Overview

overview

7

Static

static

3

ff83855a64...18.exe

windows7-x64

7

ff83855a64...18.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDIR/Math.dll

windows7-x64

3

$PLUGINSDIR/Math.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

$PLUGINSDI...st.dll

windows7-x64

3

$PLUGINSDI...st.dll

windows10-2004-x64

3

$PLUGINSDI...nz.dll

windows7-x64

3

$PLUGINSDI...nz.dll

windows10-2004-x64

3

$PLUGINSDI...ap.dll

windows7-x64

3

$PLUGINSDI...ap.dll

windows10-2004-x64

3

$PLUGINSDI...ro.dll

windows7-x64

3

$PLUGINSDI...ro.dll

windows10-2004-x64

3

$R0/AskSearchAsst.exe

windows7-x64

7

$R0/AskSearchAsst.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    29/09/2024, 23:41 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ff83855a648846c5e05c54e23b417bae_JaffaCakes118.exe

  • Size

    720KB

  • MD5

    ff83855a648846c5e05c54e23b417bae

  • SHA1

    32175d41aed15387da1f0c86d46793ceca3883f8

  • SHA256

    c002e189b8f742df6459dc0be8cb5a0afcaca94c9279438128517ab8e63d44d9

  • SHA512

    e4cef955bf222ae3aa1ca180649c7f25826f4e07310d937cd1a30f1246f7861e1ed9bfca4bd79f089c1d729f5083ccf326fbe63b6dbac9387c576e7293ed38fa

  • SSDEEP

    12288:xMOAiHA9pcm1IfjZalab5aRrz9Aebtn5PzJ7zT3z:xyiHKqmQt5WBhPVrz

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Loads dropped DLL 63 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ff83855a648846c5e05c54e23b417bae_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ff83855a648846c5e05c54e23b417bae_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    PID:2380

Network

  • flag-us
    DNS
    tbtrack.zugo.com
    ff83855a648846c5e05c54e23b417bae_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    tbtrack.zugo.com
    IN A
    Response
  • flag-us
    DNS
    tbtrack.zutrack.com
    ff83855a648846c5e05c54e23b417bae_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    tbtrack.zutrack.com
    IN A
    Response
  • flag-us
    DNS
    installer.zugo.com
    ff83855a648846c5e05c54e23b417bae_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    installer.zugo.com
    IN A
    Response
  • flag-us
    DNS
    installer.zutrack.com
    ff83855a648846c5e05c54e23b417bae_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    installer.zutrack.com
    IN A
    Response
No results found
  • 8.8.8.8:53
    tbtrack.zugo.com
    dns
    ff83855a648846c5e05c54e23b417bae_JaffaCakes118.exe
    62 B
     133 B
     1
    1

    DNS Request

    tbtrack.zugo.com

  • 8.8.8.8:53
    tbtrack.zutrack.com
    dns
    ff83855a648846c5e05c54e23b417bae_JaffaCakes118.exe
    65 B
     136 B
     1
    1

    DNS Request

    tbtrack.zutrack.com

  • 8.8.8.8:53
    installer.zugo.com
    dns
    ff83855a648846c5e05c54e23b417bae_JaffaCakes118.exe
    64 B
     135 B
     1
    1

    DNS Request

    installer.zugo.com

  • 8.8.8.8:53
    installer.zutrack.com
    dns
    ff83855a648846c5e05c54e23b417bae_JaffaCakes118.exe
    67 B
     138 B
     1
    1

    DNS Request

    installer.zutrack.com

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nstF6CF.tmp\tbdata.json
    Filesize

    1KB

    MD5

    7088126cd67c4285c161cb7c769b2ad0

    SHA1

    b74d8aa1615bcdf717c9dfcaa5b2b6230babe6ee

    SHA256

    53a3a71cecf844a2c1a77281c9728c642ca3a85bb07f4f037d57066c5b14dfb5

    SHA512

    d1f176aa1199580e985378c4f439d507010da844c27ba993722bcf4d3e9435cca270f2875659f9dcd3bc565d705f72a8d35bb8d0f00e5a23a239ff02f1a60fd0

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nstF6CF.tmp\GetVersion.dll
    Filesize

    6KB

    MD5

    5264f7d6d89d1dc04955cfb391798446

    SHA1

    211d8d3e7c2b2f57f54a11cb8bc4fa536df08acc

    SHA256

    7d76c7dd8f7cd5a87e0118dacb434db3971a049501e22a5f4b947154621ab3d4

    SHA512

    80d27ee2f87e2822bd5c8c55cc3d1e49beebb86d8557c92b52b7cbea9f27882d80e59eefa25e414eecee268a9a6193b6b50b748de33c778b007cde24ef8bcfb7

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nstF6CF.tmp\Math.dll
    Filesize

    66KB

    MD5

    b140459077c7c39be4bef249c2f84535

    SHA1

    c56498241c2ddafb01961596da16d08d1b11cd35

    SHA256

    0598f7d83db44929b7170c1285457b52b4281185f63ced102e709bf065f10d67

    SHA512

    fbcb19a951d96a216d73b6b3e005338bbb6e11332c6cc8c3f179ccd420b4db0e5682dc4245bd120dcb67bc70960eab368e74c68c7c165a485a12a7d0d8a00328

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nstF6CF.tmp\NSISdl.dll
    Filesize

    14KB

    MD5

    a5f8399a743ab7f9c88c645c35b1ebb5

    SHA1

    168f3c158913b0367bf79fa413357fbe97018191

    SHA256

    dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

    SHA512

    824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nstF6CF.tmp\System.dll
    Filesize

    11KB

    MD5

    c17103ae9072a06da581dec998343fc1

    SHA1

    b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    SHA256

    dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    SHA512

    d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nstF6CF.tmp\inetc.dll
    Filesize

    20KB

    MD5

    2f94245152dbd233e248909f9c01c578

    SHA1

    ab4e5879c001b36a2f9ff214946599fd015edda9

    SHA256

    4c4d85eb9725fc7fade03467990e3dd9671c29a7870c97e69babc2cb3c9adef9

    SHA512

    f92830de27d6663be5e0df9e32cd88732bc7ee93b14c1ded65258c325d22436400801aff1124f40400c6c3b3c16e71deb08436714716f3888d13a8a6b6a32231

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nstF6CF.tmp\linker.dll
    Filesize

    6KB

    MD5

    8450b29ee8d592c208ba1aaf6ee50267

    SHA1

    75096da057bc85cef63bb0eec168652ea75cf618

    SHA256

    53aa57e582dc56421c1191a0a9efac9c36960b903b7d825f3b9682605ec2b612

    SHA512

    d23a3057053a1f36f5eb212ae0b09b9b0b41e50b8a6a20bbc46c12c51199ad0bca741bcce17534488158e8f2b9470dbdac2aa059688b7588a05778c40d461039

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nstF6CF.tmp\md5dll.dll
    Filesize

    8KB

    MD5

    a7d710e78711d5ab90e4792763241754

    SHA1

    f31cecd926c5d497aba163a17b75975ec34beb13

    SHA256

    9b05dd603f13c196f3f21c43f48834208fed2294f7090fcd1334931014611fb2

    SHA512

    f0ca2d6f9a8aeac84ef8b051154a041adffc46e3e9aced142e9c7bf5f7272b047e1db421d38cb2d9182d7442bee3dd806618b019ec042a23ae0e71671d2943c0

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nstF6CF.tmp\nsProcess.dll
    Filesize

    4KB

    MD5

    05450face243b3a7472407b999b03a72

    SHA1

    ffd88af2e338ae606c444390f7eaaf5f4aef2cd9

    SHA256

    95fe9d92512ff2318cc2520311ef9145b2cee01209ab0e1b6e45c7ce1d4d0e89

    SHA512

    f4cbe30166aff20a226a7150d93a876873ba699d80d7e9f46f32a9b4753fa7966c3113a3124340b39ca67a13205463a413e740e541e742903e3f89af5a53ad3b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nstF6CF.tmp\nshist.dll
    Filesize

    39KB

    MD5

    56bf72527ae93d35cd8f8778ad29902b

    SHA1

    3248a7ca75a3c2e715a13b455ccc5d45e04cf9b9

    SHA256

    77f38240d729758f04fbd6ac00dc638e99ba27c42fa48200c99f51449e245343

    SHA512

    c8ea0445bb83bb67dffa85b167fcc9b6ea874493442db5707e939ee0f2864a0d464ee605de486febffc27b60cd3c35a91302f226f6c4f13186119687a7e6000e

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nstF6CF.tmp\timepro.dll
    Filesize

    20KB

    MD5

    009dbbdd1ef470dd752c2b73835da3e7

    SHA1

    f97da6556b24302df8201a092eaa32a80d49064b

    SHA256

    c1ed8c398108dc56fbb6fd6797c3c9df59447e2a2f198b72a45058124971b09c

    SHA512

    dbffa0eb830b292e5550eb3f3cfce90f881282652afb0463672ece7eb0946c34a8f75c4852f77b1db3604f0f346d0ed9d9babbad40b41de109e9f5119d555ec5

    Download Submit

  • memory/2380-18-0x00000000027D0000-0x00000000027EA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2380-166-0x00000000028D0000-0x00000000028D9000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2380-29-0x0000000000520000-0x0000000000529000-memory.dmp

    Filesize

    36KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.