Overview

overview

7

Static

static

3

b36a1051cc...18.exe

windows7-x64

7

b36a1051cc...18.exe

windows10-2004-x64

7

$PLUGINSDI...am.dll

windows7-x64

3

$PLUGINSDI...am.dll

windows10-2004-x64

3

$PLUGINSDI...g2.dll

windows7-x64

3

$PLUGINSDI...g2.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

DTCommonRes.dll

windows7-x64

3

DTCommonRes.dll

windows10-2004-x64

3

DTGadget32.dll

windows7-x64

1

DTGadget32.dll

windows10-2004-x64

1

DTGadget64.dll

windows7-x64

7

DTGadget64.dll

windows10-2004-x64

7

DTHelper.exe

windows7-x64

1

DTHelper.exe

windows10-2004-x64

1

gadget.html

windows7-x64

1

gadget.html

windows10-2004-x64

1

jquery/jquery.min.js

windows7-x64

3

jquery/jquery.min.js

windows10-2004-x64

3

jquery/new...ons.js

windows7-x64

3

jquery/new...ons.js

windows10-2004-x64

3

jquery/newgadget.js

windows7-x64

3

jquery/newgadget.js

windows10-2004-x64

3

message.html

windows7-x64

1

message.html

windows10-2004-x64

1

Analysis

  • max time kernel
    93s
  • max time network
    113s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-06-2024 12:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b36a1051cc335965a504d5831a3ac951_JaffaCakes118.exe

  • Size

    14.8MB

  • MD5

    b36a1051cc335965a504d5831a3ac951

  • SHA1

    b2d0ebe2b306f3dddc8cc9de9bcdfb9e4f5518c2

  • SHA256

    65f6a6e1910cca25ca3c6e6bf41f5a0a9832a6c11cbbba38bbc20291ae47899a

  • SHA512

    90c74759b61526fe640272391142da61b38f126d432b75feb0fe2c93a2d31ea0a519dfde21183bd15f48c18222b5169ba02a1427f60a09a28cfe90826f6dd853

  • SSDEEP

    393216:3NG/Al8lpkrA1qrbirvaMAPWm1r54a2JBDE0mr+PIu1dSy2:3Upku3rHAPneD1m+IiJ2

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 18 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b36a1051cc335965a504d5831a3ac951_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b36a1051cc335965a504d5831a3ac951_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    PID:1168

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsp3922.tmp\DLLWaitForKillProgram.dll
    Filesize

    28KB

    MD5

    9c4b8ec42d89f7557bfd90798ce52787

    SHA1

    2376dde426ea65aa27c30e304086310605382475

    SHA256

    ed52bdad7b383a179b9b0e21fefdda2d72695c5263a815d5e1e0bfac6c718548

    SHA512

    17c12a27a08746755868558c037376dd7e20f03f0f71888c1329903b70975a54f57786c3c32bf88aaf30119f11ed978a6830ba91949e11cfc94fbb5ad95305b7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsp3922.tmp\Dialer.dll
    Filesize

    3KB

    MD5

    a29b5c457f61822759df6f9d370292fd

    SHA1

    b57644f0a30e2e5d2fea790b27c21574494a8850

    SHA256

    c384decad4baf8c3f1dbe0e02bc7b76f11e5793ccc164b6857d8fe9eb5a9903a

    SHA512

    4d3651f88c655903bab97ccde0d41eec78c4cc7b6a32472c6c1531138f56359a8b13ccff698ebb4aa9e76a83c38388ddd27cac7b15a2a7b83a9cb7a4dacdba0b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsp3922.tmp\FILEDownPlug2.dll
    Filesize

    28KB

    MD5

    89c563060d908e5df6848ad15731e6d0

    SHA1

    404d8d41700ecc907e5b7c849a0dcde8edda1e72

    SHA256

    8bd1c61e9be2b8b07f6dac4782a96ee9e679c5f163133a51b57e1ecd72f3eff9

    SHA512

    8eb86ed92ba4d3305a954d824a1ffc23d9aef02559c794c085f67583f32d8228834b09ad45edfd8a78b4634e62344f53e1106db64134b8dd2c5e0fae391da763

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsp3922.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    eef9e469e8a30717974499f277d97e2a

    SHA1

    2d33c25984ebd9116beeb55cdde4c5c86c023e5d

    SHA256

    1f35bb6728237483c779005fc227e69fef51b0bafd32d15855d483948a337078

    SHA512

    d860132106a1c03dfa23f983b3c503f1216ac02f3d47833b96dfb333fb30bc8ab4d4fecd1f1f0a89f0c7f3586405461e2d53c26f282bb48970e549659b364b48

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsp3922.tmp\KillProcDLL.dll
    Filesize

    4KB

    MD5

    99f345cf51b6c3c317d20a81acb11012

    SHA1

    b3d0355f527c536ea14a8ff51741c8739d66f727

    SHA256

    c2689ba1f66066afce85ca6457ecd36370be0fe351c58422e45efd0948655c93

    SHA512

    937aa75be84a74f2be3b54dc80fac02c17dad1915d924ef82ab354d2a49bc773ee6d801203c52686113783a7c7ea0e8ed8e673ba696d6d3212f7006e291ed2ef

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsp3922.tmp\SimpleSC.dll
    Filesize

    61KB

    MD5

    d63975ce28f801f236c4aca5af726961

    SHA1

    3d93ad9816d3b3dba1e63dfcbfa3bd05f787a8c9

    SHA256

    e0c580bbe48a483075c21277c6e0f23f3cbd6ce3eb2ccd3bf48cf68f05628f43

    SHA512

    8357e1955560bf0c42a8f4091550c87c19b4939bf1e6a53a54173d1c163b133b9c517014af6f7614eddc0c9bbf93b3b987c4977b024b10b05b3dc4eb20141810

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsp3922.tmp\System.dll
    Filesize

    11KB

    MD5

    c6f5b9596db45ce43f14b64e0fbcf552

    SHA1

    665a2207a643726602dc3e845e39435868dddabc

    SHA256

    4b6da3f2bdb6c452fb493b98f6b7aa1171787dbd3fa2df2b3b22ccaeac88ffa0

    SHA512

    8faa0204f9ed2721acede285be843b5a2d7f9986841bcf3816ebc8900910afb590816c64aebd2dd845686daf825bbf9970cb4a08b20a785c7e54542eddc5b09a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsp3922.tmp\ioSpecial.ini
    Filesize

    666B

    MD5

    5d42255307ea5a383ac26719611f0c26

    SHA1

    3dd5d5ce6b0623937af4b2e248baadc57cf95740

    SHA256

    691c08a7591fbf0f9e3be5e13fc43789ca9312778825beb931956eed1f96043e

    SHA512

    8f39d184fb201783a0279d6a7672481d1ed4d900380de25154370171d9f417c0c56536366f14ab3714c3093e32247d03f03c1d6ca4aec5e2532ec9f3dd753a78

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsp3922.tmp\nsProcess.dll
    Filesize

    4KB

    MD5

    05450face243b3a7472407b999b03a72

    SHA1

    ffd88af2e338ae606c444390f7eaaf5f4aef2cd9

    SHA256

    95fe9d92512ff2318cc2520311ef9145b2cee01209ab0e1b6e45c7ce1d4d0e89

    SHA512

    f4cbe30166aff20a226a7150d93a876873ba699d80d7e9f46f32a9b4753fa7966c3113a3124340b39ca67a13205463a413e740e541e742903e3f89af5a53ad3b

    Download Submit

  • memory/1168-35-0x00000000006A0000-0x00000000006A3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1168-36-0x00000000006A1000-0x00000000006A2000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1168-20-0x0000000010000000-0x0000000010003000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1168-5-0x00000000006A0000-0x00000000006B3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/1168-146-0x00000000006A1000-0x00000000006A2000-memory.dmp

    Filesize

    4KB

    Download