a8c487a0e47124788e081868f90ddde8fd2eabc5d220f3549d2de3a05463fbfb

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 09:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2e78951ecea0fa9ad73953e1f20dc765_JaffaCakes118.exe
Size

1.8MB
MD5

2e78951ecea0fa9ad73953e1f20dc765
SHA1

ebe8752e87a47a28e5a3e6150e2ead4935d260ea
SHA256

a8c487a0e47124788e081868f90ddde8fd2eabc5d220f3549d2de3a05463fbfb
SHA512

76cc03a3ca6a6174506f459d900a136488b6682dcd60c07f8741db71dc00e564861bb5855e81ffce90147bd5c1c9409e49c6365512b4b172f600efdf519bb6b5
SSDEEP

49152:cKySxQ6qCh1oifD8sSvfBiXOYwfYidtUA4qCAF3BcI:a6FoeUvfcXOJmA4qCKRD

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2196	2e78951ecea0fa9ad73953e1f20dc765_JaffaCakes118.exe
2196	2e78951ecea0fa9ad73953e1f20dc765_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2196	2e78951ecea0fa9ad73953e1f20dc765_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\2e78951ecea0fa9ad73953e1f20dc765_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2e78951ecea0fa9ad73953e1f20dc765_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:2196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nsd2740.tmp\System.dll

Filesize
11KB

MD5
b0c77267f13b2f87c084fd86ef51ccfc

SHA1
f7543f9e9b4f04386dfbf33c38cbed1bf205afb3

SHA256
a0cac4cf4852895619bc7743ebeb89f9e4927ccdb9e66b1bcd92a4136d0f9c77

SHA512
f2b57a2eea00f52a3c7080f4b5f2bb85a7a9b9f16d12da8f8ff673824556c62a0f742b72be0fd82a2612a4b6dbd7e0fdc27065212da703c2f7e28d199696f66e

Download Submit
\Users\Admin\AppData\Local\Temp\nsd2740.tmp\nsDialogs.dll

Filesize
9KB

MD5
eac1c3707970fe7c71b2d760c34763fa

SHA1
f275e659ad7798994361f6ccb1481050aba30ff8

SHA256
062c75ad650548750564ffd7aef8cd553773b5c26cae7f25a5749b13165194e3

SHA512
3415bd555cf47407c0ae62be0dbcba7173d2b33a371bf083ce908fc901811adb888b7787d11eb9d99a1a739cbd9d1c66e565db6cd678bdadaf753fbda14ffd09

Download Submit