33659d416ece94d089ac3aa73302d73f30944b4cd299506b215990b8dfe8a41e

Analysis

max time kernel
140s
max time network
55s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2024, 02:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a7a8bff507d3aa5f382e68cd344e589c_JaffaCakes118.exe
Size

1.5MB
MD5

a7a8bff507d3aa5f382e68cd344e589c
SHA1

87e22e8b9200d178b00c8d7fc5437fac7b7eb7eb
SHA256

33659d416ece94d089ac3aa73302d73f30944b4cd299506b215990b8dfe8a41e
SHA512

e556be94a29c5378e6e453bec75bf9422e41572787d2466165259164b2c2baf5e3d301e9b6ea57379f205aa87bec52c986f211b7aae20651d5c844f435a41a7e
SSDEEP

24576:tIDAIdEYf1+vXI4lzkrAja9l890udp1h+5UJWI9qPfe3gZrPVZdJb+9tbV/x6o:tjAmI4NkrAjco06p1EUSPfY69N+9tbN

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 4 IoCs

pid	Process
4368	a7a8bff507d3aa5f382e68cd344e589c_JaffaCakes118.exe
4368	a7a8bff507d3aa5f382e68cd344e589c_JaffaCakes118.exe
4368	a7a8bff507d3aa5f382e68cd344e589c_JaffaCakes118.exe
4368	a7a8bff507d3aa5f382e68cd344e589c_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\a7a8bff507d3aa5f382e68cd344e589c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a7a8bff507d3aa5f382e68cd344e589c_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
PID:4368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nso4F79.tmp\InstallOptions.dll

Filesize
18KB

MD5
adec63bd08a185bffe6fda335d29df87

SHA1
23f37d31f3b1c07547ad4fa2747305a04ac09b54

SHA256
dbd0068d46077ee1ace4eaafc3312389c29af22d306c5757a1a29a93146604a9

SHA512
44bb32fa41b0c2b41d637f15dd2cab84ad6f9dae39febb263923eeee19d1c80d65ba3939ab87d34fbb28af6a6f867c21daab5810d289e309451c67ef6f65a88c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso4F79.tmp\System.dll

Filesize
23KB

MD5
125aebb055446fb52aa5956cf99e8a9a

SHA1
6b58fd08a8ff2763219cc6b0dcdb875f9970f850

SHA256
2e1b11ee20e5061ea86dc6b01e3efc659e887540afcab7317cdfd6a8eff87ec3

SHA512
5f85e48bd3ae2fd2be0595b93cbf74674e0281210688dcc73691178b295a702e8d43898afb6e5d8b7e82de98b4ee28194c9838ddf8279cde85f7fe48d34dc8b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso4F79.tmp\UserInfo.dll

Filesize
6KB

MD5
7f780de67db61a924bebc0cafaded3ad

SHA1
3ac359dce08ceff16e4214fe45d83fdc8e3f2e1a

SHA256
9931a2f8bb44b92ff26062b99cbb6e41ed1cfad65079dec5d6d9c006223bd121

SHA512
8378f04b6f5085e887ed46874414e5681f0ecb6889dbaa25eb78f75112d4be603aef8dec6a2a81857a19978f6ccf07d65d566ff3f0943da809de22599ffdd8f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso4F79.tmp\ioSpecial.ini

Filesize
626B

MD5
9b3b3d1cc868d5861871a516f774f953

SHA1
bd7175d51843269c0b46649eac73362111167293

SHA256
637f5d4133724a3d0185186f4bdcbccd851c81180193f24b7195eb4d33f1b3eb

SHA512
1bd03296ef511e71ce9206c8e8b00eb34187223b930258b035ad3d0d0bbe6f1a7a06bc75c2be45021868717613857403c013b50c2ec36b5483d7f29ac23495d5

Download Submit
memory/4368-92-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4368-94-0x000000006AF00000-0x000000006AF0D000-memory.dmp

Filesize
52KB

Download
memory/4368-93-0x000000006E3C0000-0x000000006E3CD000-memory.dmp

Filesize
52KB

Download