Overview

overview

7

Static

static

3

176b728c76...18.exe

windows7-x64

7

176b728c76...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$R0.dll

windows7-x64

3

$R0.dll

windows10-2004-x64

3

HaoZip.chm

windows7-x64

1

HaoZip.chm

windows10-2004-x64

1

HaoZip.exe

windows7-x64

4

HaoZip.exe

windows10-2004-x64

3

HaoZipC.exe

windows7-x64

3

HaoZipC.exe

windows10-2004-x64

3

HaoZipUpdate.exe

windows7-x64

3

HaoZipUpdate.exe

windows10-2004-x64

3

lang/HaoZi...hs.dll

windows7-x64

3

lang/HaoZi...hs.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    93s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/10/2024, 11:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    176b728c76d39e62bddb985852b935c1_JaffaCakes118.exe

  • Size

    2.0MB

  • MD5

    176b728c76d39e62bddb985852b935c1

  • SHA1

    27d3ee25d0aa4deca74901cceaf7cbbfa7e1a760

  • SHA256

    bc1af5e58bcb412a72e59c142f5a255ba4474c4330e4cdcc6991821a1ec6f383

  • SHA512

    5f335d3ea2cf8d1d829254105b2996025446f30c5a84218932f90f28d1594dca30af606cb6dcfae57b488bb03c190f58c8d6971ca2ff53c8ae9bf37f926c68d5

  • SSDEEP

    49152:SGOihkel4EbeJKIzj/N9zd33g4ccCALA6ng4VK0WscBLYbrCRawu8:SoCI4Rnzd3Q4zbFngsKjFsrQar8

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\176b728c76d39e62bddb985852b935c1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\176b728c76d39e62bddb985852b935c1_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:2304

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nslADB7.tmp\InstallOptions.dll
    Filesize

    15KB

    MD5

    828a94a3b9a080f79e84015b55fce227

    SHA1

    c15c615925bb72531ba32194253eefa49edaa93a

    SHA256

    1d0a17641f697203fd0c0b9ba0b715436299203c9c1be90c458fe668a1eb68d2

    SHA512

    c3d41a3f9377a8c18a85eec50a3eb3cf5a4ec8ea4bbffd73992455cb01aaed9f158183bc647684f82c516534266a46ccfcd7c2c0b3e1b73774c3bedc9e80054a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nslADB7.tmp\System.dll
    Filesize

    11KB

    MD5

    a82b0479708b96c7bf4dd6b798aedee0

    SHA1

    7e47b402848a86bdddd5f0de8bb4620471caaab0

    SHA256

    72410442a894b8316da6ad469f03997ec17c0b0d117745bb6ac5cac3232c7d20

    SHA512

    02e07def3897d87d546c0cf1492191591be587f64ae5c165b9a91fb977585c65a860135eb8c102b67dede913ea935459ce70c4ca973b292122c8d097ab130d58

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nslADB7.tmp\option.ini
    Filesize

    2KB

    MD5

    38b44cc2d80093dd845807c078f85b35

    SHA1

    c5aed0b217f3b916610f6572335ca26a9e2d3a0d

    SHA256

    e01f83e4ef96dec969d448669a74246ea3decb2b76b7b905d04ff7774a110f80

    SHA512

    b89ca9905f35e8eca3e9fd44b0b7de3682a0da44b0af038427b46e9b396e9b5959587fd2f7fb765f663d0bd14a0094839d67fa3adc6b8d0bd79994297911a5ad

    Download Submit