Analysis

  • max time kernel
    78s
  • max time network
    77s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09/10/2024, 10:42

General

  • Target

    2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe

  • Size

    4.4MB

  • MD5

    2fb036a2e2ab544da8694e7f92127e7b

  • SHA1

    43d389e6fcaa04c73336e3c95fc9e4acb0706d22

  • SHA256

    d5a6c25e2c62d37b1e385df59ed323825ab81a261dce8fcce1cf3947a1b37ac3

  • SHA512

    7a49cc4c0d8196241a3bd64b0e22fbc0db08d819c29627553ab81577449087aff4ec319c91f8260f84c4fdce0a835f434108d1fac49290a2ad3b0dff061a202c

  • SSDEEP

    98304:v97dhTV062z2ExkdWiu5TzCXE0ZzQ0w9Evi+VgXbql+CLWWBib:v9/J0Xu3u5CzZMT9EvihbYBwb

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 18 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    PID:880

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\nsj5811.tmp\bg2_1.jpg

          Filesize

          687KB

          MD5

          d842a64a4f747750b0d568a89f8693f6

          SHA1

          b06afd04f8a74ab38877b180223e6008e2910d02

          SHA256

          39393119c2f5aa942fa3672423592fd5a9ab3f98d1cb4a67111cba7828c5e696

          SHA512

          23e3ebd894ddfe9c9a2080af1ea14d04fb145ed33c15aac57696f0ceac137e6d6104534936ce6834cc822223a6d08c3008a61ad4b2cea64d87f0eeb90e3d367c

        • C:\Users\Admin\AppData\Local\Temp\nsj5811.tmp\bg2_2.png

          Filesize

          384B

          MD5

          ad21ecdcd2148b752efa6f430db4a437

          SHA1

          2533d2c20ec5818c4d6dd80a96da1501811bd6a8

          SHA256

          88d1521cf3fddd35b3da8e6b58684e3cd197d710af5374195717ae46140ea1d7

          SHA512

          10172cf9cd7275e41c968448856e96d785a40b7ca3f3cc5ed2d3b1a2d74d4f87409d650ff249b4e7e2865001babd21831cba115f74f47bd2a0b326664e4df9de

        • C:\Users\Admin\AppData\Local\Temp\nsj5811.tmp\btn2_1.png

          Filesize

          459B

          MD5

          6684e8342c5db0c9d31ef1734e63ed8f

          SHA1

          f71844bc2614b71bc96c70e6187983b2eb8ceaf6

          SHA256

          bdcbafa9e284e991a323a80067f00dd804d2fbc0d4c11982c0575c31c2a13b2a

          SHA512

          43a07766291da83410c13d0e7a85bae55bfec2f63e399d95579821b87c169a5b432b559f1cedc6324c145c3e50cea986b2def1209d5fb207bf47ce81b03f5711

        • C:\Users\Admin\AppData\Local\Temp\nsj5811.tmp\btn2_2.png

          Filesize

          356B

          MD5

          239116167acfa980379102fe021f6a52

          SHA1

          1b526894b342f2426c684f2977f9a23a2d8473f5

          SHA256

          9d6142e20fe6fb88d5558202568a4cf09884bafb14983ff6173bf7ed9877945b

          SHA512

          d3c0a4e3cbdff2540d01b333c72e5d915bfae14c5a2c2730b19f43fd38fea58d50f862efd3a529bb5258b258e10c9d3e7d9128cae28b7a514e5ede50d89012ec

        • C:\Users\Admin\AppData\Local\Temp\nsj5811.tmp\chk2_2.png

          Filesize

          3KB

          MD5

          65eec079e354bc64724172cda16c7b25

          SHA1

          76a4b8de083a6031aa889d28e4f629f9eab21080

          SHA256

          37d03a93fdd479fa01a6716cc69bf19158858331e9ebcf111722ccd9acb9e850

          SHA512

          67c0164d10de5fb729209d2d22d6e4ce5ddf3b621f68bbd580597d2c4e97f1457d5868295e875119713c70042dd050b8ee192a998ac1b7d09234987a984cf8d6

        • C:\Users\Admin\AppData\Local\Temp\nsj5811.tmp\close.png

          Filesize

          3KB

          MD5

          9bd13b749c8c5dcf527e14d9e2f1d927

          SHA1

          9367894304fb9363f1aadcd14ffbddeea30398f4

          SHA256

          5aeb7c99db84887e9fe1cd18080d971eda04a0586e3558eed4ffa05a0e371f5e

          SHA512

          33fd8f3ffc9fe0013cc01f7fac501c55b1f8cb56b6e3a1938dcd9bf307df28f1b03e1118b5cd557114dcbab395be0cc72caa852af193bacb1d7592c929966e32

        • \Users\Admin\AppData\Local\Temp\nsj5811.tmp\Button.dll

          Filesize

          7KB

          MD5

          92debab0caea94c3e571e892fdde60dd

          SHA1

          fcd1f711b3c649b5cf5cc134e19524489084e456

          SHA256

          508b06710e1c3d4456d14a28ffa89c42097a9388ce44a6148ee1a3a3d5a26bcd

          SHA512

          2169d071c0c570b236c7224141dfb460a4cd6eb6e2e7fdf081c8d88d9173f639881d0dc2e33bc4881432637fb1a7336b7815236a70cf5ee638f8142d787a94fc

        • \Users\Admin\AppData\Local\Temp\nsj5811.tmp\NSISdl.dll

          Filesize

          14KB

          MD5

          a5a4cee2eb89d2687c05ef74299f0dba

          SHA1

          b9bff5987be422887f2f402357b47db2288a1a42

          SHA256

          cb82268b778703db75961cddef33a695a674f0dfd28b7e710b198ef2d26d3963

          SHA512

          f485267c6239f84d294ed4b0a82f317081e6e2e0c5613bd012bbd496b9ebccb8aca6944e80f84af51d17ac13f4d83480c34edfe37a3a9508ce0e67fc9f0b96f0

        • \Users\Admin\AppData\Local\Temp\nsj5811.tmp\PopWnd.dll

          Filesize

          4KB

          MD5

          f3d5fe8b0434e38b179546a8d32967e1

          SHA1

          221bf35c3596e78cede2c4421ff61792f66e3914

          SHA256

          53be818ad34482490f8f1f89a7586fd2f6185e753672e000a6ba92bb6b08b234

          SHA512

          35661fc31895e9c4359fc43f60a56fd5ebc5ea65f2dee97c9b34fe6479feab327772d7e12389ac00ffd2b5aa825ab760cd599ae4be31146e02b155a339d6c308

        • \Users\Admin\AppData\Local\Temp\nsj5811.tmp\ShellLink.dll

          Filesize

          4KB

          MD5

          aad75be0bdd1f1bac758b521c9f1d022

          SHA1

          5d444b8432c8834f5b5cd29225101856cebb8ecf

          SHA256

          d1d1642f3e70386af125ec32f41734896427811770d617729d8d5ebdf18f8aa7

          SHA512

          4c6e155cdf62cc8b65f3d0699c73c9032accefaa0f51e8b9a5c2f340ec8c6f5fab0ea02aad0abed476b3537292ba22d898589812850968e105ac83680d2f87d0

        • \Users\Admin\AppData\Local\Temp\nsj5811.tmp\System.dll

          Filesize

          11KB

          MD5

          960a5c48e25cf2bca332e74e11d825c9

          SHA1

          da35c6816ace5daf4c6c1d57b93b09a82ecdc876

          SHA256

          484f8e9f194ed9016274ef3672b2c52ed5f574fb71d3884edf3c222b758a75a2

          SHA512

          cc450179e2d0d56aee2ccf8163d3882978c4e9c1aa3d3a95875fe9ba9831e07ddfd377111dc67f801fa53b6f468a418f086f1de7c71e0a5b634e1ae2a67cd3da

        • \Users\Admin\AppData\Local\Temp\nsj5811.tmp\WinMgmt.dll

          Filesize

          84KB

          MD5

          e2708529cf75797672d4348b548b9627

          SHA1

          2b8cdd3d404697e307376ca35d9a095041541ab7

          SHA256

          e978acd60052be119510d6ff0cc948240a43143588d49240e393a8aadadf15ac

          SHA512

          45307bee4fe5d4e50ff340ffc1fb3a8bbc96a57d25b91eceb895cf8cece07a73924efa1a4b39b26ea792ebe5b2937c677c7d279f0ebc3b5ec3b22c3711e13ea0

        • \Users\Admin\AppData\Local\Temp\nsj5811.tmp\inetc.dll

          Filesize

          21KB

          MD5

          92ec4dd8c0ddd8c4305ae1684ab65fb0

          SHA1

          d850013d582a62e502942f0dd282cc0c29c4310e

          SHA256

          5520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934

          SHA512

          581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651

        • \Users\Admin\AppData\Local\Temp\nsj5811.tmp\nsDialogs.dll

          Filesize

          9KB

          MD5

          8ced0b79f7b9033d0795aab3be6d627c

          SHA1

          90c2043ffccd068f407c624c50ac7b795db1e132

          SHA256

          495bddc0be6e18e981db82fab9d1de55c7e269ab4ec3ff43035193bc017a307b

          SHA512

          e38f63a342729f5ff6d0db607d7877b65c33ed19e2b5a97dd868ece8c2a3e829d4153624943444be2f0de885496161d54c1da9594bdc0a5a0bcc8b727e2facb0

        • \Users\Admin\AppData\Local\Temp\nsj5811.tmp\riliUI.dll

          Filesize

          11KB

          MD5

          0ccc0b4b0b610d5fd681390b055d06c8

          SHA1

          25511581141f04561ad7ce9f6f0aac4be65a38cb

          SHA256

          425bbf77b14b58d792be4749b5d12b8dd7d2ea903b514a11ca9c48059c682d45

          SHA512

          97e6577b18ff94c5b3ea596cb26532f1e0cf0ac699d38dab2a16d104226a549bca7802407bdb345f7766bf8e3d78584c6c67f3086d69c42159ae5973ff2ed0bc

        • \Users\Admin\AppData\Local\Temp\nsj5811.tmp\socket2.dll

          Filesize

          34KB

          MD5

          02c673b333a44ff8272e1580bd84a4f4

          SHA1

          24606c13e68385485c4279a383ee2ce3da89a034

          SHA256

          56426aa8873328af4df302060d7b36c466993a5be603fe008c10d1e1e0aed3fe

          SHA512

          b3452437f0985d86a51fa9ca45723c69a308f05bf78a7191a375b073fb6a3047e55a454bb4cb15bcb9417b030e7dfea77f6b2c839eaa36ae8f0cb3d717f9ec20

        • memory/880-51-0x0000000000600000-0x0000000000615000-memory.dmp

          Filesize

          84KB

        • memory/880-24-0x0000000000570000-0x0000000000579000-memory.dmp

          Filesize

          36KB

        • memory/880-10-0x0000000000312000-0x0000000000313000-memory.dmp

          Filesize

          4KB