Overview

overview

7

Static

static

3

15908a5e48...18.exe

windows7-x64

7

15908a5e48...18.exe

windows10-2004-x64

7

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ou.dll

windows7-x64

3

$PLUGINSDI...ou.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    142s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    05/05/2024, 02:26

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    15908a5e48ae84b6ffe5d3fe85f0d7cd_JaffaCakes118.exe

  • Size

    577KB

  • MD5

    15908a5e48ae84b6ffe5d3fe85f0d7cd

  • SHA1

    b4db17efa58d3ff3f8a36b9593274e3167af6f6b

  • SHA256

    2479679e552f97a643b5c3781fe03c47db757759c4c1eab313dcb41858577463

  • SHA512

    9e6c65942d07f13ed8e66b6e29bc2dd74369ac08968c8926366453617f49cd9c1c51bb368ec43639373e973688b9351966414f37d29faaeeb983aa63ced58a7c

  • SSDEEP

    6144:iZ6IxwqFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFM:i0IWKCtQ2l6wEFv3kAGXstRRM4BTIRP7

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 16 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\15908a5e48ae84b6ffe5d3fe85f0d7cd_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15908a5e48ae84b6ffe5d3fe85f0d7cd_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2696

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\nsy191D.tmp\ButtonEvent.dll
          Filesize

          4KB

          MD5

          55788069d3fa4e1daf80f3339fa86fe2

          SHA1

          d64e05c1879a92d5a8f9ff2fd2f1a53e1a53ae96

          SHA256

          d6e429a063adf637f4d19d4e2eb094d9ff27382b21a1f6dccf9284afb5ff8c7f

          SHA512

          d3b1eec76e571b657df444c59c48cad73a58d1a10ff463ce9f3acd07acce17d589c3396ad5bdb94da585da08d422d863ffe1de11f64298329455f6d8ee320616

          Download Submit

        • \Users\Admin\AppData\Local\Temp\nsy191D.tmp\LangDLL.dll
          Filesize

          7KB

          MD5

          0f17cabaf6d91982dc237306e9c20adc

          SHA1

          33f492c44cba8d4848b2695ba10d854f172da6e9

          SHA256

          8cced233229fec03b313f5e6e5b883aaf13735fab18852f3297b57441902a738

          SHA512

          a42b096fe8c39feb71f6d23ddcb08e6429900c06e16c8177a5c75eeb549937075832c2c301455f8d13d83cc10e2c1fddb009e96bd2c9f629a2c6cb3b31cbee6b

          Download Submit

        • \Users\Admin\AppData\Local\Temp\nsy191D.tmp\NSISdl.dll
          Filesize

          80KB

          MD5

          8098a39adb804c6ae307ffca99cb67ac

          SHA1

          27826b6261eb8a7db99e0f677e870dcc1c1efccd

          SHA256

          ae6846b76dd50ce7659b35d7544e8274af552df124256e1019a95d875c51ab26

          SHA512

          ecf720de8c1a317dd9e0e98ecf8b9931c684bcea05dc07ab2b9dc30b2061358243e1e4214a7325d5450f4452dc7148f0e0c8c3476070c8b8c20111b079c79e3d

          Download Submit

        • \Users\Admin\AppData\Local\Temp\nsy191D.tmp\System.dll
          Filesize

          16KB

          MD5

          991d09235944414ae51be4dd7611f7f7

          SHA1

          b34d6b0ccb1013ddb5c2eb80f02b03a2b893911b

          SHA256

          3f13314bb93a92748e3a08f47e23b3206196a6c7e59f7aee3382a601b8c3e366

          SHA512

          63ccdb59b7f7a940bd93fb0a4f9cf3c15a25e4a7ee0468d6c2072ebbfebe23d3a21f11148587c904acf58064ed576f460beeb90fac5af79235624b1679c4da38

          Download Submit

        • \Users\Admin\AppData\Local\Temp\nsy191D.tmp\WmiInspector.dll
          Filesize

          104KB

          MD5

          8531346d16fa5d4768f6530d2eb2b65c

          SHA1

          153601d36aa0ddfbc597b1e890917364878791ca

          SHA256

          a9347413de4b0f90cac0b5e300cec9c867bdb28bd7a60d07b10fd31ee56c60cb

          SHA512

          f214e75de20edeb7eece02659fd7dafc8c3d63c2350c58825bc6e9ce0b73237962d8273b4bc803a2f304cee9f9cad1cd4edab28322c1e678bc25eb88faa6a841

          Download Submit

        • \Users\Admin\AppData\Local\Temp\nsy191D.tmp\nsDialogs.dll
          Filesize

          11KB

          MD5

          0c7b5ed8d024133f937fbf9b8109bf41

          SHA1

          0cbea8cc65a927ac2d67b2f7fa7e887d4d2a9298

          SHA256

          62df4a84ebf07a467ad59f1ce9bd635ce819aff8e181bab5e99eb8ff3ed8e2d6

          SHA512

          e79f4881f0cfbf3af4411e57a03c76dc5e08672df69c4c1edc852cf77d5aec53b2e08e5218e2372b86e4743c844fac57a968464fdad5d694228b009a9a7b4dd3

          Download Submit

        • \Users\Admin\AppData\Local\Temp\nsy191D.tmp\nsRichEdit.dll
          Filesize

          5KB

          MD5

          02f1858b3131ffc3fc5e3a5391d3a489

          SHA1

          454a6d749cf55ff990bd9f57941aca9d1f1674f6

          SHA256

          f00bd6d3e7c7b8e8ad18b7dc6275fb80cc720fb164200a6506f50f6e66998b12

          SHA512

          8147fa8014a5065f4fed7de1fbb9c2ee2c1b94d63596f7bbcf6821ecd41a73d25ebdfa1e71ca74d7598cba063042b6dfcaf050a23d0c855a7b6fbc94147ab41b

          Download Submit

        • memory/2696-48-0x0000000000400000-0x00000000004D2000-memory.dmp

          Filesize

          840KB

          Download

        • memory/2696-49-0x000000006E3C0000-0x000000006E3CA000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2696-50-0x000000006EF00000-0x000000006EF08000-memory.dmp

          Filesize

          32KB

          Download

        • memory/2696-85-0x0000000000400000-0x00000000004D2000-memory.dmp

          Filesize

          840KB

          Download

        • memory/2696-86-0x000000006E3C0000-0x000000006E3CA000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2696-88-0x00000000747F0000-0x00000000747F9000-memory.dmp

          Filesize

          36KB

          Download

        • memory/2696-87-0x000000006E940000-0x000000006E94A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2696-95-0x00000000747F0000-0x00000000747F9000-memory.dmp

          Filesize

          36KB

          Download