Overview

overview

7

Static

static

3

d540d2b43c...18.exe

windows7-x64

7

d540d2b43c...18.exe

windows10-2004-x64

7

$0/data_te...ad.exe

windows7-x64

3

$0/data_te...ad.exe

windows10-2004-x64

3

$PLUGINSDIR/INetC.dll

windows7-x64

3

$PLUGINSDIR/INetC.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    141s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-09-2024 23:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d540d2b43c99fabac1ae1fbb55b6eb54_JaffaCakes118.exe

  • Size

    1.3MB

  • MD5

    d540d2b43c99fabac1ae1fbb55b6eb54

  • SHA1

    086177a661d4175b347c9344cef04a6666db86a8

  • SHA256

    a80296af58a26c2506ad9dfed68add23af8e2d346d88472fac8bef635ae26891

  • SHA512

    dab2c553ee589a466da27b1aa891624998593232eb27f8f0839b67f9d8be30b2bb52c009699e08febc63227949be00199bb29cd106b6791ba25ae88e61456291

  • SSDEEP

    24576:3YTsvteUKz6LtsCheW+ArHW1JROhiWLPeyR1iJG0tx3:3lvEUZts2eWprsJRBVyRUT73

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\d540d2b43c99fabac1ae1fbb55b6eb54_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d540d2b43c99fabac1ae1fbb55b6eb54_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:4864

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsw6523.tmp\System.dll
    Filesize

    23KB

    MD5

    8643641707ff1e4a3e1dfda207b2db72

    SHA1

    f6d766caa9cafa533a04dd00e34741d276325e13

    SHA256

    d1b94797529c414b9d058c17dbd10c989eef59b1fa14eea7f61790d7cfa7fd25

    SHA512

    cc8e07395419027914a6d4b3842ac7d4f14e3ec8be319bfe5c81f70bcf757f8c35f0aaeb985c240b6ecc71fc3e71b9f697ccda6e71f84ac4930adf5eac801181

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsw6523.tmp\nsDialogs.dll
    Filesize

    11KB

    MD5

    79a0bde19e949a8d90df271ca6e79cd2

    SHA1

    946ad18a59c57a11356dd9841bec29903247bb98

    SHA256

    8353f495064aaf30b32b02f5d935c21f86758f5a99d8ee5e8bf8077b907fad90

    SHA512

    2a65a48f5dd453723146babca8d047e112ab023a589c57fcf5441962f2846a262c2ad25a2985dba4f2246cdc21d973cbf5e426d4b75dd49a083635400f908a3e

    Download Submit

  • memory/4864-14-0x0000000000400000-0x0000000000450000-memory.dmp

    Filesize

    320KB

    Download

  • memory/4864-15-0x000000006EB40000-0x000000006EB4A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4864-16-0x000000006E5C0000-0x000000006E5CD000-memory.dmp

    Filesize

    52KB

    Download