Overview

overview

7

Static

static

3

5c9778b39c...18.exe

windows7-x64

7

5c9778b39c...18.exe

windows10-2004-x64

7

$PLUGINSDI...RL.dll

windows7-x64

3

$PLUGINSDI...RL.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SYSDIR/pncrt.dll

windows7-x64

3

$SYSDIR/pncrt.dll

windows10-2004-x64

3

AddIn/VisLrc.dll

windows7-x64

3

AddIn/VisLrc.dll

windows10-2004-x64

3

Codecs/Col...er.dll

windows7-x64

1

Codecs/Col...er.dll

windows10-2004-x64

1

Codecs/Rea...er.dll

windows7-x64

1

Codecs/Rea...er.dll

windows10-2004-x64

1

Codecs/asf...er.dll

windows7-x64

1

Codecs/asf...er.dll

windows10-2004-x64

1

Codecs/atrc.dll

windows7-x64

1

Codecs/atrc.dll

windows10-2004-x64

1

Codecs/cook.dll

windows7-x64

1

Codecs/cook.dll

windows10-2004-x64

1

Codecs/drvc.dll

windows7-x64

1

Codecs/drvc.dll

windows10-2004-x64

1

Codecs/raac.dll

windows7-x64

1

Codecs/raac.dll

windows10-2004-x64

1

Lang/en_US.dll

windows7-x64

1

Lang/en_US.dll

windows10-2004-x64

1

Lang/zh_TW.dll

windows7-x64

1

Lang/zh_TW.dll

windows10-2004-x64

1

NetAgent.dll

windows7-x64

1

NetAgent.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    19/07/2024, 15:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5c9778b39cfed659ba6c0d60db825517_JaffaCakes118.exe

  • Size

    2.5MB

  • MD5

    5c9778b39cfed659ba6c0d60db825517

  • SHA1

    608fcf180b17daddf406e9146fc1366fe6fee72f

  • SHA256

    d8a387313a1a41c983729bf989d7c99fe92315884cd1327da210b65c173e9574

  • SHA512

    1efc0ad9c480d9f736972b6448092beb9f01db291fc83d5cb8ecb687c8e662d685ed8e67fa70920f74ecc9db1de6f250ccdee404faf3f4492c71e46815b2bbe4

  • SSDEEP

    49152:/EqTYO3oV9AtSHKduh0tcqFkmeiK2IdfvmEQhHsSwyuo4OZ:cqTYO3SZHJqFkFr2uvmH1dwyuo4OZ

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5c9778b39cfed659ba6c0d60db825517_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\5c9778b39cfed659ba6c0d60db825517_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2140

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsdC5FE.tmp\ioSpecial.ini
    Filesize

    615B

    MD5

    160e1fa02b21418d13c8549e58955a1a

    SHA1

    22b8910b928f884294d549041a4dfb0c3baa7bf4

    SHA256

    d5a020a8eb3ffd4f053236e446950ce4f43f230529a0d7c60a803c9b7f8cb9e7

    SHA512

    ef54a4dfd354a9498af97400265e7db4ef67bdcae1559f4189a89cb78aa8625462c171eaabb37127d4fd9c1b402cbc4dd86ef1b945c478fe823e63b4cde624f6

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsdC5FE.tmp\BrandingURL.dll
    Filesize

    4KB

    MD5

    71c46b663baa92ad941388d082af97e7

    SHA1

    5a9fcce065366a526d75cc5ded9aade7cadd6421

    SHA256

    bb2b9c272b8b66bc1b414675c2acba7afad03fff66a63babee3ee57ed163d19e

    SHA512

    5965bd3f5369b9a1ed641c479f7b8a14af27700d0c27d482aa8eb62acc42f7b702b5947d82f9791b29bcba4d46e1409244f0a8ddce4ec75022b5e27f6d671bce

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsdC5FE.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    0ee1d80ff67f5d5b1aebee2d50e38c9c

    SHA1

    250aea2e35e51fcd1492b817d1ebe8f467ac2565

    SHA256

    24215fa79a4e16fc77a103e0257d961e66023f4b89068b04d594463a138bbe1d

    SHA512

    e745a03b055324a84249abf2914f7cdd8e2e92213c3d51e5ddcc47bb051a525788972532893c0013d03fcc6a90ea8ca2df26d3af7939d08ece1307203de2e88c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsdC5FE.tmp\System.dll
    Filesize

    10KB

    MD5

    ab4dfd749cabc33f31c71779bf2d4a37

    SHA1

    a8fb9d812b4cc70631dc95bbb72f1128092db9ba

    SHA256

    511a32b5eccd3498e7f814471adf97f7b8469b96c33ba040ca180124e6e03409

    SHA512

    4e8300fff0404c9cc68646f3a35062ff95681d51993948c601283b308ca3592ce4bb9ae9d7b4a5f0a8f0aee242bab209930e6997d8be0ed2b883491430fe2a31

    Download Submit