Overview

overview

7

Static

static

3

3a116b2c61...18.exe

windows7-x64

7

3a116b2c61...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...lp.dll

windows7-x64

1

$PLUGINSDI...lp.dll

windows10-2004-x64

1

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

IA2Marshal.dll

windows7-x64

1

IA2Marshal.dll

windows10-2004-x64

1

Interop.Shell32.dll

windows7-x64

1

Interop.Shell32.dll

windows10-2004-x64

1

Skybound.Gecko.dll

windows7-x64

1

Skybound.Gecko.dll

windows10-2004-x64

1

WallpaperMakerApp.exe

windows7-x64

1

WallpaperMakerApp.exe

windows10-2004-x64

6

content/co...log.js

windows7-x64

3

content/co...log.js

windows10-2004-x64

3

content/pi...ger.js

windows7-x64

3

content/pi...ger.js

windows10-2004-x64

3

content/pi...ror.js

windows7-x64

3

content/pi...ror.js

windows10-2004-x64

3

content/pi...ker.js

windows7-x64

3

content/pi...ker.js

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    12-05-2024 12:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3a116b2c6122cd589c81807d8bdfb31d_JaffaCakes118.exe

  • Size

    9.2MB

  • MD5

    3a116b2c6122cd589c81807d8bdfb31d

  • SHA1

    f610dd1200ff9f046089afbd2389ae021a065ff7

  • SHA256

    0f95960120449aeba54a96103c366bfa8d922bc2fe72cbe0ff3565ec3ae03d42

  • SHA512

    f400f56f634f73a6bf71d2b2843f6f6789957aa9cced19a50eb1fd31e74d30ed06b5fb456ba1027a13eeca8eea0496766f53cb1bccdd4a87c97c747ae314eb53

  • SSDEEP

    196608:HqdJdKoAfY5L7qW+Fh+8DVax6d3cMPOQ1MSefdFO6ue4Ckk97e88VU0HYEKXk:CGYsv+8pI6dsB8MXFVHkFVU0Hv1

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 56 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3a116b2c6122cd589c81807d8bdfb31d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3a116b2c6122cd589c81807d8bdfb31d_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of WriteProcessMemory
    PID:1908
    • C:\Windows\SysWOW64\RunDll32.exe
      RunDll32.exe "C:\Users\Admin\AppData\Local\Temp\nso1141.tmp\OCSetupHlp.dll",_OCPRD17OpenCandy2@16 1908
      2⤵
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:3028

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nso1141.tmp\OCSetupHlp.dll
    Filesize

    763KB

    MD5

    7c6b0d9fe494f9ce92b12d1877cc7efe

    SHA1

    4f82a3193c133743f71c4bf02de39cd79aeb64c8

    SHA256

    1e9e818060df428c457b4d04962bc1cbdc942e8c17d55d453ab2e9f47b59b8f4

    SHA512

    a8e410a39ba6f75e69e68662c81a040f215dfed976f6c0b6da070078d863df57fbd6aa8af9a7424fd3330d0980af308fd389438409cfb44f80a2fc013dcf209b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nso1141.tmp\ioSpecial.ini
    Filesize

    734B

    MD5

    c2077768fc8047eabc3e4c7ed632ee97

    SHA1

    2ae912deda343d0880a64a93f6196a01820c3c75

    SHA256

    0867cf107630768a5ce32e72cd50dbe571ad166b1646f7c4774c9853acd26d11

    SHA512

    05016e1d30f876637eb602627a27ea48ef918d5a13599eef58beaf81a98e996406ce4d35022156a25c14997e7f9dd806253cb02cea0d1198727430e9abe2345e

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nso1141.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    325b008aec81e5aaa57096f05d4212b5

    SHA1

    27a2d89747a20305b6518438eff5b9f57f7df5c3

    SHA256

    c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

    SHA512

    18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nso1141.tmp\LangDLL.dll
    Filesize

    5KB

    MD5

    9384f4007c492d4fa040924f31c00166

    SHA1

    aba37faef30d7c445584c688a0b5638f5db31c7b

    SHA256

    60a964095af1be79f6a99b22212fefe2d16f5a0afd7e707d14394e4143e3f4f5

    SHA512

    68f158887e24302673227adffc688fd3edabf097d7f5410f983e06c6b9c7344ca1d8a45c7fa05553adcc5987993df3a298763477168d4842e554c4eb93b9aaaf

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nso1141.tmp\System.dll
    Filesize

    11KB

    MD5

    c17103ae9072a06da581dec998343fc1

    SHA1

    b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    SHA256

    dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    SHA512

    d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nso1141.tmp\UserInfo.dll
    Filesize

    4KB

    MD5

    7579ade7ae1747a31960a228ce02e666

    SHA1

    8ec8571a296737e819dcf86353a43fcf8ec63351

    SHA256

    564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

    SHA512

    a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

    Download Submit

  • memory/3028-24-0x00000000001A0000-0x00000000001A1000-memory.dmp

    Filesize

    4KB

    Download