996e6000cebbcd231bb0ffb7c9dbe528c556d9e0081d38ecae0a6a10d432ce7d

Analysis

max time kernel
93s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2024 12:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1a2bedd15436c6bf168ca435bfc7e9fa_JaffaCakes118.exe
Size

3.2MB
MD5

1a2bedd15436c6bf168ca435bfc7e9fa
SHA1

10b20ee762c52bc68f010d57ea14262430a6313e
SHA256

996e6000cebbcd231bb0ffb7c9dbe528c556d9e0081d38ecae0a6a10d432ce7d
SHA512

fab563f86a9151550d7d0344e7f98e23713c530f76f8f3cf769d1a2727f1de6727449e83533271645eb8a2b6152abc9fd82400bfa9211a0de98ab75e7ccfe669
SSDEEP

98304:KAXTR4Iqr84H0piOVlOkEECzZWygXjuVQm5c2kTekBez:tOxVH1OHOkEvXMSVd5cV6Oez

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

Processes:

1a2bedd15436c6bf168ca435bfc7e9fa_JaffaCakes118.exe

pid process

1620 1a2bedd15436c6bf168ca435bfc7e9fa_JaffaCakes118.exe
1620 1a2bedd15436c6bf168ca435bfc7e9fa_JaffaCakes118.exe
1620 1a2bedd15436c6bf168ca435bfc7e9fa_JaffaCakes118.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

1a2bedd15436c6bf168ca435bfc7e9fa_JaffaCakes118.exe

pid process

1620 1a2bedd15436c6bf168ca435bfc7e9fa_JaffaCakes118.exe
1620 1a2bedd15436c6bf168ca435bfc7e9fa_JaffaCakes118.exe

pid	process
1620	1a2bedd15436c6bf168ca435bfc7e9fa_JaffaCakes118.exe
1620	1a2bedd15436c6bf168ca435bfc7e9fa_JaffaCakes118.exe
1620	1a2bedd15436c6bf168ca435bfc7e9fa_JaffaCakes118.exe

pid	process
1620	1a2bedd15436c6bf168ca435bfc7e9fa_JaffaCakes118.exe
1620	1a2bedd15436c6bf168ca435bfc7e9fa_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\1a2bedd15436c6bf168ca435bfc7e9fa_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1a2bedd15436c6bf168ca435bfc7e9fa_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1620

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsh64C6.tmp\InstallOptions.dll
Filesize
14KB

MD5
0dc0cc7a6d9db685bf05a7e5f3ea4781

SHA1
5d8b6268eeec9d8d904bc9d988a4b588b392213f

SHA256
8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c

SHA512
814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh64C6.tmp\WebCtrl.dll
Filesize
5KB

MD5
418a34a689d5f9bb85fc951168749edb

SHA1
0b75ce26883e12944abdbb67c143000fd0905d6b

SHA256
915322078d1f8eb278250f446c1960e1555ffa0f8dcd048a48ed32fe7f5a5b3f

SHA512
9aabb74cfd37cbda4718077ba76c7906e0f3ab5949e99f9d800fb1952757a60cabe29413f054f62e2887ff57aeb9d355532fd1662ebf3a523a500b20fe702b90

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh64C6.tmp\ioSpecial.ini
Filesize
657B

MD5
4b85cb4d9d3c72b5c1e118655ac6ba8a

SHA1
8701c38843ba5ab77f00b8be8bddd3a476100611

SHA256
1b32477c482eca650131fc3aa5612bc883e918971e1dedd3fff83e8381eac877

SHA512
2ef4e0ab40a4b78afff69546b93d3be5a5d655278d4db15f4576c14b1a4a8d42ced77042edc4f58a632d49309353688a9ae98803ff13ba79abd4e06e62ae464b

Download Submit