Overview

overview

7

Static

static

3

5b84c188dc...18.exe

windows7-x64

7

5b84c188dc...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    139s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/07/2024, 10:18

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    5b84c188dc4d7ca50abdfaf7ab4af244_JaffaCakes118.exe

  • Size

    496KB

  • MD5

    5b84c188dc4d7ca50abdfaf7ab4af244

  • SHA1

    11ef2cacab881b332327a29807302a68e6c28c07

  • SHA256

    375fd095051910ef0f4ed379573e0237a328d2c8d569574b2462536cc29affdb

  • SHA512

    2e64f12dce907e586e4ae4ccc971ce9a51b3d2a07b9ae85397b8bb4740ce0934752c0aab0e69998db933e3cd347baa603ac87e3c3b02c288cd096ae0a6df5a38

  • SSDEEP

    6144:fe34R2egQazh36dqXEV2rnCUZG/t7FTBqTzP7n7O7L6K2Bfo7pa:L2bBzh36VV2GC0ZTsnz7O7L6ju7pa

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\5b84c188dc4d7ca50abdfaf7ab4af244_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\5b84c188dc4d7ca50abdfaf7ab4af244_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    PID:3880

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\nsbA29A.tmp\InstallOptions.dll
          Filesize

          14KB

          MD5

          325b008aec81e5aaa57096f05d4212b5

          SHA1

          27a2d89747a20305b6518438eff5b9f57f7df5c3

          SHA256

          c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

          SHA512

          18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsbA29A.tmp\LangDLL.dll
          Filesize

          5KB

          MD5

          9384f4007c492d4fa040924f31c00166

          SHA1

          aba37faef30d7c445584c688a0b5638f5db31c7b

          SHA256

          60a964095af1be79f6a99b22212fefe2d16f5a0afd7e707d14394e4143e3f4f5

          SHA512

          68f158887e24302673227adffc688fd3edabf097d7f5410f983e06c6b9c7344ca1d8a45c7fa05553adcc5987993df3a298763477168d4842e554c4eb93b9aaaf

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsbA29A.tmp\NSISdl.dll
          Filesize

          14KB

          MD5

          a5f8399a743ab7f9c88c645c35b1ebb5

          SHA1

          168f3c158913b0367bf79fa413357fbe97018191

          SHA256

          dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

          SHA512

          824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsbA29A.tmp\UAC.dll
          Filesize

          17KB

          MD5

          09caf01bc8d88eeb733abc161acff659

          SHA1

          b8c2126d641f88628c632dd2259686da3776a6da

          SHA256

          3555afe95e8bb269240a21520361677b280562b802978fccfb27490c79b9a478

          SHA512

          ef1e8fc4fc8f5609483b2c459d00a47036699dfb70b6be6f10a30c5d2fc66bae174345bffa9a44abd9ca029e609ff834d701ff6a769cca09fe5562365d5010fa

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsbA29A.tmp\ioSpecial.ini
          Filesize

          1KB

          MD5

          1da6e81c3e3c2792f907570bd7a3c573

          SHA1

          e76a4d76e873dce3d3a9472bf4ee8392d12c3d74

          SHA256

          372c4a874e1168c7a8319e090f4039fff127fd23c3644af15c7b0a34c5e4907f

          SHA512

          b41438add1cb6869a65038bc53e191d9f0e58e88bb4882f7c770e10858bc03d0e9f3e753371b18189e7cedfe98826b8ed2fbf6730b54304ad0954c1841c9834c

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsbA29A.tmp\ioSpecial.ini
          Filesize

          1KB

          MD5

          bfd001a98c938f942fa3fe618273e4f5

          SHA1

          a15b94a87c89e6054e74b10c42d90f5cf496f2de

          SHA256

          aed07717cfb42a4ca4330928c89f47c2cce926aa498c2aa6a0c24a93c80eaa77

          SHA512

          2508f4ada6910b12f732d519a08bac1f91833d74fd2ca9439d6bcf80f2cfa2807823e7bc041b4e3e5d108418520a37266ac4b6fc6594a80f560eea2fb253383a

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsbA29A.tmp\linker.dll
          Filesize

          7KB

          MD5

          122754bdae09014ed8be78a8dd3618c0

          SHA1

          8a1d4a0b8202d2261a12d97aebfe33144c274444

          SHA256

          67552ebf58e98e841dcd9f4213ad3eb134d595f04839771618f0bb1c48ea2b92

          SHA512

          7b9b5f8b52db793b4833a75bd8f122f28f2df00d43bd35efc831c2b8457009d51fe39874c691389c2fdc87ed411919b59da50199e3f719bd4cfb166367f185d9

          Download Submit