Overview
overview
7Static
static
3098ac0abec...18.exe
windows7-x64
7098ac0abec...18.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/exdll.dll
windows7-x64
3$PLUGINSDIR/exdll.dll
windows10-2004-x64
3AutoUpdate.dll
windows7-x64
3AutoUpdate.dll
windows10-2004-x64
3CaiHong.dll
windows7-x64
3CaiHong.dll
windows10-2004-x64
3CaiHong.exe
windows7-x64
7CaiHong.exe
windows10-2004-x64
7Reporter.dll
windows7-x64
3Reporter.dll
windows10-2004-x64
3msimg32.dll
windows7-x64
3msimg32.dll
windows10-2004-x64
3uninstall.exe
windows7-x64
7uninstall.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDIR/exdll.dll
windows7-x64
3$PLUGINSDIR/exdll.dll
windows10-2004-x64
3Analysis
-
max time kernel
148s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
02-10-2024 07:28
Static task
static1
Behavioral task
behavioral1
Sample
098ac0abecc4ef0b1523053dda3cd4dd_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
098ac0abecc4ef0b1523053dda3cd4dd_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/exdll.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/exdll.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
AutoUpdate.dll
Resource
win7-20240729-en
Behavioral task
behavioral10
Sample
AutoUpdate.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
CaiHong.dll
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
CaiHong.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
CaiHong.exe
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
CaiHong.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
Reporter.dll
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
Reporter.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
msimg32.dll
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
msimg32.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral19
Sample
uninstall.exe
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
uninstall.exe
Resource
win10v2004-20240910-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240704-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/exdll.dll
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/exdll.dll
Resource
win10v2004-20240802-en
General
-
Target
098ac0abecc4ef0b1523053dda3cd4dd_JaffaCakes118.exe
-
Size
1.6MB
-
MD5
098ac0abecc4ef0b1523053dda3cd4dd
-
SHA1
d85fbf81cbe371f80a50966cf509b732e7d0fa36
-
SHA256
74be6c40d1f22f291dd504e97570c7c678ce9e46e32dfd94c94126de75ae21cd
-
SHA512
e2aa57a1c483ac726527acc35ae82727839600d1c60be63c7cc01337427e2e90652020126fb23f834256416113ad5fdf4dba48df75f62163c0473458851a20ce
-
SSDEEP
24576:2c5YG52ob3weTAASN0mX/odwVbYM63xSe1QvyVkEwMD8FumJrVK25YadBP4l6:2UjTwe8Ag0mgdw6Se1QvyVvwr9yaXP4M
Malware Config
Signatures
-
Loads dropped DLL 5 IoCs
pid Process 5040 098ac0abecc4ef0b1523053dda3cd4dd_JaffaCakes118.exe 5040 098ac0abecc4ef0b1523053dda3cd4dd_JaffaCakes118.exe 5040 098ac0abecc4ef0b1523053dda3cd4dd_JaffaCakes118.exe 5040 098ac0abecc4ef0b1523053dda3cd4dd_JaffaCakes118.exe 5040 098ac0abecc4ef0b1523053dda3cd4dd_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 098ac0abecc4ef0b1523053dda3cd4dd_JaffaCakes118.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
14KB
MD5296a5f3179fa8d7a7a855eaf696ede44
SHA157aa5b71553ed282dd22c768e039a187f5c13f63
SHA256ee0ad77e681c4d0fdf1d67df5f4ca03e6bdd8e3b05dfb47a83ad5c733ed62960
SHA512bc527d1485f468e8d098057e0e38e8cb7aa6eb64d4ca30927b99b1552a3177b132b989015ff95bdf2ca046bf11a54b4b456f51e024fbc734fbb548c3499e53f6
-
Filesize
2KB
MD5a467a5a2202c526b39eb1e23fb902e65
SHA190d3e0fbcdd85c29d9c973602663ce176760c6bd
SHA2569a380e3614ea1b7d4b859706272455181d586969fb68e504b8a5ce26eb1428fe
SHA512fcffa6912d7ec5b18305a609358b7865d3715e1aadb08438795d3c7915e642671143cb9b7ace28bb82b8b732115532d7a09865b4ff27982408eca574e7890f21
-
Filesize
10KB
MD586b5a07a43b7cbc5c49263b8d974b736
SHA178388286a311810d812c13d87dea12d581713e60
SHA2565897fb00be38e502fb5dfd047d97e5e4da6387a7a6259633dc31c2427612901b
SHA512dcbe379c28302bb3472339cd24949b16548fa0003882a920df6839078cc7b2563f058a0524bf25df0a5ec8b08e302ebc9e646033109958669d8af883af959ffe
-
Filesize
78KB
MD552923292f07cba4f62d978b4a4092768
SHA15d7fa994bffa6c0d26c6fbc7fa46ec14053aa13a
SHA256ea81b0c401a3c2399143578eb1ba67d412faa38173ad0d56f38a30014b464eac
SHA512e10e279eb06767eb0e501574041f5f0ceb0dd1953becff71e473e30b722fe19bf888be65712edd9e303eaf6f4ca84d820f1890329b9e1172178b877aa756279b