Overview

overview

7

Static

static

3

28bc6281d4...18.exe

windows7-x64

7

28bc6281d4...18.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-07-2024 15:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    28bc6281d4ea0d8587bed91fdfc4937c_JaffaCakes118.exe

  • Size

    227KB

  • MD5

    28bc6281d4ea0d8587bed91fdfc4937c

  • SHA1

    4346bddd46fc479b16918c0ad34bfc0f236f31d5

  • SHA256

    133f61cd4e91ef94b75353b070ea30ee51e5603ac91950e2f865dca16db318b0

  • SHA512

    69ab61a0a309cb576b7910de10727e065b10a4acfcadc4326080322b33782cae33b02044729f6e90856d9b63d9b8e16476f848e7fb248e3e2659e378e2c9632f

  • SSDEEP

    3072:qbI7pSg/D41XJU3D9ejzIXCmAagdWcaQXLqdC7Lzv1W9BtapXNgl/FdSVTD4zuns:UNSD+0Dqz7OY5qdzuN0S14D

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\28bc6281d4ea0d8587bed91fdfc4937c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\28bc6281d4ea0d8587bed91fdfc4937c_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    PID:2424

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsz7707.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    eca460272800136da217dff3c8953df0

    SHA1

    64e9ec022913d66b58ab5a8dbbfe7dd35d077824

    SHA256

    fd74339ffd5a66781a333005f065a3978ca7916cc56e73ec9598262c72a33ff8

    SHA512

    f92ccca98551fde68db761f58ac36e76319dde137dd0cff80f0f67f473412000ffba774074416e6907049c6b4c71ccbc853c33f4e489ba2b4f50badc2739b747

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsz7707.tmp\ioSpecial.ini
    Filesize

    749B

    MD5

    1723861bfd72c10a3d4eb950590eb38a

    SHA1

    0b4a696fc7aba214bfeecab5009ac4b5c5090d26

    SHA256

    73b27ac8b67dbaadcd6e4f9fa032be55319e42f0584ef4b686cf7a077adcc213

    SHA512

    c7848052b2fd79ad8485d6498bb5359e49603e99799b469a7c2b21a67294869d86afc5d1057f64601ba6cf33adf43e0b832ec9951323d4466406e7dcb2d3d1e0

    Download Submit