662672097a300a91da7245771374bdbd2099f0f94e6d8fbd637564288ff29802

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2024, 11:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

15c24d24213a5e5d6c6056e8e23e663a_JaffaCakes118.exe
Size

553KB
MD5

15c24d24213a5e5d6c6056e8e23e663a
SHA1

3626d8ff2bb09ae689ef1a639a5a1cb3123c573d
SHA256

662672097a300a91da7245771374bdbd2099f0f94e6d8fbd637564288ff29802
SHA512

f369d0bcfcfa2be8c1dc18e2a8a443f6738a54392f0e8019fd634feaf86d57162814473c9d9a7a5e9a2e3cb01cb18001eee24f012872e58bc3d10c3ffac94aa7
SSDEEP

6144:ve34R2JokHzh36dqXEV2rnCeZG/t7FTBqTzP7n7O7L6K2Bfo7pk:72ykHzh36VV2Go0ZTsnz7O7L6ju7pk

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
1648	15c24d24213a5e5d6c6056e8e23e663a_JaffaCakes118.exe
1648	15c24d24213a5e5d6c6056e8e23e663a_JaffaCakes118.exe
1648	15c24d24213a5e5d6c6056e8e23e663a_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2256	1648	WerFault.exe	79

C:\Users\Admin\AppData\Local\Temp\15c24d24213a5e5d6c6056e8e23e663a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\15c24d24213a5e5d6c6056e8e23e663a_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
PID:1648
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 1112
  2⤵
  - Program crash
  PID:2256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1648 -ip 1648
1⤵
PID:4364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsw63EB.tmp\LangDLL.dll

Filesize
5KB

MD5
9384f4007c492d4fa040924f31c00166

SHA1
aba37faef30d7c445584c688a0b5638f5db31c7b

SHA256
60a964095af1be79f6a99b22212fefe2d16f5a0afd7e707d14394e4143e3f4f5

SHA512
68f158887e24302673227adffc688fd3edabf097d7f5410f983e06c6b9c7344ca1d8a45c7fa05553adcc5987993df3a298763477168d4842e554c4eb93b9aaaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw63EB.tmp\NSISdl.dll

Filesize
14KB

MD5
a5f8399a743ab7f9c88c645c35b1ebb5

SHA1
168f3c158913b0367bf79fa413357fbe97018191

SHA256
dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

SHA512
824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw63EB.tmp\UAC.dll

Filesize
17KB

MD5
09caf01bc8d88eeb733abc161acff659

SHA1
b8c2126d641f88628c632dd2259686da3776a6da

SHA256
3555afe95e8bb269240a21520361677b280562b802978fccfb27490c79b9a478

SHA512
ef1e8fc4fc8f5609483b2c459d00a47036699dfb70b6be6f10a30c5d2fc66bae174345bffa9a44abd9ca029e609ff834d701ff6a769cca09fe5562365d5010fa

Download Submit