Overview
overview
7Static
static
7eac8ed3aa0...18.exe
windows7-x64
7eac8ed3aa0...18.exe
windows10-2004-x64
7$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...sk.dll
windows7-x64
3$PLUGINSDI...sk.dll
windows10-2004-x64
3Analysis
-
max time kernel
94s -
max time network
97s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
19-09-2024 06:45
Behavioral task
behavioral1
Sample
eac8ed3aa0ec11fb6838ba53d586672c_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
eac8ed3aa0ec11fb6838ba53d586672c_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/nsWebJPDesk.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/nsWebJPDesk.dll
Resource
win10v2004-20240802-en
General
-
Target
eac8ed3aa0ec11fb6838ba53d586672c_JaffaCakes118.exe
-
Size
265KB
-
MD5
eac8ed3aa0ec11fb6838ba53d586672c
-
SHA1
11a9c41a87eecd80a7a63944c5274908fdc8c649
-
SHA256
88e4a73e2ab273b64e83336979862535c4489263fae0d76497d0a89031e9631f
-
SHA512
2b75bb6c2019a80abb2aacdecf94c847bc20bb068602486bb8076b25d368f14a19eed72d4376dabfff4bc3c8c20ab836d90826a44bea90fb85b5b0166a0383d7
-
SSDEEP
6144:SgLw1dILPAX8ln6aB4WP3E29V8S4Dhg0fn2J6Z2SLqF/6x6Xw6xYwXgIkE556gjB:/w1dILPAX8ln6aB4WP3E29V8S4Dhg0f6
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/4708-0-0x0000000000400000-0x0000000000462000-memory.dmp upx behavioral2/memory/4708-1-0x0000000000400000-0x0000000000462000-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language eac8ed3aa0ec11fb6838ba53d586672c_JaffaCakes118.exe
Processes
Network
-
Remote address:8.8.8.8:53Request13.86.106.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request50.23.12.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request18.31.95.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request19.229.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request19.229.111.52.in-addr.arpaIN PTR
-
71 B 157 B 1 1
DNS Request
13.86.106.20.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
70 B 156 B 1 1
DNS Request
50.23.12.20.in-addr.arpa
-
70 B 144 B 1 1
DNS Request
18.31.95.13.in-addr.arpa
-
144 B 158 B 2 1
DNS Request
19.229.111.52.in-addr.arpa
DNS Request
19.229.111.52.in-addr.arpa