Overview

overview

9

Static

static

3

2f63e83519...18.exe

windows7-x64

7

2f63e83519...18.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$TEMP/footlambert.dll

windows7-x64

3

$TEMP/footlambert.dll

windows10-2004-x64

3

uninstall.exe

windows7-x64

9

uninstall.exe

windows10-2004-x64

9

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    120s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10/05/2024, 13:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2f63e835191cb05d07914a932c6b6e73_JaffaCakes118.exe

  • Size

    279KB

  • MD5

    2f63e835191cb05d07914a932c6b6e73

  • SHA1

    d7bc44cdf14e8ad74311e4251b428b67d82f8be8

  • SHA256

    c09b2c0f39539284df2e76d424de5b045b8ddb02267d8027da5a8ab3f9530a8c

  • SHA512

    1199dcfa1a74cddedb8c6988e368197313e32f0cb1a9f41cb3796997d99c6c44a19909e066c76fde0318e5354e3fc3f51d39ed555fa3fb9d2ff6414e95ad86e6

  • SSDEEP

    6144:LlJZfFoT3vF0cOS6XnL4IRaoFFljCwj8q9ySoWCxdzYY:LldS3v4VLPRayjd8xSczkY

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2f63e835191cb05d07914a932c6b6e73_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2f63e835191cb05d07914a932c6b6e73_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:2884

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\footlambert.dll
    Filesize

    72KB

    MD5

    6257c45f07098fcb899181f75f4b4eec

    SHA1

    7f1ff39c9acd8e831bc99bfcd948a1e63d5fe8cc

    SHA256

    a4e09e725d13fe7d4410ce0987eeae07bcde270dba41e77d9480d010b72f6aaf

    SHA512

    0a803123ac2703dc4a49a8a11a66b67fa31a54b306dc5da6e8bd02366747c2cded2095c6d74193b10bd1335926b02ea25c6fd75e69f43cd6b42bf984ab9d9fdd

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd82F7.tmp\System.dll
    Filesize

    11KB

    MD5

    fc90dfb694d0e17b013d6f818bce41b0

    SHA1

    3243969886d640af3bfa442728b9f0dff9d5f5b0

    SHA256

    7fe77ca13121a113c59630a3dba0c8aaa6372e8082393274da8f8608c4ce4528

    SHA512

    324f13aa7a33c6408e2a57c3484d1691ecee7c3c1366de2bb8978c8dc66b18425d8cab5a32d1702c13c43703e36148a022263de7166afdce141da2b01169f1c6

    Download Submit

  • memory/2884-10-0x0000000001DA0000-0x0000000001DB3000-memory.dmp

    Filesize

    76KB

    Download