Overview

overview

7

Static

static

5

JaffaCakes...5c.exe

windows7-x64

7

JaffaCakes...5c.exe

windows10-2004-x64

7

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PROGRAMFI...360.js

windows7-x64

3

$PROGRAMFI...360.js

windows10-2004-x64

7

$PROGRAMFI.../3.bat

windows7-x64

1

$PROGRAMFI.../3.bat

windows10-2004-x64

1

$PROGRAMFI.../3.vbs

windows7-x64

3

$PROGRAMFI.../3.vbs

windows10-2004-x64

3

$PROGRAMFI.../q.vbs

windows7-x64

3

$PROGRAMFI.../q.vbs

windows10-2004-x64

3

$TEMP/SeFa...01.exe

windows7-x64

6

$TEMP/SeFa...01.exe

windows10-2004-x64

6

�...��.exe

windows7-x64

6

�...��.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    100s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    28/03/2025, 16:30 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_8ad5786bd8973d15d926e4fd2d4d9a5c.exe

  • Size

    969KB

  • MD5

    8ad5786bd8973d15d926e4fd2d4d9a5c

  • SHA1

    8ee7846bab2b6a2b5ef518f6200f9d06762ff1d3

  • SHA256

    a2e9381c96ebfac40bf1c3e471d157397d526f5fcd44e2b911460ad493dee4fa

  • SHA512

    4a79d9bda26c14f41d8bbb09a65beec07c05541a0de3d64b5c30b1454708ba63b31d73002fda3f80590d76aa416bd991070e74422051ad2f2afbfd355899d314

  • SSDEEP

    24576:xUP3DQ1pFy9U83Zn8tnc56FctQj5K/jtZrXPz:OPDQ1Ly9AtncRQdK7tZ3

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8ad5786bd8973d15d926e4fd2d4d9a5c.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8ad5786bd8973d15d926e4fd2d4d9a5c.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2124

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nsjFD34.tmp\System.dll
    Filesize

    10KB

    MD5

    2b54369538b0fb45e1bb9f49f71ce2db

    SHA1

    c20df42fda5854329e23826ba8f2015f506f7b92

    SHA256

    761dcdf12f41d119f49dbdca9bcab3928bbdfd8edd67e314d54689811f9d3e2f

    SHA512

    25e4898e3c082632dfd493756c4cc017decbef43ffa0b68f36d037841a33f2a1721f30314a85597ac30c7ecc99b7257ea43f3a903744179578a9c65fcf57a8b7

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsjFD34.tmp\nsDialogs.dll
    Filesize

    9KB

    MD5

    c6284e23cd7e4d11db8298deb4541083

    SHA1

    e338686c7579620383ab8cc5a51bbb8d846f60cf

    SHA256

    79914940cbbf70a385f13a9970a9d577d7a7e07d240fe44563b45a472cd4bc3f

    SHA512

    72103e470d770fb402a18e975ff339526a3e4c9aeb8fac1b0977995a6eace0eca965b1915404df9b5a25b59628db1b199d2b9b10372841309c137054356a5cd7

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.