e3697831bcd29abfaf0a2b7d74b5b42d0ebaef5625f45b617170bfeeade8af70

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10-07-2024 22:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3691a72927d53f0d6c9b38343a0999b9_JaffaCakes118.exe
Size

3.8MB
MD5

3691a72927d53f0d6c9b38343a0999b9
SHA1

1f853fb984a866185870c7462c0599083074e16f
SHA256

e3697831bcd29abfaf0a2b7d74b5b42d0ebaef5625f45b617170bfeeade8af70
SHA512

9377c3b7f48b0da1579f1dbdf8afeceec5700c4c39a68bf21a023083ca62aa36b9f1b26a6e8ade87305a573cb919b925adf303732d5317a763e385d28b7af468
SSDEEP

98304:cjy0yKspLRuTv7YoK1T6zI6MBobSfu1oiBar/peNj/N:ggLRc7YocSI6AxWWibN

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
2176	3691a72927d53f0d6c9b38343a0999b9_JaffaCakes118.exe
2176	3691a72927d53f0d6c9b38343a0999b9_JaffaCakes118.exe
2176	3691a72927d53f0d6c9b38343a0999b9_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\3691a72927d53f0d6c9b38343a0999b9_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3691a72927d53f0d6c9b38343a0999b9_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
PID:2176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\BrandingURL.dll

Filesize
4KB

MD5
71c46b663baa92ad941388d082af97e7

SHA1
5a9fcce065366a526d75cc5ded9aade7cadd6421

SHA256
bb2b9c272b8b66bc1b414675c2acba7afad03fff66a63babee3ee57ed163d19e

SHA512
5965bd3f5369b9a1ed641c479f7b8a14af27700d0c27d482aa8eb62acc42f7b702b5947d82f9791b29bcba4d46e1409244f0a8ddce4ec75022b5e27f6d671bce

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\InstallOptions.dll

Filesize
14KB

MD5
325b008aec81e5aaa57096f05d4212b5

SHA1
27a2d89747a20305b6518438eff5b9f57f7df5c3

SHA256
c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

SHA512
18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\ioSpecial.ini

Filesize
624B

MD5
3bbaba650d35572cc2d4a8b74cccb4b7

SHA1
2be19fe8fac692b3492c299acecd43bf2a7ec688

SHA256
bc2dafd00842659b68cff731636603c5d624706827559744f3bd205d920e7a86

SHA512
3625bc2dbbd3c7648b76bc00bc2f9521d08996e68b2847d293c10900c94d640fe0c5efdbb4da0000105adccc0f6e2a43ecc8dc2dfc72d0c0c2f2cc197b04006d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\ioSpecial.ini

Filesize
650B

MD5
d73423df57f2517c7751cd5b1c0351c2

SHA1
78cd924d46602c3a7cd1069d75470c3bea758eee

SHA256
e73ab2c2c9a24273698a75957a425e108c149132dec9b0cd7b9d193a5927b2b9

SHA512
1433cdd117a24d3203a10620e838e09efcbe0734de6bad453320a46c7ad4a4f372c2760abcda643f85958635ca88e4a1e3e91aa4cfcbb024460fcdd7a48446fd

Download Submit