Overview
overview
7Static
static
7c85508a5fb...18.exe
windows7-x64
7c85508a5fb...18.exe
windows10-2004-x64
7$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/inetc.dll
windows7-x64
3$PLUGINSDIR/inetc.dll
windows10-2004-x64
3$PLUGINSDI...ll.dll
windows7-x64
7$PLUGINSDI...ll.dll
windows10-2004-x64
7$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...om.dll
windows7-x64
7$PLUGINSDI...om.dll
windows10-2004-x64
7Analysis
-
max time kernel
122s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
29/08/2024, 06:00 UTC
Behavioral task
behavioral1
Sample
c85508a5fb3df2485a261b8065f3eaff_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
c85508a5fb3df2485a261b8065f3eaff_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/inetc.dll
Resource
win7-20240708-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/inetc.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/md5dll.dll
Resource
win7-20240704-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/md5dll.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240705-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/nsRandom.dll
Resource
win7-20240705-en
General
-
Target
c85508a5fb3df2485a261b8065f3eaff_JaffaCakes118.exe
-
Size
1.2MB
-
MD5
c85508a5fb3df2485a261b8065f3eaff
-
SHA1
14a395717348e96d023789d159fe7bc31fd76b6f
-
SHA256
0eccc6053a483361e97971ed444d142701b4b55fa367545f9f8bee6fb6b02069
-
SHA512
5ce8957f5df41264f7a457be808035f2d3883c8c631cec606619a614a4a772b1d7d70584caba93d5a6d45dfd0c2cd4080ae2f432124fff71a553d2be3751b77f
-
SSDEEP
6144:Qe34jW7Mq1zQbe9DP3lpr4jAxLY6MhEVagKx:WUzQcbRx9TVPu
Malware Config
Signatures
-
ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.
resource yara_rule behavioral1/files/0x005100000000f5ab-17.dat acprotect -
Loads dropped DLL 5 IoCs
pid Process 2072 c85508a5fb3df2485a261b8065f3eaff_JaffaCakes118.exe 2072 c85508a5fb3df2485a261b8065f3eaff_JaffaCakes118.exe 2072 c85508a5fb3df2485a261b8065f3eaff_JaffaCakes118.exe 2072 c85508a5fb3df2485a261b8065f3eaff_JaffaCakes118.exe 2072 c85508a5fb3df2485a261b8065f3eaff_JaffaCakes118.exe -
resource yara_rule behavioral1/files/0x005100000000f5ab-17.dat upx behavioral1/memory/2072-19-0x00000000004D0000-0x00000000004E2000-memory.dmp upx behavioral1/memory/2072-37-0x00000000004D0000-0x00000000004E2000-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language c85508a5fb3df2485a261b8065f3eaff_JaffaCakes118.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2072 c85508a5fb3df2485a261b8065f3eaff_JaffaCakes118.exe
Processes
Network
-
Remote address:8.8.8.8:53Requestimg.uptodown.netIN AResponseimg.uptodown.netIN CNAMEt.sni.global.fastly.nett.sni.global.fastly.netIN A151.101.3.52t.sni.global.fastly.netIN A151.101.131.52t.sni.global.fastly.netIN A151.101.195.52t.sni.global.fastly.netIN A151.101.67.52
-
GEThttp://img.uptodown.net/miniicons/fake-webcam-6-1.jpgc85508a5fb3df2485a261b8065f3eaff_JaffaCakes118.exeRemote address:151.101.3.52:80RequestGET /miniicons/fake-webcam-6-1.jpg HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Host: img.uptodown.net
Connection: Keep-Alive
ResponseHTTP/1.1 500 Domain Not Found
Content-Length: 275
Server: Varnish
Retry-After: 0
content-type: text/html
Cache-Control: private, no-cache
X-Served-By: cache-lcy-eglc8600027-LCY
Accept-Ranges: bytes
Date: Thu, 29 Aug 2024 06:00:45 GMT
Via: 1.1 varnish
-
151.101.3.52:80http://img.uptodown.net/miniicons/fake-webcam-6-1.jpghttpc85508a5fb3df2485a261b8065f3eaff_JaffaCakes118.exe712 B 814 B 8 6
HTTP Request
GET http://img.uptodown.net/miniicons/fake-webcam-6-1.jpgHTTP Response
500
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD59384f4007c492d4fa040924f31c00166
SHA1aba37faef30d7c445584c688a0b5638f5db31c7b
SHA25660a964095af1be79f6a99b22212fefe2d16f5a0afd7e707d14394e4143e3f4f5
SHA51268f158887e24302673227adffc688fd3edabf097d7f5410f983e06c6b9c7344ca1d8a45c7fa05553adcc5987993df3a298763477168d4842e554c4eb93b9aaaf
-
Filesize
11KB
MD5c17103ae9072a06da581dec998343fc1
SHA1b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
SHA256dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
SHA512d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
Filesize
9KB
MD5c10e04dd4ad4277d5adc951bb331c777
SHA1b1e30808198a3ae6d6d1cca62df8893dc2a7ad43
SHA256e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a
SHA512853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e
-
Filesize
21KB
MD5ab467b8dfaa660a0f0e5b26e28af5735
SHA1596abd2c31eaff3479edf2069db1c155b59ce74d
SHA256db267d9920395b4badc48de04df99dfd21d579480d103cae0f48e6578197ff73
SHA5127d002dc203997b8a4d8ec20c92cd82848e29d746414f4a61265c76d4afb12c05bce826fc63f4d2bd3d527f38506c391855767d864c37584df11b5db9ca008301