Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22/05/2024, 00:24

General

  • Target

    6554571360f8c1385fb246d9e2845c2c_JaffaCakes118.exe

  • Size

    1013KB

  • MD5

    6554571360f8c1385fb246d9e2845c2c

  • SHA1

    25908f7c8f962f8cd0bbb322dfa86bbbe5b979f4

  • SHA256

    1d14500a00d5f63a796ae8002eaacb21ee3feb348ab52f3d74c85c0f914347c5

  • SHA512

    8fa9155d6e7b065cdcdb72399c521a278da447994c583f3e349238bea53a5aebc014cdfee2f35f8ed59bd6d55d84cb9ad407044f0d8a7b1c2a550c07a78dbb7a

  • SSDEEP

    24576:dUx3bdywNuJA0g/2i4FmwKGpsAqCwoMZeZCkbx+HHP4V:dU3yiuePui4ItGpsAqC28gkbQHC

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6554571360f8c1385fb246d9e2845c2c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\6554571360f8c1385fb246d9e2845c2c_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:1196

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsy1AF1.tmp\ioSpecial.ini

    Filesize

    657B

    MD5

    37d865dc501ed7a5ade1ce871bf53101

    SHA1

    55db93d067b6a1143e1dca872a1657ff95e8e84d

    SHA256

    8c98119dac9c24b2f38a6d88dc6f3f78c23b522affeb31e7ebed690f4c25d689

    SHA512

    d922ad6ceec6a937beba113ea9d17b16766d843298a230da03e1edce649f718e43297e8c900764accd4bbd39abcb79ff3f2ce6bc6770a57b50fb83ce93fd1484

  • C:\Users\Admin\AppData\Local\Temp\nsy1AF1.tmp\ioSpecial.ini

    Filesize

    644B

    MD5

    defb58aeaa155979498cced9c85347e1

    SHA1

    607207cd020d3b9b0c22b7c317a5739a3c90b1c8

    SHA256

    0565b01e9139dff6c8ac419b27ef421e0188ed606cb61fd4d2609cd55f04b83c

    SHA512

    03c00ddc345e7da61abfd8f8dfd5e7ba88cada8a3882d2c53f411330e70e4882177aeb9bd242a8a8b220d09eb197b70f0fde9cb4c9f30a2cf623fb75f23ed073

  • \Users\Admin\AppData\Local\Temp\nsy1AF1.tmp\InstallOptions.dll

    Filesize

    14KB

    MD5

    325b008aec81e5aaa57096f05d4212b5

    SHA1

    27a2d89747a20305b6518438eff5b9f57f7df5c3

    SHA256

    c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

    SHA512

    18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf