Analysis

  • max time kernel
    150s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-05-2024 03:24

General

  • Target

    65d73328968ea53ebbb296a803f895a0_JaffaCakes118.exe

  • Size

    1.8MB

  • MD5

    65d73328968ea53ebbb296a803f895a0

  • SHA1

    e929fe45dec9a892c4f63297d0bb7a8bffeaac71

  • SHA256

    1088c38976f5a7f857f502deb9e0bba7faeb962df17555a212abb4341774d4a7

  • SHA512

    d281b9cd8ee6f48fbd3e07122e201c0da99f591cb16821979e198b25de17cdb2f816b7e13fe95bfd6f666fb6e22e7c3c84256f5336c2b6f281f329ae22aa5ea6

  • SSDEEP

    49152:o9/6MrGWs6hp/JFZ9GYOVaJqkxLmJ+UxRp:1YGXK/JN9AGzyRp

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 8 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\65d73328968ea53ebbb296a803f895a0_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\65d73328968ea53ebbb296a803f895a0_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4616
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3704 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:2464

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\nsy1B36.tmp\BDMNetGetInfo.dll

      Filesize

      314KB

      MD5

      12f98be1d919784370eb0f87e78b60d8

      SHA1

      d07de2227b2ec68545be0adeb042af457d68f9e2

      SHA256

      63e34375374ae6cc695c0bc03f1f9aad67e068fc51962fd25edbf2fbeceda9f9

      SHA512

      ab2fcdd3eb7b58f044a855b5cae744bc1b3be599cf0d22ee93ccce2e97cb3bc1f36ea2c1ed75013c76f8c9e4071ba29710595c3a57cda2470885ee9293fc2d8d

    • C:\Users\Admin\AppData\Local\Temp\nsy1B36.tmp\BDMSkin.dll

      Filesize

      1.3MB

      MD5

      39257175ac9c90199c69aea1a7bcbda0

      SHA1

      6cf4a8dedf37d24ce902f34fa66120a214e1a2cc

      SHA256

      84d5fb0a7cf1bc1e4bbd0de51d3b7eb04bb92af9a1fc3675601b382a5f11d9fc

      SHA512

      4a71d0ac3df53b25509205e9ed0bf781cbefa2ba6307501ae336488c8a3f7f627b8d01f861adbf47986e168abab5a06b36848f87cbcf27fe846e5f0ffc3a9f53

    • C:\Users\Admin\AppData\Local\Temp\nsy1B36.tmp\System.dll

      Filesize

      18KB

      MD5

      1c951bbcbc780046d6be1079a04870a4

      SHA1

      a5bae7d838973154e6fac69b1c5ff7d2cda01906

      SHA256

      d23676fbcf76355d1af68e7b32964b837243349920921b2ec74d97554809a65e

      SHA512

      62c3686baed2232f7d8ddc8f48a41761812b5b2a67f3a689b7a43275f077842366abc13c7e8259613bfd9df25cf467e4001337c1454aec910abce121d551e2d8

    • C:\Users\Admin\AppData\Local\Temp\nsy1B36.tmp\tmp5iwdhe.dll

      Filesize

      2.3MB

      MD5

      64506fff60af135a6c7ac270ee576683

      SHA1

      5f6173fa4731333913c9e3a356c2ac3e7a7a9201

      SHA256

      47b57964ebce3279e2c9f7491c00194a3c114a5cb4130bda0fd557e6c128b21c

      SHA512

      1f4f1e91a39810c293a929dcaaaf4aca9575f4bcf7055511f58e328e789aad5b4aef2a4fd8cb2addd59b83252c6b71fd2a52eb61b22590ee7218a548a70ea5d6

    • memory/4616-20-0x0000000003240000-0x0000000003397000-memory.dmp

      Filesize

      1.3MB

    • memory/4616-30-0x0000000005870000-0x00000000058BF000-memory.dmp

      Filesize

      316KB

    • memory/4616-38-0x0000000000600000-0x000000000064F000-memory.dmp

      Filesize

      316KB