Overview
overview
7Static
static
165d7332896...18.exe
windows7-x64
765d7332896...18.exe
windows10-2004-x64
7$PLUGINSDI...ls.dll
windows7-x64
1$PLUGINSDI...ls.dll
windows10-2004-x64
1$PLUGINSDI...ad.dll
windows7-x64
1$PLUGINSDI...ad.dll
windows10-2004-x64
1$PLUGINSDI...fo.dll
windows7-x64
1$PLUGINSDI...fo.dll
windows10-2004-x64
1$PLUGINSDI...in.dll
windows7-x64
3$PLUGINSDI...in.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/dl.dll
windows7-x64
1$PLUGINSDIR/dl.dll
windows10-2004-x64
1$PLUGINSDIR/hu.dll
windows7-x64
1$PLUGINSDIR/hu.dll
windows10-2004-x64
1$PLUGINSDI...he.dll
windows7-x64
3$PLUGINSDI...he.dll
windows10-2004-x64
3Analysis
-
max time kernel
150s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2024 03:24
Static task
static1
Behavioral task
behavioral1
Sample
65d73328968ea53ebbb296a803f895a0_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
65d73328968ea53ebbb296a803f895a0_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/BDLogicUtils.dll
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/BDLogicUtils.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/BDMDownload.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/BDMDownload.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/BDMNetGetInfo.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/BDMNetGetInfo.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/BDMSkin.dll
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/BDMSkin.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/dl.dll
Resource
win7-20240220-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/dl.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/hu.dll
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/hu.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/tmp5iwdhe.dll
Resource
win7-20240508-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/tmp5iwdhe.dll
Resource
win10v2004-20240508-en
General
-
Target
65d73328968ea53ebbb296a803f895a0_JaffaCakes118.exe
-
Size
1.8MB
-
MD5
65d73328968ea53ebbb296a803f895a0
-
SHA1
e929fe45dec9a892c4f63297d0bb7a8bffeaac71
-
SHA256
1088c38976f5a7f857f502deb9e0bba7faeb962df17555a212abb4341774d4a7
-
SHA512
d281b9cd8ee6f48fbd3e07122e201c0da99f591cb16821979e198b25de17cdb2f816b7e13fe95bfd6f666fb6e22e7c3c84256f5336c2b6f281f329ae22aa5ea6
-
SSDEEP
49152:o9/6MrGWs6hp/JFZ9GYOVaJqkxLmJ+UxRp:1YGXK/JN9AGzyRp
Malware Config
Signatures
-
Loads dropped DLL 8 IoCs
Processes:
65d73328968ea53ebbb296a803f895a0_JaffaCakes118.exepid process 4616 65d73328968ea53ebbb296a803f895a0_JaffaCakes118.exe 4616 65d73328968ea53ebbb296a803f895a0_JaffaCakes118.exe 4616 65d73328968ea53ebbb296a803f895a0_JaffaCakes118.exe 4616 65d73328968ea53ebbb296a803f895a0_JaffaCakes118.exe 4616 65d73328968ea53ebbb296a803f895a0_JaffaCakes118.exe 4616 65d73328968ea53ebbb296a803f895a0_JaffaCakes118.exe 4616 65d73328968ea53ebbb296a803f895a0_JaffaCakes118.exe 4616 65d73328968ea53ebbb296a803f895a0_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
65d73328968ea53ebbb296a803f895a0_JaffaCakes118.exepid process 4616 65d73328968ea53ebbb296a803f895a0_JaffaCakes118.exe -
Suspicious use of SendNotifyMessage 1 IoCs
Processes:
65d73328968ea53ebbb296a803f895a0_JaffaCakes118.exepid process 4616 65d73328968ea53ebbb296a803f895a0_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\65d73328968ea53ebbb296a803f895a0_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\65d73328968ea53ebbb296a803f895a0_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4616
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3704 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:81⤵PID:2464
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
314KB
MD512f98be1d919784370eb0f87e78b60d8
SHA1d07de2227b2ec68545be0adeb042af457d68f9e2
SHA25663e34375374ae6cc695c0bc03f1f9aad67e068fc51962fd25edbf2fbeceda9f9
SHA512ab2fcdd3eb7b58f044a855b5cae744bc1b3be599cf0d22ee93ccce2e97cb3bc1f36ea2c1ed75013c76f8c9e4071ba29710595c3a57cda2470885ee9293fc2d8d
-
Filesize
1.3MB
MD539257175ac9c90199c69aea1a7bcbda0
SHA16cf4a8dedf37d24ce902f34fa66120a214e1a2cc
SHA25684d5fb0a7cf1bc1e4bbd0de51d3b7eb04bb92af9a1fc3675601b382a5f11d9fc
SHA5124a71d0ac3df53b25509205e9ed0bf781cbefa2ba6307501ae336488c8a3f7f627b8d01f861adbf47986e168abab5a06b36848f87cbcf27fe846e5f0ffc3a9f53
-
Filesize
18KB
MD51c951bbcbc780046d6be1079a04870a4
SHA1a5bae7d838973154e6fac69b1c5ff7d2cda01906
SHA256d23676fbcf76355d1af68e7b32964b837243349920921b2ec74d97554809a65e
SHA51262c3686baed2232f7d8ddc8f48a41761812b5b2a67f3a689b7a43275f077842366abc13c7e8259613bfd9df25cf467e4001337c1454aec910abce121d551e2d8
-
Filesize
2.3MB
MD564506fff60af135a6c7ac270ee576683
SHA15f6173fa4731333913c9e3a356c2ac3e7a7a9201
SHA25647b57964ebce3279e2c9f7491c00194a3c114a5cb4130bda0fd557e6c128b21c
SHA5121f4f1e91a39810c293a929dcaaaf4aca9575f4bcf7055511f58e328e789aad5b4aef2a4fd8cb2addd59b83252c6b71fd2a52eb61b22590ee7218a548a70ea5d6