Overview

overview

7

Static

static

3

245971935b...18.exe

windows7-x64

7

245971935b...18.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$R0.dll

windows7-x64

1

$R0.dll

windows10-2004-x64

1

MYBMoneyMaker.exe

windows7-x64

1

MYBMoneyMaker.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    41s
  • max time network
    47s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/07/2024, 02:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    245971935b55a6a538adf3adfcdfb328_JaffaCakes118.exe

  • Size

    2.9MB

  • MD5

    245971935b55a6a538adf3adfcdfb328

  • SHA1

    1f114e87f107e5da7d9d923eebda282d9d41a9cd

  • SHA256

    d42fa898b77d062de18d44e4d739c124df9197d6fc3c1b2422aeaecf49652379

  • SHA512

    43b7e8fb0c429c69f21373a455e0a8f581704ac8ad1f68fab92c8938218e520faddcc4c05aaa2f91f71b0a0f5f0bdd2a6545eb41efc7ece407d91439097aa3c2

  • SSDEEP

    49152:dGVZpkreStuHLpzTtcvT65PM1ZwJ95ZglW/67sCKuFsivf4wyaZT/yCkxsqpLoZ:dGPu6murpHtc76FMzo9UyCJTAat4OqtI

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\245971935b55a6a538adf3adfcdfb328_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\245971935b55a6a538adf3adfcdfb328_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:2312

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsz51DA.tmp\FindProcDLL.dll
    Filesize

    3KB

    MD5

    8614c450637267afacad1645e23ba24a

    SHA1

    e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2

    SHA256

    0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758

    SHA512

    af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsz51DA.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    14c212bb2fa90fe52a6424b955c86ad6

    SHA1

    9e94f8ad17ff9b6b31e5f029ee5f726e307ac8ee

    SHA256

    1854afccace3053dca2707b10609ea78a30f0ee853bdb9f251c076317ee53120

    SHA512

    d42fa579f93b98d1446daf3d0734c19838fa310ef27cd05344e25d9f86ba37a5fa1752236e5de4df7c9f414236538bd7431bffda126fb9c74fd112539de0e713

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsz51DA.tmp\ioSpecial.ini
    Filesize

    716B

    MD5

    92b9efa3ed9b5bc5eb09f2ab72547e12

    SHA1

    f4bd24711b8f5dd77c531dddd44888f7e70b482a

    SHA256

    6d06793452b58b8183d453528819a5baa179cea2e250363b4d17394d8e6a1be9

    SHA512

    227afdb7202e31434614bd1d41e9154b6e13cc28825752601b8a4d6af29d969b663144fac57184b3841459db8e333bb797fadc788d45a7918d0a7d50345a3a39

    Download Submit

  • memory/2312-5-0x0000000010000000-0x0000000010003000-memory.dmp

    Filesize

    12KB

    Download