Overview

overview

7

Static

static

3

916c6a3260...18.exe

windows7-x64

7

916c6a3260...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Spy Monitor Help.chm

windows7-x64

1

Spy Monitor Help.chm

windows10-2004-x64

1

ijl15.dll

windows7-x64

3

ijl15.dll

windows10-2004-x64

3

setalc.exe

windows7-x64

3

setalc.exe

windows10-2004-x64

3

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

wmispe.exe

windows7-x64

6

wmispe.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    91s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-11-2024 00:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    916c6a32602001110ea3aaa636c6a682_JaffaCakes118.exe

  • Size

    1.6MB

  • MD5

    916c6a32602001110ea3aaa636c6a682

  • SHA1

    450fa1e20fc55b48bb6d268d133a9298353e3c0b

  • SHA256

    daaaf8f57839df3645b9a65a3223483c5ff9b01840e179242158d1b8a948a801

  • SHA512

    74c5f24589cd2541df5ac0297746d35346ba342992315697fad6838a9fd67f5adb921304d570a57e01278aae7da5d6767df5533b140e15f9c0e44cb7dc02e642

  • SSDEEP

    49152:+OL1JKKG61fEFTd6tpWIk0tOTjAXOgfQ1ZAejAHU:RAO2FuwIkBI+rU6

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\916c6a32602001110ea3aaa636c6a682_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\916c6a32602001110ea3aaa636c6a682_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:2528

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsp6CD5.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    79be350c8381293abb045bbd2a7b5f0a

    SHA1

    0b4e6d482cae461e36c2b47661ef586545162e23

    SHA256

    3091623495d6e81bc0aa9182a55b0f93d3b2238102a44fd66943e46ed7eeaf51

    SHA512

    1d39bc13f2825bb4aee5832bc5c60603b62b3475e0075028a146981764e6796e68fdd752627f37f8bb198dcfce5a62efb6a6283366fc4874a8915008aa0a4c28

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsp6CD5.tmp\ioSpecial.ini
    Filesize

    720B

    MD5

    4e5c2fab225e1e3850b06807af32bbfe

    SHA1

    38464a7fc7bc26f3076537a0d648e8017ed3ca6a

    SHA256

    1c5ce5e5becf5ecaf1a384f0d7415477d17f7862a2c2aab188cb50c0e36a8a38

    SHA512

    41df172809916f64d8c86802572581e379f1d4b1861d122e30b03779bd1d7b35176cefd67a699cb98b53670ccc02b98b02ad8e1c624aea8e0ca1cef696022977

    Download Submit