Overview
overview
10Static
static
10JaffaCakes...7c.exe
windows7-x64
7JaffaCakes...7c.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$SYSDIR/98ipcap.bat
windows7-x64
4$SYSDIR/98ipcap.bat
windows10-2004-x64
4$SYSDIR/msvcp60.dll
windows7-x64
3$SYSDIR/msvcp60.dll
windows10-2004-x64
3$SYSDIR/npptools.dll
windows7-x64
3$SYSDIR/npptools.dll
windows10-2004-x64
3bin/DLmode.dll
windows7-x64
3bin/DLmode.dll
windows10-2004-x64
3bin/DelEntry.exe
windows7-x64
1bin/DelEntry.exe
windows10-2004-x64
3bin/Main.exe
windows7-x64
3bin/Main.exe
windows10-2004-x64
3bin/NetKeeper.exe
windows7-x64
3bin/NetKeeper.exe
windows10-2004-x64
3bin/NetKeeper.exe
windows7-x64
3bin/NetKeeper.exe
windows10-2004-x64
3bin/Updatemode.dll
windows7-x64
3bin/Updatemode.dll
windows10-2004-x64
3bin/bindconfirm.exe
windows7-x64
3bin/bindconfirm.exe
windows10-2004-x64
3bin/bmpres.dll
windows7-x64
1bin/bmpres.dll
windows10-2004-x64
1bin/detector.dll
windows7-x64
3bin/detector.dll
windows10-2004-x64
3bin/doload.dll
windows7-x64
3bin/doload.dll
windows10-2004-x64
3Analysis
-
max time kernel
104s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20250314-en -
resource tags
arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system -
submitted
29/03/2025, 17:23
Behavioral task
behavioral1
Sample
JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20250314-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20250314-en
Behavioral task
behavioral7
Sample
$SYSDIR/98ipcap.bat
Resource
win7-20241010-en
Behavioral task
behavioral8
Sample
$SYSDIR/98ipcap.bat
Resource
win10v2004-20250314-en
Behavioral task
behavioral9
Sample
$SYSDIR/msvcp60.dll
Resource
win7-20241010-en
Behavioral task
behavioral10
Sample
$SYSDIR/msvcp60.dll
Resource
win10v2004-20250314-en
Behavioral task
behavioral11
Sample
$SYSDIR/npptools.dll
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
$SYSDIR/npptools.dll
Resource
win10v2004-20250313-en
Behavioral task
behavioral13
Sample
bin/DLmode.dll
Resource
win7-20240729-en
Behavioral task
behavioral14
Sample
bin/DLmode.dll
Resource
win10v2004-20250314-en
Behavioral task
behavioral15
Sample
bin/DelEntry.exe
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
bin/DelEntry.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral17
Sample
bin/Main.exe
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
bin/Main.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral19
Sample
bin/NetKeeper.exe
Resource
win7-20250207-en
Behavioral task
behavioral20
Sample
bin/NetKeeper.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral21
Sample
bin/NetKeeper.exe
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
bin/NetKeeper.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral23
Sample
bin/Updatemode.dll
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
bin/Updatemode.dll
Resource
win10v2004-20250314-en
Behavioral task
behavioral25
Sample
bin/bindconfirm.exe
Resource
win7-20240729-en
Behavioral task
behavioral26
Sample
bin/bindconfirm.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral27
Sample
bin/bmpres.dll
Resource
win7-20241010-en
Behavioral task
behavioral28
Sample
bin/bmpres.dll
Resource
win10v2004-20250314-en
Behavioral task
behavioral29
Sample
bin/detector.dll
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
bin/detector.dll
Resource
win10v2004-20250313-en
Behavioral task
behavioral31
Sample
bin/doload.dll
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
bin/doload.dll
Resource
win10v2004-20250314-en
General
-
Target
JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
-
Size
15.1MB
-
MD5
8d08d410e92bb112cff5dcc9707c637c
-
SHA1
1099feb83a927497f1f5500e0503d761e837d3fa
-
SHA256
88e6926483429d26ff92654a1c9f1977d30c577654cad7e733e4d916413f6b96
-
SHA512
aca4166a240e2d3a54ad3a75c05cc72a6bde4d67e7490aedd226c94667c6b63523b992aa5fc5dda73e8da0fc87571b8e143d5cabfa87b09abb8b2c7d51ed3fae
-
SSDEEP
393216:lwUN2fk34EjfYob8H+KzpyruFDJgb26M0jhWlk:lwnBQY48HCuFDJW2Book
Malware Config
Signatures
-
Loads dropped DLL 2 IoCs
pid Process 5584 JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe 5584 JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
12KB
MD51e8f2fefe3ce893b117b26948b8978cb
SHA159cfc6c3f5716e91609e54ca80ae8b06c93ef8ab
SHA2568203ae1589a50e6ff012e5d27bdd4f8ed7506077ca9b052827f5e90aaeb98519
SHA512b3c36e1aa5d3ee5f482f4175a7d6fe10cf2bf3bd3423ab4266d11c4181cfbc7e3f66a30855034a8ec026a4d5987598f0116e98519b7445d9e5687bcbab2c0e5c
-
Filesize
10KB
MD510c44246d99a1c2e5f5e6b52b111a63d
SHA10f41da79c3e789f4ae38738e3a5d73c538f8af4f
SHA2567a24883bdbf08ce90938094b6ab6f09a842af10b18b8ae4d70da2e6b806490b8
SHA512e5b0fa27cd02a67be5eb9c63646621d3e9ccfada98659c50dee8310a58ce12e1a6a059788b85f0f440067ed7e281a0e1a526b9403993b9000f91a51bfbb50da3
-
Filesize
577B
MD5982966ee98b35361ee4b79353480e5ac
SHA1fdacadf0ba8c229928342cf0b6ce071f2da26403
SHA2564aff05a6067b65e89459c0f20a22abb3665f7cc01c33ad11b2c4f9389f1a1f2d
SHA51230d28483c34826e9e6c3ec1a638cec9d9c484e9a6a515a19f2069b0fe5bb8afff850a8487e0f85bdb98bb582e323ed821751a56efe68564aed9ea58d187fbac9