Overview
overview
7Static
static
3029c63eb99...18.exe
windows7-x64
7029c63eb99...18.exe
windows10-2004-x64
7$PLUGINSDI...nu.dll
windows7-x64
3$PLUGINSDI...nu.dll
windows10-2004-x64
3$TEMP/iimapi.exe
windows7-x64
7$TEMP/iimapi.exe
windows10-2004-x64
7$PLUGINSDIR/Math.dll
windows7-x64
3$PLUGINSDIR/Math.dll
windows10-2004-x64
3$PLUGINSDI...es.dll
windows7-x64
3$PLUGINSDI...es.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/UAC.dll
windows7-x64
3$PLUGINSDIR/UAC.dll
windows10-2004-x64
3$R1.dll
windows7-x64
6$R1.dll
windows10-2004-x64
6$TEMP/locatr.exe
windows7-x64
7$TEMP/locatr.exe
windows10-2004-x64
7$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$SYSDIR/$_1_.exe
windows7-x64
7$SYSDIR/$_1_.exe
windows10-2004-x64
7$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$_5_.dll
windows7-x64
6$_5_.dll
windows10-2004-x64
6$TEMP/setup.exe
windows7-x64
7$TEMP/setup.exe
windows10-2004-x64
7General
-
Target
029c63eb99a4c3caa96d49fef0a10cee_JaffaCakes118
-
Size
5.2MB
-
Sample
240622-rq17dawarm
-
MD5
029c63eb99a4c3caa96d49fef0a10cee
-
SHA1
99340b26ab24ff961e8711e4d188d5f0c35266ab
-
SHA256
f9e5e2f2a786c852dfc7feb9c9e8a91c032af671d7a6bff4bdf4d872acf1b704
-
SHA512
bb29940f02bca50892b8dc7dd622c17809983557930fbcf25e419d25035e650308976376c91888b73422285367b4d0488f3bb974a25c011972b72aaa588ec266
-
SSDEEP
98304:VCve60G4Ab1qDodr5pX8DyrobF2oouGwZXAMIlPbgOQpl97LG:VC26VrYCr5pM+robF9AA3I1gO07q
Static task
static1
Behavioral task
behavioral1
Sample
029c63eb99a4c3caa96d49fef0a10cee_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
029c63eb99a4c3caa96d49fef0a10cee_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$TEMP/iimapi.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$TEMP/iimapi.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/Math.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/Math.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/Processes.dll
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/Processes.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/UAC.dll
Resource
win7-20240611-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/UAC.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
$R1.dll
Resource
win7-20240220-en
Behavioral task
behavioral16
Sample
$R1.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
$TEMP/locatr.exe
Resource
win7-20240508-en
Behavioral task
behavioral18
Sample
$TEMP/locatr.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240611-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
$SYSDIR/$_1_.exe
Resource
win7-20240419-en
Behavioral task
behavioral22
Sample
$SYSDIR/$_1_.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240508-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral25
Sample
$_5_.dll
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
$_5_.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral27
Sample
$TEMP/setup.exe
Resource
win7-20240611-en
Behavioral task
behavioral28
Sample
$TEMP/setup.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
029c63eb99a4c3caa96d49fef0a10cee_JaffaCakes118
-
Size
5.2MB
-
MD5
029c63eb99a4c3caa96d49fef0a10cee
-
SHA1
99340b26ab24ff961e8711e4d188d5f0c35266ab
-
SHA256
f9e5e2f2a786c852dfc7feb9c9e8a91c032af671d7a6bff4bdf4d872acf1b704
-
SHA512
bb29940f02bca50892b8dc7dd622c17809983557930fbcf25e419d25035e650308976376c91888b73422285367b4d0488f3bb974a25c011972b72aaa588ec266
-
SSDEEP
98304:VCve60G4Ab1qDodr5pX8DyrobF2oouGwZXAMIlPbgOQpl97LG:VC26VrYCr5pM+robF9AA3I1gO07q
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
-
-
Target
$PLUGINSDIR/StartMenu.dll
-
Size
7KB
-
MD5
a4173b381625f9f12aadb4e1cdaefdb8
-
SHA1
cf1680c2bc970d5675adbf5e89292a97e6724713
-
SHA256
7755ff2707ca19344d489a5acec02d9e310425fa6e100d2f13025761676b875b
-
SHA512
fcac79d42862da6bdd3ecad9d887a975cdff2301a8322f321be58f754a26b27077b452faa4751bbd09cd3371b4afce65255fbbb443e2c93dd2cba0ba652f4a82
-
SSDEEP
96:2fiqP7bO2qHkAC40KhvSE+6nrxtMn0iGd88qRLqtJ1tbRhElfRx2:siqP7OHX1Q4xtcf8qo/ttgfRx2
Score3/10 -
-
-
Target
$TEMP/iimapi.exe
-
Size
2.1MB
-
MD5
f97eecaff22fae9e00a95208738d0621
-
SHA1
22314702e064c900f0b458ec9c24f7e27e18696a
-
SHA256
340a963d338f5099515948887ff070f55173467fcccd489453668977b6deb319
-
SHA512
d2077bc6db8a09339b2e375c8593d2ffa7e3540b910caf357ca4b9404ff75f484d986f67a5d060fa20eb8c3055c22d510fa8a4415b44349a16728cf2c22c6204
-
SSDEEP
49152:kJ9Ox9fntLVbb4ZIVNUAwqtJq7D+xRiDhFuqnWXx3sfTnHgdYRRsi:kPMvb0iV4qzq3ycDhFuqWXRs7ZRii
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
-
-
Target
$PLUGINSDIR/Math.dll
-
Size
66KB
-
MD5
b140459077c7c39be4bef249c2f84535
-
SHA1
c56498241c2ddafb01961596da16d08d1b11cd35
-
SHA256
0598f7d83db44929b7170c1285457b52b4281185f63ced102e709bf065f10d67
-
SHA512
fbcb19a951d96a216d73b6b3e005338bbb6e11332c6cc8c3f179ccd420b4db0e5682dc4245bd120dcb67bc70960eab368e74c68c7c165a485a12a7d0d8a00328
-
SSDEEP
1536:0P43WZ4Ql60gam+2MwRmPeqFVHbQH0ZZ1Iet:0wU609VMH0T/t
Score3/10 -
-
-
Target
$PLUGINSDIR/Processes.dll
-
Size
35KB
-
MD5
2cfba79d485cf441c646dd40d82490fc
-
SHA1
83e51ac1115a50986ed456bd18729653018b9619
-
SHA256
86b302fa9c85dfa0c1c03ba000864a928365dab571f3355347dba02da22949b7
-
SHA512
cca186a7f9c5cff3f4eca410fbe8cc13dad2514a7e36aec9b1addfbcb239ace9b9b2d8427771858e3fd11783abce7e24d43c286f98da9f8b17562ca095a4c043
-
SSDEEP
768:uxEiycFoaj/+WSiJfmjvab7L/cUf7IIlMLRF:uxEm7sgfmjy//cgdlM/
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
c17103ae9072a06da581dec998343fc1
-
SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
-
SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
-
SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
SSDEEP
192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score3/10 -
-
-
Target
$PLUGINSDIR/UAC.dll
-
Size
17KB
-
MD5
88ad3fd90fc52ac3ee0441a38400a384
-
SHA1
08bc9e1f5951b54126b5c3c769e3eaed42f3d10b
-
SHA256
e58884695378cf02715373928bb8ade270baf03144369463f505c3b3808cbc42
-
SHA512
359496f571e6fa2ec4c5ab5bd1d35d1330586f624228713ae55c65a69e07d8623022ef54337c22c3aab558a9b74d9977c8436f5fea4194899d9ef3ffd74e7dbb
-
SSDEEP
384:59TzaeW+WyB8c7LX+OGkrwWvVrkUiEMAWm5nskAvXkq:5ZaB+W62Mr5vGUiEum5sk
Score3/10 -
-
-
Target
$R1
-
Size
2.5MB
-
MD5
8e52adb9b07b0ba0266f70e97807dae7
-
SHA1
740691d0cf2368caaae17463593d54fd230bff53
-
SHA256
f9effd950d92a1f65bea930d7e852e8eaaab8e4be3e7cb306c1b02f61489e049
-
SHA512
c6f7a9473ca2a18af04c70c756b12447b0f02c8d29d2d7ed8058afd18dda4dd84dc11b0d1852a9ba1910e4fd79a3d04fafd7676c3eeda11e33db314bbff96930
-
SSDEEP
49152:JiAiN9LGuYhJXJe4gxwY63DKBF23gh+qYMdIJKTT4jzyH4z:JgGuOJ4xhbh+qr14jzyH4
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
-
-
Target
$TEMP/locatr.exe
-
Size
361KB
-
MD5
4d6f52f74fefb04938e11fc5ec77d072
-
SHA1
390d844f22613206cd7df84dbb162f1df7362175
-
SHA256
de50b7aecefe844eddb7d0337624408e576a5279dcc4e0da25354e1d731fc3dc
-
SHA512
7cdea2acf1e3009385f9abdd81d787b8d27f6283db5edde906f228c7fa24eedcaa1937eb2cedd224e3b0e434b5924eb0689b7d6bc3aa45728ee45d272043d7c3
-
SSDEEP
6144:6sBcJn1sX6wvkNHK00t1YA+OY+YC7Ea2tPL5twt6nf8j/VpC//x8V31zMDElOegX:/K1sXfwHKNPFsfCAlctFbVInx8VFzMD1
Score7/10-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
c17103ae9072a06da581dec998343fc1
-
SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
-
SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
-
SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
SSDEEP
192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score3/10 -
-
-
Target
$SYSDIR/$_1_.exe
-
Size
38KB
-
MD5
74cea5bc4ca3e7a915225c6e62cb56e2
-
SHA1
b392893ebbb6e80c9718d0ec897d92f8815f3190
-
SHA256
ababe55d9b73e4d1bd234c05dc79abc2189c6659b4076cab99ecccb09a051c30
-
SHA512
a3bf93e175b4982e92cd00ff8978b7014e51914b96a0834610c2b9a9d641b08c2775b51efa7569d39e3a6b44250016cc87c4428bc6e28f40409dffddf0f84a7a
-
SSDEEP
768:c1cVhpQI2EQK0iPDh84nScF15GYbWjXO3XJDJRnm5vORTJ0p:6QpQ5EP0ijnRTXJq5wTyp
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
c17103ae9072a06da581dec998343fc1
-
SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
-
SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
-
SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
SSDEEP
192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score3/10 -
-
-
Target
$_5_
-
Size
690KB
-
MD5
7f46c88a46d3b571b5c56f94478a6988
-
SHA1
d004bcd6c1a13d67c933989295111365f7e00317
-
SHA256
a900c48f497be76b975a8896b884d8781b7ae477fb310c1b6ec4529e0ff99715
-
SHA512
36233027d427cdd9a62b883017743a99a2aaf70661ed91fcc6a60435f6de00122c58ff09c78c1fb2cc1ba7ad8428ce43665ae8799a77e638d0a49bbe54a8c6b5
-
SSDEEP
12288:Av784mLLT3sDKBlFOIETxoWOz87SfN7gZZCQYJn9o4SRQZj:875mLLT8DilFOIEzOeSF74ZCQYh9o4k2
Score6/10-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
-
-
Target
$TEMP/setup.exe
-
Size
2.7MB
-
MD5
0a866a5e466002ba335281ba16ed4a39
-
SHA1
f1ed4bcc782d045847e226fb9116adda13a73ba4
-
SHA256
c4e77428010973bf8aadc454e9533c1163e1f238c0f9f386731a7c2d97715fd8
-
SHA512
f17f1e4d5aca0724e52ea302f5c505a08465200780ad577a803c5b918d6a4f43eeebff3e926d4ebf6748d11036908e00240614448053a16ec23e132c889e2673
-
SSDEEP
49152:0Nl8iowXbyoqepwv4UQ58IV9yGU/5qOJrn074InikM+eBVbq:YlnoKGMV9dsqOJLvqinq
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Browser Extensions
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1