Overview

overview

7

Static

static

3

2982870dd3...18.exe

windows7-x64

7

2982870dd3...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Jigsaw.dll

windows7-x64

1

Jigsaw.dll

windows10-2004-x64

1

JigsawBeac...ay.exe

windows7-x64

3

JigsawBeac...ay.exe

windows10-2004-x64

1

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

aminstall.dll

windows7-x64

1

aminstall.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    131s
  • max time network
    135s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/07/2024, 22:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2982870dd322d0469fa7e6f3b8bd7e99_JaffaCakes118.exe

  • Size

    5.6MB

  • MD5

    2982870dd322d0469fa7e6f3b8bd7e99

  • SHA1

    a2b501d740387bb6be6e192eeddc3d0057943ac4

  • SHA256

    c50303bf6bb69a2abb01129806d0bfd96e11c1c2bf2130495ac6b13ba024bf86

  • SHA512

    f6f7de4ba895133ee312ed5a19a5751eb8e9e14c89dc8d33d7447938bdc475e30d3626d1e63b092ab6b83b29c8c248a5f5ac609f243c7cc5fd92b84e9f09bdfa

  • SSDEEP

    98304:xSkZo0qPks6qC+a26DWmgenA2y/LfhNeNmyEH3f8rRZG6Y1vSkIsQlj:4M6fTCD26D1nH+NN4zEXb1jZQZ

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\2982870dd322d0469fa7e6f3b8bd7e99_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2982870dd322d0469fa7e6f3b8bd7e99_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    PID:3612
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1028,i,3027467512973953085,11878940668304988630,262144 --variations-seed-version --mojo-platform-channel-handle=4348 /prefetch:8
    1⤵
      PID:4168

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\nsq2D17.tmp\InstallOptions.dll
      Filesize

      12KB

      MD5

      29459d9ee2bce32ed937fb1f965f9d5e

      SHA1

      8fff45ed45f3af8f8c248eba9a1c02c9c5fc911d

      SHA256

      ad07968b7d93ef19e10e1deb52e0c912e96dde30c0a49a0239daf176fd4c9ef5

      SHA512

      d4ef4eadb0f53e7086a1d242bf7f745ad79d83d9ecbfaa283cf0dd499271a804589a575040bb20d5c98e86197cc65ca05ab1a358c556ea82a3e297d0255015a6

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsq2D17.tmp\System.dll
      Filesize

      10KB

      MD5

      05e52213cfa17dee760186462a9645ed

      SHA1

      f6d5e82080bbba65db7d54e89250c95af833aae3

      SHA256

      d9d3ffa4c7d7a152f435f4777e72aa1b6a6c0555f277e59eedebc587c3b66ba5

      SHA512

      586eea0bec6345b437667ce528bc2396427dd444a396456e38046a8962e92a52e7ee62b9f6c97f41bc1fb4a1b3905a302d6f7055e26b84e60709ba3b416ad172

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsq2D17.tmp\ioSpecial.ini
      Filesize

      692B

      MD5

      73addd893d903dbb6c49d08103b59658

      SHA1

      2c92a6d7eff5ff4caedbdc1ab23015bc5e4b831c

      SHA256

      eb785caced82f9f5db3eac8eb9a23e60826775c69d362806c9ee236d59718e92

      SHA512

      a2153ce129b0ad0f88a88e50341edc3abb448286917596a896f0bb746ef68fbc091ff60a122600bd6e84fc0ccfbb9bdffba93e787be5f818d8cf88817e92a155

      Download Submit