Overview

overview

7

Static

static

3

5f06a605a2...18.exe

windows7-x64

7

5f06a605a2...18.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDIR/terms.rtf

windows7-x64

4

$PLUGINSDIR/terms.rtf

windows10-2004-x64

1

$_14_/$_14_/$_20_.exe

windows7-x64

1

$_14_/$_14_/$_20_.exe

windows10-2004-x64

1

$_14_/Uninstall.exe

windows7-x64

7

$_14_/Uninstall.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/05/2024, 12:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5f06a605a226b23c3ab073d94160c9f2_JaffaCakes118.exe

  • Size

    1.5MB

  • MD5

    5f06a605a226b23c3ab073d94160c9f2

  • SHA1

    6fb9f601e2c10366710ebef0f977187ecd7ada45

  • SHA256

    898ca7aa129126a615282db699c2c3545f05df4c5660ee16bd9b42913ff5818f

  • SHA512

    c515746fb9245ec0127efba6f53082d0d82302dcf16d6cd1e4ad84b247399827eb4c7f929358ec0f06439efd1d781f66e8760cd101f098e76269bf38095f0cf5

  • SSDEEP

    49152:aBefu9+dxbLShOvtUwXF0je51a6mJjfQYE9bd+sHIx/:U+uCL1NXF0jeTa6Mjf+9Z+sI/

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5f06a605a226b23c3ab073d94160c9f2_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\5f06a605a226b23c3ab073d94160c9f2_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:4256

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsn4279.tmp\System.dll
    Filesize

    11KB

    MD5

    a4dd044bcd94e9b3370ccf095b31f896

    SHA1

    17c78201323ab2095bc53184aa8267c9187d5173

    SHA256

    2e226715419a5882e2e14278940ee8ef0aa648a3ef7af5b3dc252674111962bc

    SHA512

    87335a43b9ca13e1300c7c23e702e87c669e2bcf4f6065f0c684fc53165e9c1f091cc4d79a3eca3910f0518d3b647120ac0be1a68eaade2e75eaa64adfc92c5a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsn4279.tmp\npHelper.dll
    Filesize

    333KB

    MD5

    b4265a7ee9968e9c59aa7ff90ce6198b

    SHA1

    8a3447319d888fecfc29f8a57c06bd2839ca0f6e

    SHA256

    224f9121cdfd4dfc675d2648e6a00d5ba78be1428e740fb7f1ed0f0865d4abec

    SHA512

    2be0ee3dfbff2a1a555a0faa1bbe5ed9c8b8d17be754e10371560277716a53895a6fc41629c8250d5846691d84eb5fb8318b5ff0b1e3e06f5272a7a5a4e504c9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsn4279.tmp\nsDialogs.dll
    Filesize

    9KB

    MD5

    0d45588070cf728359055f776af16ec4

    SHA1

    c4375ceb2883dee74632e81addbfa4e8b0c6d84a

    SHA256

    067c77d51df034b4a614f83803140fbf4cd2f8684b88ea8c8acdf163edad085a

    SHA512

    751ebf4c43f100b41f799d0fbf8db118ea8751df029c1f4c4b0daeb0fef200ddf2e41c1c9c55c2dc94f2c841cf6acb7df355e98a2e5877a7797f0f1d41a7e415

    Download Submit

  • memory/4256-22-0x0000000010004000-0x0000000010005000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4256-21-0x0000000003C50000-0x0000000003D10000-memory.dmp

    Filesize

    768KB

    Download

  • memory/4256-23-0x0000000003C50000-0x0000000003D10000-memory.dmp

    Filesize

    768KB

    Download