Analysis

  • max time kernel
    136s
  • max time network
    98s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-05-2024 03:19

General

  • Target

    65d495e4972075b09c398e58dcef477e_JaffaCakes118.exe

  • Size

    745KB

  • MD5

    65d495e4972075b09c398e58dcef477e

  • SHA1

    4fde05bdefaade0047a826562b1aef5853adda4a

  • SHA256

    228032e00de4741d5c009cf232fa11c8cfca24f7fd23a54b248e86b8c4f39976

  • SHA512

    0e5868af9e53f4874273d2a5e9873520d2763bcd6f1a2f90e748a6659812728242d0562f6440296546d31da69824c9241b64b33864a6641c4f2cbf5fbfb1b79c

  • SSDEEP

    12288:o/rvPri+kvqpwYzq3YOmUvuImuWCOOU8eLaY86nMX+remvWv3o+Y/Rpaad:ozXri+kvqiHhaI9JU8oaYjMOrzaIjjd

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\65d495e4972075b09c398e58dcef477e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\65d495e4972075b09c398e58dcef477e_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Checks whether UAC is enabled
    • Suspicious use of SetWindowsHookEx
    PID:4896

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsd423B.tmp\LangDLL.dll

    Filesize

    5KB

    MD5

    6e8be59d69cae90b7c46dc032d3da9c2

    SHA1

    867aadabf248b0d5a5002c0ff53fa4a23939a7a4

    SHA256

    ca751b693af5a6c33842ea993824536aaa8f6e191fa40078f5d54aaf853c163b

    SHA512

    c49e789267a769122d0fac366b1590591debeb33dbe0cdbd0f853e26c2a1938646dc6093e92d89cbf2bebb79729f547d3dfa0fd64e3ab4bb9127b6cdc546cbc3

  • C:\Users\Admin\AppData\Local\Temp\nsd423B.tmp\System.dll

    Filesize

    11KB

    MD5

    b3d5e62d09f6047905a45e5f2f0cf2ef

    SHA1

    bdc0155578aea04da50e981abf762ae0968ad1a6

    SHA256

    dc6a9ed86c21f1cb6a7cb33f32ec0c09ef610741ff5f88c1ae17b92d075bc23a

    SHA512

    64e12a2fdee36079f817351cd0c3bbd5bb132d3e15453d1581d8de375413669054458c0ec83fc40f4fb3af1616e70ed87ccb74b37f6ed9c2513947eafc66a024

  • C:\Users\Admin\AppData\Local\Temp\nsd423B.tmp\__306138a56d98409ea1bf53c2ce43f79b_lib.dll

    Filesize

    758KB

    MD5

    276d62ccd62c8a54c15a85012bdad137

    SHA1

    6fc5702a17eb5d34cda83613e28e91d53bfd069f

    SHA256

    7e2d731e7014cdd269952fa0441e77f56a55e95127ad06370aebf5d16749bfe6

    SHA512

    6c2190f2b8c83e03d9122cae9ee27a614fb53d067561c56fd7c16cb67eee88430136db0339ec8cfb1ec274b5ed8cd2ddf5b2796f75f07dc5e65125a2fcbc5c1c

  • C:\Users\Admin\AppData\Local\Temp\nsd423B.tmp\__306138a56d98409ea1bf53c2ce43f79b_vlib.dll

    Filesize

    297KB

    MD5

    f0c88637906007667f27e4f3b3c6c1d6

    SHA1

    f632f6aa556580e01f6df12ab04163ed0a67be7f

    SHA256

    9d9a1c1ab3e85112141a64e50ecdde63906a83b12b5b020de2d06e1e96691030

    SHA512

    79df4ef51449182cf2bea1a607c09a2be344bce93065fea7ef697abddc53e5a4917bf11a54c5f20565b45750997fb6d5fb3fc26335b75fb5cc6442fba1eed7d2

  • C:\Users\Admin\AppData\Local\Temp\nsd423B.tmp\nsDialogs.dll

    Filesize

    9KB

    MD5

    ba2f240f1b71859b3a2921296f658f0d

    SHA1

    12b23bcf85d6d539b5a9ea9cfdf68e64ec83d0ad

    SHA256

    ff9f97a581b21e41b10805b1c3493cd4a6a4ee8507dad67e68d9a398159ad722

    SHA512

    35919fb9bc7642e98b0fcd21a002174ad636536c602b76c16eefb93d5220a1b1934b4ebd229f59b5b8a3f5a8862db584b3135c74a7b13da2426f6d8b1490ccf1