Overview

overview

7

Static

static

3

3a116b2c61...18.exe

windows7-x64

7

3a116b2c61...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...lp.dll

windows7-x64

1

$PLUGINSDI...lp.dll

windows10-2004-x64

1

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

IA2Marshal.dll

windows7-x64

1

IA2Marshal.dll

windows10-2004-x64

1

Interop.Shell32.dll

windows7-x64

1

Interop.Shell32.dll

windows10-2004-x64

1

Skybound.Gecko.dll

windows7-x64

1

Skybound.Gecko.dll

windows10-2004-x64

1

WallpaperMakerApp.exe

windows7-x64

1

WallpaperMakerApp.exe

windows10-2004-x64

6

content/co...log.js

windows7-x64

3

content/co...log.js

windows10-2004-x64

3

content/pi...ger.js

windows7-x64

3

content/pi...ger.js

windows10-2004-x64

3

content/pi...ror.js

windows7-x64

3

content/pi...ror.js

windows10-2004-x64

3

content/pi...ker.js

windows7-x64

3

content/pi...ker.js

windows10-2004-x64

3

Analysis

  • max time kernel
    147s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-05-2024 12:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3a116b2c6122cd589c81807d8bdfb31d_JaffaCakes118.exe

  • Size

    9.2MB

  • MD5

    3a116b2c6122cd589c81807d8bdfb31d

  • SHA1

    f610dd1200ff9f046089afbd2389ae021a065ff7

  • SHA256

    0f95960120449aeba54a96103c366bfa8d922bc2fe72cbe0ff3565ec3ae03d42

  • SHA512

    f400f56f634f73a6bf71d2b2843f6f6789957aa9cced19a50eb1fd31e74d30ed06b5fb456ba1027a13eeca8eea0496766f53cb1bccdd4a87c97c747ae314eb53

  • SSDEEP

    196608:HqdJdKoAfY5L7qW+Fh+8DVax6d3cMPOQ1MSefdFO6ue4Ckk97e88VU0HYEKXk:CGYsv+8pI6dsB8MXFVHkFVU0Hv1

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3a116b2c6122cd589c81807d8bdfb31d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3a116b2c6122cd589c81807d8bdfb31d_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:116
    • C:\Windows\SysWOW64\RunDll32.exe
      RunDll32.exe "C:\Users\Admin\AppData\Local\Temp\nst5034.tmp\OCSetupHlp.dll",_OCPRD17OpenCandy2@16 116
      2⤵
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:3952

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nst5034.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    325b008aec81e5aaa57096f05d4212b5

    SHA1

    27a2d89747a20305b6518438eff5b9f57f7df5c3

    SHA256

    c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

    SHA512

    18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nst5034.tmp\LangDLL.dll
    Filesize

    5KB

    MD5

    9384f4007c492d4fa040924f31c00166

    SHA1

    aba37faef30d7c445584c688a0b5638f5db31c7b

    SHA256

    60a964095af1be79f6a99b22212fefe2d16f5a0afd7e707d14394e4143e3f4f5

    SHA512

    68f158887e24302673227adffc688fd3edabf097d7f5410f983e06c6b9c7344ca1d8a45c7fa05553adcc5987993df3a298763477168d4842e554c4eb93b9aaaf

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nst5034.tmp\OCSetupHlp.dll
    Filesize

    763KB

    MD5

    7c6b0d9fe494f9ce92b12d1877cc7efe

    SHA1

    4f82a3193c133743f71c4bf02de39cd79aeb64c8

    SHA256

    1e9e818060df428c457b4d04962bc1cbdc942e8c17d55d453ab2e9f47b59b8f4

    SHA512

    a8e410a39ba6f75e69e68662c81a040f215dfed976f6c0b6da070078d863df57fbd6aa8af9a7424fd3330d0980af308fd389438409cfb44f80a2fc013dcf209b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nst5034.tmp\System.dll
    Filesize

    11KB

    MD5

    c17103ae9072a06da581dec998343fc1

    SHA1

    b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    SHA256

    dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    SHA512

    d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nst5034.tmp\UserInfo.dll
    Filesize

    4KB

    MD5

    7579ade7ae1747a31960a228ce02e666

    SHA1

    8ec8571a296737e819dcf86353a43fcf8ec63351

    SHA256

    564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

    SHA512

    a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nst5034.tmp\ioSpecial.ini
    Filesize

    734B

    MD5

    56538d1fb87d73d9fb73598c86577a67

    SHA1

    71d487759abe0ee8c7f820cc05c0dd2f21b77b17

    SHA256

    a19673ea511f4e071aa17a2aa9dd49574b8b388597577a93ab288279630364de

    SHA512

    31494574ecff84d87560ac579a17b577cf6c51fca9d0804a9f7fc3a070525dd4dc84938cccd1a928de8e996b48ee3aeda36d9b30db408290bc6b093338601485

    Download Submit

  • memory/3952-23-0x0000000000BF0000-0x0000000000BF1000-memory.dmp

    Filesize

    4KB

    Download