Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-10-2024 10:42

General

  • Target

    2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe

  • Size

    4.4MB

  • MD5

    2fb036a2e2ab544da8694e7f92127e7b

  • SHA1

    43d389e6fcaa04c73336e3c95fc9e4acb0706d22

  • SHA256

    d5a6c25e2c62d37b1e385df59ed323825ab81a261dce8fcce1cf3947a1b37ac3

  • SHA512

    7a49cc4c0d8196241a3bd64b0e22fbc0db08d819c29627553ab81577449087aff4ec319c91f8260f84c4fdce0a835f434108d1fac49290a2ad3b0dff061a202c

  • SSDEEP

    98304:v97dhTV062z2ExkdWiu5TzCXE0ZzQ0w9Evi+VgXbql+CLWWBib:v9/J0Xu3u5CzZMT9EvihbYBwb

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 37 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    PID:664

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nslAF9B.tmp\Button.dll

    Filesize

    7KB

    MD5

    92debab0caea94c3e571e892fdde60dd

    SHA1

    fcd1f711b3c649b5cf5cc134e19524489084e456

    SHA256

    508b06710e1c3d4456d14a28ffa89c42097a9388ce44a6148ee1a3a3d5a26bcd

    SHA512

    2169d071c0c570b236c7224141dfb460a4cd6eb6e2e7fdf081c8d88d9173f639881d0dc2e33bc4881432637fb1a7336b7815236a70cf5ee638f8142d787a94fc

  • C:\Users\Admin\AppData\Local\Temp\nslAF9B.tmp\NSISdl.dll

    Filesize

    14KB

    MD5

    a5a4cee2eb89d2687c05ef74299f0dba

    SHA1

    b9bff5987be422887f2f402357b47db2288a1a42

    SHA256

    cb82268b778703db75961cddef33a695a674f0dfd28b7e710b198ef2d26d3963

    SHA512

    f485267c6239f84d294ed4b0a82f317081e6e2e0c5613bd012bbd496b9ebccb8aca6944e80f84af51d17ac13f4d83480c34edfe37a3a9508ce0e67fc9f0b96f0

  • C:\Users\Admin\AppData\Local\Temp\nslAF9B.tmp\PopWnd.dll

    Filesize

    4KB

    MD5

    f3d5fe8b0434e38b179546a8d32967e1

    SHA1

    221bf35c3596e78cede2c4421ff61792f66e3914

    SHA256

    53be818ad34482490f8f1f89a7586fd2f6185e753672e000a6ba92bb6b08b234

    SHA512

    35661fc31895e9c4359fc43f60a56fd5ebc5ea65f2dee97c9b34fe6479feab327772d7e12389ac00ffd2b5aa825ab760cd599ae4be31146e02b155a339d6c308

  • C:\Users\Admin\AppData\Local\Temp\nslAF9B.tmp\ShellLink.dll

    Filesize

    4KB

    MD5

    aad75be0bdd1f1bac758b521c9f1d022

    SHA1

    5d444b8432c8834f5b5cd29225101856cebb8ecf

    SHA256

    d1d1642f3e70386af125ec32f41734896427811770d617729d8d5ebdf18f8aa7

    SHA512

    4c6e155cdf62cc8b65f3d0699c73c9032accefaa0f51e8b9a5c2f340ec8c6f5fab0ea02aad0abed476b3537292ba22d898589812850968e105ac83680d2f87d0

  • C:\Users\Admin\AppData\Local\Temp\nslAF9B.tmp\System.dll

    Filesize

    11KB

    MD5

    960a5c48e25cf2bca332e74e11d825c9

    SHA1

    da35c6816ace5daf4c6c1d57b93b09a82ecdc876

    SHA256

    484f8e9f194ed9016274ef3672b2c52ed5f574fb71d3884edf3c222b758a75a2

    SHA512

    cc450179e2d0d56aee2ccf8163d3882978c4e9c1aa3d3a95875fe9ba9831e07ddfd377111dc67f801fa53b6f468a418f086f1de7c71e0a5b634e1ae2a67cd3da

  • C:\Users\Admin\AppData\Local\Temp\nslAF9B.tmp\WinMgmt.dll

    Filesize

    84KB

    MD5

    e2708529cf75797672d4348b548b9627

    SHA1

    2b8cdd3d404697e307376ca35d9a095041541ab7

    SHA256

    e978acd60052be119510d6ff0cc948240a43143588d49240e393a8aadadf15ac

    SHA512

    45307bee4fe5d4e50ff340ffc1fb3a8bbc96a57d25b91eceb895cf8cece07a73924efa1a4b39b26ea792ebe5b2937c677c7d279f0ebc3b5ec3b22c3711e13ea0

  • C:\Users\Admin\AppData\Local\Temp\nslAF9B.tmp\bg2_1.jpg

    Filesize

    687KB

    MD5

    d842a64a4f747750b0d568a89f8693f6

    SHA1

    b06afd04f8a74ab38877b180223e6008e2910d02

    SHA256

    39393119c2f5aa942fa3672423592fd5a9ab3f98d1cb4a67111cba7828c5e696

    SHA512

    23e3ebd894ddfe9c9a2080af1ea14d04fb145ed33c15aac57696f0ceac137e6d6104534936ce6834cc822223a6d08c3008a61ad4b2cea64d87f0eeb90e3d367c

  • C:\Users\Admin\AppData\Local\Temp\nslAF9B.tmp\bg2_2.png

    Filesize

    384B

    MD5

    ad21ecdcd2148b752efa6f430db4a437

    SHA1

    2533d2c20ec5818c4d6dd80a96da1501811bd6a8

    SHA256

    88d1521cf3fddd35b3da8e6b58684e3cd197d710af5374195717ae46140ea1d7

    SHA512

    10172cf9cd7275e41c968448856e96d785a40b7ca3f3cc5ed2d3b1a2d74d4f87409d650ff249b4e7e2865001babd21831cba115f74f47bd2a0b326664e4df9de

  • C:\Users\Admin\AppData\Local\Temp\nslAF9B.tmp\btn2_1.png

    Filesize

    459B

    MD5

    6684e8342c5db0c9d31ef1734e63ed8f

    SHA1

    f71844bc2614b71bc96c70e6187983b2eb8ceaf6

    SHA256

    bdcbafa9e284e991a323a80067f00dd804d2fbc0d4c11982c0575c31c2a13b2a

    SHA512

    43a07766291da83410c13d0e7a85bae55bfec2f63e399d95579821b87c169a5b432b559f1cedc6324c145c3e50cea986b2def1209d5fb207bf47ce81b03f5711

  • C:\Users\Admin\AppData\Local\Temp\nslAF9B.tmp\btn2_2.png

    Filesize

    356B

    MD5

    239116167acfa980379102fe021f6a52

    SHA1

    1b526894b342f2426c684f2977f9a23a2d8473f5

    SHA256

    9d6142e20fe6fb88d5558202568a4cf09884bafb14983ff6173bf7ed9877945b

    SHA512

    d3c0a4e3cbdff2540d01b333c72e5d915bfae14c5a2c2730b19f43fd38fea58d50f862efd3a529bb5258b258e10c9d3e7d9128cae28b7a514e5ede50d89012ec

  • C:\Users\Admin\AppData\Local\Temp\nslAF9B.tmp\chk2_2.png

    Filesize

    3KB

    MD5

    65eec079e354bc64724172cda16c7b25

    SHA1

    76a4b8de083a6031aa889d28e4f629f9eab21080

    SHA256

    37d03a93fdd479fa01a6716cc69bf19158858331e9ebcf111722ccd9acb9e850

    SHA512

    67c0164d10de5fb729209d2d22d6e4ce5ddf3b621f68bbd580597d2c4e97f1457d5868295e875119713c70042dd050b8ee192a998ac1b7d09234987a984cf8d6

  • C:\Users\Admin\AppData\Local\Temp\nslAF9B.tmp\close.png

    Filesize

    3KB

    MD5

    9bd13b749c8c5dcf527e14d9e2f1d927

    SHA1

    9367894304fb9363f1aadcd14ffbddeea30398f4

    SHA256

    5aeb7c99db84887e9fe1cd18080d971eda04a0586e3558eed4ffa05a0e371f5e

    SHA512

    33fd8f3ffc9fe0013cc01f7fac501c55b1f8cb56b6e3a1938dcd9bf307df28f1b03e1118b5cd557114dcbab395be0cc72caa852af193bacb1d7592c929966e32

  • C:\Users\Admin\AppData\Local\Temp\nslAF9B.tmp\inetc.dll

    Filesize

    21KB

    MD5

    92ec4dd8c0ddd8c4305ae1684ab65fb0

    SHA1

    d850013d582a62e502942f0dd282cc0c29c4310e

    SHA256

    5520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934

    SHA512

    581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651

  • C:\Users\Admin\AppData\Local\Temp\nslAF9B.tmp\nsDialogs.dll

    Filesize

    9KB

    MD5

    8ced0b79f7b9033d0795aab3be6d627c

    SHA1

    90c2043ffccd068f407c624c50ac7b795db1e132

    SHA256

    495bddc0be6e18e981db82fab9d1de55c7e269ab4ec3ff43035193bc017a307b

    SHA512

    e38f63a342729f5ff6d0db607d7877b65c33ed19e2b5a97dd868ece8c2a3e829d4153624943444be2f0de885496161d54c1da9594bdc0a5a0bcc8b727e2facb0

  • C:\Users\Admin\AppData\Local\Temp\nslAF9B.tmp\riliUI.dll

    Filesize

    11KB

    MD5

    0ccc0b4b0b610d5fd681390b055d06c8

    SHA1

    25511581141f04561ad7ce9f6f0aac4be65a38cb

    SHA256

    425bbf77b14b58d792be4749b5d12b8dd7d2ea903b514a11ca9c48059c682d45

    SHA512

    97e6577b18ff94c5b3ea596cb26532f1e0cf0ac699d38dab2a16d104226a549bca7802407bdb345f7766bf8e3d78584c6c67f3086d69c42159ae5973ff2ed0bc

  • C:\Users\Admin\AppData\Local\Temp\nslAF9B.tmp\socket2.dll

    Filesize

    34KB

    MD5

    02c673b333a44ff8272e1580bd84a4f4

    SHA1

    24606c13e68385485c4279a383ee2ce3da89a034

    SHA256

    56426aa8873328af4df302060d7b36c466993a5be603fe008c10d1e1e0aed3fe

    SHA512

    b3452437f0985d86a51fa9ca45723c69a308f05bf78a7191a375b073fb6a3047e55a454bb4cb15bcb9417b030e7dfea77f6b2c839eaa36ae8f0cb3d717f9ec20

  • memory/664-27-0x00000000069F0000-0x00000000069F9000-memory.dmp

    Filesize

    36KB

  • memory/664-60-0x00000000053E0000-0x00000000053F5000-memory.dmp

    Filesize

    84KB

  • memory/664-10-0x00000000069D2000-0x00000000069D3000-memory.dmp

    Filesize

    4KB