Overview

overview

4

Static

static

3

6856645a77...18.exe

windows7-x64

4

6856645a77...18.exe

windows10-2004-x64

4

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...sc.dll

windows7-x64

3

$PLUGINSDI...sc.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 19:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6856645a776c6f1afbe2ab1d43da38ba_JaffaCakes118.exe

  • Size

    299KB

  • MD5

    6856645a776c6f1afbe2ab1d43da38ba

  • SHA1

    3009dd5b8629ba9fa7310385df4cc560898a90ba

  • SHA256

    f57db99dc4f275e80dfbec38e0e02bc0e1203077692ef23205ee435bd94cf5e2

  • SHA512

    0ab4f9b838ae4741012b2ae468954055194ad91f89040eeef169f1cd403680a1d0d19ca9303e9289600eafe89c8701cc6f7c81a33171698fea6fb5872740c1a1

  • SSDEEP

    3072:dgxI+xKQaIWoXJ+wbebnCP8IIIMAIAw4c8E8Qr2o400wEQEoAcEgkMU4ko0wMIYy:dg1KQjoS82FyvdvT+q1g2AFwSE

Score
4/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6856645a776c6f1afbe2ab1d43da38ba_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\6856645a776c6f1afbe2ab1d43da38ba_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2732

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsd26F2.tmp\codec_settings.ini
    Filesize

    1KB

    MD5

    8e35782d3712f2f8c608e404660195e4

    SHA1

    1c391a00b3a7a3685dcec7e8a2775dd077e429a0

    SHA256

    68e616ea7c7f882ddba69011f10bafeb8995170694541629657f39c98c3d8006

    SHA512

    d500e89a406928a45d122cdaf66a7fb6166951491ce21f4161aba4b02525bf50aa9ea152fbf49219b6cc299a9bfbfeb5dd161b72be594fcf7a62e802554b2f4b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd26F2.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    2a03c4a7ac5ee5e0e0a683949f70971b

    SHA1

    3bd9877caaea4804c0400420494ad1143179dcec

    SHA256

    d4f0042d8e7622b7e14395e926dd02edab3cdc77e82d88108b67a4d2cee9229b

    SHA512

    1942cdb522859f8dba46824786e361794a62e6201279201e1e0e2e07499fb6252933c5661782fccd77291c3650cafb2a7a08eee5431c8238f0da44840ee4c476

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd26F2.tmp\System.dll
    Filesize

    11KB

    MD5

    6f5257c0b8c0ef4d440f4f4fce85fb1b

    SHA1

    b6ac111dfb0d1fc75ad09c56bde7830232395785

    SHA256

    b7ccb923387cc346731471b20fc3df1ead13ec8c2e3147353c71bb0bd59bc8b1

    SHA512

    a3cc27f1efb52fb8ecda54a7c36ada39cefeabb7b16f2112303ea463b0e1a4d745198d413eebb3551e012c84a20dcdf4359e511e51bc3f1a60b13f1e3bad1aa8

    Download Submit