Analysis

  • max time kernel
    125s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/06/2024, 22:55

General

  • Target

    a2ce5a73ea2d54fdd4e9a5129f39d8fe_JaffaCakes118.exe

  • Size

    85KB

  • MD5

    a2ce5a73ea2d54fdd4e9a5129f39d8fe

  • SHA1

    433c6d8322db270b3a677b3c46ecc518636f99b2

  • SHA256

    06e187ee90ec1e32e8e0bb61a7f806a92dabe74d104a11b5b927c1bd23847524

  • SHA512

    53fdce94128898a3d3efa7481f61f399f62fe4a5f302c6a59f1b63b22dde16c7278e3166d9eb16c9b71e4b327b8540d46eda24451fc3b24631c19f4b5b6f662b

  • SSDEEP

    1536:fCaIoX1oYOcbTMV88TXJLE7iwhKKS2gE2wGu3SzR3:fCaZ2Yrb0VTXJY7iZKUE2wGuih

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 8 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NSIS installer 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a2ce5a73ea2d54fdd4e9a5129f39d8fe_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a2ce5a73ea2d54fdd4e9a5129f39d8fe_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:4972
    • C:\Users\Admin\AppData\Local\Temp\nsjE9D4.tmp\iWinGames.exe
      C:\Users\Admin\AppData\Local\Temp\nsjE9D4.tmp\iWinGames.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:5064
      • C:\Users\Admin\AppData\Local\Temp\nsgEF81.tmp\InstGameInfoHelper.exe
        "C:\Users\Admin\AppData\Local\Temp\nsgEF81.tmp\InstGameInfoHelper.exe"
        3⤵
        • Executes dropped EXE
        PID:4564
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4324,i,1236064252342462940,13180713657498721890,262144 --variations-seed-version --mojo-platform-channel-handle=4532 /prefetch:8
    1⤵
      PID:2784

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\nsgEF81.tmp\BgImage.dll

      Filesize

      7KB

      MD5

      c430c0a7ef0ac8f80004de7f7898bced

      SHA1

      1f698e988bcc19d280a70c3283ff2816bb0db465

      SHA256

      dd4e24bcee7e9e952f1c7cda7532c0b851b87577e1b679380808f22d875c7c96

      SHA512

      3fa4fe59cadb580ab8b452ff7c2dd3802f8f6fe920dee15c81492c0c324ab991471de01fdb6f3ac07e336a90755243a1ef1de1bb5dd1c51cb70918e7192b46b4

    • C:\Users\Admin\AppData\Local\Temp\nsgEF81.tmp\InstGameInfoHelper.exe

      Filesize

      99KB

      MD5

      3d3d2bf9c42dbdf97247775c00f22190

      SHA1

      7a046170aaeb5e1a29d8c8cd7c32225f49237aa1

      SHA256

      59f09ba2c79a209008e76d0478bb691a9fdb2180d84318d9fc73b10401aa853a

      SHA512

      6e66c4ff467e286cd5dc1d4ccd412fec32cfd01514db6c339fd275eaab5f3b549e223e9330bc61ff19048df70b81b66dfcc78ac351aa2c5ff45cf8d197140466

    • C:\Users\Admin\AppData\Local\Temp\nsgEF81.tmp\gametitle.txt

      Filesize

      18B

      MD5

      08e6a153368d8c0fb970a1cf0b60a6fb

      SHA1

      4f2ebf2b3eaa65f4d47b34f61622f09bb345606c

      SHA256

      5993da161b24cffbcd13269a3e5a7bff1d65dadbf5a72829e5dbd4a882266973

      SHA512

      0df00d67f04a2edc9f24257114095a5956fdf3d26c6665ccbd9de09de53d047454273b7acf602f81ca4985d65fab263b7dd04938e40db001068b36bc9cdf5dad

    • C:\Users\Admin\AppData\Local\Temp\nsgEF81.tmp\nsExec.dll

      Filesize

      6KB

      MD5

      51e63a9c5d6d230ef1c421b2eccd45dc

      SHA1

      c499cdad5c613d71ed3f7e93360f1bbc5748c45d

      SHA256

      cd8496a3802378391ec425dec424a14f5d30e242f192ec4eb022d767f9a2480f

      SHA512

      c23d713c3c834b3397c2a199490aed28f28d21f5781205c24df5e1e32365985c8a55be58f06979df09222740ffa51f4da764ebc3d912cd0c9d56ab6a33cab522

    • C:\Users\Admin\AppData\Local\Temp\nsgEF81.tmp\tn_feat.bmp

      Filesize

      4KB

      MD5

      6792b98e5bf4a7835a2e5e533c632494

      SHA1

      5f7d25167558a188dbefaadbff2de0595c4ea0b3

      SHA256

      7ef3a4675994c2df47456026bc784837fa8e5fff0519c905abf6a5a3fb9fef25

      SHA512

      8528e97c0e1ee035b6e7f56a53cf699734ea9da84050b28f344b5bf8f13a95e2ce5457b50bb372438192fa12d7fff108df914e516a3aa062a9091ba600511a55

    • C:\Users\Admin\AppData\Local\Temp\nsjE9D4.tmp\System.dll

      Filesize

      11KB

      MD5

      960a5c48e25cf2bca332e74e11d825c9

      SHA1

      da35c6816ace5daf4c6c1d57b93b09a82ecdc876

      SHA256

      484f8e9f194ed9016274ef3672b2c52ed5f574fb71d3884edf3c222b758a75a2

      SHA512

      cc450179e2d0d56aee2ccf8163d3882978c4e9c1aa3d3a95875fe9ba9831e07ddfd377111dc67f801fa53b6f468a418f086f1de7c71e0a5b634e1ae2a67cd3da

    • C:\Users\Admin\AppData\Local\Temp\nsjE9D4.tmp\ftdownload.dat

      Filesize

      512B

      MD5

      bc1a08283ccd7967613219c5cea33048

      SHA1

      a104a940995e6aaf7faaf9a1bd1e061c3e4b0dd8

      SHA256

      3160186021a733b39e860061c5b1fcce905dd595a20ab4db87410f674f958916

      SHA512

      2b235b9076265352a8a2d43804c030f0ecc7168ab3bf3ec73cbef33865c44fe62d683a5f3294bdce77cb44d54fe2f47547133e601f2f1fb08620bd5ccb2a225a

    • C:\Users\Admin\AppData\Local\Temp\nsjE9D4.tmp\iWinGames.exe

      Filesize

      4.4MB

      MD5

      9939c0274f24ae6d6e29dd5580fd88ac

      SHA1

      96c2a03086e3afd51430fa0f79026d7a961101ae

      SHA256

      991cefa2b730f298ae402d32ad1e311996354f4bb4ae815c4f979e03b70a5471

      SHA512

      ab230e1b79f14ce6bcde605a5cb0e13c4030fd64c9b86cb1df290455084dcd04c40f2f011ea0e674b52e6f47490ee9bb3f41dc5e07b83187f3c75c13c471bf35

    • C:\Users\Admin\AppData\Local\Temp\nsjE9D4.tmp\nsisdl.dll

      Filesize

      14KB

      MD5

      a5a4cee2eb89d2687c05ef74299f0dba

      SHA1

      b9bff5987be422887f2f402357b47db2288a1a42

      SHA256

      cb82268b778703db75961cddef33a695a674f0dfd28b7e710b198ef2d26d3963

      SHA512

      f485267c6239f84d294ed4b0a82f317081e6e2e0c5613bd012bbd496b9ebccb8aca6944e80f84af51d17ac13f4d83480c34edfe37a3a9508ce0e67fc9f0b96f0