1fd0eb5a0bde40999118afa7beb7e99d43ba60eeba41d3100c8af08c00dc3aa4

Analysis

max time kernel
51s
max time network
56s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 01:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0bd30f42b1f803e0e87a8f5eda092604_JaffaCakes118.exe
Size

2.7MB
MD5

0bd30f42b1f803e0e87a8f5eda092604
SHA1

0ce789f1dc9d0f8ad1332c32498e992dcf0b5c15
SHA256

1fd0eb5a0bde40999118afa7beb7e99d43ba60eeba41d3100c8af08c00dc3aa4
SHA512

ccfd3a91813ca0466c3443d7f17962c8364dfdb060a62a18109de46adc89b194d333ca4fde54eb60142a081729b5d46c6a0cc015fc2d7836f3fe1ae43299a756
SSDEEP

49152:mHoT7vpV9HdK0SqON0HwcJaFgEsP5qDl3CntNIxqQr/PXGjJeWIJlzd++6:owFVu0Sv0Hwr3sBqDpCvmqQr2jJeJJlG

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
1360	0bd30f42b1f803e0e87a8f5eda092604_JaffaCakes118.exe
1360	0bd30f42b1f803e0e87a8f5eda092604_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\0bd30f42b1f803e0e87a8f5eda092604_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0bd30f42b1f803e0e87a8f5eda092604_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
PID:1360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsr4A1A.tmp\InstallOptions.dll

Filesize
12KB

MD5
3c19f79ce11facc2fc4d3351dbb263e0

SHA1
17f4bf4b18ea7700f70ac7d825dc997be0d25f71

SHA256
cfaba712ad640ce2b4890005ffcf03ed9e2a18a6cf9075295f3aaea1478896b9

SHA512
05c9ac861e4fed610171fcb5fad40abc30cbf90e9c7cb13c758f52cdff568af0fdd6af968db4fb143a748c77f21c353c7cffea28cbcbd2ad17157038ab490273

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr4A1A.tmp\System.dll

Filesize
10KB

MD5
725145e8caa39635cab9899c47c72eda

SHA1
30478c907551bd920bf359638b091fc5c10b5a53

SHA256
1759e4f7777fb8c9ed356a7d4dc237a90e0760061685d44ea02d40ca9e359ceb

SHA512
de31286ea10321f762a3b6e7c6c82177d5b6f45a82adc936fcbbc23105708cbbbec903ba94ba94e7723e80f1828393e5395ef575b37136b19de7535e74e24547

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr4A1A.tmp\ioSpecial.ini

Filesize
708B

MD5
363ebb741d6e25b8a8a854643ad28d8a

SHA1
5c1fe3d0253e9d02b3262fa7e9a476988f6d2162

SHA256
f14cb2acb1ee93e0b6ca0e1b72e42fd3da4a63703da7c8336b9b5165939d3450

SHA512
d5440d83b103b569eaca31a969864b9e541dbb593a69023ddb6fb000aba5d9c7bed10d63c643dacfff168f79af3c9ef63e9dad1fd66c9ff29e0df60fa7667205

Download Submit