Overview
overview
7Static
static
303c76407f7...18.exe
windows7-x64
703c76407f7...18.exe
windows10-2004-x64
7$PLUGINSDI...er.dll
windows7-x64
3$PLUGINSDI...er.dll
windows10-2004-x64
3$PLUGINSDI...ll.dll
windows7-x64
3$PLUGINSDI...ll.dll
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...in.dll
windows7-x64
1$PLUGINSDI...in.dll
windows10-2004-x64
1$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDI...st.dll
windows7-x64
1$PLUGINSDI...st.dll
windows10-2004-x64
1$TEMP/Smrt-Shpr.dll
windows7-x64
6$TEMP/Smrt-Shpr.dll
windows10-2004-x64
6$TEMP/Unin...rt.exe
windows7-x64
6$TEMP/Unin...rt.exe
windows10-2004-x64
6Bin/2.7.21...pr.dll
windows7-x64
6Bin/2.7.21...pr.dll
windows10-2004-x64
6cs/antiphi...g.html
windows7-x64
1cs/antiphi...g.html
windows10-2004-x64
1Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
20-06-2024 06:49
Static task
static1
Behavioral task
behavioral1
Sample
03c76407f7047ee900b78bdc18fdcaa8_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
03c76407f7047ee900b78bdc18fdcaa8_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/Dialer.dll
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/Dialer.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/Install.dll
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/Install.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240611-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/InstallerHelperPlugin.dll
Resource
win7-20231129-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/InstallerHelperPlugin.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20240611-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/Uninst.dll
Resource
win7-20240611-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/Uninst.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral15
Sample
$TEMP/Smrt-Shpr.dll
Resource
win7-20240508-en
Behavioral task
behavioral16
Sample
$TEMP/Smrt-Shpr.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
$TEMP/UninstShprRprt.exe
Resource
win7-20240220-en
Behavioral task
behavioral18
Sample
$TEMP/UninstShprRprt.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral19
Sample
Bin/2.7.21/Smrt-Shpr.dll
Resource
win7-20240508-en
Behavioral task
behavioral20
Sample
Bin/2.7.21/Smrt-Shpr.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
cs/antiphishing/antiphishing.html
Resource
win7-20240611-en
Behavioral task
behavioral22
Sample
cs/antiphishing/antiphishing.html
Resource
win10v2004-20240508-en
General
-
Target
03c76407f7047ee900b78bdc18fdcaa8_JaffaCakes118.exe
-
Size
948KB
-
MD5
03c76407f7047ee900b78bdc18fdcaa8
-
SHA1
d5232561f4495fa46bbea4bcd5c07e6545156ce2
-
SHA256
8d1b409c922a30753111d9b8e9baa54e253123b743e9bc5ccefe2ddee13c4d9b
-
SHA512
81d1250062cdb73165a749cf2d1b14f3ef72b7d6a4ff8de3872314394ec7cb01fd79cffef5ce5d57181a8d546513578cfb57f77d9235a5d907a411597641d391
-
SSDEEP
24576:0k+FES0TJb7ptw6rVmrGRA96sitKh8pZj4Y:0FESaJHptw6rVRA97GvX
Malware Config
Signatures
-
Loads dropped DLL 10 IoCs
Processes:
03c76407f7047ee900b78bdc18fdcaa8_JaffaCakes118.exepid process 3820 03c76407f7047ee900b78bdc18fdcaa8_JaffaCakes118.exe 3820 03c76407f7047ee900b78bdc18fdcaa8_JaffaCakes118.exe 3820 03c76407f7047ee900b78bdc18fdcaa8_JaffaCakes118.exe 3820 03c76407f7047ee900b78bdc18fdcaa8_JaffaCakes118.exe 3820 03c76407f7047ee900b78bdc18fdcaa8_JaffaCakes118.exe 3820 03c76407f7047ee900b78bdc18fdcaa8_JaffaCakes118.exe 3820 03c76407f7047ee900b78bdc18fdcaa8_JaffaCakes118.exe 3820 03c76407f7047ee900b78bdc18fdcaa8_JaffaCakes118.exe 3820 03c76407f7047ee900b78bdc18fdcaa8_JaffaCakes118.exe 3820 03c76407f7047ee900b78bdc18fdcaa8_JaffaCakes118.exe -
Drops file in Program Files directory 2 IoCs
Processes:
03c76407f7047ee900b78bdc18fdcaa8_JaffaCakes118.exedescription ioc process File created C:\Program Files (x86)\SRCheckPermission.txt 03c76407f7047ee900b78bdc18fdcaa8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\SRCheckPermission.txt 03c76407f7047ee900b78bdc18fdcaa8_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
14KB
MD57e49eb67f1f3c62bb8c4b0a868b30645
SHA12be42e3c6059485bc3b624a537ab1fb36a10a263
SHA25617f0946e0847bbaa6a06eb58aead13fce22a8606e9b3744cd2241debdf8d8bae
SHA512469c28b6da5b9499fd417f8cd74414d6c6edcbe6567eecc9421a69797a77ec323936deb96cd151611da57e311074ec0c56d82a9800d7aebac9538a947284ff9e
-
Filesize
48KB
MD560fce1b83b34bf296fae2075ac819bf1
SHA124c6d7e599cc4774bb480537cbd923ac24b66ee5
SHA256c68aff5ea59e11e621d33e0f3bbd67e7331da1a44ca34045dd5daa3a5486ef11
SHA512540ca4677a3445ef6873c35eeb9e30a1d67f788fdb1d425d820b5624e21854b80714cf0aa00761e086dbd9868d1af63f31583b94d760b907d307a1e6fc12599b
-
Filesize
47KB
MD568ffd98799c7122e62b296358b8c5faf
SHA1b8da4b95fc4aaf2f6eff7dc8d0e2eef387c7927d
SHA2566e0ab96043a172f9bf9e575b39eb459487d983281233228b387ccedfef9ce51f
SHA512b96b7e9e2eb1c5c533ae0d9ac5ff9991b3565e83e13c2f109ef04438bf5d425aa878a9b13395d286dfcd3c1084ba584f1f5a90faa3d1bd825ce37ad59f5105a7
-
Filesize
1KB
MD53ec848ab8ecc92b211d92da7cac00b0d
SHA13ed330de6d38f24762e2cf4e634290c2811ce9cd
SHA256a756e8112855cc13f7dc9017ea5e99ce88873e9b3fc42ce19c3854f04dcc3cd8
SHA51268f7e9ee240b7970d3fff8e0360f121ea0aae52b83df34334f9353dbaa3b170aa379796275f19b4e8afd2ede6435818dc245376fda96bcc2ab501b78642937a6
-
Filesize
1KB
MD5ee9d5fdd3fc4cca873b86c4a301041da
SHA1790369935289e2121fb26093a7e38ab04149e696
SHA256d42a7fbe4f463f29283fc2287d27f81c8daeccc06cec4ca11c3561ca9c6d9231
SHA512b7ccf0ddde23ce88bd5d0e8d794e86fde739ff4374e616a65a9e544d4ca7116adece3e788e45c0df128e8a13a7d04f201d87c5bd0ca8812469d6c6c4f6406aa3
-
Filesize
1KB
MD5c975b7d5f00cd4718ec5a9850c6e837d
SHA1ddda849c8a8979e20e18d5db9e6018ee14726b1c
SHA2560ee4efada4699cd55f49a1a8fa6ccfa41b4eaf46546681ce3e2384248cb93b9b
SHA5129edf5eacf13cf198a6bac3d55ef688889420e0855d052154190bfb95580f75e44c08caa00785bf10a344a91bf637dc5e36b9ed05af792c3098b2e65df90a6e17