Overview
overview
10Static
static
36d2252d1f8...18.exe
windows7-x64
106d2252d1f8...18.exe
windows10-2004-x64
8$PLUGINSDI...ig.dll
windows7-x64
3$PLUGINSDI...ig.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...st.dll
windows7-x64
1$PLUGINSDI...st.dll
windows10-2004-x64
1$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/brh.dll
windows7-x64
1$PLUGINSDIR/brh.dll
windows10-2004-x64
1$PLUGINSDIR/inetc.dll
windows7-x64
3$PLUGINSDIR/inetc.dll
windows10-2004-x64
3$PLUGINSDI...ll.dll
windows7-x64
3$PLUGINSDI...ll.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3$TEMP/$_144_.exe
windows7-x64
7$TEMP/$_144_.exe
windows10-2004-x64
7$TEMP/$_1750_.exe
windows7-x64
7$TEMP/$_1750_.exe
windows10-2004-x64
7General
-
Target
6d2252d1f81e4a89059e7fbf6d4d0ecf_JaffaCakes118
-
Size
8.8MB
-
Sample
240524-djz4vaah98
-
MD5
6d2252d1f81e4a89059e7fbf6d4d0ecf
-
SHA1
fd182a7b2236b0bf447ac940d26b230fc75c54f3
-
SHA256
a52ba33e7b386e933d1a6ae99f257315935d4c68cd21f91e987d327683f9c990
-
SHA512
cfa5ead005026c01a3a72eca8d1a50ccce02283146f6e6ba99945d3e25879b7314a392cb342e8018b860b16dc10ff6db08168815a4fad84a49f9cb43f4676871
-
SSDEEP
196608:EwWfZ4PDKMxSIFQColSp5oNeW7f9VBQWwigouggCJEmvPjUide:1WfZ47X4QolSXglfiouggC2m4D
Static task
static1
Behavioral task
behavioral1
Sample
6d2252d1f81e4a89059e7fbf6d4d0ecf_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
6d2252d1f81e4a89059e7fbf6d4d0ecf_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/IpConfig.dll
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/IpConfig.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/MoreInfo.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/MoreInfo.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/NSISList.dll
Resource
win7-20240419-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/NSISList.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/brh.dll
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/brh.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/inetc.dll
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/inetc.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/md5dll.dll
Resource
win7-20240220-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/md5dll.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
$TEMP/$_144_.exe
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
$TEMP/$_144_.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral21
Sample
$TEMP/$_1750_.exe
Resource
win7-20240508-en
Behavioral task
behavioral22
Sample
$TEMP/$_1750_.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
6d2252d1f81e4a89059e7fbf6d4d0ecf_JaffaCakes118
-
Size
8.8MB
-
MD5
6d2252d1f81e4a89059e7fbf6d4d0ecf
-
SHA1
fd182a7b2236b0bf447ac940d26b230fc75c54f3
-
SHA256
a52ba33e7b386e933d1a6ae99f257315935d4c68cd21f91e987d327683f9c990
-
SHA512
cfa5ead005026c01a3a72eca8d1a50ccce02283146f6e6ba99945d3e25879b7314a392cb342e8018b860b16dc10ff6db08168815a4fad84a49f9cb43f4676871
-
SSDEEP
196608:EwWfZ4PDKMxSIFQColSp5oNeW7f9VBQWwigouggCJEmvPjUide:1WfZ47X4QolSXglfiouggC2m4D
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Creates new service(s)
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
-
-
Target
$PLUGINSDIR/IpConfig.dll
-
Size
114KB
-
MD5
a3ed6f7ea493b9644125d494fbf9a1e6
-
SHA1
ebeee67fb0b5b3302c69f47c5e7fca62e1a809d8
-
SHA256
ec0f85f8a9d6b77081ba0103f967ef6705b547bf27bcd866d77ac909d21a1e08
-
SHA512
7099e1bc78ba5727661aa49f75523126563a5ebccdff10cabf868ce5335821118384825f037fbf1408c416c0212aa702a5974bc54d1b63c9d0bcade140f9aae1
-
SSDEEP
1536:CPDzpyvLtmY7SeAmhPzV8+i7kRuACUxHf91MionF9JTwrLPG5zfO+lP7:UZl1e7L4ARzC3dwrLPG5zG+lP7
Score3/10 -
-
-
Target
$PLUGINSDIR/MoreInfo.dll
-
Size
7KB
-
MD5
80e34b7f576b710d100f6e7c0bed0c2e
-
SHA1
2b5b895034d41ee0d0d01bf650594ad0d1346662
-
SHA256
569d62345f6c915236772fa2575d1806cd2bfe089505807cb477618f1eeccf99
-
SHA512
f5970c192b7089040fd1cf26e5cab131879b91722dff0216cdc735f9cfde1eda061409b579eb0f11e3b32e5513e34bbedd4050b75bb1b2acc81be814c2c6c59b
-
SSDEEP
96:lvIIAHGrJ65YtNxxDuekBSE4OTpsxKaVK4:5IVA65CNxIHk9ayxKaVK4
Score3/10 -
-
-
Target
$PLUGINSDIR/NSISList.dll
-
Size
97KB
-
MD5
2e0785f18f8714393bc4bc1fe170eadf
-
SHA1
1efba431c0fac46c6cb6f60dc08f65a0e23ccf3d
-
SHA256
e68d65626b24e7c1f6fbe1001f43174d0243095181025736f37ad704662f4351
-
SHA512
8a272bb264fa066960a4f34411a81652839eccdbc6fa25be20c0b94d7d10b16cb568338abb5d1a96c155cbc4bc7923d0387fa36bed69c1021296cc6cc5fbb45e
-
SSDEEP
3072:MoENnpXlyqLIslzjPfJ4/EiJtu0s+8Q0wRwFP:MoEf1ySz6Jsx5
Score1/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
c17103ae9072a06da581dec998343fc1
-
SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
-
SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
-
SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
SSDEEP
192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score3/10 -
-
-
Target
$PLUGINSDIR/brh.dll
-
Size
840KB
-
MD5
355c877b0a9c80d27eca9a480bf5fd5d
-
SHA1
af1d07a1d11d7f3e24d84324cc0cf70849da9338
-
SHA256
2e484b9053b5e155608fd10da190d4ee92c2286eea2a3f2ee6c564f24e8c1bba
-
SHA512
b2f115824617c9c23ef9df3b89f0cba6852071cd997ecb543cf1ca9c72fdefa636a74d25393c70c4ae2f602f499d5704c0917e8036c81537f8e07f0c0ee50250
-
SSDEEP
12288:FvnZF0XRBJ+csqI7I82c9LOsgxzO84KLdOsG6y8f:FRF2RBJ+qoXkI84KgN0
Score1/10 -
-
-
Target
$PLUGINSDIR/inetc.dll
-
Size
21KB
-
MD5
d7a3fa6a6c738b4a3c40d5602af20b08
-
SHA1
34fc75d97f640609cb6cadb001da2cb2c0b3538a
-
SHA256
67eff17c53a78c8ec9a28f392b9bb93df3e74f96f6ecd87a333a482c36546b3e
-
SHA512
75cf123448567806be5f852ebf70f398da881e89994b82442a1f4bc6799894e799f979f5ab1cc9ba12617e48620e6c34f71e23259da498da37354e5fd3c0f934
-
SSDEEP
384:oW4gLK82JvtosNCPhXKJ18hcEP1+f+pvMPbkdTg1Zahzs60Ac9khYLMkIX0+Gbyk:oW4i/2JloB5IQ9AhkwZaKRu
Score3/10 -
-
-
Target
$PLUGINSDIR/md5dll.dll
-
Size
8KB
-
MD5
97960d7a18662dac9cd80a8c5e3c794b
-
SHA1
4c28449cefa9af46bb7a63e9b9ea66a2de0ea287
-
SHA256
e0d1dc6e4c5cc13fb2db08fc741da0d08b315ebc8d3b53baa61552625d19b9c3
-
SHA512
1baab7b5378f3a396b31bf63b01b7905759c9f1d17d71882af63338d64eceda1884c947d93e4d9ef911bded1ef061043c873a88b8272f1aa296731aa745e756c
-
SSDEEP
96:+X4qYlYGflug0Dvxn6GuKM9sh1gdrN9+oB7FT9ez3vzrGogZcko5N1:+XMhugRK8hl+jvnZkKP
Score3/10 -
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
6KB
-
MD5
acc2b699edfea5bf5aae45aba3a41e96
-
SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2
-
SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e
-
SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe
-
SSDEEP
96:M7GUb+YNfwgcr8zyKwZ5S4JxN8BS0ef9/3VI9d0qqyVgNk32E:eKgfwgcr8zylsB49Ud0qJVgNX
Score3/10 -
-
-
Target
$TEMP/$_144_
-
Size
3.8MB
-
MD5
7ede9c63f9a5134eb50eb928c0c5aabf
-
SHA1
86d2cf7837cd460043835e8661ae5239c6f59fb3
-
SHA256
fdc3ac6e64545a4d500e7649203c9fe058c571065e98ae8a0002524879ba3c77
-
SHA512
7786a98dd74b769bae06e8679b093c134adffeb9bb29d89fc716498fcb900e000c320bfca178610126d5f6a3eeb9a450ac9ea0c8d292a7e6e01ccecd109a9389
-
SSDEEP
49152:oexhc4FrUKxYoDjU8foiL0ZN6wo5jsoYWEToHIouelzxQjAU4+vHhrv/Trah:pxK4iKxYsI8jNs7hTeBVQ0UfvBrv/qh
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
$TEMP/$_1750_
-
Size
3.8MB
-
MD5
7ede9c63f9a5134eb50eb928c0c5aabf
-
SHA1
86d2cf7837cd460043835e8661ae5239c6f59fb3
-
SHA256
fdc3ac6e64545a4d500e7649203c9fe058c571065e98ae8a0002524879ba3c77
-
SHA512
7786a98dd74b769bae06e8679b093c134adffeb9bb29d89fc716498fcb900e000c320bfca178610126d5f6a3eeb9a450ac9ea0c8d292a7e6e01ccecd109a9389
-
SSDEEP
49152:oexhc4FrUKxYoDjU8foiL0ZN6wo5jsoYWEToHIouelzxQjAU4+vHhrv/Trah:pxK4iKxYsI8jNs7hTeBVQ0UfvBrv/qh
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-