d8a387313a1a41c983729bf989d7c99fe92315884cd1327da210b65c173e9574

Analysis

max time kernel
139s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19-07-2024 15:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5c9778b39cfed659ba6c0d60db825517_JaffaCakes118.exe
Size

2.5MB
MD5

5c9778b39cfed659ba6c0d60db825517
SHA1

608fcf180b17daddf406e9146fc1366fe6fee72f
SHA256

d8a387313a1a41c983729bf989d7c99fe92315884cd1327da210b65c173e9574
SHA512

1efc0ad9c480d9f736972b6448092beb9f01db291fc83d5cb8ecb687c8e662d685ed8e67fa70920f74ecc9db1de6f250ccdee404faf3f4492c71e46815b2bbe4
SSDEEP

49152:/EqTYO3oV9AtSHKduh0tcqFkmeiK2IdfvmEQhHsSwyuo4OZ:cqTYO3SZHJqFkFr2uvmH1dwyuo4OZ

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 6 IoCs

pid	Process
1040	5c9778b39cfed659ba6c0d60db825517_JaffaCakes118.exe
1040	5c9778b39cfed659ba6c0d60db825517_JaffaCakes118.exe
1040	5c9778b39cfed659ba6c0d60db825517_JaffaCakes118.exe
1040	5c9778b39cfed659ba6c0d60db825517_JaffaCakes118.exe
1040	5c9778b39cfed659ba6c0d60db825517_JaffaCakes118.exe
1040	5c9778b39cfed659ba6c0d60db825517_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\5c9778b39cfed659ba6c0d60db825517_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5c9778b39cfed659ba6c0d60db825517_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
PID:1040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsgA307.tmp\BrandingURL.dll

Filesize
4KB

MD5
71c46b663baa92ad941388d082af97e7

SHA1
5a9fcce065366a526d75cc5ded9aade7cadd6421

SHA256
bb2b9c272b8b66bc1b414675c2acba7afad03fff66a63babee3ee57ed163d19e

SHA512
5965bd3f5369b9a1ed641c479f7b8a14af27700d0c27d482aa8eb62acc42f7b702b5947d82f9791b29bcba4d46e1409244f0a8ddce4ec75022b5e27f6d671bce

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgA307.tmp\InstallOptions.dll

Filesize
14KB

MD5
0ee1d80ff67f5d5b1aebee2d50e38c9c

SHA1
250aea2e35e51fcd1492b817d1ebe8f467ac2565

SHA256
24215fa79a4e16fc77a103e0257d961e66023f4b89068b04d594463a138bbe1d

SHA512
e745a03b055324a84249abf2914f7cdd8e2e92213c3d51e5ddcc47bb051a525788972532893c0013d03fcc6a90ea8ca2df26d3af7939d08ece1307203de2e88c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgA307.tmp\System.dll

Filesize
10KB

MD5
ab4dfd749cabc33f31c71779bf2d4a37

SHA1
a8fb9d812b4cc70631dc95bbb72f1128092db9ba

SHA256
511a32b5eccd3498e7f814471adf97f7b8469b96c33ba040ca180124e6e03409

SHA512
4e8300fff0404c9cc68646f3a35062ff95681d51993948c601283b308ca3592ce4bb9ae9d7b4a5f0a8f0aee242bab209930e6997d8be0ed2b883491430fe2a31

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgA307.tmp\ioSpecial.ini

Filesize
615B

MD5
fd68408efd6aaabfdcd8a07013c8c9d2

SHA1
2b819e0b6929bcaf3266e333c7af138e87ffee2f

SHA256
e46588ab9f3af42863fab3e6a8f3a15f142ca11375868415f5a15d151859a9c2

SHA512
12f178f1a2010e7633ee823897183f68a4869e3d67e11013ab3e12fcb127320cffc450a8e3a702ff8d9b20681fea102e8d79a8c5ee63437836063ba85c8e9234

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgA307.tmp\ioSpecial.ini

Filesize
629B

MD5
b1dd6eada503bb3f880a15791052dc41

SHA1
d46022cda73eb84e98efecac9e79675b7814d522

SHA256
b287ff2c30c76ee949598be41aea3cf3d6baaee25eb09adc1aa9ca40736066be

SHA512
b2deee57aa8326688071602eb48b698cc205b1f8130a93f0e09625bf557cefe9cf37b680b0037c934165f7a497e07081cf7d45a6a47a4171c8c1646b8ac4b4d5

Download Submit