Overview

overview

7

Static

static

3

27c694b138...18.exe

windows7-x64

7

27c694b138...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDIR/refr.dll

windows7-x64

3

$PLUGINSDIR/refr.dll

windows10-2004-x64

3

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    94s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-10-2024 00:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    27c694b138ee1350fa8132b1cbaf8fef_JaffaCakes118.exe

  • Size

    69KB

  • MD5

    27c694b138ee1350fa8132b1cbaf8fef

  • SHA1

    f3b266ab2360d5510207d58677334569e3bce2ad

  • SHA256

    ac283367b65f4e19ca2fb4bfdd80adbadd8d48d8b3dd6d8ba30ca1e6b3db3b51

  • SHA512

    a00a4d4c72f50738d97ef947b9c89c9f22b3e47383bb8536265c31a6af0685a27087c3dc370f87ebce6578ca977d3004d3c1dd1e42802282e391b6943bc4816d

  • SSDEEP

    1536:TpijcwPomiOQHSv4DmJ5twJPOcAeeXPABbqSLMXSyIHk:T8Sm4yADmJWOcAPoBblLMhYk

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\27c694b138ee1350fa8132b1cbaf8fef_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\27c694b138ee1350fa8132b1cbaf8fef_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:448

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nso6A64.tmp\refr.dll
    Filesize

    32KB

    MD5

    7d858ca517f9554fe340e6f46f121af8

    SHA1

    77387e288a3ede2791125b2f58386d96dd7450b6

    SHA256

    aaf3380075deaefa9f54c4df3a6138d363168101dcda598aaecc64503d4dabae

    SHA512

    040315d8968736db1ad6b03035c09fc9520b9e39157c3692ce332b306a4a91d33b7dee3c0d4fc8191093ca7495d86af7749ba93f161ad965615a329f45eb6229

    Download Submit