2ec26b0fdb3ae96007801291256877aecece612270397e662cd76f3357180fbf

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 16:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4a8b011d11e48dd612b6f9c46ee15aa0_JaffaCakes118.exe
Size

708KB
MD5

4a8b011d11e48dd612b6f9c46ee15aa0
SHA1

5ed37939b9bf13b323539c69abe8a2a9cfd69983
SHA256

2ec26b0fdb3ae96007801291256877aecece612270397e662cd76f3357180fbf
SHA512

021175af621025be759f1097c9d8ff08bf80e9a278aada39a5443752500b2f9122963c2b07574b4a20ac8997a65774446f2f632e8d7f28748cbae70b780a89bb
SSDEEP

12288:S4ZZ/vRXWeE+1PJOrQ05Foqj3ol7ziu0mSDDoC0xw+ns1uKX6pk+1Me:S8RRXWvcwrQ0L74l6u0mSXoC0rns1H6z

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2252	4a8b011d11e48dd612b6f9c46ee15aa0_JaffaCakes118.exe
2252	4a8b011d11e48dd612b6f9c46ee15aa0_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2252	4a8b011d11e48dd612b6f9c46ee15aa0_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4a8b011d11e48dd612b6f9c46ee15aa0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\4a8b011d11e48dd612b6f9c46ee15aa0_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:2252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsy17D6.tmp\ioSpecial.ini

Filesize
692B

MD5
62be338a4c46dc98c190a26cd34e82db

SHA1
470e8e265ef6b69d40a522b33c65feb803f9181d

SHA256
727b0528fa8c666ed9cb1dbd6c8f2d2c08fd023a9c51be9242492a40838237c7

SHA512
7a02bce73e017c2f2dddbbdf0333fce292d2a792e4b1f85dbf8171523b93ca2a029c7e44b40029bf361eb5a3aa22d83a40140b362232401ebdbf5674cd3dde07

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy17D6.tmp\ioSpecial.ini

Filesize
705B

MD5
a1ca27f41fc44d5de96e6fdf76cfd159

SHA1
602c74d9402abe47d45d505ef7a01898d880f1de

SHA256
8b8bfd17e5a861e0b52c403db8c4465a24f2f5a4240525da1643bbaf7db652b0

SHA512
cc8ebb448a5d966e26eb65fc7008d2200a6430a64164a82807b9dfe6df6ea5f070807b9c1b85bebecb48eb828b80d8f3c7fc2ac62e47e61360fa630f2bee5caf

Download Submit
\Users\Admin\AppData\Local\Temp\nsy17D6.tmp\InstallOptions.dll

Filesize
13KB

MD5
d765c492c21689e3d9d61634371fd861

SHA1
ac200933671ae52c9d5544d0e2e8e9144d286c83

SHA256
551e6042dd494ea01549555ffc194ab9729da09058ec714eb368dd06642c9bbc

SHA512
9919a9e848c8f1e26c75d0d29207571e4b86a4140bd554743d2c1f8bd7f386fe4919345b163d89a5d907fb165e435ba0ac5f6b1101713636141f156a420e2e0f

Download Submit
\Users\Admin\AppData\Local\Temp\nsy17D6.tmp\System.dll

Filesize
10KB

MD5
fe24766ba314f620d57d0cf7339103c0

SHA1
8641545f03f03ff07485d6ec4d7b41cbb898c269

SHA256
802ef71440f662f456bed6283a5ff78066af016897fe6bfd29cac6edc2967bbd

SHA512
60d36959895cebf29c4e7713e6d414980139c7aa4ed1c8c96fefb672c1263af0ce909fb409534355895649c0e8056635112efb0da2ba05694446aec2ca77e2e3

Download Submit