Overview

overview

7

Static

static

3

2bbd026f57...18.exe

windows7-x64

7

2bbd026f57...18.exe

windows10-2004-x64

7

$PLUGINSDI...ad.dll

windows7-x64

3

$PLUGINSDI...ad.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

1

$PLUGINSDI...ll.dll

windows10-2004-x64

1

$PLUGINSDI...ad.dll

windows7-x64

3

$PLUGINSDI...ad.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...er.exe

windows7-x64

1

$PLUGINSDI...er.exe

windows10-2004-x64

1

$PLUGINSDI...le.dll

windows7-x64

3

$PLUGINSDI...le.dll

windows10-2004-x64

3

$PLUGINSDI...AC.dll

windows7-x64

3

$PLUGINSDI...AC.dll

windows10-2004-x64

3

$PLUGINSDI...og.dll

windows7-x64

1

$PLUGINSDI...og.dll

windows10-2004-x64

1

$PLUGINSDI...ox.dll

windows7-x64

3

$PLUGINSDI...ox.dll

windows10-2004-x64

3

$PLUGINSDI...ow.dll

windows7-x64

3

$PLUGINSDI...ow.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

1

$PLUGINSDI...ll.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    09-05-2024 21:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2bbd026f57280ca853c447d33ca9d922_JaffaCakes118.exe

  • Size

    1.4MB

  • MD5

    2bbd026f57280ca853c447d33ca9d922

  • SHA1

    783719875f8d4be60d35b1994310e189618aa92b

  • SHA256

    27694908dbdcf9b68fe26c65140c22da7068c2ebd154db13d2eb1571f9153ede

  • SHA512

    4d2f0befe9ee214c09350044b97fc117e077be82a6799ef3b44eabc5fe839da6a9f204fcb1010dd0f6a023d11e667942ebc9611bdd9fd9721cdebc98e74b43cf

  • SSDEEP

    24576:01n7qmZ1brws/oFbbBmmbvQg85XIP/Ud3erf3V8panr9HrRWzL5t:0BqmHoFJQg85XuqIdyanr5rRqD

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2bbd026f57280ca853c447d33ca9d922_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2bbd026f57280ca853c447d33ca9d922_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:2232

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nsy2464.tmp\FindProcDLL.dll
    Filesize

    25KB

    MD5

    6cf5b5f2492a07175902beefa138522d

    SHA1

    5ad85b25c7cad0b0747eb6ea0fbaca5830571244

    SHA256

    7addf56d9c08efb13d7c8bb39cf9073cd58495f22aaa04e22c1b43661d67fc0b

    SHA512

    fe2f0bad6d650f6a260488e9dd2b5476d2553995219a72eba7bf75ac61135382237a19b107c76b9762f959e4e14470a40aa588069fb3dac3a2512afba8a537a1

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy2464.tmp\InetLoad.dll
    Filesize

    22KB

    MD5

    33a1e833a37f2bf8c174261afb982594

    SHA1

    20fd05614814e30535ec1f4b468b8e1e975c3658

    SHA256

    f317f54d288260cec64801d5ab81cd96ac5afaa9b07ff33747a20c6aadffe0f8

    SHA512

    678e1d396a293235e58221d6a09a4a7baba889a4ae13777a99ff880e652a14c5cc3f24afdedb466e7f0232276b0621985e1fabd0941f26105a7b9864146f6c41

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy2464.tmp\MyButtonLinker.dll
    Filesize

    41KB

    MD5

    b0b4e9e2b5761a1ae3b51d6a6f02525c

    SHA1

    3b7bfef45795866a9b0bbc347ecaa256e3d8ee2a

    SHA256

    25a10b5825200bda102b115aca320a98b1915bd2fcf784b7d6f4a5b86111e897

    SHA512

    0255dc0104f605c6fbc474ca07e3e2616e2d8fd9490f9cdfa0bc986fdbe03d66605f8f5b2f5cbb9df260c5dee6f32b4effe1740f1d24af446e380b0e8137b5f9

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy2464.tmp\PictureWindow.dll
    Filesize

    45KB

    MD5

    7c9499d5c444fde76e2dc05023c54925

    SHA1

    6c1e97042638fa44ecfad286a0bfc45f8133f4f2

    SHA256

    1449b163e6f5a9723d27ddfdfa9745ecdd90eafae7315981ce0842906cf3f1e9

    SHA512

    b75093db490cfa0a5a7a04c67f194bc79ea493625f98c99ccb5d0b703ac42035e5ce4b8159381e1852c6d27882ffa0ac46d897983322011a6322c81e96f0477b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy2464.tmp\System.dll
    Filesize

    16KB

    MD5

    f2ef25e73f310d16ddaff081659bd0eb

    SHA1

    c41606a6cae0b3b358fb53aece08093a47b6f1bf

    SHA256

    bd73601f5f1dd47b857cc3194293b1cd33cdb93c32bd05535e9328cede6b2e06

    SHA512

    7b62456646c7637c300638d26df7f43ffdcf1b88a631f50390cb9b2ac6349a90c096eca7795045891815d4fbaa6d7b0c1f2abedf989f6e990b092a1ca4d340f1

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy2464.tmp\nsDialogs.dll
    Filesize

    9KB

    MD5

    c10e04dd4ad4277d5adc951bb331c777

    SHA1

    b1e30808198a3ae6d6d1cca62df8893dc2a7ad43

    SHA256

    e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a

    SHA512

    853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e

    Download Submit