Overview

overview

10

Static

static

3

1b023b6f6a...18.exe

windows7-x64

10

1b023b6f6a...18.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$TEMP/shwa.dll

windows7-x64

3

$TEMP/shwa.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    129s
  • max time network
    130s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-05-2024 05:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1b023b6f6a4447cd8c2d8e841f542227_JaffaCakes118.exe

  • Size

    344KB

  • MD5

    1b023b6f6a4447cd8c2d8e841f542227

  • SHA1

    397af11ba7d160ab76f3099798257c057790280a

  • SHA256

    465e437108d6f904ff77ea9a39df2e764449efeb2100c79fbba6cb092b0d3633

  • SHA512

    3326329715fc325a712607b59204a17ec1f8d19868fc644ec1fe282b5c5e40577faff17c372e1c2ab885a9f37d96e09afee4e5ca27b424f3e10140b1b7cd8150

  • SSDEEP

    6144:fWNdxridQv5Rzh+uSrEga5GJvh4BTFWSPEhaxso8zM2bGgWzRXEGPLyhq9rf7qu5:udxed4guKEge2vh4BTFWwCo0M2bEzRXn

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1b023b6f6a4447cd8c2d8e841f542227_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\1b023b6f6a4447cd8c2d8e841f542227_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    PID:3796
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 924
      2⤵
      • Program crash
      PID:5940
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3796 -ip 3796
    1⤵
      PID:5968

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\nsk39EE.tmp\System.dll
      Filesize

      11KB

      MD5

      fbe295e5a1acfbd0a6271898f885fe6a

      SHA1

      d6d205922e61635472efb13c2bb92c9ac6cb96da

      SHA256

      a1390a78533c47e55cc364e97af431117126d04a7faed49390210ea3e89dd0e1

      SHA512

      2cb596971e504eaf1ce8e3f09719ebfb3f6234cea5ca7b0d33ec7500832ff4b97ec2bbe15a1fbf7e6a5b02c59db824092b9562cd8991f4d027feab6fd3177b06

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\shwa.dll
      Filesize

      23KB

      MD5

      e9f0406091c6e24979d02df7e6af742c

      SHA1

      2962e5b0043d6bcd777be53877fba3e6ade3dbe5

      SHA256

      a134f9624f6f880bfd2ba5b242e519961af92de5d22733892fe2373e0083ffd4

      SHA512

      45db0bce7c6f165fa15597d70e7da7abff0cb0e824a44f2516809157177ca7ccda0ddd0e2c74ba10be657be94700bb9d2ad81399143be94166802590ce74f5d2

      Download Submit
    • C:\Windows\win.ini
      Filesize

      131B

      MD5

      9848e4efb0abd437d65e6d3d1d973adb

      SHA1

      f427ac7c50b19f66658ae7f92cbaf21110b49a47

      SHA256

      c8b84add37da849977a84fe62badb6cb908be99769edb70d60bcd04c0aec2a3f

      SHA512

      f90f1f65b6b824a526469b8d739f733a54a7f485d8b5f680de7a35fac90786bf6ba5a0b1d62e139663c5ee73b8d687cf32d4ccf188e18c53084ec12d8c216b17

      Download Submit
    • memory/3796-19-0x0000000002A60000-0x0000000002A61000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3796-18-0x0000000002500000-0x0000000002501000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3796-12-0x0000000002A70000-0x0000000002A83000-memory.dmp
      Filesize

      76KB

      Download
    • memory/3796-100021-0x0000000002B50000-0x0000000002B58000-memory.dmp
      Filesize

      32KB

      Download