dcf38e1ea5318c74265b190c09c53cf20fc9d252fcbe680f3f347889ce1b08fc

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 08:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1ff9d4779f0a5f7ff1f491a0da3f48ad_JaffaCakes118.exe
Size

9.8MB
MD5

1ff9d4779f0a5f7ff1f491a0da3f48ad
SHA1

7e1d9cb9a9052de7b4e514d78639e9782477b3b4
SHA256

dcf38e1ea5318c74265b190c09c53cf20fc9d252fcbe680f3f347889ce1b08fc
SHA512

371cb8f1f5cdccd2befccd771f0b4d9aef1248229907ccb010e615fd23ca095e8b6da002e6e4da2a859b6fdfa90aeb77a3a553088fd918030afb3798a703fb38
SSDEEP

196608:McMFWMFO60g9ceu0gRHEMz5WZS46YGLFXNpXoudoac5yjgnj1BA:McoFOloNEH7qBHioa0yjgnjc

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 4 IoCs

pid	Process
1256	1ff9d4779f0a5f7ff1f491a0da3f48ad_JaffaCakes118.exe
1256	1ff9d4779f0a5f7ff1f491a0da3f48ad_JaffaCakes118.exe
1256	1ff9d4779f0a5f7ff1f491a0da3f48ad_JaffaCakes118.exe
1256	1ff9d4779f0a5f7ff1f491a0da3f48ad_JaffaCakes118.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\360Safebox\dpath_.ini	1ff9d4779f0a5f7ff1f491a0da3f48ad_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\360Safebox\	1ff9d4779f0a5f7ff1f491a0da3f48ad_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\1ff9d4779f0a5f7ff1f491a0da3f48ad_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1ff9d4779f0a5f7ff1f491a0da3f48ad_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
PID:1256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\D9BoD9.dll

Filesize
238KB

MD5
b3feb528b317c30c001841ac5120c4f3

SHA1
d4d0dea8b337c6858e8c823a522443d08b57f8d0

SHA256
631d53331e08f4ba9e99aec6112b017e47dcc5a83ea3aee6ba7201be49ccd16e

SHA512
eb85c41bda9d81d3989e16ea66d3dcb787935947b3ab6c44a084caecac7eafd3475abd5e6325049e7613adc951bef26c6199f173d4579dd52cb3a4ea79b001e5

Download Submit
\Users\Admin\AppData\Local\Temp\E69iE6.dll

Filesize
379KB

MD5
d34b6fcd679bc2547ee20614ddf776fa

SHA1
1379b5ce653d39a5eee2c4900c8e08d5b5ec2647

SHA256
ee98a42fe08074869f9cd5ac86c79aea1831d698cfc3890f45682b6fd94ddde0

SHA512
8f2e6721a0821bc851e0a96d09062b50752a13441c46df91a6f7a6fd675fc4d79345ac99b1090f5a95e272ded41ba5f73ec369febf66d5c8e1edc421db2fa98d

Download Submit
\Users\Admin\AppData\Local\Temp\nsiD7A.tmp\System.dll

Filesize
11KB

MD5
959ea64598b9a3e494c00e8fa793be7e

SHA1
40f284a3b92c2f04b1038def79579d4b3d066ee0

SHA256
03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b

SHA512
5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

Download Submit
memory/1256-16-0x00000000005E0000-0x000000000061F000-memory.dmp

Filesize
252KB

Download
memory/1256-31-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/1256-34-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download