Analysis

  • max time kernel
    141s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/06/2024, 18:18

General

  • Target

    a1b4031f1d1fd89ae41b388436b0aea4_JaffaCakes118.exe

  • Size

    3.6MB

  • MD5

    a1b4031f1d1fd89ae41b388436b0aea4

  • SHA1

    97e025a67aec1ef2aec33b563da0055d5c5a9a1b

  • SHA256

    efdaa145fd4deeaee4bf550480a8cc5da698bc5077445170b3844e4a13136ef4

  • SHA512

    e8ad7ed58528e0624e668bc4609f42a3ac26c2fd2be1d0cecdc9f30f700a2bd68c63f7583ae242bde2dca05693b653c74cf5b5f6201965b30c6f14ae6e24f951

  • SSDEEP

    49152:A/oy6piGuXNVBEOnxdcLqjqyDWbSpWnZGZ9C4zvxBru3z/ado4dG4vAWDFUZ+7FW:e6aN/1INyDIoIGW4zOW9ffFHJFUxRs4

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 5 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\a1b4031f1d1fd89ae41b388436b0aea4_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a1b4031f1d1fd89ae41b388436b0aea4_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    PID:1264
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4184,i,11751898164297348119,13021661521765644467,262144 --variations-seed-version --mojo-platform-channel-handle=4136 /prefetch:8
    1⤵
      PID:4808

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\nsnF34B.tmp\Fusion.dll

      Filesize

      826KB

      MD5

      1e7c261feb603e432511600df1842469

      SHA1

      5b4705d04c8b2b463bdea61473cd1a1e435eb50b

      SHA256

      46d55ce95fe599cd2838e76bdf30fc395db76e438f84f9f962bd765c8ce4202a

      SHA512

      3763a994c410d36796887d376145c47fec8106dd63c7083410c144a702213a3ba57adae45b77c191af5637ebf6988beeaa37fbc0f4c37c6335da02661697869b

    • C:\Users\Admin\AppData\Local\Temp\nsnF34B.tmp\InstallOptions.dll

      Filesize

      15KB

      MD5

      89351a0a6a89519c86c5531e20dab9ea

      SHA1

      9e801aaaae9e70d8f7fc52f6f12cedc55e4c8a00

      SHA256

      f530069ef87a1c163c4fd63a3d5b053420ce3d7a98739c70211b4a99f90d6277

      SHA512

      13168fa828b581383e5f64d3b54be357e98d2eb9362b45685e7426ffc2f0696ab432cc8a3f374ce8abd03c096f1662d954877afa886fc4aa74709e6044b75c08

    • C:\Users\Admin\AppData\Local\Temp\nsnF34B.tmp\LangDLL.dll

      Filesize

      5KB

      MD5

      a1cd3f159ef78d9ace162f067b544fd9

      SHA1

      72671fdf4bfeeb99b392685bf01081b4a0b3ae66

      SHA256

      47b9e251c9c90f43e3524965aecc07bd53c8e09c5b9f9862b44c306667e2b0b6

      SHA512

      ccc70166c7d7746cd42cd0cec322b2adf4a478ff67c35d465f0f0f5b2b369c996a95557b678c09cb21b8311d8a91eed4196ddc218ea7d510f81464669b911362

    • C:\Users\Admin\AppData\Local\Temp\nsnF34B.tmp\System.dll

      Filesize

      11KB

      MD5

      bf712f32249029466fa86756f5546950

      SHA1

      75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

      SHA256

      7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

      SHA512

      13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

    • C:\Users\Admin\AppData\Local\Temp\nsnF34B.tmp\ioSpecial.ini

      Filesize

      1KB

      MD5

      5327c84759cf82521426152a9df9e9e2

      SHA1

      e3b163c2784701e8f65e0e20394cb12099ef7bd6

      SHA256

      0fecc5d8840ff8adb9edabccd98c26a03a0f2c4951b5d3fc51a629fa5aa83779

      SHA512

      4ef990b287f5b53cbf55c15019e9ef4b226bad230f22396af3d7fed9582d78c6f6393442d4569e75bde460b185a75435e1362d742b2cd412282237aa8a96aed7

    • memory/1264-16-0x0000000003DD0000-0x0000000003EB7000-memory.dmp

      Filesize

      924KB

    • memory/1264-94-0x0000000003DD0000-0x0000000003EB7000-memory.dmp

      Filesize

      924KB