Overview

overview

10

Static

static

3

d9af5dd07a...18.exe

windows7-x64

10

d9af5dd07a...18.exe

windows10-2004-x64

7

$PLUGINSDI...sh.dll

windows7-x64

3

$PLUGINSDI...sh.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$TEMP/coffer.dll

windows7-x64

3

$TEMP/coffer.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    91s
  • max time network
    92s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-09-2024 05:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d9af5dd07a77a24d5499164aed22dc0a_JaffaCakes118.exe

  • Size

    345KB

  • MD5

    d9af5dd07a77a24d5499164aed22dc0a

  • SHA1

    36aeb648e254ff72689ef8c95ab5851f95c8a73e

  • SHA256

    5113f7698c80f8183b0fd72ff91adeed308b93937fc9ca9aefb8d7f878569fd3

  • SHA512

    29328a3081a6939d370ae5d039490a3637b24d7c8f7420fa0d7e5f33d31b60fdbea2286d42580ba40b5a8d05c962616b59765b7ad4fe82bde340d9c11a90a1e7

  • SSDEEP

    6144:S58/+dBOIfjkkODm7aNXcdVcUdc+1znmBDFV1ZE3furMpN0tKPo3/3Y:NkOYLODm7aZc1dnzngTZ2u0xPy/o

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\d9af5dd07a77a24d5499164aed22dc0a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d9af5dd07a77a24d5499164aed22dc0a_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    PID:1936
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 924
      2⤵
      • Program crash
      PID:35236
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1936 -ip 1936
    1⤵
      PID:35184

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\coffer.dll
      Filesize

      34KB

      MD5

      9efcdaec062823e9749250da225dfe4d

      SHA1

      1d6209a71c061729683ce81890f2d8c0c02c6e05

      SHA256

      04904de1d15bb931cf85eadb7714bd53f7236de0fbc1f62c22aafb3470ff847c

      SHA512

      b7faee0a4c769ee39fc11fe20c6ec362b6802e9fd7f81d8a495f1423263af8074cf995c1ff8d964680c10c3026e69ddb66e749b9b29784309502d805673a720a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsw8918.tmp\Splash.dll
      Filesize

      4KB

      MD5

      3f35f73787f0c3bb5e59445fb18ade0d

      SHA1

      f1566faff96c3988cfc28dc7d433094b6348cdbf

      SHA256

      5570969d22a33c23b60c5f5536f781219e458a869b77b8dde4a94cc124ee4de6

      SHA512

      45c42ea95f53a3b8a3fd74bd55ad6f0b3f2b91dd969104de845fd819fe307dec2b4d472bee45554500b0c51052ee82ac98196e894af806edf67a947328474e57

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsw8918.tmp\System.dll
      Filesize

      11KB

      MD5

      fbe295e5a1acfbd0a6271898f885fe6a

      SHA1

      d6d205922e61635472efb13c2bb92c9ac6cb96da

      SHA256

      a1390a78533c47e55cc364e97af431117126d04a7faed49390210ea3e89dd0e1

      SHA512

      2cb596971e504eaf1ce8e3f09719ebfb3f6234cea5ca7b0d33ec7500832ff4b97ec2bbe15a1fbf7e6a5b02c59db824092b9562cd8991f4d027feab6fd3177b06

      Download Submit

    • C:\Windows\win.ini
      Filesize

      131B

      MD5

      9848e4efb0abd437d65e6d3d1d973adb

      SHA1

      f427ac7c50b19f66658ae7f92cbaf21110b49a47

      SHA256

      c8b84add37da849977a84fe62badb6cb908be99769edb70d60bcd04c0aec2a3f

      SHA512

      f90f1f65b6b824a526469b8d739f733a54a7f485d8b5f680de7a35fac90786bf6ba5a0b1d62e139663c5ee73b8d687cf32d4ccf188e18c53084ec12d8c216b17

      Download Submit

    • memory/1936-20-0x00000000022C0000-0x00000000022C7000-memory.dmp

      Filesize

      28KB

      Download

    • memory/1936-27-0x00000000022B0000-0x00000000022B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1936-26-0x00000000022A0000-0x00000000022A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1936-100029-0x00000000022E0000-0x00000000022E9000-memory.dmp

      Filesize

      36KB

      Download