Analysis

  • max time kernel
    136s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-08-2024 22:44

General

  • Target

    bf9319950cad3d159d653f10a2c32e62_JaffaCakes118.exe

  • Size

    4.4MB

  • MD5

    bf9319950cad3d159d653f10a2c32e62

  • SHA1

    fe2ddf5ab88bd249e76cb08fc0ebd636a89737fd

  • SHA256

    d781aa35264c8172ee1b87d3788fe32bc730497fe4161783b1b2ac7061449023

  • SHA512

    65ac027e62e6274f11d523674a7f2978a0dd64f11157c4774a9b8f1a9deceb51407949ee1f32159d523cf1bc7501e8be3a5bbd6ca236ff15cf885aeb9547e073

  • SSDEEP

    98304:QVNIeWAlaaZUd6THT3fe3fvkQpVvMO4h77jCNg2EupJEzvuS0huOHo587b:QVNWMaaU6PvkPkDvjCNg2rQG1FHo5eb

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 10 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bf9319950cad3d159d653f10a2c32e62_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\bf9319950cad3d159d653f10a2c32e62_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    PID:4160

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nssA6F0.tmp\ButtonLinker.dll

    Filesize

    7KB

    MD5

    dd85ac7d85c92dd0e3cc17dfd4890f54

    SHA1

    a128fb7a05965c1a9913c6f5e419e6c4c0a7d2fa

    SHA256

    27abd2a4fb1bf66add60221b52d061bbe24d2d21e13600725ff7a5c6c777b504

    SHA512

    e4ff8216c65110a9d156f37c2062acb53a72daa8af12dfc24278920d9e1a4083a81b1446759df75405b2da34c7bfb1afc33184feedd0aee4ed73f79fcbb1a8a1

  • C:\Users\Admin\AppData\Local\Temp\nssA6F0.tmp\FindProcDLL.dll

    Filesize

    3KB

    MD5

    8614c450637267afacad1645e23ba24a

    SHA1

    e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2

    SHA256

    0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758

    SHA512

    af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b

  • C:\Users\Admin\AppData\Local\Temp\nssA6F0.tmp\GetVersion.dll

    Filesize

    5KB

    MD5

    b1e657d03702bfaedaddfa7547adbc02

    SHA1

    effa16ce36c73c5ce49020fded94a840c6c35482

    SHA256

    5bf39b775220802f1e8f1f7fa5a2a704b28175f265e38d581af6a94f76117fcc

    SHA512

    72ad823cbdc302080ae645eb4d4de44b6080f9138e8683e830476295976b75c5dc4e7f3765ae435bf6d564ace7076b3470d8ff1226f5ce4d3a885fcaba30e66a

  • C:\Users\Admin\AppData\Local\Temp\nssA6F0.tmp\InstallOptions.dll

    Filesize

    14KB

    MD5

    06bef96b91bfa75b7f7817341a6cd597

    SHA1

    48a40368fc339ccea1dfda06d2e02bca7d7265c1

    SHA256

    2ca5590c85cc31285b83bbe569755d909d91b559db2d6ce3bca2fcc075225364

    SHA512

    5364d0944b4be215fb5d8bb8398e965ff6fa3190a962dd6c491984482321756017f89c2242d77ebcce6666c31fe54a956f2eb3a03a95d64121a1db462ad20a0d

  • C:\Users\Admin\AppData\Local\Temp\nssA6F0.tmp\System.dll

    Filesize

    10KB

    MD5

    7e3c808299aa2c405dffa864471ddb7f

    SHA1

    b5de7804dd35ed7afd0c3b59d866f1a0749495e0

    SHA256

    91c47a9a54a3a8c359e89a8b4e133e6b7296586748ed3e8f4fe566abd6c81ddd

    SHA512

    599f61d5270227a68e5c4b8db41b5aa7bc17a4bbe91dd7336b410516fa6107f4f5bf0bbb3f6cc4b2e15b16bf9495fdc70832bab6262046cb136ad18f0c9b3738

  • C:\Users\Admin\AppData\Local\Temp\nssA6F0.tmp\ioSpecial.ini

    Filesize

    764B

    MD5

    509d1726a1592968ba6bfd84bea6c98f

    SHA1

    8174d4d838de6424b0fb11b03b76c4e756c6a4fc

    SHA256

    1999987980f143f5b784a75617a5b2dfc400f2d8c6eec6b8b7cdee86d62f1ad7

    SHA512

    51210f5eee4869b0e32ae4997f5fa3c3711fa340b40b655d97fba8434779e58d325ace6215a6fd0f7cd7984affc27f8c85612e20c5bc3be1ede6cfbd7c33c18d

  • memory/4160-5-0x0000000010000000-0x0000000010003000-memory.dmp

    Filesize

    12KB

  • memory/4160-146-0x0000000010000000-0x0000000010003000-memory.dmp

    Filesize

    12KB