94fef3ee9512941ff1aa4c8a951598ae67c42b71fbc047d28f3164570497d0b0

Analysis

max time kernel
135s
max time network
109s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 03:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

743ac40c6b7ef79481773fd14dc6bfe7_JaffaCakes118.exe
Size

8.4MB
MD5

743ac40c6b7ef79481773fd14dc6bfe7
SHA1

f5b04c1a4fb752ab750a1ef91313bd6f7095eb61
SHA256

94fef3ee9512941ff1aa4c8a951598ae67c42b71fbc047d28f3164570497d0b0
SHA512

0104cbb1c5ec5610ed760289ada227921be8c1f526e5de0adf516ebad972cf1eff20fd59ac85a7cf1ea121f6036b4c67147f7d04515dd6f401376a3f11bcd164
SSDEEP

196608:TUWVop/eZE87qzzvrAhPtqCybuUuXwEED0Yoj:TUWyp/e+RfvrsPtyfuXwEED0Yoj

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
4600	743ac40c6b7ef79481773fd14dc6bfe7_JaffaCakes118.exe
4600	743ac40c6b7ef79481773fd14dc6bfe7_JaffaCakes118.exe
4600	743ac40c6b7ef79481773fd14dc6bfe7_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\743ac40c6b7ef79481773fd14dc6bfe7_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\743ac40c6b7ef79481773fd14dc6bfe7_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
PID:4600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsl3097.tmp\InstallOptions.dll

Filesize
14KB

MD5
07f44600b7eb220c2606e67a6d3f679d

SHA1
13b3aa534496ffab2597cc8ff3689cd91facc89d

SHA256
59f7effd3d516dabf92a41e9886c307bd26f0e0985d637414eba1b3f9f720dab

SHA512
63ec9038b718da687065f3938f87391c7925577b656c63cf5abc32de5b7daa7363f07ce973d2af8ea347321a3d1c543273b6cb1ca30eb414c8657f90cd0268de

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl3097.tmp\System.dll

Filesize
11KB

MD5
f55b41485cbaf292389a52f8e4f0594b

SHA1
89e9b0d1291fa78a40cab358553c447cbbeaa130

SHA256
f16bc2ceb7a6bc7df0955530e72b0aa072ce27650c5cf7b33fd4ea82dea196fc

SHA512
938e8661b8cf418608156dc813c1eb0cc3fa5efa9483061a152bb103c4d821d5c6a82d4c110729e9686f99ccd4da188aebb38a85a01d8ecadb34bb9f6ba60d09

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl3097.tmp\ioSpecial.ini

Filesize
721B

MD5
b5390e5a1175092d7c1cfa520dec8090

SHA1
96f8a87ac4b75fb7e20cec98f4cfc776c0320164

SHA256
1e409ac8fb1f0697f260305f2c387bfd43214513aed6cefc8e95603c65e511f1

SHA512
6178f159c957b74c72a212224e3d2acc9b0949bd08984ef465b8ffd7e0fb29ed60af95d40c4b6b795fd5136ccea3c32976dbe6e9d1bf0f0a9566aeb71e7ecd1d

Download Submit