Overview

overview

7

Static

static

3

1899ff07b3...18.exe

windows7-x64

7

1899ff07b3...18.exe

windows10-2004-x64

7

$PLUGINSDI...NI.dll

windows7-x64

3

$PLUGINSDI...NI.dll

windows10-2004-x64

3

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...am.dll

windows7-x64

3

$PLUGINSDI...am.dll

windows10-2004-x64

3

$PLUGINSDI...nt.dll

windows7-x64

3

$PLUGINSDI...nt.dll

windows10-2004-x64

3

$PLUGINSDI...ge.dll

windows7-x64

3

$PLUGINSDI...ge.dll

windows10-2004-x64

3

$PLUGINSDI...ug.dll

windows7-x64

3

$PLUGINSDI...ug.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

1

$PLUGINSDI...ns.dll

windows10-2004-x64

1

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...ta.dll

windows7-x64

3

$PLUGINSDI...ta.dll

windows10-2004-x64

3

$PLUGINSDI...ck.dll

windows7-x64

3

$PLUGINSDI...ck.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

1

$PLUGINSDI...LL.dll

windows10-2004-x64

1

$PLUGINSDI...hk.dll

windows7-x64

3

$PLUGINSDI...hk.dll

windows10-2004-x64

3

$PLUGINSDI...ta.dll

windows7-x64

3

$PLUGINSDI...ta.dll

windows10-2004-x64

3

$PLUGINSDI...nd.dll

windows7-x64

3

$PLUGINSDI...nd.dll

windows10-2004-x64

3

$PLUGINSDIR/stack.dll

windows7-x64

3

$PLUGINSDIR/stack.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    51s
  • max time network
    54s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-06-2024 03:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1899ff07b3c5fb7428188b3667b0936f_JaffaCakes118.exe

  • Size

    3.5MB

  • MD5

    1899ff07b3c5fb7428188b3667b0936f

  • SHA1

    0bca8eddb5a23092b7ea5e032f3723f7e2d199a6

  • SHA256

    5d69d2238d1ffe8d41093c10c64aaaade2e74e6a1ee0bcdd3f554e027efd3b74

  • SHA512

    5b1d6e45ff0f231584d5f5f00829298df77ff47e1de1974441fd28d8b82fcb7d8205352962815890938f4019fbee9edeef2c7a2f1b83cfb4f6a7724de5b22e08

  • SSDEEP

    98304:25DOnJ67I79AZumVSsAZNYlu21/P5ixMWRi/pVm:Uanw7G9AZuKPI+

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 13 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\1899ff07b3c5fb7428188b3667b0936f_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\1899ff07b3c5fb7428188b3667b0936f_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    PID:756

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsy5005.tmp\BundleINI.dll
    Filesize

    19KB

    MD5

    3319efa6e9d537a3a4e1a0afbf8aa079

    SHA1

    3ffa19398ca02df5bb707fa0666417583137d7f8

    SHA256

    55720e82cb5c2509bfa4e5841e892d34d8a58cfe67882b069b2c9103fdc4c647

    SHA512

    20743f591e468dce787100bd616097805ed0805ea4d1d31be5b5be19a20f06576b9ca156d626b7f34fe2df613f1a1f84803ed8b8998be988b2c054a984c406fb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsy5005.tmp\FILEDownPlug.dll
    Filesize

    20KB

    MD5

    b118053825642ecf3bba36500a70645b

    SHA1

    ce436f731bd8bf744399bf39e77f7bca5a4461af

    SHA256

    eb97c0e8d17986beb01c1366405c8fa70e5d69c5f82b30f184454a47c258fda5

    SHA512

    11e00d2e2fc6b85e96de5b9fd11ea3f1d681180879ac3c2a7cfbe35a3808466f8eaff70faa39d6f5739238a34558825a22f0887d5653df54305a3ccce3836c73

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsy5005.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    eef9e469e8a30717974499f277d97e2a

    SHA1

    2d33c25984ebd9116beeb55cdde4c5c86c023e5d

    SHA256

    1f35bb6728237483c779005fc227e69fef51b0bafd32d15855d483948a337078

    SHA512

    d860132106a1c03dfa23f983b3c503f1216ac02f3d47833b96dfb333fb30bc8ab4d4fecd1f1f0a89f0c7f3586405461e2d53c26f282bb48970e549659b364b48

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsy5005.tmp\IsVista.dll
    Filesize

    44KB

    MD5

    344d13fd0fdd2d97e8d61960f40a8a30

    SHA1

    3f0f120203005eea3e8ed1652a6ea8a607ea934d

    SHA256

    17bb3331e2300aa01666fbee98b9552cec5e46212a4c5a340c0370b93df88f83

    SHA512

    b4e49c58503532e270cc369f1cbd14d85edd46da5ab034dad730bd4297887dd541d445d2fbf205820e6afbbdba7ab6d5b78b694467554320fd6db8e06fe4f719

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsy5005.tmp\ioSpecial.ini
    Filesize

    602B

    MD5

    09dd60f3ea820f3cd30674d5db003d2a

    SHA1

    2e797fa49a9bc36a4aea3f6915772ba35d987cd9

    SHA256

    2d297522cb4b1e7ecf29d081cb6727c1ca513482d1fca637b1d5e5a676fa0bae

    SHA512

    d168128968d60cd8b052feba52de1cd69f0824927c2335fa860cde291704cbcb06d20a033170c7626b9f1aa205a1c1106fb3152562e8d95cd7780e0f8e3e4477

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsy5005.tmp\stack.dll
    Filesize

    10KB

    MD5

    0f61a81a543822de5fcb9a8a43f230dd

    SHA1

    d01d4a0f542f3c654637fdfe5a574fe1f150ece1

    SHA256

    46b4a72ae8590b0afb3304cc5c13db0502bc4c4cb02f64f37c79008c17db814f

    SHA512

    596b7a897ba64c32e26ba6168aa3628aad37b187a9814a286298307d8c42eabf8e8a679dbda558f8b2cdc8676c94ec819256432aa5ad7c05a5387759262a4402

    Download Submit

  • memory/756-10-0x00000000026D0000-0x00000000026DC000-memory.dmp

    Filesize

    48KB

    Download