Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    20-06-2024 06:49

General

  • Target

    03c76407f7047ee900b78bdc18fdcaa8_JaffaCakes118.exe

  • Size

    948KB

  • MD5

    03c76407f7047ee900b78bdc18fdcaa8

  • SHA1

    d5232561f4495fa46bbea4bcd5c07e6545156ce2

  • SHA256

    8d1b409c922a30753111d9b8e9baa54e253123b743e9bc5ccefe2ddee13c4d9b

  • SHA512

    81d1250062cdb73165a749cf2d1b14f3ef72b7d6a4ff8de3872314394ec7cb01fd79cffef5ce5d57181a8d546513578cfb57f77d9235a5d907a411597641d391

  • SSDEEP

    24576:0k+FES0TJb7ptw6rVmrGRA96sitKh8pZj4Y:0FESaJHptw6rVRA97GvX

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 10 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\03c76407f7047ee900b78bdc18fdcaa8_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\03c76407f7047ee900b78bdc18fdcaa8_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2204

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsi1CB5.tmp\ioSpecial.ini

    Filesize

    1KB

    MD5

    d2219a992830960effff5916d0a091a5

    SHA1

    f74f74d42c1dbed14a68a94b3e94975efdd2f9fb

    SHA256

    31dcae9a11fff111e850a1003b9a7f09ab8333402a09dd6d21e1979d8acc0563

    SHA512

    2dec21269bb7c65f860c2f3d3b7f98a74ec018fc36f81c69fd510baaeb1db2100c56b648b76774ac21267300bf5da79825b9b0f7b2d6bf59338aa3a2a37980ff

  • \Users\Admin\AppData\Local\Temp\nsi1CB5.tmp\InstallOptions.dll

    Filesize

    14KB

    MD5

    7e49eb67f1f3c62bb8c4b0a868b30645

    SHA1

    2be42e3c6059485bc3b624a537ab1fb36a10a263

    SHA256

    17f0946e0847bbaa6a06eb58aead13fce22a8606e9b3744cd2241debdf8d8bae

    SHA512

    469c28b6da5b9499fd417f8cd74414d6c6edcbe6567eecc9421a69797a77ec323936deb96cd151611da57e311074ec0c56d82a9800d7aebac9538a947284ff9e

  • \Users\Admin\AppData\Local\Temp\nsi1CB5.tmp\InstallerHelperPlugin.dll

    Filesize

    48KB

    MD5

    60fce1b83b34bf296fae2075ac819bf1

    SHA1

    24c6d7e599cc4774bb480537cbd923ac24b66ee5

    SHA256

    c68aff5ea59e11e621d33e0f3bbd67e7331da1a44ca34045dd5daa3a5486ef11

    SHA512

    540ca4677a3445ef6873c35eeb9e30a1d67f788fdb1d425d820b5624e21854b80714cf0aa00761e086dbd9868d1af63f31583b94d760b907d307a1e6fc12599b

  • \Users\Admin\AppData\Local\Temp\nsi1CB5.tmp\Uninst.dll

    Filesize

    47KB

    MD5

    68ffd98799c7122e62b296358b8c5faf

    SHA1

    b8da4b95fc4aaf2f6eff7dc8d0e2eef387c7927d

    SHA256

    6e0ab96043a172f9bf9e575b39eb459487d983281233228b387ccedfef9ce51f

    SHA512

    b96b7e9e2eb1c5c533ae0d9ac5ff9991b3565e83e13c2f109ef04438bf5d425aa878a9b13395d286dfcd3c1084ba584f1f5a90faa3d1bd825ce37ad59f5105a7