ca989596193726a477f293e39c0004812e90d6d82cce643085115bad1a4435fe

Analysis

max time kernel
138s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 06:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5accd3a7c322537b7a57fcf15e4cc2a8_JaffaCakes118.exe
Size

452KB
MD5

5accd3a7c322537b7a57fcf15e4cc2a8
SHA1

386743139a3ae27df71c934c51781e7fea3a51e4
SHA256

ca989596193726a477f293e39c0004812e90d6d82cce643085115bad1a4435fe
SHA512

0a27a5f9377dd41372b5d240b329c7f5811f85a94ac0d9ded2e3d9f5df99fe2ba0a62a6c49e65505aa3f88bf40b75642592b0210a513944e60e686ca8fa46bfc
SSDEEP

6144:nstCLTmDlTWHwUHZUKVJN3BgcKNf4Y7Uf5za+h8R1F:nstCLTmDYQOUCJLtKNAY7S5m

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 7 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x00070000000234d2-5.dat	acprotect
behavioral2/files/0x000900000002346d-7.dat	acprotect
behavioral2/files/0x00070000000234d3-15.dat	acprotect
behavioral2/files/0x00070000000234d1-11.dat	acprotect
behavioral2/files/0x00080000000234cd-9.dat	acprotect
behavioral2/memory/3836-27-0x0000000060220000-0x0000000060229000-memory.dmp	acprotect
behavioral2/memory/3836-35-0x0000000060220000-0x0000000060229000-memory.dmp	acprotect

Loads dropped DLL 6 IoCs

pid	Process
3836	5accd3a7c322537b7a57fcf15e4cc2a8_JaffaCakes118.exe
3836	5accd3a7c322537b7a57fcf15e4cc2a8_JaffaCakes118.exe
3836	5accd3a7c322537b7a57fcf15e4cc2a8_JaffaCakes118.exe
3836	5accd3a7c322537b7a57fcf15e4cc2a8_JaffaCakes118.exe
3836	5accd3a7c322537b7a57fcf15e4cc2a8_JaffaCakes118.exe
3836	5accd3a7c322537b7a57fcf15e4cc2a8_JaffaCakes118.exe

UPX packed file 14 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x00070000000234d2-5.dat	upx
behavioral2/files/0x000900000002346d-7.dat	upx
behavioral2/files/0x00070000000234d3-15.dat	upx
behavioral2/files/0x00070000000234d1-11.dat	upx
behavioral2/files/0x00080000000234cd-9.dat	upx
behavioral2/memory/3836-22-0x0000000060170000-0x00000000601D7000-memory.dmp	upx
behavioral2/memory/3836-27-0x0000000060220000-0x0000000060229000-memory.dmp	upx
behavioral2/memory/3836-25-0x0000000060260000-0x00000000602BF000-memory.dmp	upx
behavioral2/memory/3836-24-0x0000000060210000-0x000000006021A000-memory.dmp	upx
behavioral2/memory/3836-23-0x0000000060140000-0x000000006016D000-memory.dmp	upx
behavioral2/memory/3836-34-0x0000000060260000-0x00000000602BF000-memory.dmp	upx
behavioral2/memory/3836-35-0x0000000060220000-0x0000000060229000-memory.dmp	upx
behavioral2/memory/3836-32-0x0000000060140000-0x000000006016D000-memory.dmp	upx
behavioral2/memory/3836-33-0x0000000060210000-0x000000006021A000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\5accd3a7c322537b7a57fcf15e4cc2a8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5accd3a7c322537b7a57fcf15e4cc2a8_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
PID:3836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nspr4.dll

Filesize
72KB

MD5
72414dfb0b112c664d2c8d1215674e09

SHA1
50a1e61309741e92fe3931d8eb606f8ada582c0a

SHA256
69e73fea2210adc2ae0837ac98b46980a09fe91c07f181a28fda195e2b9e6b71

SHA512
41428624573b4a191b33657ed9ad760b500c5640f3d62b758869a17857edc68f90bc10d7a5e720029519c0d49b5ca0fa8579743e80b200ef331e41efde1dc8c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss3.dll

Filesize
172KB

MD5
7ddbd64d87c94fd0b5914688093dd5c2

SHA1
d49d1f79efae8a5f58e6f713e43360117589efeb

SHA256
769703fb1ba6c95fb6c889e8a9baaea309e62d0f3ca444d01cc6b495c0f722d1

SHA512
60eaad58c3c4894f1673723eb28ddb42b681ff7aafe7a29ff8bf87a2da6595c16d1f8449096accdb89bd6cda6454eb90470e71dde7c5bd16abd0f80e115cfa2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\plc4.dll

Filesize
8KB

MD5
c73ec58b42e66443fafc03f3a84dcef9

SHA1
5e91f467fe853da2c437f887162bccc6fd9d9dbe

SHA256
2dc0171b83c406db6ec9389b438828246b282862d2b8bdf2f5b75aec932a69f7

SHA512
6318e831d8f38525e2e49b5a1661440cd8b1f3d2afc6813bb862c21d88d213c4675a8ec2a413b14fbdca896c63b65a7da6ec9595893b352ade8979e7e86a7fcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\plds4.dll

Filesize
6KB

MD5
ee44d5d780521816c906568a8798ed2f

SHA1
2da1b06d5de378cbfc7f2614a0f280f59f2b1224

SHA256
50b2735318233d6c87b6efccccc23a0e3216d2870c67f2f193cc1c83c7c879fc

SHA512
634a1cd2baaef29b4fe7c7583c04406bb2ea3a3c93294b31f621652844541e7c549da1a31619f657207327604c261976e15845571ee1efe5416f1b021d361da8

Download Submit
C:\Users\Admin\AppData\Local\Temp\softokn3.dll

Filesize
155KB

MD5
e846285b19405b11c8f19c1ed0a57292

SHA1
2c20cf37394be48770cd6d396878a3ca70066fd0

SHA256
251f0094b6b6537df3d3ce7c2663726616f06cfb9b6de90efabd67de2179a477

SHA512
b622ff07ae2f77e886a93987a9a922e80032e9041ed41503f0e38abb8c344eb922d154ade29e52454d0a1ad31596c4085f4bd942e4412af9f0698183acd75db7

Download Submit
memory/3836-27-0x0000000060220000-0x0000000060229000-memory.dmp

Filesize
36KB

Download
memory/3836-22-0x0000000060170000-0x00000000601D7000-memory.dmp

Filesize
412KB

Download
memory/3836-26-0x0000000000B10000-0x0000000000B19000-memory.dmp

Filesize
36KB

Download
memory/3836-25-0x0000000060260000-0x00000000602BF000-memory.dmp

Filesize
380KB

Download
memory/3836-24-0x0000000060210000-0x000000006021A000-memory.dmp

Filesize
40KB

Download
memory/3836-23-0x0000000060140000-0x000000006016D000-memory.dmp

Filesize
180KB

Download
memory/3836-34-0x0000000060260000-0x00000000602BF000-memory.dmp

Filesize
380KB

Download
memory/3836-35-0x0000000060220000-0x0000000060229000-memory.dmp

Filesize
36KB

Download
memory/3836-32-0x0000000060140000-0x000000006016D000-memory.dmp

Filesize
180KB

Download
memory/3836-33-0x0000000060210000-0x000000006021A000-memory.dmp

Filesize
40KB

Download