Overview
overview
7Static
static
3973627fb51...18.exe
windows7-x64
7973627fb51...18.exe
windows10-2004-x64
7$PLUGINSDI...er.dll
windows7-x64
3$PLUGINSDI...er.dll
windows10-2004-x64
3$PLUGINSDI...ll.dll
windows7-x64
3$PLUGINSDI...ll.dll
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...in.dll
windows7-x64
3$PLUGINSDI...in.dll
windows10-2004-x64
3$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDI...st.dll
windows7-x64
3$PLUGINSDI...st.dll
windows10-2004-x64
3$TEMP/Shop...rt.dll
windows7-x64
6$TEMP/Shop...rt.dll
windows10-2004-x64
6$TEMP/Unin...rt.exe
windows7-x64
6$TEMP/Unin...rt.exe
windows10-2004-x64
6Bin/2.7.37...rt.dll
windows7-x64
6Bin/2.7.37...rt.dll
windows10-2004-x64
6Analysis
-
max time kernel
150s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
14-08-2024 18:36
Static task
static1
Behavioral task
behavioral1
Sample
973627fb51da0e3fb4be6cbf4df8c1d0_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
973627fb51da0e3fb4be6cbf4df8c1d0_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/Dialer.dll
Resource
win7-20240705-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/Dialer.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/Install.dll
Resource
win7-20240705-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/Install.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240704-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/InstallerHelperPlugin.dll
Resource
win7-20240705-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/InstallerHelperPlugin.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20240704-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/Uninst.dll
Resource
win7-20240708-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/Uninst.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
$TEMP/ShoppingReport.dll
Resource
win7-20240729-en
Behavioral task
behavioral16
Sample
$TEMP/ShoppingReport.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
$TEMP/UninstShprRprt.exe
Resource
win7-20240704-en
Behavioral task
behavioral18
Sample
$TEMP/UninstShprRprt.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral19
Sample
Bin/2.7.37/ShoppingReport.dll
Resource
win7-20240704-en
General
-
Target
973627fb51da0e3fb4be6cbf4df8c1d0_JaffaCakes118.exe
-
Size
838KB
-
MD5
973627fb51da0e3fb4be6cbf4df8c1d0
-
SHA1
44102f7000ceeeed3118a0d5c02dd9342585e1e6
-
SHA256
35e97c58c79e343b4bcd892c373029113ccc157822160f4341bae276ba7e9216
-
SHA512
cd32936ccccac2c0ea63d052dc74360e5baacb52f48301e6618e66bdc442cf57439516da0469c7ed277e72842971a4ec5e3e02a25b1c70edbdc70d05acb3aada
-
SSDEEP
12288:dv1Y4CbZaV7fcZNWhjv7t5pIp7P/42uyLuA/2+FV75SpM6eaXpYcD3hviDfe2ZQN:PFwMfGwft5p0LluA/2+TcMwtBofr6uh6
Malware Config
Signatures
-
Loads dropped DLL 10 IoCs
pid Process 1004 973627fb51da0e3fb4be6cbf4df8c1d0_JaffaCakes118.exe 1004 973627fb51da0e3fb4be6cbf4df8c1d0_JaffaCakes118.exe 1004 973627fb51da0e3fb4be6cbf4df8c1d0_JaffaCakes118.exe 1004 973627fb51da0e3fb4be6cbf4df8c1d0_JaffaCakes118.exe 1004 973627fb51da0e3fb4be6cbf4df8c1d0_JaffaCakes118.exe 1004 973627fb51da0e3fb4be6cbf4df8c1d0_JaffaCakes118.exe 1004 973627fb51da0e3fb4be6cbf4df8c1d0_JaffaCakes118.exe 1004 973627fb51da0e3fb4be6cbf4df8c1d0_JaffaCakes118.exe 1004 973627fb51da0e3fb4be6cbf4df8c1d0_JaffaCakes118.exe 1004 973627fb51da0e3fb4be6cbf4df8c1d0_JaffaCakes118.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\Program Files (x86)\SRCheckPermission.txt 973627fb51da0e3fb4be6cbf4df8c1d0_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\SRCheckPermission.txt 973627fb51da0e3fb4be6cbf4df8c1d0_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 973627fb51da0e3fb4be6cbf4df8c1d0_JaffaCakes118.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
14KB
MD57e49eb67f1f3c62bb8c4b0a868b30645
SHA12be42e3c6059485bc3b624a537ab1fb36a10a263
SHA25617f0946e0847bbaa6a06eb58aead13fce22a8606e9b3744cd2241debdf8d8bae
SHA512469c28b6da5b9499fd417f8cd74414d6c6edcbe6567eecc9421a69797a77ec323936deb96cd151611da57e311074ec0c56d82a9800d7aebac9538a947284ff9e
-
Filesize
49KB
MD552a442935d96e94c780ca616feed71f3
SHA145e3d0af4e7582a0241433de6a73571100334b83
SHA256ea67e8f37654c7278903c73d62fbc8ec183881ab32feee5e2109c84715e63ecc
SHA512289accf4ae88bd34f02577d7f1339a551c5e2230c354663c616a887f1c54630e044e7be2ae68035ff660d75eaa1e313c3aad35f1548a0b16842da7d7375f199e
-
Filesize
47KB
MD568ffd98799c7122e62b296358b8c5faf
SHA1b8da4b95fc4aaf2f6eff7dc8d0e2eef387c7927d
SHA2566e0ab96043a172f9bf9e575b39eb459487d983281233228b387ccedfef9ce51f
SHA512b96b7e9e2eb1c5c533ae0d9ac5ff9991b3565e83e13c2f109ef04438bf5d425aa878a9b13395d286dfcd3c1084ba584f1f5a90faa3d1bd825ce37ad59f5105a7
-
Filesize
1KB
MD5144eb7fc16a26ad3308fe914884329e3
SHA189ca4ac196264fe810142deb6eb8be9eb9579743
SHA256676f75911f3b009fee3db57c980f8e40e5222fa0b35c23304db177d0d78e9f56
SHA512defab57c0d08a3264ba249e897c0e63dd51f743e13ca799b885853d9e34918520c93f46b09d13fd50b430f1c407ad7c833dbb8ea7d8b5c6c6064a00fdc1a0bf9
-
Filesize
1KB
MD50be15835d43650a8fd4df63f0765fc51
SHA13326f561bfbaef3591a220e304f884daa6f86dc5
SHA256c897f258852aae85b405ef8524d5a42aa83ad56c5ce919b27add418208c34a75
SHA51244ad399857418a4cd188c7a5d610adc6a05d0d0cff54b6f63e23306d0584abe70d391db7d3b59ecce3e8e9f917ad4e738ad0ecd06f105624bce55341c57ed820
-
Filesize
1KB
MD516771fc4b8813e87d0c3310e62be2558
SHA15a5bcd7fd2c864ec28c5f9a46e3328d955d7d0db
SHA256e6f186428a844fc45b25a770d22195ac3bdf4e3207c9f8b0b509942e5b899b43
SHA512e5485f0394feb61a9378602110435b666acec61adb4f8164984a9e184afd452489820604d410a0d1c8ef624733e2e61774d3f53ebed50652ea1f299dbbcebf6b
-
Filesize
1KB
MD585c8281b8db837da9152c4921f766d96
SHA1da181b8e85f3ab74be4bab05f71eeadd3f439c8f
SHA25674244b9f05ca506ab7bb696ece8efc7ce2442e0bce65fcbf8ae424deca513739
SHA51260208a3d2a677572d3967c792c89163861148d3e59d53c6bf3c14c48632b4457d516cc3c4e8a0b7adc0de24bfb36753d2727e4ed4be931ce0381835ade218c58