Overview

overview

7

Static

static

3

ac9b4c4650...18.exe

windows7-x64

7

ac9b4c4650...18.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$TEMP/Tool...el.exe

windows7-x64

7

$TEMP/Tool...el.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/08/2024, 21:14

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ac9b4c4650c43166f7b7b5b90d7d360d_JaffaCakes118.exe

  • Size

    1.5MB

  • MD5

    ac9b4c4650c43166f7b7b5b90d7d360d

  • SHA1

    c0a14272bac76435f6f22c3030b6be5304c103c5

  • SHA256

    414a95d7d412ec12431604c830438a2546f986d12bbc4a04cb0e3e60df91e924

  • SHA512

    188e65e0fe91b752d633258266915cb54405718d5be849feaffd5ed52d3683ea52ccc2273837ee9af5b5d20a6f4e9a6eaa57d89184da77d64ffa7f5ea28194fb

  • SSDEEP

    24576:S65zh36fPbs2wk+y19xV3XZ1/wB9mMj9kYjZrGGBv+zEJSEZS0Gc3xY0gWSjAz7n:TK/FDdV51/w/kQJ+wdZhnjiG

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\ac9b4c4650c43166f7b7b5b90d7d360d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ac9b4c4650c43166f7b7b5b90d7d360d_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:2012
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3852,i,2727319350781907497,7925939240893079607,262144 --variations-seed-version --mojo-platform-channel-handle=4240 /prefetch:8
    1⤵
      PID:3344

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\nsk51D5.tmp\InstallOptions.dll
            Filesize

            14KB

            MD5

            325b008aec81e5aaa57096f05d4212b5

            SHA1

            27a2d89747a20305b6518438eff5b9f57f7df5c3

            SHA256

            c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

            SHA512

            18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\nsk51D5.tmp\LangDLL.dll
            Filesize

            5KB

            MD5

            9384f4007c492d4fa040924f31c00166

            SHA1

            aba37faef30d7c445584c688a0b5638f5db31c7b

            SHA256

            60a964095af1be79f6a99b22212fefe2d16f5a0afd7e707d14394e4143e3f4f5

            SHA512

            68f158887e24302673227adffc688fd3edabf097d7f5410f983e06c6b9c7344ca1d8a45c7fa05553adcc5987993df3a298763477168d4842e554c4eb93b9aaaf

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\nsk51D5.tmp\UAC.dll
            Filesize

            17KB

            MD5

            09caf01bc8d88eeb733abc161acff659

            SHA1

            b8c2126d641f88628c632dd2259686da3776a6da

            SHA256

            3555afe95e8bb269240a21520361677b280562b802978fccfb27490c79b9a478

            SHA512

            ef1e8fc4fc8f5609483b2c459d00a47036699dfb70b6be6f10a30c5d2fc66bae174345bffa9a44abd9ca029e609ff834d701ff6a769cca09fe5562365d5010fa

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\nsk51D5.tmp\ioSpecial.ini
            Filesize

            438B

            MD5

            43f1fd4a0636625b41abacf9b40cad91

            SHA1

            a561d1327500d229095305a4be4a01b4c974bfa6

            SHA256

            34c5cc184fd80083f13995276c33af4c18b635fe44fec7dc164a7542adaf1ca0

            SHA512

            0918b950088bcb933c19ad9c61bcf62a95bf6333adf9dcd6fbd47d99555938e304603c5f9154853d26ca68c4d5479040b22fcd7445988909290c9b613a243cb9

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\nsk51D5.tmp\ioSpecial.ini
            Filesize

            1KB

            MD5

            c0f6c725b5fc28ce0e73647f02253d45

            SHA1

            9ee40be263f81469ca27b272ee9d17151c2a1b9c

            SHA256

            d693acec5859e5268f64a577fbaf20a78c53e6590f768eee5a9fd04ba0716d3f

            SHA512

            dfca75586ee5079dfebe691124e8635ced8eda7cec63aaa910addf18841af6ce75f91eb8750ea7b66c4d7a05cb682899d267e4adc75b0df57b972146757139de

            Download Submit