033b5000a03c24220cbc85d12f0cb8777a608073445075111a041801e81b98a1

Analysis

max time kernel
147s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 12:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2c5947bca2a3e5261c492651022027c4_JaffaCakes118.exe
Size

19.9MB
MD5

2c5947bca2a3e5261c492651022027c4
SHA1

47caeb211dcd9b06cac46dddb55ef160f6c0365d
SHA256

033b5000a03c24220cbc85d12f0cb8777a608073445075111a041801e81b98a1
SHA512

98b3c5b32c32b0e738faace0f9bfcd4ff4ee33e95d3fa052c4e401f36c263b81d2c94186b28273444e8592dd92e60c9f8ae9248835e2c11c30734456c1cd1f51
SSDEEP

393216:X0NJMeJpFkT+uOKeTFw0u1gfrGntm4KzPxL/7fUAgPA/J/w6evvgb1GhwpQY5N:OBp6TjeTFE1pn2lfaiJYvy1YPYT

Score

7^/10

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x0006000000023252-2.dat	acprotect

Loads dropped DLL 5 IoCs

pid	Process
5064	2c5947bca2a3e5261c492651022027c4_JaffaCakes118.exe
5064	2c5947bca2a3e5261c492651022027c4_JaffaCakes118.exe
5064	2c5947bca2a3e5261c492651022027c4_JaffaCakes118.exe
5064	2c5947bca2a3e5261c492651022027c4_JaffaCakes118.exe
5064	2c5947bca2a3e5261c492651022027c4_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5064	2c5947bca2a3e5261c492651022027c4_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\2c5947bca2a3e5261c492651022027c4_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2c5947bca2a3e5261c492651022027c4_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:5064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\kwiDC66.tmp

Filesize
172KB

MD5
685f1cbd4af30a1d0c25f252d399a666

SHA1
6a1b978f5e6150b88c8634146f1406ed97d2f134

SHA256
0e478c95a7a07570a69e6061e7c1da9001bccad9cc454f2ed4da58824a13e0f4

SHA512
6555ad6b4f4f26105ca8aad64501d74519a3e091f559b4b563d6ffb20a2ddfcde65e4fe94971a9bc65e86db577f2548ca00f9920d341c8ea808b04c0947d61d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nskDEF9.tmp\BrandingURL.dll

Filesize
4KB

MD5
71c46b663baa92ad941388d082af97e7

SHA1
5a9fcce065366a526d75cc5ded9aade7cadd6421

SHA256
bb2b9c272b8b66bc1b414675c2acba7afad03fff66a63babee3ee57ed163d19e

SHA512
5965bd3f5369b9a1ed641c479f7b8a14af27700d0c27d482aa8eb62acc42f7b702b5947d82f9791b29bcba4d46e1409244f0a8ddce4ec75022b5e27f6d671bce

Download Submit
C:\Users\Admin\AppData\Local\Temp\nskDEF9.tmp\InstallOptions.dll

Filesize
14KB

MD5
325b008aec81e5aaa57096f05d4212b5

SHA1
27a2d89747a20305b6518438eff5b9f57f7df5c3

SHA256
c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

SHA512
18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nskDEF9.tmp\ioSpecial.ini

Filesize
601B

MD5
b71ecc52d3c43a7ac6965042ecbabe77

SHA1
ee77379669d17f03c0e839465c8160ca882778de

SHA256
7e5d8371bb2817f34d5dc81eb4a0c9723413ac9b2bcb8a9de963270b9ed5c653

SHA512
b967bfc4ced10e97ddaeac3633d0842a74d8399283efe926d5a71ae77e5cd761177c8c13daf47ffe5bf4d8a8dd411d19fcdf00bbf52032348f3e363fe68ada2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nskDEF9.tmp\ioSpecial.ini

Filesize
614B

MD5
edaca5ac8ffa77e0d1501769e366d3ff

SHA1
59cd4e72a0f67d261032f5494210715b7e2aedbd

SHA256
a7219a5bc7e525b45c014fffb1248be9c9daa5ef03a0347f2f62dec2654c967b

SHA512
161f5c5f07510449659565f250fe6018672858b3a86dabf6e035de61cb67c39d954e756865d58dee368f6c0ced8ba6be373a198729f2266aca662af94802b1fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nskDEF9.tmp\ioSpecial.ini

Filesize
640B

MD5
9fe583099f7e7297bdf2c040c299e2cd

SHA1
797985a6f316739054c51d5bc9357ce024f559b2

SHA256
b3198925d118e44cc52f38a012bd1831c21feb6342ea17ae135913f8a02f84f0

SHA512
5c763de6cd8f986125ad252f87954aec1de81984e3324f1d1850f62f8e948ab654e1369bafd4db3a8b2b361530dc345737c35e1d57491abd74b900cf1d1ed2ae

Download Submit
memory/5064-0-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/5064-3-0x00000000021D0000-0x0000000002243000-memory.dmp

Filesize
460KB

Download
memory/5064-6-0x00000000021D0000-0x0000000002243000-memory.dmp

Filesize
460KB

Download
memory/5064-99-0x00000000021D0000-0x0000000002243000-memory.dmp

Filesize
460KB

Download
memory/5064-101-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/5064-113-0x00000000021D0000-0x0000000002243000-memory.dmp

Filesize
460KB

Download