Overview

overview

7

Static

static

3

973627fb51...18.exe

windows7-x64

7

973627fb51...18.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...in.dll

windows7-x64

3

$PLUGINSDI...in.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...st.dll

windows7-x64

3

$PLUGINSDI...st.dll

windows10-2004-x64

3

$TEMP/Shop...rt.dll

windows7-x64

6

$TEMP/Shop...rt.dll

windows10-2004-x64

6

$TEMP/Unin...rt.exe

windows7-x64

6

$TEMP/Unin...rt.exe

windows10-2004-x64

6

Bin/2.7.37...rt.dll

windows7-x64

6

Bin/2.7.37...rt.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    150s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-08-2024 18:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    973627fb51da0e3fb4be6cbf4df8c1d0_JaffaCakes118.exe

  • Size

    838KB

  • MD5

    973627fb51da0e3fb4be6cbf4df8c1d0

  • SHA1

    44102f7000ceeeed3118a0d5c02dd9342585e1e6

  • SHA256

    35e97c58c79e343b4bcd892c373029113ccc157822160f4341bae276ba7e9216

  • SHA512

    cd32936ccccac2c0ea63d052dc74360e5baacb52f48301e6618e66bdc442cf57439516da0469c7ed277e72842971a4ec5e3e02a25b1c70edbdc70d05acb3aada

  • SSDEEP

    12288:dv1Y4CbZaV7fcZNWhjv7t5pIp7P/42uyLuA/2+FV75SpM6eaXpYcD3hviDfe2ZQN:PFwMfGwft5p0LluA/2+TcMwtBofr6uh6

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 10 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\973627fb51da0e3fb4be6cbf4df8c1d0_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\973627fb51da0e3fb4be6cbf4df8c1d0_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1004

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nse9EC1.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    7e49eb67f1f3c62bb8c4b0a868b30645

    SHA1

    2be42e3c6059485bc3b624a537ab1fb36a10a263

    SHA256

    17f0946e0847bbaa6a06eb58aead13fce22a8606e9b3744cd2241debdf8d8bae

    SHA512

    469c28b6da5b9499fd417f8cd74414d6c6edcbe6567eecc9421a69797a77ec323936deb96cd151611da57e311074ec0c56d82a9800d7aebac9538a947284ff9e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nse9EC1.tmp\InstallerHelperPlugin.dll
    Filesize

    49KB

    MD5

    52a442935d96e94c780ca616feed71f3

    SHA1

    45e3d0af4e7582a0241433de6a73571100334b83

    SHA256

    ea67e8f37654c7278903c73d62fbc8ec183881ab32feee5e2109c84715e63ecc

    SHA512

    289accf4ae88bd34f02577d7f1339a551c5e2230c354663c616a887f1c54630e044e7be2ae68035ff660d75eaa1e313c3aad35f1548a0b16842da7d7375f199e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nse9EC1.tmp\Uninst.dll
    Filesize

    47KB

    MD5

    68ffd98799c7122e62b296358b8c5faf

    SHA1

    b8da4b95fc4aaf2f6eff7dc8d0e2eef387c7927d

    SHA256

    6e0ab96043a172f9bf9e575b39eb459487d983281233228b387ccedfef9ce51f

    SHA512

    b96b7e9e2eb1c5c533ae0d9ac5ff9991b3565e83e13c2f109ef04438bf5d425aa878a9b13395d286dfcd3c1084ba584f1f5a90faa3d1bd825ce37ad59f5105a7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nse9EC1.tmp\ioSpecial.ini
    Filesize

    1KB

    MD5

    144eb7fc16a26ad3308fe914884329e3

    SHA1

    89ca4ac196264fe810142deb6eb8be9eb9579743

    SHA256

    676f75911f3b009fee3db57c980f8e40e5222fa0b35c23304db177d0d78e9f56

    SHA512

    defab57c0d08a3264ba249e897c0e63dd51f743e13ca799b885853d9e34918520c93f46b09d13fd50b430f1c407ad7c833dbb8ea7d8b5c6c6064a00fdc1a0bf9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nse9EC1.tmp\ioSpecial.ini
    Filesize

    1KB

    MD5

    0be15835d43650a8fd4df63f0765fc51

    SHA1

    3326f561bfbaef3591a220e304f884daa6f86dc5

    SHA256

    c897f258852aae85b405ef8524d5a42aa83ad56c5ce919b27add418208c34a75

    SHA512

    44ad399857418a4cd188c7a5d610adc6a05d0d0cff54b6f63e23306d0584abe70d391db7d3b59ecce3e8e9f917ad4e738ad0ecd06f105624bce55341c57ed820

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nse9EC1.tmp\ioSpecial.ini
    Filesize

    1KB

    MD5

    16771fc4b8813e87d0c3310e62be2558

    SHA1

    5a5bcd7fd2c864ec28c5f9a46e3328d955d7d0db

    SHA256

    e6f186428a844fc45b25a770d22195ac3bdf4e3207c9f8b0b509942e5b899b43

    SHA512

    e5485f0394feb61a9378602110435b666acec61adb4f8164984a9e184afd452489820604d410a0d1c8ef624733e2e61774d3f53ebed50652ea1f299dbbcebf6b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nse9EC1.tmp\ioSpecial.ini
    Filesize

    1KB

    MD5

    85c8281b8db837da9152c4921f766d96

    SHA1

    da181b8e85f3ab74be4bab05f71eeadd3f439c8f

    SHA256

    74244b9f05ca506ab7bb696ece8efc7ce2442e0bce65fcbf8ae424deca513739

    SHA512

    60208a3d2a677572d3967c792c89163861148d3e59d53c6bf3c14c48632b4457d516cc3c4e8a0b7adc0de24bfb36753d2727e4ed4be931ce0381835ade218c58

    Download Submit