Overview

overview

7

Static

static

3

3a625b4034...18.exe

windows7-x64

7

3a625b4034...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$TEMP/bdtm...ll.dll

windows7-x64

1

$TEMP/bdtm...ll.dll

windows10-2004-x64

3

baidubar.dll

windows7-x64

7

baidubar.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    11-07-2024 19:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3a625b403453efd630bec54b1c0938e7_JaffaCakes118.exe

  • Size

    593KB

  • MD5

    3a625b403453efd630bec54b1c0938e7

  • SHA1

    f287035aaecfdafe72f310178d5f2e26e73a37d2

  • SHA256

    59eb89f1ba93209eddbb1c102cc273cce5efe6cd58b0adf43c4fd23ac556b933

  • SHA512

    5ad2f2be94c7b8e33d60aee10b7a325d38d78fed2c7a54a9f6cdad0c77684102ab968da1f839bf0cea5c3730724d36022f1653c23facd211ee4fa4e08866687f

  • SSDEEP

    12288:iUw01kNk1U6yQUe/B1LExlXmbKpjU3fYJy6qouBLmY8c2IqH:iUw5kq6yu6VjpjUPn4d3

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3a625b403453efd630bec54b1c0938e7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3a625b403453efd630bec54b1c0938e7_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:1152

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nso1180.tmp\ioSpecial.ini
    Filesize

    514B

    MD5

    3eeaf80d6e7f997014c2af18cc592d2a

    SHA1

    8d9debbffbb0fe374953e8dad9744724f143ce98

    SHA256

    7d4722bb04e862bfa5900c43e423155fe9f57ed5e6e1bad729d956978c6df123

    SHA512

    332275f3e9a482e3582c50f5a3bb7e3f2f713e7ef3dffba0716231d118b2cfa3f2efb24a59f12240f59d2125c919e4c1223d0293e347012166a1a928e156d2b4

    Download Submit

  • \Users\Admin\AppData\Local\Temp\bdtmp\InstDll.dll
    Filesize

    4KB

    MD5

    884b680357ba59a512dda26c1032922d

    SHA1

    55c99c30fe77ea79826bc78d74e830024365479b

    SHA256

    5a449a8daf50957499e3a623d85f9d13c0bee446bd1389ab09c62dc711f7b83c

    SHA512

    69add831d940cebc74352131705c673537d960063ce8f5c4ba76bec421af4ece8bae4bfbdac3491854da2acb3b6cf4872b141a19f091faa260ba8bcf00cc6426

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nso1180.tmp\InstallOptions.dll
    Filesize

    12KB

    MD5

    1e8f2fefe3ce893b117b26948b8978cb

    SHA1

    59cfc6c3f5716e91609e54ca80ae8b06c93ef8ab

    SHA256

    8203ae1589a50e6ff012e5d27bdd4f8ed7506077ca9b052827f5e90aaeb98519

    SHA512

    b3c36e1aa5d3ee5f482f4175a7d6fe10cf2bf3bd3423ab4266d11c4181cfbc7e3f66a30855034a8ec026a4d5987598f0116e98519b7445d9e5687bcbab2c0e5c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nso1180.tmp\System.dll
    Filesize

    10KB

    MD5

    10c44246d99a1c2e5f5e6b52b111a63d

    SHA1

    0f41da79c3e789f4ae38738e3a5d73c538f8af4f

    SHA256

    7a24883bdbf08ce90938094b6ab6f09a842af10b18b8ae4d70da2e6b806490b8

    SHA512

    e5b0fa27cd02a67be5eb9c63646621d3e9ccfada98659c50dee8310a58ce12e1a6a059788b85f0f440067ed7e281a0e1a526b9403993b9000f91a51bfbb50da3

    Download Submit