Analysis

  • max time kernel
    104s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250502-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250502-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/07/2025, 17:56

General

  • Target

    JaffaCakes118_1c752cb2457cc6ae008107a07b440e38.exe

  • Size

    18.6MB

  • MD5

    1c752cb2457cc6ae008107a07b440e38

  • SHA1

    94697a2c0fcbecf11dda0212fe32a21f288f0978

  • SHA256

    62626c0f30cbb661ed1a8293b886783febd64bafc163536ff3f16b9ab62ff3b9

  • SHA512

    f2190dbdda2e67d8ea774e079320c67bf9a6cddc647c1cf437b6ea19aa8238ca52a5cb632032b9936383eb09970daa67b61600c413e99db1026cf9484cd1d802

  • SSDEEP

    393216:bI1phJ2jcWxzTagKuXh/JGr7jZ1tFFwLY90qY3wRmTabd4:bWhJWcWxz+aXRJyBz+U

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 13 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c752cb2457cc6ae008107a07b440e38.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c752cb2457cc6ae008107a07b440e38.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:5548

Network

        MITRE ATT&CK Enterprise v16

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\nsj83A9.tmp\LangDLL.dll

          Filesize

          5KB

          MD5

          410a586735f45164c86bda363ad8446f

          SHA1

          a68d18a8c72ffaa8f8d9ed9f76ea9b0ed397821b

          SHA256

          b15b1fc88d1b56088b2d3738d76772a91fa186a316a3e0a154358820d0fb9005

          SHA512

          d12083f67df132b2be57c202601a0cf82dba4c234910e780d2723aac14ae68407b824405b04737b55104bc97750550a3271a944d647661b067ce134075e6cc2a

        • C:\Users\Admin\AppData\Local\Temp\nsj83A9.tmp\NSISpcre.dll

          Filesize

          133KB

          MD5

          414124231a0e8a71a820b2c39513c7d7

          SHA1

          8b08717c2c6305a327598f663b17cc5cd60eaefa

          SHA256

          1be9ee2ae3b05441f08987d4ffc4dd8219b020c4c44b6df023c3c259d1da305b

          SHA512

          eab202f56aafb1b4330621bbbdafafc55330ed35216e77c55e882d9057d11e4703eddb8815750ea7c80de7309b0bf12e5ef1a9eb7ddf7624b1b268170a50f2de

        • C:\Users\Admin\AppData\Local\Temp\nsj83A9.tmp\System.dll

          Filesize

          11KB

          MD5

          959ea64598b9a3e494c00e8fa793be7e

          SHA1

          40f284a3b92c2f04b1038def79579d4b3d066ee0

          SHA256

          03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b

          SHA512

          5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

        • C:\Users\Admin\AppData\Local\Temp\nsj83A9.tmp\inetc.dll

          Filesize

          58KB

          MD5

          34aafdcc9ba1a2acc6d6fe9ca347ac7b

          SHA1

          23a4f3ea483d8643d427b29ed92af8253c0d3e6b

          SHA256

          baf9f333f6276ed10cd1c29c619d1e9143e9b751c5a043d8212567333d0aa9cd

          SHA512

          1ded039235005fc6ea3bdbaac2e4d74892188e089d95ddca1486a1c83dba1b67eca72b3e1318adf3d8753a0f3fe805c6df46f9e6f1fef44bc1f469a93f6466f5

        • C:\Users\Admin\AppData\Local\Temp\nsj83A9.tmp\nsDialogs.dll

          Filesize

          9KB

          MD5

          f7b92b78f1a00a872c8a38f40afa7d65

          SHA1

          872522498f69ad49270190c74cf3af28862057f2

          SHA256

          2bee549b2816ba29f81c47778d9e299c3a364b81769e43d5255310c2bd146d6e

          SHA512

          3ad6afa6269b48f238b48cf09eeefdef03b58bab4e25282c8c2887b4509856cf5cbb0223fbb06c822fb745aeea000dd1eee878df46ad0ba7f2ef520a7a607f79

        • C:\Users\Admin\AppData\Local\Temp\nsj83A9.tmp\nsUnzip.dll

          Filesize

          178KB

          MD5

          bde32fc5dcc9d98520c95fc23fa7bc92

          SHA1

          e81891aa3f6e500c33474c21ff324083cbb50fcd

          SHA256

          1fa8f2dfbe9fb83c0660e25e193e5aa09e1d4cd4af4f62e056b2930eb595c4c9

          SHA512

          99b8d5671fe0a6d6b3a660fd94cef91a69f20863bff2faaae686a673c15789d3d52dbc44c9699fa90f13f4af7d1bfb40c6449d73f608d9c6b5c1fffbf29383b3

        • memory/5548-34-0x0000000003E10000-0x0000000003E44000-memory.dmp

          Filesize

          208KB