Overview

overview

7

Static

static

7

68d2ff3140...18.exe

windows7-x64

7

68d2ff3140...18.exe

windows10-2004-x64

7

$PLUGINSDIR/LogEx.dll

windows7-x64

3

$PLUGINSDIR/LogEx.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...ON.dll

windows7-x64

7

$PLUGINSDI...ON.dll

windows10-2004-x64

7

$PLUGINSDI...om.dll

windows7-x64

7

$PLUGINSDI...om.dll

windows10-2004-x64

7

$TEMP/User...57.pdf

windows7-x64

1

$TEMP/User...57.pdf

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 22:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    68d2ff31409148bb86bde7a048d3bb2c_JaffaCakes118.exe

  • Size

    163KB

  • MD5

    68d2ff31409148bb86bde7a048d3bb2c

  • SHA1

    7c881618d7baeed94ed508fb28b7f0dc7d8fee59

  • SHA256

    01112ca4e7b63cf359d1264d40679b3a85fae1f1aa6a04f29a49c2b3cdc5c25f

  • SHA512

    4c4af526e3d2b7f2eee725f6fce8f3eef531f29ea9afde69f88bc8c230825239e0a0e878f47703d972f47e313af6ae4dd55fffa2362531f835e85fd4f191ccde

  • SSDEEP

    3072:CstajHKBvYXJLdUYRD66YbmmuPbeOzgHvjvEr0lQgm4AP1gJsLyse:CTq+rUaD6rypVKoojmPyJa3e

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 2 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 5 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\68d2ff31409148bb86bde7a048d3bb2c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\68d2ff31409148bb86bde7a048d3bb2c_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    PID:1616

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nsy1612.tmp\LogEx.dll
    Filesize

    44KB

    MD5

    1c440ec84001c94327082aca9bdbd0d1

    SHA1

    4f35b29e8e1ca44368d15506c28a0873bed1c9f3

    SHA256

    f6d21ef2fa853b922c94d66d3abd9277ad71bc1be73a8d8418bc06635925a343

    SHA512

    32a2c9641d1390295249a52fab38f8bc8379be80395a9b27b4e157d37b66a1c1f9f49f940ccd24725c59f9de9a585690292119e11faea3e93d4054d9db00e93a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy1612.tmp\NSISdl.dll
    Filesize

    14KB

    MD5

    a5f8399a743ab7f9c88c645c35b1ebb5

    SHA1

    168f3c158913b0367bf79fa413357fbe97018191

    SHA256

    dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

    SHA512

    824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy1612.tmp\nsJSON.dll
    Filesize

    7KB

    MD5

    1273161f8a69272e44ceb109d8d447b9

    SHA1

    a330d1ddbaac74fba14de9435e4156a4a364d7d7

    SHA256

    b6d7cf201bddd18a999936e46f9803fab95a9c0ff97f32bbe8418b970944f0f0

    SHA512

    4f0026f2fe8355809719b7506ae6fcbe65f853b7416cfb29d5abe30b05f134ce2d9208f515899bee73e00cb8b2c21d7048c11aa76e5cf13491ccfcf8884f7ccb

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy1612.tmp\nsRandom.dll
    Filesize

    21KB

    MD5

    ab467b8dfaa660a0f0e5b26e28af5735

    SHA1

    596abd2c31eaff3479edf2069db1c155b59ce74d

    SHA256

    db267d9920395b4badc48de04df99dfd21d579480d103cae0f48e6578197ff73

    SHA512

    7d002dc203997b8a4d8ec20c92cd82848e29d746414f4a61265c76d4afb12c05bce826fc63f4d2bd3d527f38506c391855767d864c37584df11b5db9ca008301

    Download Submit

  • memory/1616-18-0x00000000742F0000-0x00000000742FB000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1616-20-0x0000000002610000-0x0000000002622000-memory.dmp

    Filesize

    72KB

    Download