ad639bb9d966273c305fc59b2f2a661cfb77944cd4aa0c83e3333c65cc13a510

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
17-05-2024 04:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4e6875dca7cd0e0f0adf0b442d154e54_JaffaCakes118.exe
Size

14.8MB
MD5

4e6875dca7cd0e0f0adf0b442d154e54
SHA1

51f2b36729ef9399012e4bcc7491e1a8db97e377
SHA256

ad639bb9d966273c305fc59b2f2a661cfb77944cd4aa0c83e3333c65cc13a510
SHA512

8b202299e72db8aa75257924ed6f20e1f857fa734d99881097312410464ea32ea1d458e201261eeaed49456385ee167c1181968b1075414fb7409bf9598b9689
SSDEEP

393216:Z9NG/Al8lpkrA1qrbirvaMAPWm1r54a2JBDr+3ApNer:Z9Upku3rHAPneDK7r

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 9 IoCs

Processes:

4e6875dca7cd0e0f0adf0b442d154e54_JaffaCakes118.exe

pid	process
780	4e6875dca7cd0e0f0adf0b442d154e54_JaffaCakes118.exe
780	4e6875dca7cd0e0f0adf0b442d154e54_JaffaCakes118.exe
780	4e6875dca7cd0e0f0adf0b442d154e54_JaffaCakes118.exe
780	4e6875dca7cd0e0f0adf0b442d154e54_JaffaCakes118.exe
780	4e6875dca7cd0e0f0adf0b442d154e54_JaffaCakes118.exe
780	4e6875dca7cd0e0f0adf0b442d154e54_JaffaCakes118.exe
780	4e6875dca7cd0e0f0adf0b442d154e54_JaffaCakes118.exe
780	4e6875dca7cd0e0f0adf0b442d154e54_JaffaCakes118.exe
780	4e6875dca7cd0e0f0adf0b442d154e54_JaffaCakes118.exe

Drops file in Program Files directory 1 IoCs

Processes:

4e6875dca7cd0e0f0adf0b442d154e54_JaffaCakes118.exe

description ioc process

File created C:\Program Files\DAEMON Tools Lite\DTLite.exe 4e6875dca7cd0e0f0adf0b442d154e54_JaffaCakes118.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
File created	C:\Program Files\DAEMON Tools Lite\DTLite.exe	4e6875dca7cd0e0f0adf0b442d154e54_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

Processes:

4e6875dca7cd0e0f0adf0b442d154e54_JaffaCakes118.exe

pid	process
780	4e6875dca7cd0e0f0adf0b442d154e54_JaffaCakes118.exe
780	4e6875dca7cd0e0f0adf0b442d154e54_JaffaCakes118.exe
780	4e6875dca7cd0e0f0adf0b442d154e54_JaffaCakes118.exe
780	4e6875dca7cd0e0f0adf0b442d154e54_JaffaCakes118.exe
780	4e6875dca7cd0e0f0adf0b442d154e54_JaffaCakes118.exe
780	4e6875dca7cd0e0f0adf0b442d154e54_JaffaCakes118.exe
780	4e6875dca7cd0e0f0adf0b442d154e54_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

4e6875dca7cd0e0f0adf0b442d154e54_JaffaCakes118.exe

pid process

780 4e6875dca7cd0e0f0adf0b442d154e54_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4e6875dca7cd0e0f0adf0b442d154e54_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\4e6875dca7cd0e0f0adf0b442d154e54_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsiA1F.tmp\ioSpecial.ini

Filesize
665B

MD5
0191ecef028cca851762dc9261321de9

SHA1
2354f22874311bf428d047bc5192e0b6067c3a1f

SHA256
3a07984112d689fa9cc196f7c819fb9d7103103c8fe52a2cd58ada31aa51b863

SHA512
07f299e086168f5184f821b9c6b69b6ce112e9674dcb03bdf535fe015fd59f044b3a06b3e321d53856178bc603a2d5c934229a8576c5052bdd9af1f45765cb1a

Download Submit
\Users\Admin\AppData\Local\Temp\nsiA1F.tmp\DLLWaitForKillProgram.dll

Filesize
28KB

MD5
9c4b8ec42d89f7557bfd90798ce52787

SHA1
2376dde426ea65aa27c30e304086310605382475

SHA256
ed52bdad7b383a179b9b0e21fefdda2d72695c5263a815d5e1e0bfac6c718548

SHA512
17c12a27a08746755868558c037376dd7e20f03f0f71888c1329903b70975a54f57786c3c32bf88aaf30119f11ed978a6830ba91949e11cfc94fbb5ad95305b7

Download Submit
\Users\Admin\AppData\Local\Temp\nsiA1F.tmp\Dialer.dll

Filesize
3KB

MD5
a29b5c457f61822759df6f9d370292fd

SHA1
b57644f0a30e2e5d2fea790b27c21574494a8850

SHA256
c384decad4baf8c3f1dbe0e02bc7b76f11e5793ccc164b6857d8fe9eb5a9903a

SHA512
4d3651f88c655903bab97ccde0d41eec78c4cc7b6a32472c6c1531138f56359a8b13ccff698ebb4aa9e76a83c38388ddd27cac7b15a2a7b83a9cb7a4dacdba0b

Download Submit
\Users\Admin\AppData\Local\Temp\nsiA1F.tmp\FILEDownPlug2.dll

Filesize
28KB

MD5
89c563060d908e5df6848ad15731e6d0

SHA1
404d8d41700ecc907e5b7c849a0dcde8edda1e72

SHA256
8bd1c61e9be2b8b07f6dac4782a96ee9e679c5f163133a51b57e1ecd72f3eff9

SHA512
8eb86ed92ba4d3305a954d824a1ffc23d9aef02559c794c085f67583f32d8228834b09ad45edfd8a78b4634e62344f53e1106db64134b8dd2c5e0fae391da763

Download Submit
\Users\Admin\AppData\Local\Temp\nsiA1F.tmp\InstallOptions.dll

Filesize
14KB

MD5
eef9e469e8a30717974499f277d97e2a

SHA1
2d33c25984ebd9116beeb55cdde4c5c86c023e5d

SHA256
1f35bb6728237483c779005fc227e69fef51b0bafd32d15855d483948a337078

SHA512
d860132106a1c03dfa23f983b3c503f1216ac02f3d47833b96dfb333fb30bc8ab4d4fecd1f1f0a89f0c7f3586405461e2d53c26f282bb48970e549659b364b48

Download Submit
\Users\Admin\AppData\Local\Temp\nsiA1F.tmp\KillProcDLL.dll

Filesize
4KB

MD5
99f345cf51b6c3c317d20a81acb11012

SHA1
b3d0355f527c536ea14a8ff51741c8739d66f727

SHA256
c2689ba1f66066afce85ca6457ecd36370be0fe351c58422e45efd0948655c93

SHA512
937aa75be84a74f2be3b54dc80fac02c17dad1915d924ef82ab354d2a49bc773ee6d801203c52686113783a7c7ea0e8ed8e673ba696d6d3212f7006e291ed2ef

Download Submit
\Users\Admin\AppData\Local\Temp\nsiA1F.tmp\SimpleSC.dll

Filesize
61KB

MD5
d63975ce28f801f236c4aca5af726961

SHA1
3d93ad9816d3b3dba1e63dfcbfa3bd05f787a8c9

SHA256
e0c580bbe48a483075c21277c6e0f23f3cbd6ce3eb2ccd3bf48cf68f05628f43

SHA512
8357e1955560bf0c42a8f4091550c87c19b4939bf1e6a53a54173d1c163b133b9c517014af6f7614eddc0c9bbf93b3b987c4977b024b10b05b3dc4eb20141810

Download Submit
\Users\Admin\AppData\Local\Temp\nsiA1F.tmp\System.dll

Filesize
11KB

MD5
c6f5b9596db45ce43f14b64e0fbcf552

SHA1
665a2207a643726602dc3e845e39435868dddabc

SHA256
4b6da3f2bdb6c452fb493b98f6b7aa1171787dbd3fa2df2b3b22ccaeac88ffa0

SHA512
8faa0204f9ed2721acede285be843b5a2d7f9986841bcf3816ebc8900910afb590816c64aebd2dd845686daf825bbf9970cb4a08b20a785c7e54542eddc5b09a

Download Submit
\Users\Admin\AppData\Local\Temp\nsiA1F.tmp\nsProcess.dll

Filesize
4KB

MD5
05450face243b3a7472407b999b03a72

SHA1
ffd88af2e338ae606c444390f7eaaf5f4aef2cd9

SHA256
95fe9d92512ff2318cc2520311ef9145b2cee01209ab0e1b6e45c7ce1d4d0e89

SHA512
f4cbe30166aff20a226a7150d93a876873ba699d80d7e9f46f32a9b4753fa7966c3113a3124340b39ca67a13205463a413e740e541e742903e3f89af5a53ad3b

Download Submit
memory/780-4-0x0000000000300000-0x0000000000313000-memory.dmp

Filesize
76KB

Download
memory/780-19-0x0000000010000000-0x0000000010003000-memory.dmp

Filesize
12KB

Download