220bb8b59e308e6334c10d5707b79ccc2a32e6fd5c6c51f54a3c4124d85ddf6a

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
20/07/2024, 07:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5f78e29fb554ea56c78f6ca2479c52be_JaffaCakes118.exe
Size

6.2MB
MD5

5f78e29fb554ea56c78f6ca2479c52be
SHA1

d584d4c95d7ad405ecf27808c7c03ac06206d709
SHA256

220bb8b59e308e6334c10d5707b79ccc2a32e6fd5c6c51f54a3c4124d85ddf6a
SHA512

2616ee7ed1d1f11ef209e8aedcdc1661d4463489fe46206b0d851b18525229d36eea8d0304438319c0d308edaf953c6d19f41f9cc236cbf9e8f15e3ed21f45c9
SSDEEP

196608:C7U7Gq1lax5hnTL+igb+Lvg3v0IHt6hDZltAO3LK3O:C7U7ncTBLw02EZlt3LgO

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
532	5f78e29fb554ea56c78f6ca2479c52be_JaffaCakes118.exe
532	5f78e29fb554ea56c78f6ca2479c52be_JaffaCakes118.exe
532	5f78e29fb554ea56c78f6ca2479c52be_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\5f78e29fb554ea56c78f6ca2479c52be_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5f78e29fb554ea56c78f6ca2479c52be_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
PID:532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nst7698.tmp\InetLoad.dll

Filesize
18KB

MD5
994669c5737b25c26642c94180e92fa2

SHA1
d8a1836914a446b0e06881ce1be8631554adafde

SHA256
bf01a1f272e0daf82df3407690b646e0ff6b2c562e36e47cf177eda71ccb6f6c

SHA512
d0ab7ca7f890ef9e59015c33e6b400a0a4d1ce0d24599537e09e845f4b953e3ecd44bf3e3cbe584f57c2948743e689ed67d2d40e6caf923bd630886e89c38563

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst7698.tmp\InstallOptions.dll

Filesize
14KB

MD5
325b008aec81e5aaa57096f05d4212b5

SHA1
27a2d89747a20305b6518438eff5b9f57f7df5c3

SHA256
c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

SHA512
18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst7698.tmp\LangDLL.dll

Filesize
5KB

MD5
9384f4007c492d4fa040924f31c00166

SHA1
aba37faef30d7c445584c688a0b5638f5db31c7b

SHA256
60a964095af1be79f6a99b22212fefe2d16f5a0afd7e707d14394e4143e3f4f5

SHA512
68f158887e24302673227adffc688fd3edabf097d7f5410f983e06c6b9c7344ca1d8a45c7fa05553adcc5987993df3a298763477168d4842e554c4eb93b9aaaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst7698.tmp\ioSpecial.ini

Filesize
682B

MD5
4ded994f1d482d65e4868fdffe941f74

SHA1
15b9924422aede2a5e21db5c3fe0f1bc490df8b9

SHA256
4aa3d96b8deef2e93a48ab1a93c0ef2a60ca53fd46fa91ad6e3c267fc4e16d64

SHA512
dff9c1d3638dd26006ac5a97b5161d5c8d343843153660e5b1a6172dbe509aa48b8e6af9e82528898ae4d86b397a51126c205494d887ec08490a92e2cb9c7b7c

Download Submit