228032e00de4741d5c009cf232fa11c8cfca24f7fd23a54b248e86b8c4f39976

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 03:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65d495e4972075b09c398e58dcef477e_JaffaCakes118.exe
Size

745KB
MD5

65d495e4972075b09c398e58dcef477e
SHA1

4fde05bdefaade0047a826562b1aef5853adda4a
SHA256

228032e00de4741d5c009cf232fa11c8cfca24f7fd23a54b248e86b8c4f39976
SHA512

0e5868af9e53f4874273d2a5e9873520d2763bcd6f1a2f90e748a6659812728242d0562f6440296546d31da69824c9241b64b33864a6641c4f2cbf5fbfb1b79c
SSDEEP

12288:o/rvPri+kvqpwYzq3YOmUvuImuWCOOU8eLaY86nMX+remvWv3o+Y/Rpaad:ozXri+kvqiHhaI9JU8oaYjMOrzaIjjd

Score

7^/10

evasion trojan

Malware Config

Signatures

Loads dropped DLL 5 IoCs

Processes:

65d495e4972075b09c398e58dcef477e_JaffaCakes118.exe

pid	process
1992	65d495e4972075b09c398e58dcef477e_JaffaCakes118.exe
1992	65d495e4972075b09c398e58dcef477e_JaffaCakes118.exe
1992	65d495e4972075b09c398e58dcef477e_JaffaCakes118.exe
1992	65d495e4972075b09c398e58dcef477e_JaffaCakes118.exe
1992	65d495e4972075b09c398e58dcef477e_JaffaCakes118.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

65d495e4972075b09c398e58dcef477e_JaffaCakes118.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	65d495e4972075b09c398e58dcef477e_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

65d495e4972075b09c398e58dcef477e_JaffaCakes118.exe

pid process

1992 65d495e4972075b09c398e58dcef477e_JaffaCakes118.exe
1992 65d495e4972075b09c398e58dcef477e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\65d495e4972075b09c398e58dcef477e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\65d495e4972075b09c398e58dcef477e_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
PID:1992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nsi19AA.tmp\LangDLL.dll

Filesize
5KB

MD5
6e8be59d69cae90b7c46dc032d3da9c2

SHA1
867aadabf248b0d5a5002c0ff53fa4a23939a7a4

SHA256
ca751b693af5a6c33842ea993824536aaa8f6e191fa40078f5d54aaf853c163b

SHA512
c49e789267a769122d0fac366b1590591debeb33dbe0cdbd0f853e26c2a1938646dc6093e92d89cbf2bebb79729f547d3dfa0fd64e3ab4bb9127b6cdc546cbc3

Download Submit
\Users\Admin\AppData\Local\Temp\nsi19AA.tmp\System.dll

Filesize
11KB

MD5
b3d5e62d09f6047905a45e5f2f0cf2ef

SHA1
bdc0155578aea04da50e981abf762ae0968ad1a6

SHA256
dc6a9ed86c21f1cb6a7cb33f32ec0c09ef610741ff5f88c1ae17b92d075bc23a

SHA512
64e12a2fdee36079f817351cd0c3bbd5bb132d3e15453d1581d8de375413669054458c0ec83fc40f4fb3af1616e70ed87ccb74b37f6ed9c2513947eafc66a024

Download Submit
\Users\Admin\AppData\Local\Temp\nsi19AA.tmp\__306138a56d98409ea1bf53c2ce43f79b_lib.dll

Filesize
758KB

MD5
276d62ccd62c8a54c15a85012bdad137

SHA1
6fc5702a17eb5d34cda83613e28e91d53bfd069f

SHA256
7e2d731e7014cdd269952fa0441e77f56a55e95127ad06370aebf5d16749bfe6

SHA512
6c2190f2b8c83e03d9122cae9ee27a614fb53d067561c56fd7c16cb67eee88430136db0339ec8cfb1ec274b5ed8cd2ddf5b2796f75f07dc5e65125a2fcbc5c1c

Download Submit
\Users\Admin\AppData\Local\Temp\nsi19AA.tmp\__306138a56d98409ea1bf53c2ce43f79b_vlib.dll

Filesize
297KB

MD5
f0c88637906007667f27e4f3b3c6c1d6

SHA1
f632f6aa556580e01f6df12ab04163ed0a67be7f

SHA256
9d9a1c1ab3e85112141a64e50ecdde63906a83b12b5b020de2d06e1e96691030

SHA512
79df4ef51449182cf2bea1a607c09a2be344bce93065fea7ef697abddc53e5a4917bf11a54c5f20565b45750997fb6d5fb3fc26335b75fb5cc6442fba1eed7d2

Download Submit
\Users\Admin\AppData\Local\Temp\nsi19AA.tmp\nsDialogs.dll

Filesize
9KB

MD5
ba2f240f1b71859b3a2921296f658f0d

SHA1
12b23bcf85d6d539b5a9ea9cfdf68e64ec83d0ad

SHA256
ff9f97a581b21e41b10805b1c3493cd4a6a4ee8507dad67e68d9a398159ad722

SHA512
35919fb9bc7642e98b0fcd21a002174ad636536c602b76c16eefb93d5220a1b1934b4ebd229f59b5b8a3f5a8862db584b3135c74a7b13da2426f6d8b1490ccf1

Download Submit