Overview

overview

7

Static

static

3

45259948eb...18.exe

windows7-x64

7

45259948eb...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

v...��.exe

windows7-x64

1

v...��.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/07/2024, 09:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    45259948eb128234e39f2bc818e12035_JaffaCakes118.exe

  • Size

    85KB

  • MD5

    45259948eb128234e39f2bc818e12035

  • SHA1

    2f2668ce05a0bc54f915d4cc7e36d6fd2f21b0a7

  • SHA256

    15d2979fe5d514d16b814dc3884bce9cd5a2bec1dbed99e64347f5ce1c7cff52

  • SHA512

    67218239a5c68de6d765a361200e46caeaccae339a7f88058d5b6df090b596718c98906b9bf1a8ee7a62d8d266b3e7164651b02d4a102c5bb6540f614ab3effc

  • SSDEEP

    1536:qppv5CNE2E/n/fn8lvOvNOH4KJJ6CKeLSLKO+sxc8B15HS8AhGCu5d8CdwZQr2jW:qppv5CNEhf8FH4KJJ6JY7Vhhub8CdaQT

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\45259948eb128234e39f2bc818e12035_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\45259948eb128234e39f2bc818e12035_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    PID:1708

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsqAF0D.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    107737e3282fefd85684f2fa3df6d1c3

    SHA1

    3befbcae116a644ae28cebdc1d7dfe6be5c8ca5f

    SHA256

    21042be362d4073053bffcc90511b3ecf77902243525b56bb159581b5ece43a0

    SHA512

    439ac2f3066902e08d63dc3061f55063089857e765feb29fe47ba5819a9bebdff3fe2fe55fc8bfcfddb729d340f006ee95b5aa4422d712f9dcc07cc02ec410b4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsqAF0D.tmp\ioSpecial.ini
    Filesize

    650B

    MD5

    43f99b5c296e82b1205ce6ac366679ac

    SHA1

    df6396299e6857116851943bb28e07678caa1cc2

    SHA256

    4debbde2268e3b0c473e65b4adb1c4a8f1fe7c5168eed572cedbca6f5e14e63f

    SHA512

    e4b64ca30b2195e57b55b9f02b226907c8641718d5a70f7c704c4668148ed06e12e3dfc07accf5910a19951c7960a73bde54bc88bee8924216f2f88d84c8bcf0

    Download Submit