Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    13/10/2024, 11:01

General

  • Target

    3f7959fa3eac1c799f52f8bcaff2817e_JaffaCakes118.exe

  • Size

    8.5MB

  • MD5

    3f7959fa3eac1c799f52f8bcaff2817e

  • SHA1

    ca4cd0bfef98aa9f8b0c9ef53401e4e10e83d180

  • SHA256

    0b1bbcb0197ca224707d9c51818e44d78d40e1964d1e7e8c016e1c87c0c71151

  • SHA512

    b702a41ad5d73a8be6f657eadeb4db49b51c944657a0b3c9bb4d87062b7074f09b9eccb66fc10963b539bfcd0af53c574d71ac20b31eddc338b1719febe4f8f1

  • SSDEEP

    196608:EdW8H9CG8mv6xEfOsHoHSJT5xJ5hpXntrmHu:YCG8mbb9J5DtrSu

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 12 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3f7959fa3eac1c799f52f8bcaff2817e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3f7959fa3eac1c799f52f8bcaff2817e_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2080

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nst4923.tmp\RCWidgetPlugin.dll

    Filesize

    1.0MB

    MD5

    c3b2ef9dc45c456200b42708da387038

    SHA1

    8029d50b42e6982d2590dbbca9029912f79be976

    SHA256

    f192abf8ab296a4f3be18171a7c7c9599bbe4e6040d0dc391ca8a303e23009d0

    SHA512

    b79cdcc230a508ac858b1c598db3806622d40e05f73b20a234e3f00c18e54047ec9ff717fa409348c5ad29bf89aa783b6ce4e27513fab667db15511583f46b13

  • \Users\Admin\AppData\Local\Temp\nst4923.tmp\System.dll

    Filesize

    18KB

    MD5

    2bd4ba3e08273bea5de1a34d9888fd58

    SHA1

    a1c89adb5b3aff6789ba0ffc613cfd26392931f5

    SHA256

    0975b58f740e61ff50081f0acb4d60f14938979de24616e8c28912b1b690612c

    SHA512

    f625a28f4a6070e35ad61f91c772178f23edf4826ef243746b51c3404609a7ff42e7d10074b55b0ca7ac42ff53a5d501ab00859b98a00011975cbb4f983903d1