15172a98a088a03b1be9e5fb8df3a7e22f20fbf9ca37aee37fa27b3aa5756785

Analysis

max time kernel
92s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/06/2024, 11:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9a83d9a9bc6fd1a5e73363afa63c43cb_JaffaCakes118.exe
Size

618KB
MD5

9a83d9a9bc6fd1a5e73363afa63c43cb
SHA1

461c8c363d448e617342cef2c6629dc11b0d1701
SHA256

15172a98a088a03b1be9e5fb8df3a7e22f20fbf9ca37aee37fa27b3aa5756785
SHA512

5df14f9352efccbdb64a5781baeb11edbbd816ef21e991e4c066d9a9403ce8a298a2ec53b099144625afd525a0384b90108297b981d0d427aba9b94f6232e408
SSDEEP

12288:8/ci5sES96VqZ/qHmXV/3b3r3UsvEv+qWxBx9gqg+ccMDpizGMMgHKL9Sfy2WJMk:8UilS8VqQHs3LrBd9gqgRcMDpizGMMqy

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
4156	9a83d9a9bc6fd1a5e73363afa63c43cb_JaffaCakes118.exe
4156	9a83d9a9bc6fd1a5e73363afa63c43cb_JaffaCakes118.exe
4156	9a83d9a9bc6fd1a5e73363afa63c43cb_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\9a83d9a9bc6fd1a5e73363afa63c43cb_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\9a83d9a9bc6fd1a5e73363afa63c43cb_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
PID:4156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsm326C.tmp\LangDLL.dll

Filesize
5KB

MD5
6e8be59d69cae90b7c46dc032d3da9c2

SHA1
867aadabf248b0d5a5002c0ff53fa4a23939a7a4

SHA256
ca751b693af5a6c33842ea993824536aaa8f6e191fa40078f5d54aaf853c163b

SHA512
c49e789267a769122d0fac366b1590591debeb33dbe0cdbd0f853e26c2a1938646dc6093e92d89cbf2bebb79729f547d3dfa0fd64e3ab4bb9127b6cdc546cbc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm326C.tmp\System.dll

Filesize
11KB

MD5
b3d5e62d09f6047905a45e5f2f0cf2ef

SHA1
bdc0155578aea04da50e981abf762ae0968ad1a6

SHA256
dc6a9ed86c21f1cb6a7cb33f32ec0c09ef610741ff5f88c1ae17b92d075bc23a

SHA512
64e12a2fdee36079f817351cd0c3bbd5bb132d3e15453d1581d8de375413669054458c0ec83fc40f4fb3af1616e70ed87ccb74b37f6ed9c2513947eafc66a024

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm326C.tmp\__a6a2bd0b3324445da8bb5e972419f8a7_lib.dll

Filesize
726KB

MD5
bb188761a401992bf70cce21be197829

SHA1
c7c159bb4421889fb03a5934364ac00af476a0d1

SHA256
f9fbf4a12f964a2d284f4cfc46da63733a38dde0efeeecee17a056f39433b038

SHA512
d525e061dae63e5a3e20b10912cb766a1e9cbacf1fa65e4b432acaf21c044c6b024bd8764a62bfb0e8c38af19014c2309dc1f5e1d0b207706f6596375039a1e4

Download Submit