Analysis

  • max time kernel
    148s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-10-2024 07:28

General

  • Target

    098ac0abecc4ef0b1523053dda3cd4dd_JaffaCakes118.exe

  • Size

    1.6MB

  • MD5

    098ac0abecc4ef0b1523053dda3cd4dd

  • SHA1

    d85fbf81cbe371f80a50966cf509b732e7d0fa36

  • SHA256

    74be6c40d1f22f291dd504e97570c7c678ce9e46e32dfd94c94126de75ae21cd

  • SHA512

    e2aa57a1c483ac726527acc35ae82727839600d1c60be63c7cc01337427e2e90652020126fb23f834256416113ad5fdf4dba48df75f62163c0473458851a20ce

  • SSDEEP

    24576:2c5YG52ob3weTAASN0mX/odwVbYM63xSe1QvyVkEwMD8FumJrVK25YadBP4l6:2UjTwe8Ag0mgdw6Se1QvyVvwr9yaXP4M

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\098ac0abecc4ef0b1523053dda3cd4dd_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\098ac0abecc4ef0b1523053dda3cd4dd_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:5040

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsxC024.tmp\InstallOptions.dll

    Filesize

    14KB

    MD5

    296a5f3179fa8d7a7a855eaf696ede44

    SHA1

    57aa5b71553ed282dd22c768e039a187f5c13f63

    SHA256

    ee0ad77e681c4d0fdf1d67df5f4ca03e6bdd8e3b05dfb47a83ad5c733ed62960

    SHA512

    bc527d1485f468e8d098057e0e38e8cb7aa6eb64d4ca30927b99b1552a3177b132b989015ff95bdf2ca046bf11a54b4b456f51e024fbc734fbb548c3499e53f6

  • C:\Users\Admin\AppData\Local\Temp\nsxC024.tmp\InstallQQ.ini

    Filesize

    2KB

    MD5

    a467a5a2202c526b39eb1e23fb902e65

    SHA1

    90d3e0fbcdd85c29d9c973602663ce176760c6bd

    SHA256

    9a380e3614ea1b7d4b859706272455181d586969fb68e504b8a5ce26eb1428fe

    SHA512

    fcffa6912d7ec5b18305a609358b7865d3715e1aadb08438795d3c7915e642671143cb9b7ace28bb82b8b732115532d7a09865b4ff27982408eca574e7890f21

  • C:\Users\Admin\AppData\Local\Temp\nsxC024.tmp\System.dll

    Filesize

    10KB

    MD5

    86b5a07a43b7cbc5c49263b8d974b736

    SHA1

    78388286a311810d812c13d87dea12d581713e60

    SHA256

    5897fb00be38e502fb5dfd047d97e5e4da6387a7a6259633dc31c2427612901b

    SHA512

    dcbe379c28302bb3472339cd24949b16548fa0003882a920df6839078cc7b2563f058a0524bf25df0a5ec8b08e302ebc9e646033109958669d8af883af959ffe

  • C:\Users\Admin\AppData\Local\Temp\nsxC024.tmp\exdll.dll

    Filesize

    78KB

    MD5

    52923292f07cba4f62d978b4a4092768

    SHA1

    5d7fa994bffa6c0d26c6fbc7fa46ec14053aa13a

    SHA256

    ea81b0c401a3c2399143578eb1ba67d412faa38173ad0d56f38a30014b464eac

    SHA512

    e10e279eb06767eb0e501574041f5f0ceb0dd1953becff71e473e30b722fe19bf888be65712edd9e303eaf6f4ca84d820f1890329b9e1172178b877aa756279b