Overview

overview

7

Static

static

5

5bb4bf4abf...18.exe

windows7-x64

7

5bb4bf4abf...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...nk.dll

windows7-x64

3

$PLUGINSDI...nk.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...te.dll

windows7-x64

1

$PLUGINSDI...te.dll

windows10-2004-x64

1

$PLUGINSDI...tp.dll

windows7-x64

1

$PLUGINSDI...tp.dll

windows10-2004-x64

1

$TEMP/qq.vbs

windows7-x64

3

$TEMP/qq.vbs

windows10-2004-x64

3

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDIR/time.dll

windows7-x64

3

$PLUGINSDIR/time.dll

windows10-2004-x64

3

�...��.url

windows7-x64

1

�...��.url

windows10-2004-x64

1

�...��.exe

windows7-x64

3

�...��.exe

windows10-2004-x64

3

�...��.exe

windows7-x64

6

�...��.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    102s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    19-07-2024 11:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5bb4bf4abfd408422d700e32523e962a_JaffaCakes118.exe

  • Size

    1.4MB

  • MD5

    5bb4bf4abfd408422d700e32523e962a

  • SHA1

    35fecbcbf96d18c8c6f93799708adc1687e36f7f

  • SHA256

    8779168270de0ccf60a1ba0e571135d448f435df4ffd2bd47195c531634d1762

  • SHA512

    788ae203db0d75f5d16bd258623591f7312c4ac09586f5319dd16feb81134771c7d73dd198dac47e9d8e0a0659ccb3f42f9b6731195b6783d8900c3cef0bf9a7

  • SSDEEP

    24576:k7Z0+VLLoy7yDZgDstOXV7cFxAtdEBn5ho32x+KtEvhcCgUos1cHcsqr5kBE2NTg:4Z0yH7yFgiOt2Bn/BcKCqCpr1lOpNk

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5bb4bf4abfd408422d700e32523e962a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\5bb4bf4abfd408422d700e32523e962a_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2564

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nse4FA7.tmp\ioSpecial.ini
    Filesize

    647B

    MD5

    15f95c0dfbee81f546d00f195d73cfe6

    SHA1

    d5f46a33a6370830e6ea1b6659de6a879327761e

    SHA256

    747bf39c6d7d51eca0f1b50bd440284baeb37dbcac92c4a22588d2cb5f8d196e

    SHA512

    8376a42cbb5024987f53476dcc531401fb4a3abcfe2ba0b9f7b38b428bfe4d022bc9fd79db67114c4c1f78d7e06b97ce886d1984fed8e0f4ab44513039574d79

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nse4FA7.tmp\ioSpecial.ini
    Filesize

    686B

    MD5

    6bb3c9bfdab53780088b75afd5017ea3

    SHA1

    46f4d86f761397b881b5005ac522c93fdc92473f

    SHA256

    1e78d15add07b60836f0c9013b09ca7e3a3b5b8d4f838b473af25bae31dccb17

    SHA512

    7217ada6e979cd8c431bd802fc32254d3272d9342f8dd9d24423cc10b3968ea98e01c1aa9e3ba8da402c127c106b4c83923b2d30e687abdf03a0c864ab8e9fd3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nse4FA7.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    0dc0cc7a6d9db685bf05a7e5f3ea4781

    SHA1

    5d8b6268eeec9d8d904bc9d988a4b588b392213f

    SHA256

    8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c

    SHA512

    814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0

    Download Submit