99b1a0b42dbe9ee9524db8934bdf941d9d29ae4efef3f6fbdc20417413d7b458

Analysis

max time kernel
142s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13-07-2024 21:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

43639d01e19622cd6185228db0b9e4d1_JaffaCakes118.exe
Size

6.3MB
MD5

43639d01e19622cd6185228db0b9e4d1
SHA1

f5961873b440d79c89176eb6e794477acb6a65a8
SHA256

99b1a0b42dbe9ee9524db8934bdf941d9d29ae4efef3f6fbdc20417413d7b458
SHA512

7bb3bb5a0e1118688785e8b86a21758553729bcdd20ee59b54e057eabe3dec06cc77772676ef5445139e2ed41fcdbfdbc90d9e3ff60f335a28fe636b3a985bd2
SSDEEP

98304:ro4Z22Sah1GWa1mb0g3mPptzIjCyqO+T9Mp10rGWu8izznoKshgljCXJM4xJ2:rT84GWIl5ptzpRT94xWuLzno1hQWTJ2

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x00080000000234c5-10.dat	acprotect

Loads dropped DLL 2 IoCs

pid	Process
4936	43639d01e19622cd6185228db0b9e4d1_JaffaCakes118.exe
4936	43639d01e19622cd6185228db0b9e4d1_JaffaCakes118.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4936-0-0x0000000000400000-0x0000000000579000-memory.dmp	upx
behavioral2/files/0x00080000000234c5-10.dat	upx
behavioral2/memory/4936-16-0x00000000051A0000-0x00000000051FB000-memory.dmp	upx
behavioral2/memory/4936-15-0x00000000051A0000-0x00000000051FB000-memory.dmp	upx
behavioral2/memory/4936-138-0x00000000051A0000-0x00000000051FB000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4936	43639d01e19622cd6185228db0b9e4d1_JaffaCakes118.exe
4936	43639d01e19622cd6185228db0b9e4d1_JaffaCakes118.exe
4936	43639d01e19622cd6185228db0b9e4d1_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\43639d01e19622cd6185228db0b9e4d1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\43639d01e19622cd6185228db0b9e4d1_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:4936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\{3C2D02CB-B388-47A6-AD87-8A32811A06BB}.dll

Filesize
120KB

MD5
c9f333d1ff898672a34805f94a265329

SHA1
2deaac66698fb2e9b3868d23034c3211c508b739

SHA256
07e546811635574c77edfda126b0e5f5292b4ea13f35158eddedcfc3cbf74b6b

SHA512
048c71e48e2def0bfc69ebfb69b834d650a9377082782333f50728fdfd6675df8093d0c87e606022e55d09f81549d4ca3b640bcdd33b9ddc9aace03ee1466add

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{1D0CAE89-3498-4179-BB34-04BA62C24D60}\left.jpg

Filesize
49KB

MD5
84746b2d57dbeac6f915fda27ca5d456

SHA1
4dea564f9a3675c50c9d53ca4623e4f5229e2077

SHA256
e0be6ddc1d5dfc072e783db9b7df2f192c6651b355626e72dc325c3848887f9f

SHA512
5d9d238263afcb8bb06d60def7665557e8bb40b3311cd145bb01165524137391d7693e4bc44909ce90b856e639aae4e7d7117d31207c9d90f150893376804a42

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{1D0CAE89-3498-4179-BB34-04BA62C24D60}\page.html

Filesize
1KB

MD5
f29533fe12e742c0499cc028e147651a

SHA1
b3481280ab5e945770131d0e51ca30814449dd64

SHA256
b20427d46d71d40ded4674cf776a9184b9c6a64d1cfb1ecb8842336bdea9d3e2

SHA512
38ceeb9d2d8d53e491d8876df5bb5f087bb576754c7c64d71d54e7ebf6a24f31156cdf8552679f7d8b14639f88ef752893db9a05365c722a98e588ee641003c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{1D0CAE89-3498-4179-BB34-04BA62C24D60}\style.css

Filesize
2KB

MD5
595148d1fc9d47c7f0c9311e9f78efaf

SHA1
dae9f23c75f9ae23d17d1d987d01611973f68869

SHA256
85b22f15c152353e8cffab54a895f038be5793bcf7c56d9051652ed817623675

SHA512
15abab287b19218e2c57935d3646fcbd7ee7358453626ab2af1b9dd139c6a08de1fe2ae6917340bba87f342c707af8a6d2c53f677036b88f1316c5471707bc05

Download Submit
memory/4936-6-0x0000000002450000-0x0000000002451000-memory.dmp

Filesize
4KB

Download
memory/4936-16-0x00000000051A0000-0x00000000051FB000-memory.dmp

Filesize
364KB

Download
memory/4936-15-0x00000000051A0000-0x00000000051FB000-memory.dmp

Filesize
364KB

Download
memory/4936-0-0x0000000000400000-0x0000000000579000-memory.dmp

Filesize
1.5MB

Download
memory/4936-2-0x0000000000400000-0x0000000000579000-memory.dmp

Filesize
1.5MB

Download
memory/4936-1-0x0000000000740000-0x0000000000746000-memory.dmp

Filesize
24KB

Download
memory/4936-135-0x0000000000400000-0x0000000000579000-memory.dmp

Filesize
1.5MB

Download
memory/4936-137-0x0000000002450000-0x0000000002451000-memory.dmp

Filesize
4KB

Download
memory/4936-138-0x00000000051A0000-0x00000000051FB000-memory.dmp

Filesize
364KB

Download