Overview

overview

7

Static

static

3

9b33af69e7...18.exe

windows7-x64

7

9b33af69e7...18.exe

windows10-2004-x64

7

$PLUGINSDI...nt.dll

windows7-x64

3

$PLUGINSDI...nt.dll

windows10-2004-x64

3

$PLUGINSDI...se.dll

windows7-x64

3

$PLUGINSDI...se.dll

windows10-2004-x64

3

$PLUGINSDI...ig.dll

windows7-x64

3

$PLUGINSDI...ig.dll

windows10-2004-x64

3

$PLUGINSDI...ay.dll

windows7-x64

3

$PLUGINSDI...ay.dll

windows10-2004-x64

3

$PLUGINSDI...re.dll

windows7-x64

3

$PLUGINSDI...re.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI..._n.dll

windows7-x64

3

$PLUGINSDI..._n.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDIR/nxs.dll

windows7-x64

1

$PLUGINSDIR/nxs.dll

windows10-2004-x64

1

$TEMP/$_73_/ext.exe

windows7-x64

1

$TEMP/$_73_/ext.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    10/06/2024, 15:46

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    9b33af69e794354c66feb4d34740fcd0_JaffaCakes118.exe

  • Size

    569KB

  • MD5

    9b33af69e794354c66feb4d34740fcd0

  • SHA1

    7c4c067bf40448fe2d9f776edcc0c99d6c593f0c

  • SHA256

    6a39efe4f8a61f17dd98d9a2b3719d4ff899b630fa5d594f7cb3251202231a84

  • SHA512

    cfb14297649dbc495302416f55a30c2fc36a228d7c6958a574a672b9f15cb353c489915c99e6b1037e3ce073a1ae4ba10474a4ed6e50e77dd240e52483b2abfd

  • SSDEEP

    12288:DRZxjwJ0RJZ4jDAct8C+EViOGtelOt+FuKbNjNbddLxVSJJ5FDgQS13g:DRZx0uZ4jDh+w+tdt+NbfLxMJJ7DZv

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\9b33af69e794354c66feb4d34740fcd0_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\9b33af69e794354c66feb4d34740fcd0_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    PID:1596

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\nsy1E9A.tmp\IpConfig.dll
          Filesize

          114KB

          MD5

          a3ed6f7ea493b9644125d494fbf9a1e6

          SHA1

          ebeee67fb0b5b3302c69f47c5e7fca62e1a809d8

          SHA256

          ec0f85f8a9d6b77081ba0103f967ef6705b547bf27bcd866d77ac909d21a1e08

          SHA512

          7099e1bc78ba5727661aa49f75523126563a5ebccdff10cabf868ce5335821118384825f037fbf1408c416c0212aa702a5974bc54d1b63c9d0bcade140f9aae1

          Download Submit

        • \Users\Admin\AppData\Local\Temp\nsy1E9A.tmp\NSISArray.dll
          Filesize

          18KB

          MD5

          c4279b957d4dc593074479bc088b74c1

          SHA1

          53de3c1bb13a19a0ae19d9db5cbef1b919520f83

          SHA256

          b279c82b7e6f6bf652c5b5440c20f01d522f6e8d3c79b72076e18796166316f6

          SHA512

          c1746122489ceb6c3af6c535beccd8d9d853c53dcb41274f122c43bc0ea5f9fe83873218e22d9c69a39f83ed54e7d5b8b9ab0adefaec23cf5d8c3a51438688c5

          Download Submit

        • \Users\Admin\AppData\Local\Temp\nsy1E9A.tmp\System.dll
          Filesize

          11KB

          MD5

          c17103ae9072a06da581dec998343fc1

          SHA1

          b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

          SHA256

          dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

          SHA512

          d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

          Download Submit

        • \Users\Admin\AppData\Local\Temp\nsy1E9A.tmp\inetc_n.dll
          Filesize

          20KB

          MD5

          e541458cfe66ef95ffbea40eaaa07289

          SHA1

          caec1233f841ee72004231a3027b13cdeb13274c

          SHA256

          3bce87b66d9272c82421920c34b0216e12c57a437d1955c36f23c74c1a01d420

          SHA512

          0bf6313e4cb7bbdcfba828fb791540b630adc58c43aa4b5ba77790367d0f34f76077cd84cc62e2a2c98c788a88547f32a11e549873d172c5aa2753124847cd0c

          Download Submit

        • \Users\Admin\AppData\Local\Temp\nsy1E9A.tmp\nxs.dll
          Filesize

          6KB

          MD5

          8ca09b6200ffa05b54c6672d855beb4a

          SHA1

          daa16fe49c8b2250e9d2383b861cda51f876de49

          SHA256

          033e93ad470241c92762924ccfceafb849a525e263e5d4a3dbcfc2e07a8803c3

          SHA512

          6ab97181ec45430888d8ad3fd411de22423e1c057833e282af085a975198338c95f7ba10b7c69f33298afc88ddd38d01ab010998fd4a8ba8abb8561796bf9f14

          Download Submit

        • memory/1596-19-0x00000000028B0000-0x00000000028D6000-memory.dmp

          Filesize

          152KB

          Download