x00000000031A0000-0x00000000032D1000-memory.dmp

    Filesize

    1.2MB