Overview
overview
7Static
static
3a5aae6dc2d...18.exe
windows7-x64
7a5aae6dc2d...18.exe
windows10-2004-x64
7$PLUGINSDI...ig.dll
windows7-x64
3$PLUGINSDI...ig.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...or.dll
windows7-x64
3$PLUGINSDI...or.dll
windows10-2004-x64
3$PLUGINSDIR/inetc.dll
windows7-x64
3$PLUGINSDIR/inetc.dll
windows10-2004-x64
3$PLUGINSDIR/t1.dll
windows7-x64
1$PLUGINSDIR/t1.dll
windows10-2004-x64
1IWsrv.exe
windows7-x64
1IWsrv.exe
windows10-2004-x64
1Analysis
-
max time kernel
145s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 13:02
Static task
static1
Behavioral task
behavioral1
Sample
a5aae6dc2d5787d13aaeb4e88ca40039_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
a5aae6dc2d5787d13aaeb4e88ca40039_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/IpConfig.dll
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/IpConfig.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/WmiInspector.dll
Resource
win7-20240220-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/WmiInspector.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/inetc.dll
Resource
win7-20240611-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/inetc.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/t1.dll
Resource
win7-20240419-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/t1.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
IWsrv.exe
Resource
win7-20240508-en
Behavioral task
behavioral14
Sample
IWsrv.exe
Resource
win10v2004-20240508-en
General
-
Target
a5aae6dc2d5787d13aaeb4e88ca40039_JaffaCakes118.exe
-
Size
301KB
-
MD5
a5aae6dc2d5787d13aaeb4e88ca40039
-
SHA1
2487ebe95cb2643399d92fffde9285faf2420d99
-
SHA256
21ad01dc4e71eaabdbb4bc20c1e3caf42d930b6c5dc2ef8fd730dd53784ab0e3
-
SHA512
b0a48cf0745e7cf0ec1e048cac5a475a897a03e3533a8acbb53910e53679623ec0ea6f408860a67de21cd58598323adcfc3e54492cc1bc13a8587c6e536d654d
-
SSDEEP
6144:wzfj/e3up4c2aArt0UU+AmPZ9dTHxno/HnlDPlY0WPmKXtqVRMn/F:G/e3up4c6rt0Z+AmDdTHxnuHtlY0WPmO
Malware Config
Signatures
-
Loads dropped DLL 28 IoCs
Processes:
a5aae6dc2d5787d13aaeb4e88ca40039_JaffaCakes118.exepid process 216 a5aae6dc2d5787d13aaeb4e88ca40039_JaffaCakes118.exe 216 a5aae6dc2d5787d13aaeb4e88ca40039_JaffaCakes118.exe 216 a5aae6dc2d5787d13aaeb4e88ca40039_JaffaCakes118.exe 216 a5aae6dc2d5787d13aaeb4e88ca40039_JaffaCakes118.exe 216 a5aae6dc2d5787d13aaeb4e88ca40039_JaffaCakes118.exe 216 a5aae6dc2d5787d13aaeb4e88ca40039_JaffaCakes118.exe 216 a5aae6dc2d5787d13aaeb4e88ca40039_JaffaCakes118.exe 216 a5aae6dc2d5787d13aaeb4e88ca40039_JaffaCakes118.exe 216 a5aae6dc2d5787d13aaeb4e88ca40039_JaffaCakes118.exe 216 a5aae6dc2d5787d13aaeb4e88ca40039_JaffaCakes118.exe 216 a5aae6dc2d5787d13aaeb4e88ca40039_JaffaCakes118.exe 216 a5aae6dc2d5787d13aaeb4e88ca40039_JaffaCakes118.exe 216 a5aae6dc2d5787d13aaeb4e88ca40039_JaffaCakes118.exe 216 a5aae6dc2d5787d13aaeb4e88ca40039_JaffaCakes118.exe 216 a5aae6dc2d5787d13aaeb4e88ca40039_JaffaCakes118.exe 216 a5aae6dc2d5787d13aaeb4e88ca40039_JaffaCakes118.exe 216 a5aae6dc2d5787d13aaeb4e88ca40039_JaffaCakes118.exe 216 a5aae6dc2d5787d13aaeb4e88ca40039_JaffaCakes118.exe 216 a5aae6dc2d5787d13aaeb4e88ca40039_JaffaCakes118.exe 216 a5aae6dc2d5787d13aaeb4e88ca40039_JaffaCakes118.exe 216 a5aae6dc2d5787d13aaeb4e88ca40039_JaffaCakes118.exe 216 a5aae6dc2d5787d13aaeb4e88ca40039_JaffaCakes118.exe 216 a5aae6dc2d5787d13aaeb4e88ca40039_JaffaCakes118.exe 216 a5aae6dc2d5787d13aaeb4e88ca40039_JaffaCakes118.exe 216 a5aae6dc2d5787d13aaeb4e88ca40039_JaffaCakes118.exe 216 a5aae6dc2d5787d13aaeb4e88ca40039_JaffaCakes118.exe 216 a5aae6dc2d5787d13aaeb4e88ca40039_JaffaCakes118.exe 216 a5aae6dc2d5787d13aaeb4e88ca40039_JaffaCakes118.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
a5aae6dc2d5787d13aaeb4e88ca40039_JaffaCakes118.exepid process 216 a5aae6dc2d5787d13aaeb4e88ca40039_JaffaCakes118.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\nsd4E03.tmp\WmiInspector.dllFilesize
104KB
MD58531346d16fa5d4768f6530d2eb2b65c
SHA1153601d36aa0ddfbc597b1e890917364878791ca
SHA256a9347413de4b0f90cac0b5e300cec9c867bdb28bd7a60d07b10fd31ee56c60cb
SHA512f214e75de20edeb7eece02659fd7dafc8c3d63c2350c58825bc6e9ce0b73237962d8273b4bc803a2f304cee9f9cad1cd4edab28322c1e678bc25eb88faa6a841
-
C:\Users\Admin\AppData\Local\Temp\nsd4E03.tmp\inetc.dllFilesize
20KB
MD5f02155fa3e59a8fc48a74a236b2bb42e
SHA16d76ee8f86fb29f3352c9546250d940f1a476fb8
SHA256096a4dc5150f631b4d4d10cae07ef0974dda205b174399f46209265e89c2c999
SHA5128be78e88c5ef2cd01713f7b5154cfdeea65605cc5d110522375884eeec6bad68616a4058356726cbbd15d28b42914864045f0587e1e49a4e18336f06c1c73399
-
C:\Users\Admin\AppData\Local\Temp\nsd4E03.tmp\t1.dllFilesize
4KB
MD5058ba8a0916d957d3b91d08ea2e876e2
SHA11a7c36c50c5bd93f535b624a2882bc3905e7e7f3
SHA256510af8083c0eef8b04e1171a9d6d94c64a1859701bbb106c565d2ec869437661
SHA51224124b45bf42e186a06fcb71ca7e2c1fed3b762b681286185d7cdff53b3800c35b6326a6f21c82e9de59d8bbcb3fdab4a5c1cc9c8683e43ff230b07913d26f02