Overview

overview

7

Static

static

3

2d0e064e29...18.exe

windows7-x64

7

2d0e064e29...18.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PROGRAMFI...4_.dll

windows7-x64

1

$PROGRAMFI...4_.dll

windows10-2004-x64

1

$_60_/$_53_.exe

windows7-x64

7

$_60_/$_53_.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$_50_/Cond...ll.exe

windows7-x64

1

$_50_/Cond...ll.exe

windows10-2004-x64

1

$_60_/$_63_.exe

windows7-x64

1

$_60_/$_63_.exe

windows10-2004-x64

1

$_61_.dll

windows7-x64

1

$_61_.dll

windows10-2004-x64

1

$_67_.dll

windows7-x64

1

$_67_.dll

windows10-2004-x64

1

$_71_.dll

windows7-x64

1

$_71_.dll

windows10-2004-x64

1

$_72_.exe

windows7-x64

1

$_72_.exe

windows10-2004-x64

1

$_95_/$_95...0_.dll

windows7-x64

1

$_95_/$_95...0_.dll

windows10-2004-x64

1

uninstall.exe

windows7-x64

1

uninstall.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    08/07/2024, 16:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2d0e064e2960afffc780d170c2393670_JaffaCakes118.exe

  • Size

    2.1MB

  • MD5

    2d0e064e2960afffc780d170c2393670

  • SHA1

    be74bb65bfec01ea2fced240fb7c9598c04c294f

  • SHA256

    7d7ee0e33727d9db6fe70aaf56f3e4ecea1a7a01e4880586384e25ab07e3927d

  • SHA512

    34a3ac0b090bbd22dee9710b61b5ffe2e50a0931a3fea96b7124c11692f114c0045b74956dbf23c6823bc25c1093632ee3d1dc1a798d8c2df0ac3bb2dbf38b14

  • SSDEEP

    49152:s0A5GJt3ehoIBWARgXIqUDHKZNFpO6Lo1e1+5hN5xRpaKm1eo7oLvtn:s0/SK7Mg4tDHOPM6Ly++5vRETxoLvt

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2d0e064e2960afffc780d170c2393670_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2d0e064e2960afffc780d170c2393670_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2212

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nsoFBDD.tmp\System.dll
    Filesize

    11KB

    MD5

    301a9c8739ed3ed955a1bdc472d26f32

    SHA1

    a830ab9ae6e8d046b7ab2611bea7a0a681f29a43

    SHA256

    6ec9fde89f067b1807325b05089c3ae4822ce7640d78e6f32dbe52f582de1d92

    SHA512

    41d88489ecb5ec64191493a1ed2ed7095678955d9fa72cccea2ae76dd794e62e7b5bd3aa2c313fb4bdf41c2f89f29e4cafe43d564ecad80fce1bf0a240b1e094

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsoFBDD.tmp\nsDialogs.dll
    Filesize

    9KB

    MD5

    b0165587c54350b6c9910e765f16ad9e

    SHA1

    fd81de9f3b1dd8d6cfa8621fddf9f93c29b4710f

    SHA256

    26006c739057373f948b11892f40b0cc686c6c97c448f79447856421f9a15563

    SHA512

    2f69354fd433eec277a804124f5c476fd645270b89af3db22ed45b599cdf251cfccdc3c642b8893078748a0a674676ea28c5fe5b471a633de7301c6a6646295b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nstFBFD.tmp.tbsyne.dll
    Filesize

    4.0MB

    MD5

    e56349da176df943885053367da2e539

    SHA1

    1b279991969dfb1db2b039900503446d0e2cb13f

    SHA256

    845dd0a0bcbe7b5bd58371c183621ca3bd558ce5798d87e5bb7a56e70300a310

    SHA512

    70b2633b9afca366c4c2ab5377b9441ad6c23637090599ebe86de6d11d849f1daf5c7c0c6c182c7568654c01a36ba6d32899d36191a42df476b220d12e190537

    Download Submit

  • memory/2212-16-0x0000000003750000-0x0000000003B60000-memory.dmp

    Filesize

    4.1MB

    Download