Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-06-2024 06:49

General

  • Target

    03c76407f7047ee900b78bdc18fdcaa8_JaffaCakes118.exe

  • Size

    948KB

  • MD5

    03c76407f7047ee900b78bdc18fdcaa8

  • SHA1

    d5232561f4495fa46bbea4bcd5c07e6545156ce2

  • SHA256

    8d1b409c922a30753111d9b8e9baa54e253123b743e9bc5ccefe2ddee13c4d9b

  • SHA512

    81d1250062cdb73165a749cf2d1b14f3ef72b7d6a4ff8de3872314394ec7cb01fd79cffef5ce5d57181a8d546513578cfb57f77d9235a5d907a411597641d391

  • SSDEEP

    24576:0k+FES0TJb7ptw6rVmrGRA96sitKh8pZj4Y:0FESaJHptw6rVRA97GvX

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 10 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\03c76407f7047ee900b78bdc18fdcaa8_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\03c76407f7047ee900b78bdc18fdcaa8_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    PID:3820

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nso374D.tmp\InstallOptions.dll

    Filesize

    14KB

    MD5

    7e49eb67f1f3c62bb8c4b0a868b30645

    SHA1

    2be42e3c6059485bc3b624a537ab1fb36a10a263

    SHA256

    17f0946e0847bbaa6a06eb58aead13fce22a8606e9b3744cd2241debdf8d8bae

    SHA512

    469c28b6da5b9499fd417f8cd74414d6c6edcbe6567eecc9421a69797a77ec323936deb96cd151611da57e311074ec0c56d82a9800d7aebac9538a947284ff9e

  • C:\Users\Admin\AppData\Local\Temp\nso374D.tmp\InstallerHelperPlugin.dll

    Filesize

    48KB

    MD5

    60fce1b83b34bf296fae2075ac819bf1

    SHA1

    24c6d7e599cc4774bb480537cbd923ac24b66ee5

    SHA256

    c68aff5ea59e11e621d33e0f3bbd67e7331da1a44ca34045dd5daa3a5486ef11

    SHA512

    540ca4677a3445ef6873c35eeb9e30a1d67f788fdb1d425d820b5624e21854b80714cf0aa00761e086dbd9868d1af63f31583b94d760b907d307a1e6fc12599b

  • C:\Users\Admin\AppData\Local\Temp\nso374D.tmp\Uninst.dll

    Filesize

    47KB

    MD5

    68ffd98799c7122e62b296358b8c5faf

    SHA1

    b8da4b95fc4aaf2f6eff7dc8d0e2eef387c7927d

    SHA256

    6e0ab96043a172f9bf9e575b39eb459487d983281233228b387ccedfef9ce51f

    SHA512

    b96b7e9e2eb1c5c533ae0d9ac5ff9991b3565e83e13c2f109ef04438bf5d425aa878a9b13395d286dfcd3c1084ba584f1f5a90faa3d1bd825ce37ad59f5105a7

  • C:\Users\Admin\AppData\Local\Temp\nso374D.tmp\ioSpecial.ini

    Filesize

    1KB

    MD5

    3ec848ab8ecc92b211d92da7cac00b0d

    SHA1

    3ed330de6d38f24762e2cf4e634290c2811ce9cd

    SHA256

    a756e8112855cc13f7dc9017ea5e99ce88873e9b3fc42ce19c3854f04dcc3cd8

    SHA512

    68f7e9ee240b7970d3fff8e0360f121ea0aae52b83df34334f9353dbaa3b170aa379796275f19b4e8afd2ede6435818dc245376fda96bcc2ab501b78642937a6

  • C:\Users\Admin\AppData\Local\Temp\nso374D.tmp\ioSpecial.ini

    Filesize

    1KB

    MD5

    ee9d5fdd3fc4cca873b86c4a301041da

    SHA1

    790369935289e2121fb26093a7e38ab04149e696

    SHA256

    d42a7fbe4f463f29283fc2287d27f81c8daeccc06cec4ca11c3561ca9c6d9231

    SHA512

    b7ccf0ddde23ce88bd5d0e8d794e86fde739ff4374e616a65a9e544d4ca7116adece3e788e45c0df128e8a13a7d04f201d87c5bd0ca8812469d6c6c4f6406aa3

  • C:\Users\Admin\AppData\Local\Temp\nso374D.tmp\ioSpecial.ini

    Filesize

    1KB

    MD5

    c975b7d5f00cd4718ec5a9850c6e837d

    SHA1

    ddda849c8a8979e20e18d5db9e6018ee14726b1c

    SHA256

    0ee4efada4699cd55f49a1a8fa6ccfa41b4eaf46546681ce3e2384248cb93b9b

    SHA512

    9edf5eacf13cf198a6bac3d55ef688889420e0855d052154190bfb95580f75e44c08caa00785bf10a344a91bf637dc5e36b9ed05af792c3098b2e65df90a6e17