Overview

overview

10

Static

static

3

28d5cae120...18.exe

windows7-x64

10

28d5cae120...18.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

chrome563036112.html

windows7-x64

1

chrome563036112.html

windows10-2004-x64

1

status.js

windows7-x64

3

status.js

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-05-2024 07:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    28d5cae120eb97ac6e08c6a1edc8cf11_JaffaCakes118.exe

  • Size

    895KB

  • MD5

    28d5cae120eb97ac6e08c6a1edc8cf11

  • SHA1

    04a6c0c5ea7eaebddccfeb9addf7afa783f7b613

  • SHA256

    03393a11aa1e7181da6f87842ebfac11c1b61bcb46b5b9439e852fa217f4fcd1

  • SHA512

    fd29fa2a73f5ea6851a8ee7a2c49c070b8c3a6b8cfe373aeea9a67f408b5ecff1a2062557f167001e0070f297238323f0afdca9fe002c52fd321632d2f9bbc32

  • SSDEEP

    24576:6ulGEbLgBhrWwKrYUfexiRFU9q51c7vHITEACj:6udg46iRFUWyroc

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\28d5cae120eb97ac6e08c6a1edc8cf11_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\28d5cae120eb97ac6e08c6a1edc8cf11_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:4996
    • C:\Users\Admin\AppData\Local\Temp\28d5cae120eb97ac6e08c6a1edc8cf11_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\28d5cae120eb97ac6e08c6a1edc8cf11_JaffaCakes118.exe"
      2⤵
        PID:2368
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 900
        2⤵
        • Program crash
        PID:2440
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4996 -ip 4996
      1⤵
        PID:3156

      Network

      MITRE ATT&CK Matrix ATT&CK v13

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\nsl4910.tmp\System.dll
        Filesize

        11KB

        MD5

        3e6bf00b3ac976122f982ae2aadb1c51

        SHA1

        caab188f7fdc84d3fdcb2922edeeb5ed576bd31d

        SHA256

        4ff9b2678d698677c5d9732678f9cf53f17290e09d053691aac4cc6e6f595cbe

        SHA512

        1286f05e6a7e6b691f6e479638e7179897598e171b52eb3a3dc0e830415251069d29416b6d1ffc6d7dce8da5625e1479be06db9b7179e7776659c5c1ad6aa706

        Download Submit
      • memory/4996-14-0x00000000026F0000-0x00000000027BE000-memory.dmp
        Filesize

        824KB

        Download
      • memory/4996-16-0x00000000026F0000-0x00000000027BE000-memory.dmp
        Filesize

        824KB

        Download