Overview

overview

7

Static

static

3

d6ef5461b8...18.exe

windows7-x64

7

d6ef5461b8...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...or.dll

windows7-x64

3

$PLUGINSDI...or.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    95s
  • max time network
    99s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/09/2024, 19:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d6ef5461b87edd4830dd623e2f1c31ce_JaffaCakes118.exe

  • Size

    13.1MB

  • MD5

    d6ef5461b87edd4830dd623e2f1c31ce

  • SHA1

    90ab20cdc911b408105fa0e4bdd52a933227ca75

  • SHA256

    3337078a31c2a91156ece4a5dd97f68c922ad042c83984deb6a8188f212bd8d7

  • SHA512

    0f5afe9c647741ccf50e3f4ad33ee8088c6d26f45ea5dced02d5e110092856460d8ad1d9a1325e6fdb8c5ba2daee177bfe0326f15d8987a6fb647824248da6f3

  • SSDEEP

    196608:bTZkBcWWz3ScSNUj7V94a+jOPW6r1P9VfSx5LY+75BBMhMoLIzIvFNzZ:+kCu7VVpWaP9UwqBBBxOZ

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\d6ef5461b87edd4830dd623e2f1c31ce_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d6ef5461b87edd4830dd623e2f1c31ce_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:4512

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsu9ED2.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    714e0ecd29f9ec555f350f38672726c7

    SHA1

    555b1492e782d7a30f280f2aecb64c642c1aaad3

    SHA256

    21fea4cf18de8e25d0ffa3375699150fcd04e6d470358696f2dffdd3fc09d7f3

    SHA512

    ced5814f25b688d1ede5a1395bcca69e1a0cba260104f156dc03de6ebb2015f6d832fed86ac234c36a10a75be33f489a63c8bd6111e3aaf4b078af1d94b00312

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsu9ED2.tmp\LangDLL.dll
    Filesize

    5KB

    MD5

    3d18fa9a1f5ed08a53b172d5334cc14a

    SHA1

    5df1998ee9c6387c9b41b168ab924011d1ca93c7

    SHA256

    94adb62923c4fe921c020de4496a185f88fca3752736f183d7cd7b5b205e4629

    SHA512

    12836b0e5ce827ef5bbd84d60fa86ad7412907120499ad248e52e0e6a517afe2dce63d12eb6cc7b856328048fd18a62b1cf818bf3bd280c852bbf43cfe4e306a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsu9ED2.tmp\ioSpecial.ini
    Filesize

    692B

    MD5

    82822c590168330182ca4c788ec2ca65

    SHA1

    6b972f3045c9bd23e688608d98714a8ba904b6ed

    SHA256

    b5716b904363ef15df40de448d7e57532058f5d117d8f1edf472481f0cda2d9a

    SHA512

    99ad07c887a13b14c45876cb49d2ee964738fbd5f7559c79e499acfdd0dc693121c2840ca9d4ac5e86c4d27f5a9f8395bcbe10ec9e5bda516c30d3e1f31ee20d

    Download Submit