Overview

overview

10

Static

static

3

f154c92cb4...18.exe

windows7-x64

7

f154c92cb4...18.exe

windows10-2004-x64

7

$PLUGINSDI...ol.dll

windows7-x64

3

$PLUGINSDI...ol.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

avsuite.exe

windows7-x64

10

avsuite.exe

windows10-2004-x64

3

htmlayout.dll

windows7-x64

1

htmlayout.dll

windows10-2004-x64

1

uninstall.exe

windows7-x64

7

uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...ol.dll

windows7-x64

3

$PLUGINSDI...ol.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    147s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    14-12-2024 23:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f154c92cb4e9af2c71399ad3a290a0a7_JaffaCakes118.exe

  • Size

    676KB

  • MD5

    f154c92cb4e9af2c71399ad3a290a0a7

  • SHA1

    748cb5e98296ffbe5d4ec1a6fb51f0ec2bf6cb72

  • SHA256

    be4616d11b24ad5d37e4e5987e933bd35d656e6505f5a8e75ee5588f1ef33bb1

  • SHA512

    60d84362036b121bd49879851ef350d66c501fe5884a87f685e4e8cc7b24c0120ccaf623c0688aaf3cbd5671f7197b569556cc6b767d0e6e26f1de3d8a29c4f4

  • SSDEEP

    12288:tL0NCNEq8/g/KsQxjJU9TP1+MqNXH5axDWaJQsH3ClZFvSpTI70:tYNCNEq8/KKsQB2FAMqNX5gWaesHSlZM

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Loads dropped DLL 55 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 8 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • NSIS installer 2 IoCs
    installer

Processes

  • C:\Users\Admin\AppData\Local\Temp\f154c92cb4e9af2c71399ad3a290a0a7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f154c92cb4e9af2c71399ad3a290a0a7_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2084

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Program Files (x86)\Antispyware Soft Platinum\avsuite.exe
    Filesize

    1.2MB

    MD5

    8a4d47afda64a151cfa636723fd50526

    SHA1

    1741acf900fe7a330aa575a62c4fa86c7866f6b3

    SHA256

    ba3b714cf4c1682f58add63ece7f1d6339389364af30dcd7b37bb062466fb05b

    SHA512

    8dbe42ff3b2393ec199fe8ed1877887f5ad0f46b0e24aa62e404879230394015807e48f6583eee7a91a825f396cb8fa396469c105b0adac3a1fc7a73d2a58ed4

    Download Submit

  • \Program Files (x86)\Antispyware Soft Platinum\uninstall.exe
    Filesize

    41KB

    MD5

    f2656f62f52556cbaa8fe63cc51c5d73

    SHA1

    e1cc49f855bb98996ab49caac77cd015569ac024

    SHA256

    2e100548df26b77c4bf3a930023daf36173a04b8242fd7d0f7132e352931e4d2

    SHA512

    e766a0734178530268671432fdcddf22d9913f1eabe964af48d7630dd0a3a8fb9613ea7b3f6ffe9fb3568889d954d2f20c865a0163344cdb55e7419402a0dd1d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsoC4B7.tmp\AccessControl.dll
    Filesize

    10KB

    MD5

    055f4f9260e07fc83f71877cbb7f4fad

    SHA1

    a245131af1a182de99bd74af9ff1fab17977a72f

    SHA256

    4209588362785b690d08d15cd982b8d1c62c348767ca19114234b21d5df74ddc

    SHA512

    a8e82dc4435ed938f090f43df953ddad9b0075f16218c09890c996299420162d64b1dbfbf613af37769ae796717eec78204dc786b757e8b1d13d423d4ee82e26

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsoC4B7.tmp\inetc.dll
    Filesize

    20KB

    MD5

    134b93f8bd1f82cd2f1b06c878580703

    SHA1

    29cdbce7a2caf1f7e4d2a139c42336d490074665

    SHA256

    45153adf50541316468e2b189a0f8127be9fb29e2f920e7eeaa6aceb438db8c4

    SHA512

    f970c38debb6631dab7369e2bc96237f16a8fd328d9d35a2b54cb688e1807f62cc6d63230afe89ce5c3945097ae4466872c72929a9623adde3ee57bddf54b692

    Download Submit