Overview

overview

7

Static

static

1

47a6fa3ee0...18.exe

windows7-x64

7

47a6fa3ee0...18.exe

windows10-2004-x64

7

$PLUGINSDI...ls.dll

windows7-x64

1

$PLUGINSDI...ls.dll

windows10-2004-x64

1

$PLUGINSDI...ad.dll

windows7-x64

1

$PLUGINSDI...ad.dll

windows10-2004-x64

1

$PLUGINSDI...fo.dll

windows7-x64

1

$PLUGINSDI...fo.dll

windows10-2004-x64

1

$PLUGINSDI...in.dll

windows7-x64

3

$PLUGINSDI...in.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/dl.dll

windows7-x64

1

$PLUGINSDIR/dl.dll

windows10-2004-x64

1

$PLUGINSDIR/hu.dll

windows7-x64

1

$PLUGINSDIR/hu.dll

windows10-2004-x64

1

$PLUGINSDI...c0.dll

windows7-x64

3

$PLUGINSDI...c0.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    142s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/05/2024, 19:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    47a6fa3ee00928ed2e45b18840da2412_JaffaCakes118.exe

  • Size

    1.8MB

  • MD5

    47a6fa3ee00928ed2e45b18840da2412

  • SHA1

    c5ae17cddc7e4d48079e915da5f4ff9cc8ef10f6

  • SHA256

    43f4bc581ebb91aee7662b58f393603f67e44b51a123db13bb83033f86678d43

  • SHA512

    5a4a3add7a3160d16d00b81fcd34ca22909ff1aae9a0cdbe8571d167841f99eea37df95f7ba823663ab58474f6ff223b6f4ef6426b798ee40a57422ecdebf3cd

  • SSDEEP

    24576:kpW3XmdLgm0DP6kSZkwL6uWnIRHsvQh1OG5wnIh8CvLgZ48ikXCZLILTyl+bdukK:kkDO/L6JiJh1b38CzusLWyGYkK

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 8 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\47a6fa3ee00928ed2e45b18840da2412_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\47a6fa3ee00928ed2e45b18840da2412_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2024

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nso44EA.tmp\BDMNetGetInfo.dll
    Filesize

    314KB

    MD5

    12f98be1d919784370eb0f87e78b60d8

    SHA1

    d07de2227b2ec68545be0adeb042af457d68f9e2

    SHA256

    63e34375374ae6cc695c0bc03f1f9aad67e068fc51962fd25edbf2fbeceda9f9

    SHA512

    ab2fcdd3eb7b58f044a855b5cae744bc1b3be599cf0d22ee93ccce2e97cb3bc1f36ea2c1ed75013c76f8c9e4071ba29710595c3a57cda2470885ee9293fc2d8d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nso44EA.tmp\BDMSkin.dll
    Filesize

    1.3MB

    MD5

    39257175ac9c90199c69aea1a7bcbda0

    SHA1

    6cf4a8dedf37d24ce902f34fa66120a214e1a2cc

    SHA256

    84d5fb0a7cf1bc1e4bbd0de51d3b7eb04bb92af9a1fc3675601b382a5f11d9fc

    SHA512

    4a71d0ac3df53b25509205e9ed0bf781cbefa2ba6307501ae336488c8a3f7f627b8d01f861adbf47986e168abab5a06b36848f87cbcf27fe846e5f0ffc3a9f53

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nso44EA.tmp\System.dll
    Filesize

    18KB

    MD5

    1c951bbcbc780046d6be1079a04870a4

    SHA1

    a5bae7d838973154e6fac69b1c5ff7d2cda01906

    SHA256

    d23676fbcf76355d1af68e7b32964b837243349920921b2ec74d97554809a65e

    SHA512

    62c3686baed2232f7d8ddc8f48a41761812b5b2a67f3a689b7a43275f077842366abc13c7e8259613bfd9df25cf467e4001337c1454aec910abce121d551e2d8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nso44EA.tmp\tmps7rfc0.dll
    Filesize

    2.5MB

    MD5

    f42a33ce9dbc29bd5a92ab920a486a75

    SHA1

    c2d644d933ea7d37efbefb8bfdf36a417d82e9b6

    SHA256

    b15cc997b8a75549b6f8d881977860954bfdcc081e1b19663118de62c383f339

    SHA512

    d4285a1f3c89b50df770bb57e078ec087d7a5dd23266c93142af6952f610e88ce95a983d3afe099d83940ce16c2144e1ebeeed9190fbc52bd18abb784ec2732b

    Download Submit

  • memory/2024-21-0x0000000003110000-0x0000000003267000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2024-30-0x0000000003CD0000-0x0000000003D1F000-memory.dmp

    Filesize

    316KB

    Download

  • memory/2024-38-0x0000000000670000-0x00000000006BF000-memory.dmp

    Filesize

    316KB

    Download