Overview

overview

4

Static

static

3

7a545f5644...18.exe

windows7-x64

4

7a545f5644...18.exe

windows10-2004-x64

4

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    92s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-05-2024 19:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7a545f5644ced0daef18f67aed981323_JaffaCakes118.exe

  • Size

    6.6MB

  • MD5

    7a545f5644ced0daef18f67aed981323

  • SHA1

    6dff1c5d8bf633215880659d9d910e43f9b13de8

  • SHA256

    f620c53ba1917ecf52cf98c5d9af334311ae00de9915200e641efcb90eccb6ea

  • SHA512

    0b14f8e722c42179d38fbc5a502c8589b53c4be390a58ae57b1723ef726c00c1fc4aababf872998961d0a98007a5b9061f4ca1b54b20844167f2956df7df8397

  • SSDEEP

    196608:+zV030ifthyBJQ8Sw712z62MhWaEgkXtfx5FqSEt:+zcjthuQ3wkzT2WabytJdEt

Score
4/10
discovery

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Loads dropped DLL 12 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7a545f5644ced0daef18f67aed981323_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\7a545f5644ced0daef18f67aed981323_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2916
    • C:\Windows\SysWOW64\ping.exe
      ping -n 1 -w 1000 www.piriform.com
      2⤵
      • Runs ping.exe
      PID:824

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsi2770.tmp\ButtonEvent.dll
    Filesize

    5KB

    MD5

    c24568a3b0d7c8d7761e684eb77252b5

    SHA1

    66db7f147cbc2309d8d78fdce54660041acbc60d

    SHA256

    e2da6d8b73b5954d58baa89a949aacece0527dfb940ca130ac6d3fd992d0909d

    SHA512

    5d43e4c838fd7f4c6a4ab6cc6d63e0f81d765d9ca33d9278d082c4f75f9416907df10b003e10edc1b5ef39535f722d8dbfab114775ac67da7f9390dcc2b4b443

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsi2770.tmp\System.dll
    Filesize

    11KB

    MD5

    41a3c964232edd2d7d5edea53e8245cd

    SHA1

    76d7e1fbf15cc3da4dd63a063d6ab2f0868a2206

    SHA256

    8b65fec615c7b371c23f8f7f344b12dc5085e40a556f96db318ed757494d62d5

    SHA512

    fa16bd9d020602e3065afd5c0638bc37775b40eb18bfa33b4ca5babcc3e6f112ae7d43457a6e9685ddbe6e94b954a1dc43d1da7af9ca7464019a3f110af549c1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsi2770.tmp\UserInfo.dll
    Filesize

    4KB

    MD5

    c1f778a6d65178d34bde4206161a98e0

    SHA1

    29719fffef1ab6fe2df47e5ed258a5e3b3a11cfc

    SHA256

    9caf7a78f750713180cf64d18967a2b803b5580e636e59279dcaaf18ba0daa87

    SHA512

    9c3cf25cf43f85a5f9c9ed555f12f3626ef9daeeedd4d366ada58748ead1f6e279fea977c76ae8bae1dc49bfd852e899cb137c4a006c13e9fcebf6e5e2926a4d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsi2770.tmp\g\gcapi_dll.dll
    Filesize

    211KB

    MD5

    d496480a00abde0655c0fdce9530b43e

    SHA1

    9a86f0dd5151de38666073605619d7c2152839e4

    SHA256

    da10e8220d101c5ea98b4872879bd27884328c3794e08cf30492af2c9343005b

    SHA512

    ff18369e12473e4c40e3c9d76f90cf356c4c447633e69d7f35e43f9545f2a9dd8043459fc2f0aa1cd8555f1a9c5c8c9228f4103ea7ffe9413d8508af2e2a4c22

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsi2770.tmp\g\gtapi_signed.dll
    Filesize

    71KB

    MD5

    61bc40d1fad9e0faa9a07219b90ba0e4

    SHA1

    5b5c3badedba915707000d2047eaf13f27b8925e

    SHA256

    89e157a4f61d7d18180cb7f901c0095da3b7a5cc5a9fd58d710099e5f0ee505a

    SHA512

    fa341aa975c471082b4b6c380f794d1e9ab3939382972cfb9e1dbb3491f68296ad1cedc8f03736921c8e133f62432997de29642e223c2a97f1cab5ce91d68af9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsi2770.tmp\nsDialogs.dll
    Filesize

    9KB

    MD5

    2aba8f16eca82517460013a3de7cbf67

    SHA1

    3812192fa7b873f426c4b0d0d822b3c9d51aa164

    SHA256

    60b85fad2477b8c0138067be3697290b280b9334cf408cb57894e3baae615d0d

    SHA512

    4e059f70ef420c22d69199557ff3eab9e51fcefc75d220b057f1508f9566cd6251f9e06a8fe3695bf7d913ebabd2519ce52f485f2de9a5e4ab3ebc553b877fb0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsi2770.tmp\nsExec.dll
    Filesize

    6KB

    MD5

    5ed60250f74fa36a5a247a715bcd026e

    SHA1

    ff5f3ad0b32ede49a28e744664d086f6fe9e46b0

    SHA256

    ea8026766adc2d7cc26e2206cfdf5f0865b1426bfe3bc2aec8f43d3fc9a072ef

    SHA512

    2dd77324c1e0fea801a5cac1fe1d67349a5a93d4a9a459ee1e6b469f6ccce309fc45e513f38de238971b0a83d31e0afe3a2686eca8887772445209cde5735cee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsi2770.tmp\p\syschk.dll
    Filesize

    255KB

    MD5

    42fb0c5333071b1f4b04587b4e38353e

    SHA1

    3e241a174204ab23a1f98148bc9a28269a12c668

    SHA256

    d39c9c47075c0bd297affb3e5dc73b23eee3a9e83b1e209359bdf64a620c8792

    SHA512

    cdcde909f95144882965b347cf7acf2ee3da31b067d59668a4d41e66605dc30df803ef18a9328d82a681a70533038b33fae167f146267ffd2f68e1b582d6ebb1

    Download Submit