Overview

overview

7

Static

static

7

a1b4031f1d...18.exe

windows7-x64

7

a1b4031f1d...18.exe

windows10-2004-x64

7

$PLUGINSDI...on.dll

windows7-x64

7

$PLUGINSDI...on.dll

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

3DP_Chip.exe

windows7-x64

1

3DP_Chip.exe

windows10-2004-x64

1

DPInst32.exe

windows7-x64

7

DPInst32.exe

windows10-2004-x64

7

DPInst64.exe

windows7-x64

4

DPInst64.exe

windows10-2004-x64

4

avs3d.exe

windows7-x64

1

avs3d.exe

windows10-2004-x64

1

gdiplus.dll

windows7-x64

3

gdiplus.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    140s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    12/06/2024, 18:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a1b4031f1d1fd89ae41b388436b0aea4_JaffaCakes118.exe

  • Size

    3.6MB

  • MD5

    a1b4031f1d1fd89ae41b388436b0aea4

  • SHA1

    97e025a67aec1ef2aec33b563da0055d5c5a9a1b

  • SHA256

    efdaa145fd4deeaee4bf550480a8cc5da698bc5077445170b3844e4a13136ef4

  • SHA512

    e8ad7ed58528e0624e668bc4609f42a3ac26c2fd2be1d0cecdc9f30f700a2bd68c63f7583ae242bde2dca05693b653c74cf5b5f6201965b30c6f14ae6e24f951

  • SSDEEP

    49152:A/oy6piGuXNVBEOnxdcLqjqyDWbSpWnZGZ9C4zvxBru3z/ado4dG4vAWDFUZ+7FW:e6aN/1INyDIoIGW4zOW9ffFHJFUxRs4

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 4 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a1b4031f1d1fd89ae41b388436b0aea4_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a1b4031f1d1fd89ae41b388436b0aea4_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:1784

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsd6C6B.tmp\ioSpecial.ini
    Filesize

    774B

    MD5

    60655f412a842657d2f673db1a3276b3

    SHA1

    9ce8e83384fe2f1a05303676bc0cc69098deacca

    SHA256

    ed1ea7a65801a22b098868c43a73a6d5094020ab30b48c822085b8f57b997334

    SHA512

    0d41ba033e2992dd3f3d369a1b7ab430e03838eb25bc08e9e004c7e8298feaaf4bc63bccdad2c3184202e1f133e8139bbe31a712381c54f7f6ff91d5f691a6cc

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsd6C6B.tmp\ioSpecial.ini
    Filesize

    1KB

    MD5

    c2e7fb81d40792f89b2282a16810f506

    SHA1

    0ede35aebb99d69d57ce56e00be2317d783d0590

    SHA256

    97ce123b316a349be29c8949ec391ac2ea2cbb9de92a30482770a7802353d49e

    SHA512

    7e639a52932096f820cd0bfa5883424bf6d49d832c8799fb5e45de0a181f88d5d340829b9ec443f9fadb4586a2bbef45119c57f446a796238e100427c06b0cf9

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd6C6B.tmp\Fusion.dll
    Filesize

    826KB

    MD5

    1e7c261feb603e432511600df1842469

    SHA1

    5b4705d04c8b2b463bdea61473cd1a1e435eb50b

    SHA256

    46d55ce95fe599cd2838e76bdf30fc395db76e438f84f9f962bd765c8ce4202a

    SHA512

    3763a994c410d36796887d376145c47fec8106dd63c7083410c144a702213a3ba57adae45b77c191af5637ebf6988beeaa37fbc0f4c37c6335da02661697869b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd6C6B.tmp\InstallOptions.dll
    Filesize

    15KB

    MD5

    89351a0a6a89519c86c5531e20dab9ea

    SHA1

    9e801aaaae9e70d8f7fc52f6f12cedc55e4c8a00

    SHA256

    f530069ef87a1c163c4fd63a3d5b053420ce3d7a98739c70211b4a99f90d6277

    SHA512

    13168fa828b581383e5f64d3b54be357e98d2eb9362b45685e7426ffc2f0696ab432cc8a3f374ce8abd03c096f1662d954877afa886fc4aa74709e6044b75c08

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd6C6B.tmp\LangDLL.dll
    Filesize

    5KB

    MD5

    a1cd3f159ef78d9ace162f067b544fd9

    SHA1

    72671fdf4bfeeb99b392685bf01081b4a0b3ae66

    SHA256

    47b9e251c9c90f43e3524965aecc07bd53c8e09c5b9f9862b44c306667e2b0b6

    SHA512

    ccc70166c7d7746cd42cd0cec322b2adf4a478ff67c35d465f0f0f5b2b369c996a95557b678c09cb21b8311d8a91eed4196ddc218ea7d510f81464669b911362

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd6C6B.tmp\System.dll
    Filesize

    11KB

    MD5

    bf712f32249029466fa86756f5546950

    SHA1

    75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

    SHA256

    7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

    SHA512

    13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

    Download Submit

  • memory/1784-13-0x0000000003B00000-0x0000000003BE7000-memory.dmp

    Filesize

    924KB

    Download

  • memory/1784-91-0x0000000003B00000-0x0000000003BE7000-memory.dmp

    Filesize

    924KB

    Download