Overview

overview

7

Static

static

7

65d50932ef...18.exe

windows7-x64

7

65d50932ef...18.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

1

$PLUGINSDI...er.dll

windows10-2004-x64

1

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDIR/Math.dll

windows7-x64

3

$PLUGINSDIR/Math.dll

windows10-2004-x64

3

$PLUGINSDI...FC.dll

windows7-x64

3

$PLUGINSDI...FC.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

7

$PLUGINSDI...ll.dll

windows10-2004-x64

7

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDIR/xml.dll

windows7-x64

3

$PLUGINSDIR/xml.dll

windows10-2004-x64

3

GenericWin...ls.dll

windows7-x64

3

GenericWin...ls.dll

windows10-2004-x64

3

ProgressTabs.jar

windows7-x64

1

ProgressTabs.jar

windows10-2004-x64

7

UpdateApp.exe

windows7-x64

1

UpdateApp.exe

windows10-2004-x64

1

WindowsV5P...ls.dll

windows7-x64

1

WindowsV5P...ls.dll

windows10-2004-x64

1

WireStack.dll

windows7-x64

3

WireStack.dll

windows10-2004-x64

3

WireStack.exe

windows7-x64

1

WireStack.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 03:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    65d50932ef0863e793ed0124848ba30f_JaffaCakes118.exe

  • Size

    5.6MB

  • MD5

    65d50932ef0863e793ed0124848ba30f

  • SHA1

    8afa285550770c5223ac28c468d9a21b8e94c158

  • SHA256

    d43d793529aa53d452cc85badf97e5aa04fe09f61d99046c655a51b31709b624

  • SHA512

    e51c1f45b6e0e305bfb7a6ae3f88dbfeb7cc2904d607231dc407d7f4b82f35993d484491321045f62c01539a2ba4c8cc438893191c03151964291fe17528e766

  • SSDEEP

    98304:joRCa7CllxDZigg4keNaKvE2CqDOOp87/Q4XGVicOd1+tlFLGa:j7qClIPV2C4p8bQudk

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 2 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 7 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\65d50932ef0863e793ed0124848ba30f_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\65d50932ef0863e793ed0124848ba30f_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:1824

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nsy63A.tmp\Banner.dll
    Filesize

    3KB

    MD5

    e264d0f91103758bc5b088e8547e0ec1

    SHA1

    24a94ff59668d18b908c78afd2a9563de2819680

    SHA256

    501b5935fe8e17516b324e3c1da89773e689359c12263e9782f95836dbab8b63

    SHA512

    a533278355defd265ef713d4169f06066be41dd60b0e7ed5340454c40aabc47afa47c5ce4c0dbcd6cb8380e2b25dbb1762c3c996d11ac9f70ab9763182850205

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy63A.tmp\Math.dll
    Filesize

    144KB

    MD5

    889e8fe8a034acb4d4a33349e34907a9

    SHA1

    e439458df040ec14002c67f0a863bb714a6241aa

    SHA256

    d9b253e80eca58d3e2c5882359b5aa3257bd0b4bec5d02a7874004466ef77c57

    SHA512

    a604e3f8c385af9b2f29e82fa411b220a71bc234521d1194de1a2a09cca567f31c33c887a1f69ffb33fb2db91519a99e84ef064d507af16646db6919dd712d94

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy63A.tmp\System.dll
    Filesize

    11KB

    MD5

    bf712f32249029466fa86756f5546950

    SHA1

    75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

    SHA256

    7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

    SHA512

    13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy63A.tmp\inetc.dll
    Filesize

    24KB

    MD5

    1fc1fbb2c7a14b7901fc9abbd6dbef10

    SHA1

    4d9ed86f31075a3d3f674ff78f39c190a4098126

    SHA256

    4f26394c93f1acb315c42c351983dafc7f094b2d05db6d7a1ba7dcb39a3a599e

    SHA512

    76d8ff7fc301cc5ff966ad8be17f0f3f2d869ef797c5a2c55a062305c02133a842906448741bf9818ec369bbb2932b9a9c2193ebc59835b50e8703db0090fdb2

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy63A.tmp\md5dll.dll
    Filesize

    6KB

    MD5

    7059f133ea2316b9e7e39094a52a8c34

    SHA1

    ee9f1487c8152d8c42fecf2efb8ed1db68395802

    SHA256

    32c3d36f38e7e8a8bafd4a53663203ef24a10431bda16af9e353c7d5d108610f

    SHA512

    9115986754a74d3084dd18018e757d3b281a2c2fde48c73b71dba882e13bd9b2ded0e6e7f45dc5b019e6d53d086090ccb06e18e6efeec091f655a128510cbe51

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy63A.tmp\nsDialogs.dll
    Filesize

    9KB

    MD5

    4ccc4a742d4423f2f0ed744fd9c81f63

    SHA1

    704f00a1acc327fd879cf75fc90d0b8f927c36bc

    SHA256

    416133dd86c0dff6b0fcaf1f46dfe97fdc85b37f90effb2d369164a8f7e13ae6

    SHA512

    790c5eb1f8b297e45054c855b66dfc18e9f3f1b1870559014dbefa3b9d5b6d33a993a9e089202e70f51a55d859b74e8605c6f633386fd9189b6f78941bf1bfdb

    Download Submit

  • memory/1824-33-0x0000000010000000-0x000000001000A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1824-40-0x0000000010000000-0x000000001000A000-memory.dmp

    Filesize

    40KB

    Download