cc1c136a6103e10ad7e6a8841f8eb19553abab023fdd7f1e9185d8731755b315

Analysis

max time kernel
140s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 08:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2b9bdaa7a0f2e054c0b571933b1a9cd8_JaffaCakes118.exe
Size

2.2MB
MD5

2b9bdaa7a0f2e054c0b571933b1a9cd8
SHA1

0f3148fb83213178d7058bead7cd3d565b9405e0
SHA256

cc1c136a6103e10ad7e6a8841f8eb19553abab023fdd7f1e9185d8731755b315
SHA512

b7d08b958335c2df84cbdbad12ecf6f97400777705fe55b3aeb02d2456ac4a35e8fa89c581f0f28126ba516e28b24b225b015b368304cfecf1084c31a9c83f14
SSDEEP

24576:vbW7vJy1tjoZVjPEXhB7xpxZ2Do1m2I/5eIBSynZQcV3xZJtw/Axv03OAShNe+5A:jqoKcB7xjI/5YGQkBXtw2ULkw0gSCB

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x0008000000023487-4.dat	acprotect

Loads dropped DLL 2 IoCs

pid	Process
3008	2b9bdaa7a0f2e054c0b571933b1a9cd8_JaffaCakes118.exe
3008	2b9bdaa7a0f2e054c0b571933b1a9cd8_JaffaCakes118.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x0008000000023487-4.dat	upx
behavioral2/memory/3008-9-0x0000000004D20000-0x0000000004D7B000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3008	2b9bdaa7a0f2e054c0b571933b1a9cd8_JaffaCakes118.exe
3008	2b9bdaa7a0f2e054c0b571933b1a9cd8_JaffaCakes118.exe
3008	2b9bdaa7a0f2e054c0b571933b1a9cd8_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\2b9bdaa7a0f2e054c0b571933b1a9cd8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2b9bdaa7a0f2e054c0b571933b1a9cd8_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:3008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\{5A07AA00-FC30-48DC-9F4F-B0529CCEF8C9}.dll

Filesize
120KB

MD5
c9f333d1ff898672a34805f94a265329

SHA1
2deaac66698fb2e9b3868d23034c3211c508b739

SHA256
07e546811635574c77edfda126b0e5f5292b4ea13f35158eddedcfc3cbf74b6b

SHA512
048c71e48e2def0bfc69ebfb69b834d650a9377082782333f50728fdfd6675df8093d0c87e606022e55d09f81549d4ca3b640bcdd33b9ddc9aace03ee1466add

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{817EC965-D5B7-4778-B798-18CDEAF43E85}\css\style.css

Filesize
798B

MD5
cb5973a649f313f168e5d668cfc9e7e8

SHA1
84ef3619b568654bb0c77f935a1c335032e4e0b4

SHA256
9a67a56443d8b7e07dc68f7ce128bec7c970ea12c3462d36d5634dce5150af0c

SHA512
61dedd513b187a947972fa8f47667ea129989d576498ca4de48004882be387b669bf321014d66b9db5e7907ba2659f5770761dfe6b431a0513fcf2cca12cc856

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{817EC965-D5B7-4778-B798-18CDEAF43E85}\index.html

Filesize
1KB

MD5
6bf20a909082e9938f131c8f13ee82d4

SHA1
e209cb20fc03d4196d660ee59e27a6be94aa1695

SHA256
899b7f786d875c3b4f4165b357977f2ba989bf84eef694b3a5ff091bffbc4a8f

SHA512
e4d94a6d72f08c37e2ff468afc0f95800706ae37632c3e58207c971cfd1b4bb7b9791767c0c7740af6004fe7bf44902f30320f64096a293660161238aff8ee58

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{817EC965-D5B7-4778-B798-18CDEAF43E85}\js\common.js

Filesize
102B

MD5
fd7b0ad90e04f867f0caf572d03b6d1c

SHA1
f54f16fcb066d29d280276dd280b7ee7c83a1573

SHA256
c9c9589c41594137ef6f54b394d3495910601e8f0d77f4ba0866b513e84a24e6

SHA512
0215bd6562e26025c3dd0e6d9696a930368a146bd6d9eab8b0b30149ceeb03a8d0f7b8511203f27e3adcfc5affb9ef7ca040659eb670fead4289c233910f553c

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{817EC965-D5B7-4778-B798-18CDEAF43E85}\js\lang.js

Filesize
632B

MD5
f3ca8504fe38798d402ada65acc0923e

SHA1
8f9930721e2a559be8e4379cb6e9dc9ffd71ef52

SHA256
f4b4d8d4bb78d970a3fcf6dc8ee0353776801ef373b54d839cd8853c1481a378

SHA512
ab1324ec6f5dcd034efadb6eef3224244de5eb328a4c28e4646a7a182d6af2ec60dad50f52b1e8aedbe18e3eb6a03a4705949763746952492e9abb0f9e01bec7

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{817EC965-D5B7-4778-B798-18CDEAF43E85}\js\unitpngfix.js

Filesize
959B

MD5
997b4c4553a419650ec27b7f53cd94ef

SHA1
13a577fe4669412ef3d54bd761ff7878876079c1

SHA256
a044dffe80c9ce80d2364681836b7835fdc1c49f30ba83192231e5089973c9a4

SHA512
5f423448c03f1f79b4cc326125e27e60a57bf54c9c834c6be6b848712a814c71376a2def86bb5bbe20c4856798ee88560222f9ff60a9e81a5ece1110d7ef76c7

Download Submit
memory/3008-0-0x0000000002510000-0x0000000002511000-memory.dmp

Filesize
4KB

Download
memory/3008-9-0x0000000004D20000-0x0000000004D7B000-memory.dmp

Filesize
364KB

Download
memory/3008-98-0x0000000000400000-0x0000000000557000-memory.dmp

Filesize
1.3MB

Download
memory/3008-100-0x0000000002510000-0x0000000002511000-memory.dmp

Filesize
4KB

Download
memory/3008-101-0x0000000004D20000-0x0000000004D7B000-memory.dmp

Filesize
364KB

Download