Overview

overview

7

Static

static

3

2c206320a5...18.exe

windows7-x64

7

2c206320a5...18.exe

windows10-2004-x64

7

$PLUGINSDI...ad.dll

windows7-x64

1

$PLUGINSDI...ad.dll

windows10-2004-x64

1

$PLUGINSDI...in.dll

windows7-x64

3

$PLUGINSDI...in.dll

windows10-2004-x64

3

$PLUGINSDIR/dl.dll

windows7-x64

1

$PLUGINSDIR/dl.dll

windows10-2004-x64

1

$PLUGINSDI...vq.dll

windows7-x64

3

$PLUGINSDI...vq.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    132s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09-05-2024 22:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2c206320a5de3be0e7400ab0bb114d14_JaffaCakes118.exe

  • Size

    1.4MB

  • MD5

    2c206320a5de3be0e7400ab0bb114d14

  • SHA1

    751b9195c556b57cf6f44676e58fd2465a5be9bc

  • SHA256

    d8e220f8221409c3d3943c555c4f8325b57427defbf832cfbe4c7417dc74f19f

  • SHA512

    9d56883eb412a58c5b08b98b8018844d838358800d7f7d40d847a8899ce36c7225fdd968ad6cc7539cbeb70337c79552ebb2851cc46039ff3d35b93f7c88d383

  • SSDEEP

    24576:wCHiC65hW2gR2T9WK5nmPhC8A9u2IZEUuQtk3TZKyhR3pYXyvi2Y:8W2gR2ThFmPA8A9u2ItuBsuVpuyk

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2c206320a5de3be0e7400ab0bb114d14_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2c206320a5de3be0e7400ab0bb114d14_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1712

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nso8ECA.tmp\BDMSkin.dll
    Filesize

    1.3MB

    MD5

    b540a866191f7fd20f5e6355bc2b094e

    SHA1

    df01a0c011e88a1f860db41d474d3fe893f06082

    SHA256

    ce3044e92a827fce76a75dbd817545506dcab76a5f4edac3c9cf37236a1eecb6

    SHA512

    e65aa73a9e8118176f294edeb7a9dc3a71319b218a45de6073622b868bee2fab9d7b6f76577f846cc940b4b949ee0110fbb449df3d77c922464cf6ded1408331

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nso8ECA.tmp\tmp6rryvq.dll
    Filesize

    640KB

    MD5

    4c1c3bc37aa88abea14bfc98a2e4699d

    SHA1

    e856cf8c20f940cd058c58c1a625f07e5242273d

    SHA256

    1673edb7e00a6d7684dfa33f807287f61b41847ef740089642b544c7d9e7c1d5

    SHA512

    24bf2b3f956386c164473deb254f726ba03096e200653a17d0649a0a754df4ad78d45e05a25d0470d082fab4a7485f11996f5401a91ed9440d652cf032ca55e2

    Download Submit

  • memory/1712-11-0x0000000002E20000-0x0000000002F63000-memory.dmp

    Filesize

    1.3MB

    Download