Overview
overview
10Static
static
31791f9961b...18.exe
windows7-x64
101791f9961b...18.exe
windows10-2004-x64
7$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$TEMP/fireguard.dll
windows7-x64
3$TEMP/fireguard.dll
windows10-2004-x64
3Analysis
-
max time kernel
135s -
max time network
136s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
05-05-2024 11:59
Static task
static1
Behavioral task
behavioral1
Sample
1791f9961bf2f47483340dbf27282628_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
1791f9961bf2f47483340dbf27282628_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240215-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
$TEMP/fireguard.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
$TEMP/fireguard.dll
Resource
win10v2004-20240419-en
General
-
Target
1791f9961bf2f47483340dbf27282628_JaffaCakes118.exe
-
Size
401KB
-
MD5
1791f9961bf2f47483340dbf27282628
-
SHA1
e0595377579cd093ff5caa8bdab5893094d294e5
-
SHA256
8fc177801ebf737d388b516947106943c8bd3c6b4b3c1ed72486621b617cc397
-
SHA512
c6e81d0c7389e785d2be6cdafce36bc7c536a983ff178f4bc6f85ea3587ea77336c4db4bc6d375bd0f155b218c3dac65f0f74847f3c0a6b3db6c4f9b83feadf5
-
SSDEEP
12288:iOn6slzSR6croLZLontmIEGhmdyegN5KD/k:iOn6s06goLkNAPe
Malware Config
Signatures
-
Loads dropped DLL 2 IoCs
pid Process 4256 1791f9961bf2f47483340dbf27282628_JaffaCakes118.exe 4256 1791f9961bf2f47483340dbf27282628_JaffaCakes118.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\Windows\win.ini 1791f9961bf2f47483340dbf27282628_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
pid pid_target Process procid_target 16592 4256 WerFault.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\1791f9961bf2f47483340dbf27282628_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\1791f9961bf2f47483340dbf27282628_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Drops file in Windows directory
PID:4256 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 9442⤵
- Program crash
PID:16592
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4256 -ip 42561⤵PID:16572
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
69KB
MD50b5dbd2725bc7b0697f9ddeab360920f
SHA15b3feef13a8932f40cb6a55e6ca0df39cdc731b3
SHA256eed5d36879e2d0bee35d885b9546772c00d3f34115c4e23916cccfe87e33ea82
SHA512773a51541bd7c5f6ee1817b78ad156a8c81c060bc030a0b1f232ddcecabc873ae06b46fd038d44060ad283fd27137ef67854e18fd611157e828b5d8c0b5a6ac9
-
Filesize
11KB
MD5fbe295e5a1acfbd0a6271898f885fe6a
SHA1d6d205922e61635472efb13c2bb92c9ac6cb96da
SHA256a1390a78533c47e55cc364e97af431117126d04a7faed49390210ea3e89dd0e1
SHA5122cb596971e504eaf1ce8e3f09719ebfb3f6234cea5ca7b0d33ec7500832ff4b97ec2bbe15a1fbf7e6a5b02c59db824092b9562cd8991f4d027feab6fd3177b06
-
Filesize
131B
MD59848e4efb0abd437d65e6d3d1d973adb
SHA1f427ac7c50b19f66658ae7f92cbaf21110b49a47
SHA256c8b84add37da849977a84fe62badb6cb908be99769edb70d60bcd04c0aec2a3f
SHA512f90f1f65b6b824a526469b8d739f733a54a7f485d8b5f680de7a35fac90786bf6ba5a0b1d62e139663c5ee73b8d687cf32d4ccf188e18c53084ec12d8c216b17