2a3f928955893e6810408be597a7b15008d5b1999d1b70e3f7a73fcf8cddde58

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 19:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4cbd4eddf3a83b88ecbf1b16e3d96359_JaffaCakes118.exe
Size

10.9MB
MD5

4cbd4eddf3a83b88ecbf1b16e3d96359
SHA1

16b29d43efbe1f1cffc3b29dc642380a442633c9
SHA256

2a3f928955893e6810408be597a7b15008d5b1999d1b70e3f7a73fcf8cddde58
SHA512

9601cd96aebcc3cc7474c9ec3edf10796ba887f5af0f2d894404ef102fb49409b0512efb372b3a35a1276aaaa3c00501fd1deabcb1db18d9350a5be1f4f0fba6
SSDEEP

196608:dV2RRVt/PJXkUoTDjencmbtMwDt1UQsMyOfolNqq7upWlig9bX+uenSAM69TdbOO:dMNt5B4DCnhjt1mMyJNmg9bXOnSA1BF5

Score

7^/10

evasion trojan

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2132	4cbd4eddf3a83b88ecbf1b16e3d96359_JaffaCakes118.exe
2132	4cbd4eddf3a83b88ecbf1b16e3d96359_JaffaCakes118.exe
2132	4cbd4eddf3a83b88ecbf1b16e3d96359_JaffaCakes118.exe
2132	4cbd4eddf3a83b88ecbf1b16e3d96359_JaffaCakes118.exe
2132	4cbd4eddf3a83b88ecbf1b16e3d96359_JaffaCakes118.exe
2132	4cbd4eddf3a83b88ecbf1b16e3d96359_JaffaCakes118.exe
2132	4cbd4eddf3a83b88ecbf1b16e3d96359_JaffaCakes118.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	4cbd4eddf3a83b88ecbf1b16e3d96359_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2132	4cbd4eddf3a83b88ecbf1b16e3d96359_JaffaCakes118.exe
2132	4cbd4eddf3a83b88ecbf1b16e3d96359_JaffaCakes118.exe
2132	4cbd4eddf3a83b88ecbf1b16e3d96359_JaffaCakes118.exe
2132	4cbd4eddf3a83b88ecbf1b16e3d96359_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4cbd4eddf3a83b88ecbf1b16e3d96359_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\4cbd4eddf3a83b88ecbf1b16e3d96359_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
PID:2132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsr4BA1.tmp\ButtonEvent.dll

Filesize
52KB

MD5
da85f0f06cda668c88c1af4553358902

SHA1
7d95f6a00bcb30566b78293f7139f9eae1c788ab

SHA256
a0746336fc1a8277a4af1758b39bc312ebf40c91ddad95aef40ec98b7699117d

SHA512
0563e4d54a83d657406142c1a9837d03e16a48c5eae28ad3935f69a06ebd7d8d91364c97c11b788b071e05c7a87f840364c160b70dd2666b33e73aad3a7fc027

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr4BA1.tmp\K8NsisMiniExtend.dll

Filesize
1.0MB

MD5
a56090909a5dc6ca357132506f84cfaf

SHA1
fda041aa38b44d95b2bd2a52c9943a68672bde3f

SHA256
d3e912dbdee4b09e8bf7a3bce8a91bce8c2b47b2a378b49f1c764f20d84e66b1

SHA512
e284fc3f9ab3b79e429725a8f23d2c43e6f4c96323054cf304e217a9cd2706913b4c95775b364cc0a55b9537197e179144106322625ef2ebb207fe25a7b65b21

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr4BA1.tmp\K8Skin.dll

Filesize
420KB

MD5
fc2ff34420233f05ef99aab1bfad9b21

SHA1
06ce9d74e0f489b96afc83a5287846fa9e4c36d2

SHA256
6a2543f949265b3790fbb9e927c66e1797686c7ac9f6e981eb6c6944204870a1

SHA512
c4b05e40d729534a44830bf3dad6d851d4ef9330699773747c44b03929cda993d363c196044ff6a713a0b4abe35e9945cd9d8becfb89f43ab38a590666f28773

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr4BA1.tmp\System.dll

Filesize
11KB

MD5
3f176d1ee13b0d7d6bd92e1c7a0b9bae

SHA1
fe582246792774c2c9dd15639ffa0aca90d6fd0b

SHA256
fa4ab1d6f79fd677433a31ada7806373a789d34328da46ccb0449bbf347bd73e

SHA512
0a69124819b7568d0dea4e9e85ce8fe61c7ba697c934e3a95e2dcfb9f252b1d9da7faf8774b6e8efd614885507acc94987733eba09a2f5e7098b774dfc8524b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr4BA1.tmp\k8nsis_skin_image.zip

Filesize
189KB

MD5
5f13f8cec9687ceda5ba5c86bf1c4ee1

SHA1
c1c684ed53de077ef2d52286a22847f8c8cd0e96

SHA256
3ec6a9f26c1f7327e36780c4520284a91c90f3042a0a8d749bd8c67bae78b6d7

SHA512
4a53adfd60a84facb5c4dc82887a313ce5363143f8bdb80e4ca319a8c8978d331b08fee7becca3c88fdce1524e936fa1f6f08554a0788110e44384e1162d0d3c

Download Submit
memory/2132-10-0x0000000002F20000-0x0000000003024000-memory.dmp

Filesize
1.0MB

Download
memory/2132-19-0x0000000003B40000-0x0000000003BAB000-memory.dmp

Filesize
428KB

Download
memory/2132-61-0x00000000054E0000-0x00000000054EE000-memory.dmp

Filesize
56KB

Download