Analysis

  • max time kernel
    145s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-06-2024 13:02

General

  • Target

    a5aae6dc2d5787d13aaeb4e88ca40039_JaffaCakes118.exe

  • Size

    301KB

  • MD5

    a5aae6dc2d5787d13aaeb4e88ca40039

  • SHA1

    2487ebe95cb2643399d92fffde9285faf2420d99

  • SHA256

    21ad01dc4e71eaabdbb4bc20c1e3caf42d930b6c5dc2ef8fd730dd53784ab0e3

  • SHA512

    b0a48cf0745e7cf0ec1e048cac5a475a897a03e3533a8acbb53910e53679623ec0ea6f408860a67de21cd58598323adcfc3e54492cc1bc13a8587c6e536d654d

  • SSDEEP

    6144:wzfj/e3up4c2aArt0UU+AmPZ9dTHxno/HnlDPlY0WPmKXtqVRMn/F:G/e3up4c6rt0Z+AmDdTHxnuHtlY0WPmO

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 28 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a5aae6dc2d5787d13aaeb4e88ca40039_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a5aae6dc2d5787d13aaeb4e88ca40039_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of FindShellTrayWindow
    PID:216

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsd4E03.tmp\WmiInspector.dll
    Filesize

    104KB

    MD5

    8531346d16fa5d4768f6530d2eb2b65c

    SHA1

    153601d36aa0ddfbc597b1e890917364878791ca

    SHA256

    a9347413de4b0f90cac0b5e300cec9c867bdb28bd7a60d07b10fd31ee56c60cb

    SHA512

    f214e75de20edeb7eece02659fd7dafc8c3d63c2350c58825bc6e9ce0b73237962d8273b4bc803a2f304cee9f9cad1cd4edab28322c1e678bc25eb88faa6a841

  • C:\Users\Admin\AppData\Local\Temp\nsd4E03.tmp\inetc.dll
    Filesize

    20KB

    MD5

    f02155fa3e59a8fc48a74a236b2bb42e

    SHA1

    6d76ee8f86fb29f3352c9546250d940f1a476fb8

    SHA256

    096a4dc5150f631b4d4d10cae07ef0974dda205b174399f46209265e89c2c999

    SHA512

    8be78e88c5ef2cd01713f7b5154cfdeea65605cc5d110522375884eeec6bad68616a4058356726cbbd15d28b42914864045f0587e1e49a4e18336f06c1c73399

  • C:\Users\Admin\AppData\Local\Temp\nsd4E03.tmp\t1.dll
    Filesize

    4KB

    MD5

    058ba8a0916d957d3b91d08ea2e876e2

    SHA1

    1a7c36c50c5bd93f535b624a2882bc3905e7e7f3

    SHA256

    510af8083c0eef8b04e1171a9d6d94c64a1859701bbb106c565d2ec869437661

    SHA512

    24124b45bf42e186a06fcb71ca7e2c1fed3b762b681286185d7cdff53b3800c35b6326a6f21c82e9de59d8bbcb3fdab4a5c1cc9c8683e43ff230b07913d26f02