Overview

overview

7

Static

static

7

49713fc39f...18.exe

windows7-x64

7

49713fc39f...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

GNS3.exe

windows7-x64

1

GNS3.exe

windows10-2004-x64

1

Loopback Manager.cmd

windows7-x64

1

Loopback Manager.cmd

windows10-2004-x64

1

Network de...st.cmd

windows7-x64

1

Network de...st.cmd

windows10-2004-x64

1

PyQt4.QtCore.dll

windows7-x64

3

PyQt4.QtCore.dll

windows10-2004-x64

3

PyQt4.QtGui.dll

windows7-x64

3

PyQt4.QtGui.dll

windows10-2004-x64

3

PyQt4.QtNetwork.dll

windows7-x64

3

PyQt4.QtNetwork.dll

windows10-2004-x64

3

PyQt4.QtSvg.dll

windows7-x64

3

PyQt4.QtSvg.dll

windows10-2004-x64

3

QtCore4.dll

windows7-x64

3

QtCore4.dll

windows10-2004-x64

3

QtGui4.dll

windows7-x64

1

QtGui4.dll

windows10-2004-x64

1

QtNetwork4.dll

windows7-x64

3

QtNetwork4.dll

windows10-2004-x64

3

QtSvg4.dll

windows7-x64

3

QtSvg4.dll

windows10-2004-x64

3

QtXml4.dll

windows7-x64

3

QtXml4.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    15/07/2024, 10:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    49713fc39f8f84a45a4e2500aa9dbe6a_JaffaCakes118.exe

  • Size

    14.8MB

  • MD5

    49713fc39f8f84a45a4e2500aa9dbe6a

  • SHA1

    4744671110a52c3727c4c326ee408487ace242de

  • SHA256

    3da2156d209fd99a785ccfa240045330f558a43462c963c25723ffbd08ab5aab

  • SHA512

    280d41d40bc94402f967cd3b9d357b1dbdbbdb68360e84ef12f95dccae2ebb2ce3ead92412697de50e9cb4b35ea379ed3c06cc0893f2f007ba714c840461e627

  • SSDEEP

    196608:5XLIfhrhSbn+WIDY3gr9RSKH+MkZLcJABOHPnK7Lip/rGWTwd64ONqX/:5b8an+L03GrHycSYH/K7Lk/yWTW1EI

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\49713fc39f8f84a45a4e2500aa9dbe6a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\49713fc39f8f84a45a4e2500aa9dbe6a_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:1880

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsd9A6D.tmp\ioSpecial.ini
    Filesize

    688B

    MD5

    628bb290c62ca2eb9c7add2f075e7781

    SHA1

    1e9f6c59748008853ce1b5141fdf27dce0f97972

    SHA256

    aa3461fb4e3e5a2bfdf048d4b88ed90096dedddaa12aa3cd9a04e878fb96fc2c

    SHA512

    e593cfc00f8ea38b52fa88e30293e35ede44cdbfcf13d04720b4b37c0473a876e0c99bccf1d8d400768b6909e598c77496e5afc6e9e1a531f19fd085eb8f23f3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd9A6D.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    325b008aec81e5aaa57096f05d4212b5

    SHA1

    27a2d89747a20305b6518438eff5b9f57f7df5c3

    SHA256

    c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

    SHA512

    18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

    Download Submit