be0eee8abd8e1df9076073e8681bcfa4879d48d6e9af818bac3505d83a29488e

Analysis

max time kernel
140s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
13/07/2024, 23:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

43afa546085450703c00611b2f177664_JaffaCakes118.exe
Size

5.5MB
MD5

43afa546085450703c00611b2f177664
SHA1

8b52ad4ebf269b78a85a2bca42b8fd9703fb476a
SHA256

be0eee8abd8e1df9076073e8681bcfa4879d48d6e9af818bac3505d83a29488e
SHA512

b0941eb7ce590f256d3de17b0f683842e8f4d70ab2591ee0a5d2d0332ac612074cc09d259f2892a72fe4a7da58ae554b0385af762a748ebbde2681ba14905c5a
SSDEEP

98304:KtBPKtMLFCHpX4cxef229iE/tIUoyCMoiK7V8LWZXYq+DJJF9yyjs:KjzFixsfn9+u6K/F93Q

Score

7^/10

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x000d00000001227f-2.dat	acprotect

Loads dropped DLL 3 IoCs

pid	Process
2308	43afa546085450703c00611b2f177664_JaffaCakes118.exe
2308	43afa546085450703c00611b2f177664_JaffaCakes118.exe
2308	43afa546085450703c00611b2f177664_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2308	43afa546085450703c00611b2f177664_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2308	43afa546085450703c00611b2f177664_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\43afa546085450703c00611b2f177664_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\43afa546085450703c00611b2f177664_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nso95CD.tmp\ioSpecial.ini

Filesize
605B

MD5
65765325a2fc420bdfe682a17cc0c904

SHA1
968f728f64c243329c135b2f819fc210d4434af5

SHA256
cc3b0b2ac6e53f00dadbb7db44c4a3eb821f80adadde6da23dbb40fe523fcd3c

SHA512
97b7aa62098721ad931f4f586fb35166b0009548d52ff0c0f633fb36bd8fa1bc2eec155f7b38079dff61276617072bde50e958ddf93df5e8a5a4d7a5a90617f5

Download Submit
\Users\Admin\AppData\Local\Temp\gol953D.tmp

Filesize
172KB

MD5
685f1cbd4af30a1d0c25f252d399a666

SHA1
6a1b978f5e6150b88c8634146f1406ed97d2f134

SHA256
0e478c95a7a07570a69e6061e7c1da9001bccad9cc454f2ed4da58824a13e0f4

SHA512
6555ad6b4f4f26105ca8aad64501d74519a3e091f559b4b563d6ffb20a2ddfcde65e4fe94971a9bc65e86db577f2548ca00f9920d341c8ea808b04c0947d61d9

Download Submit
\Users\Admin\AppData\Local\Temp\nso95CD.tmp\BrandingURL.dll

Filesize
4KB

MD5
71c46b663baa92ad941388d082af97e7

SHA1
5a9fcce065366a526d75cc5ded9aade7cadd6421

SHA256
bb2b9c272b8b66bc1b414675c2acba7afad03fff66a63babee3ee57ed163d19e

SHA512
5965bd3f5369b9a1ed641c479f7b8a14af27700d0c27d482aa8eb62acc42f7b702b5947d82f9791b29bcba4d46e1409244f0a8ddce4ec75022b5e27f6d671bce

Download Submit
\Users\Admin\AppData\Local\Temp\nso95CD.tmp\InstallOptions.dll

Filesize
14KB

MD5
325b008aec81e5aaa57096f05d4212b5

SHA1
27a2d89747a20305b6518438eff5b9f57f7df5c3

SHA256
c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

SHA512
18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

Download Submit
memory/2308-0-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/2308-4-0x0000000000250000-0x00000000002C3000-memory.dmp

Filesize
460KB

Download
memory/2308-93-0x0000000000250000-0x00000000002C3000-memory.dmp

Filesize
460KB

Download
memory/2308-95-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/2308-100-0x0000000000250000-0x00000000002C3000-memory.dmp

Filesize
460KB

Download