Overview

overview

7

Static

static

3

0805839acf...18.exe

windows7-x64

7

0805839acf...18.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDIR/Math.dll

windows7-x64

3

$PLUGINSDIR/Math.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

$PLUGINSDI...st.dll

windows7-x64

3

$PLUGINSDI...st.dll

windows10-2004-x64

3

$PLUGINSDI...nz.dll

windows7-x64

3

$PLUGINSDI...nz.dll

windows10-2004-x64

3

$PLUGINSDI...ip.exe

windows7-x64

3

$PLUGINSDI...ip.exe

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

QZIP.dll

windows7-x64

1

QZIP.dll

windows10-2004-x64

1

QZIP.exe

windows7-x64

1

QZIP.exe

windows10-2004-x64

1

QZIP.exe

windows7-x64

1

QZIP.exe

windows10-2004-x64

1

QZIPCon.exe

windows7-x64

1

QZIPCon.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    125s
  • max time network
    133s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/06/2024, 17:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0805839acfc092216eeaa0eb143eb297_JaffaCakes118.exe

  • Size

    1.4MB

  • MD5

    0805839acfc092216eeaa0eb143eb297

  • SHA1

    0cb9fb7d4170b4ce6744d1fcc1acca78c04d901a

  • SHA256

    6ac2b43431285c5ea88c5c48770b33b5327a9daa890c999354c340d7807052f2

  • SHA512

    40e6072e08268b5da10b68c1b7e5f50dd3881d657bedf72eb36f4c4731a336f05dee8d020a816274cf58b860d5361b8531682e6a1d64e99cedbc04dd8e8558f9

  • SSDEEP

    24576:SEXRnaoB7CevgMcY6msA9/dTkjerszZixzyOU:VXR5B73vgMrh/dwqrJxI

Score
7/10
spywarestealer

Malware Config

Signatures

  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\0805839acfc092216eeaa0eb143eb297_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0805839acfc092216eeaa0eb143eb297_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    PID:2224
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1392,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=4024 /prefetch:8
    1⤵
      PID:5016

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\nscE4D4.tmp\GetVersion.dll
      Filesize

      6KB

      MD5

      5264f7d6d89d1dc04955cfb391798446

      SHA1

      211d8d3e7c2b2f57f54a11cb8bc4fa536df08acc

      SHA256

      7d76c7dd8f7cd5a87e0118dacb434db3971a049501e22a5f4b947154621ab3d4

      SHA512

      80d27ee2f87e2822bd5c8c55cc3d1e49beebb86d8557c92b52b7cbea9f27882d80e59eefa25e414eecee268a9a6193b6b50b748de33c778b007cde24ef8bcfb7

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nscE4D4.tmp\Math.dll
      Filesize

      66KB

      MD5

      b140459077c7c39be4bef249c2f84535

      SHA1

      c56498241c2ddafb01961596da16d08d1b11cd35

      SHA256

      0598f7d83db44929b7170c1285457b52b4281185f63ced102e709bf065f10d67

      SHA512

      fbcb19a951d96a216d73b6b3e005338bbb6e11332c6cc8c3f179ccd420b4db0e5682dc4245bd120dcb67bc70960eab368e74c68c7c165a485a12a7d0d8a00328

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nscE4D4.tmp\NSISdl.dll
      Filesize

      14KB

      MD5

      a5f8399a743ab7f9c88c645c35b1ebb5

      SHA1

      168f3c158913b0367bf79fa413357fbe97018191

      SHA256

      dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

      SHA512

      824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nscE4D4.tmp\System.dll
      Filesize

      11KB

      MD5

      c17103ae9072a06da581dec998343fc1

      SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

      SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

      SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nscE4D4.tmp\inetc.dll
      Filesize

      20KB

      MD5

      2f94245152dbd233e248909f9c01c578

      SHA1

      ab4e5879c001b36a2f9ff214946599fd015edda9

      SHA256

      4c4d85eb9725fc7fade03467990e3dd9671c29a7870c97e69babc2cb3c9adef9

      SHA512

      f92830de27d6663be5e0df9e32cd88732bc7ee93b14c1ded65258c325d22436400801aff1124f40400c6c3b3c16e71deb08436714716f3888d13a8a6b6a32231

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nscE4D4.tmp\md5dll.dll
      Filesize

      8KB

      MD5

      a7d710e78711d5ab90e4792763241754

      SHA1

      f31cecd926c5d497aba163a17b75975ec34beb13

      SHA256

      9b05dd603f13c196f3f21c43f48834208fed2294f7090fcd1334931014611fb2

      SHA512

      f0ca2d6f9a8aeac84ef8b051154a041adffc46e3e9aced142e9c7bf5f7272b047e1db421d38cb2d9182d7442bee3dd806618b019ec042a23ae0e71671d2943c0

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nscE4D4.tmp\nsDialogs.dll
      Filesize

      44KB

      MD5

      0df8295298878816afe418a9ae61651f

      SHA1

      47f1c232c8b6d233c2dc75db6171d249dbdb25db

      SHA256

      59bbd644802492e41912c7276385f2bde1289f0a0fba09341476a5de8a63d37b

      SHA512

      1e9896835a425684e7ee6aa4c44b5ab7d1a60ecd531ed763e704e2ebc767f1abb508996f2a29766cb4905f592d33a4be7820b3b71aa88cae302fd95275b83c67

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nscE4D4.tmp\nshist.dll
      Filesize

      39KB

      MD5

      56bf72527ae93d35cd8f8778ad29902b

      SHA1

      3248a7ca75a3c2e715a13b455ccc5d45e04cf9b9

      SHA256

      77f38240d729758f04fbd6ac00dc638e99ba27c42fa48200c99f51449e245343

      SHA512

      c8ea0445bb83bb67dffa85b167fcc9b6ea874493442db5707e939ee0f2864a0d464ee605de486febffc27b60cd3c35a91302f226f6c4f13186119687a7e6000e

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nscE4D4.tmp\timepro.dll
      Filesize

      20KB

      MD5

      009dbbdd1ef470dd752c2b73835da3e7

      SHA1

      f97da6556b24302df8201a092eaa32a80d49064b

      SHA256

      c1ed8c398108dc56fbb6fd6797c3c9df59447e2a2f198b72a45058124971b09c

      SHA512

      dbffa0eb830b292e5550eb3f3cfce90f881282652afb0463672ece7eb0946c34a8f75c4852f77b1db3604f0f346d0ed9d9babbad40b41de109e9f5119d555ec5

      Download Submit

    • memory/2224-19-0x0000000002FB0000-0x0000000002FCA000-memory.dmp

      Filesize

      104KB

      Download

    • memory/2224-59-0x0000000002FD0000-0x0000000002FD9000-memory.dmp

      Filesize

      36KB

      Download

    • memory/2224-221-0x0000000002FD0000-0x0000000002FDC000-memory.dmp

      Filesize

      48KB

      Download