64da3b90bdbc41d9f7937cf494dd4960d35e30d72c6966213875963e746e2ae7

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
31/05/2024, 20:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8839025bde48787c1542a9ddb1a8e97a_JaffaCakes118.exe
Size

1.2MB
MD5

8839025bde48787c1542a9ddb1a8e97a
SHA1

b2914a5f11ee2c3dfde82b5e07055a9505cf6bf6
SHA256

64da3b90bdbc41d9f7937cf494dd4960d35e30d72c6966213875963e746e2ae7
SHA512

e5091ee40859e55aedce10a5b30e2d4b6d6467a7a2e8eedcc09ca55c67985536b645cc2f543f491f808f31469258e00f09264577c7d6b81b0ad24836012837cb
SSDEEP

24576:U53uhFARwThROvpdWyR70KlIKURHGbpVCN/0KdG+Rby:U5+hFVEvSGI4I9GnCqKkc2

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1812	8839025bde48787c1542a9ddb1a8e97a_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1812 wrote to memory of 3032	1812	8839025bde48787c1542a9ddb1a8e97a_JaffaCakes118.exe	28
PID 1812 wrote to memory of 3032	1812	8839025bde48787c1542a9ddb1a8e97a_JaffaCakes118.exe	28
PID 1812 wrote to memory of 3032	1812	8839025bde48787c1542a9ddb1a8e97a_JaffaCakes118.exe	28
PID 1812 wrote to memory of 3032	1812	8839025bde48787c1542a9ddb1a8e97a_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\8839025bde48787c1542a9ddb1a8e97a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8839025bde48787c1542a9ddb1a8e97a_JaffaCakes118.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1812
- C:\Windows\SysWOW64\mshta.exe
  "C:\Windows\System32\mshta.exe" "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\run.hta" --sfx "8839025bde48787c1542a9ddb1a8e97a_JaffaCakes118.exe"
  2⤵
  - Modifies Internet Explorer settings
  PID:3032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\DriverPackSolution.html

Filesize
2KB

MD5
1e439059cc7e659515fc9c7f63ce9cec

SHA1
c1acb5f714097f0cdc0029bcacd845e2fe53422d

SHA256
f101ec502b86a905bed7245a8ffb649534bafc118235973a4a6bd526b164c9a8

SHA512
e6efbc6ac7eb8c01260459a1ecb3575d064aab963fc8a23a6801f1ce686cabe16e92c0630a04db722c25379ae31a6ba92c93b3a51378635ae69ab1a82af36338

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\config.js

Filesize
1KB

MD5
914d63f1e91941815c854684a3830a09

SHA1
48993ed674a74346cd8056a66d5879ff4e3eb974

SHA256
24f7fae628761605d9ff51314dc87a6bb417623f14fa93647568ab396383c2ce

SHA512
8ef70a554a8ce405cd51d4cee0b195e059f63f44f8dfe463c09fceabbfb4f99161388dee0235df2e9a05fef5fdc1eacbdbc4ec89f4150b38bc247d1d82a0632f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\css\custom-control.css

Filesize
10KB

MD5
a4abf0bb03d5f5e78b03a07ad395b44b

SHA1
db95841a366f3f41141ddf6e63f02a2bff8ac059

SHA256
f16936215c5068a55ffc87342283362bacdd16488c5d4baeee929af867d263b2

SHA512
9ae07d70123a5c23e40f46346e55bed8b65ce33531ee234132ae9b24adbb40f88b00f2e351dd89ad1805ef030e5ad1d8508f871c5185748f4e40d4dca8f94bb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\css\fonts\DRPicons\DRPicons-webfont.eot

Filesize
7KB

MD5
d85a00ccb58d531afd9ad80a067fbf0e

SHA1
0a3c0cfea5b9c0fdd5f17a1df49cb1512316330d

SHA256
0a04d85875091cc334f63b90c8ccfa0838f20023945d949296363369066870e3

SHA512
bce1796d0c71291cb779e2e99399a213b030663d5968330932b4a059ba48f3679e2df9e9c84201efb090a44b499bc5f46d174ad40b4b1d3afb5df5d2f3299261

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\css\fonts\Open-Sans\opensans-regular-webfont.eot

Filesize
40KB

MD5
88a9c629f26f8563a72eac95cb0744bc

SHA1
484bca13532678133dc14a668c580be2c1346526

SHA256
3ae576bfa96d7cf6614c8c97290c7abe03191a8ceb0c837a21e7ffe70d66ca62

SHA512
b4cdaa3a5a46ef368e9138c9874aa1173b466bc660d5bbbd13fc3f10f509cda9af151a2667ecd079935d60992b1436f6d5843ced5a063769e19e67f84c402af9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\css\fonts\ProximaNova\proxima_nova_light-webfont.eot

Filesize
61KB

MD5
ee9163c34f600221169f8ff531e97182

SHA1
57f0b2c837c94f2a0df47ee62b4639fd6426bfa0

SHA256
53f30a622db68cebe92dbd384cc292aef13ad7e3349a10a77c29326e10634c21

SHA512
d51e2a5f6df706eaa2c5ffa071a9a9c08e58a30b4af64a1ccbe81f8e9c38f20429df665cabaf295129490afc639b7e19c0fced428610a284a17899c3290904cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\css\fonts\ProximaNova\proxima_nova_semibold-webfont.eot

Filesize
65KB

MD5
044aa0b596161750cb58aca15c52cf38

SHA1
d40e645b34188a54d909fa40f7eddeefb8b9df03

SHA256
790579e11608136663d073bc6f99848c04b4dcd69216df7daf5be00df573a3fd

SHA512
1a3b3abc614a7ddf673e34a936de63809f8c18a86409364b2bbdeb608fbcd845095ba7cfb34a0826e2ac18cfc5ccd4d47d4bfa13fae3caba7fbc4470d36c8086

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\css\icons-checkbox.css

Filesize
444B

MD5
3be98220035017d9b818f3cc94f87587

SHA1
bc07f11d0a59f942ac942dba02214a7041ad6e3a

SHA256
cb134dcb95a407795c671a512c389894d3525fba3f6a2168fc5b9b7e875e78dc

SHA512
d2e7d57cb7b7e771c82c75a04fbfb86ebecbb409ecf2c5666aeaa99695474a7985e3367f6a5b3d4ac59f775f60fb084efa9bdda99ce3c077df2690a5f0a6b1d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\css\icons.css

Filesize
509B

MD5
ebae852f3327fdaf3e2fc2bf1cdecb8f

SHA1
f9753fe176069974fc9bce49eae877745282e183

SHA256
b5f111103f7f090c246a223b1ff497b94c4dd3ac64bf5b3fb2d91555fcfd6f2c

SHA512
bf8e7c5db7a1eacd4344d5facfee1cd66e883389b53bc28e4e387cdb67ea40ee26266ba4282e50eb50a7bc3c810d9fdbb50792a46135761b2e8ce52ddc9e394a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\css\normalize.min.css

Filesize
1KB

MD5
e8908cf9cb9504b285327d240187f53b

SHA1
20eadf1695eb38bcd92d1706de5335db61b96502

SHA256
86235e2c477078adfe1188d07ca1e5d8198443aaf2436de1785a169f3e1d5463

SHA512
9c828e8942d40da89f33d1db459a7fc12621660331bef307df8649e89758e76b044bf97a2cd36d656915e19a8b04f571cdb61d7cb6f926a3ba151ee67bbcdc4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\css\open-sans.css

Filesize
1KB

MD5
9ed298542b45ef98492e159f68e89f48

SHA1
c4521d9a5dff8a71804c40a909378e8eb5bd66c2

SHA256
b9bd51ae6ccc7df20417e0ef341295b86bf8f74f6e235ee99ddefd675806f47f

SHA512
1c7d5b378d6c627fbbef864035b157c3e7647b699a50d64f6ebf22faac38bf774e0c025bc8dd4ecc9bde7b377b729bc89bf6fbac4d2409240e2d03753cfe680e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\css\proximanova.css

Filesize
1KB

MD5
cf0c65f6d17307ccd7914e984ac86a6f

SHA1
4fcef85545731123eb5e3e1886817f8014f22e21

SHA256
58a658fd04bb4aa2ff90ff7125ca6e1775b1a9d053e2cfa44b8697990f9f134e

SHA512
0f171b8839385cd192d10c5c06e1b2284e6f2d7d74b9a9d7559252d1b63b8f94c670aa5225e80a5dce9056e92e0fd1506754c6f94b74703a02b7c4687d4976ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\css\roboto.css

Filesize
1001B

MD5
f5f5b5e4955262430e7b496247425d2d

SHA1
d4bea186a0d525ce3060e8dd7901311ae4a0735a

SHA256
2537efe2fb974f58cddbc99abfcd7aed6e9df81992eed3e528b5f1748167b8fa

SHA512
16a7ec3d95ed773a0a1ce2c2dc4430677106f0d1042e34cb39ed48f4a495f637ec3eefad05a4ebbddbea71a67e933fa0b56e6beef69700c6e3ac9cda9c17e7ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\css\style.css

Filesize
709B

MD5
d36473e5c8d58add924d4f241ecc00d1

SHA1
ebeabc55013a17eba0e73fb19d6088986c57f4cb

SHA256
9b2762816d20460b368a41060722d2e05aa4cd8256b8bdf698c93ffd3cd0cc65

SHA512
e3239e4c0805a5dfa85171acdb508ece63899e57639c0f4e01d2059dd256366363d5644fbaea69153bccbc4c0c8b0a1f7e0faa6adbd90308b1febc3aae70dc19

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\drp.css

Filesize
6KB

MD5
5f31c30848b4e69d780d9e107ef6618a

SHA1
6ade684cdc410fc64ced65e5e9339f30a4f61342

SHA256
2de8e627dc32a3e096064c6f8a5cf1c6e57bd41557a654f2aa1286858de33be5

SHA512
7a1ea1d3ee7b3efcd7dc4ded43f294643a3fbfbcc1fcd29b62cddd3bc4ad7fa6621ea779f9c5d4b79880da8c773a95a721bc4deb9a96aafb9b12ae49ca48a444

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\drp.js

Filesize
1.0MB

MD5
b636d2725d4239d87a14fd8d19d2792f

SHA1
f343438eefe6d7b98e1bcdacd89c09c81cd49c19

SHA256
8f9039e378674d5843f16fb005faf0cc8c3656e1ee204b8494aefb6c629bb9c2

SHA512
242b0ce766028a94172ab94842e5bf265dac50efcc163a32b65bbc63f5ea4fbabd14365278494a999c58f1d4f50927046ed2732fbed2ca773b32688c83ffa2bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\img\header\header-logo.png

Filesize
2KB

MD5
feb0873e77bc17f1001a4f1e06440077

SHA1
dda0f3421fc7f7de92fd2310c676f4108160e07d

SHA256
01413d65b24f54adb0356ae49d2af9d8b7176a34f1e64dc7e5528500c4648dda

SHA512
1e441736bd88359c227cb85cf09d07b8f2997a66967fe86e4736be6849c8421729dbebca641216d73445e949a1a8da4c01d8e5cec687d3f61d92e816a7bca8b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\img\softpack.png

Filesize
6KB

MD5
a56e2773dd76be704ee19b93a6ca73c8

SHA1
0a0da8fdc26826ce08711736cdfd323693e8adcc

SHA256
aba8fda0b76567105e5523a6ffb532fd519360f4afd1e88c347dc6858ae5a54b

SHA512
7a292f98926175b95bc3bf8132d7ad2fce1671df05a3a567f879bbe03a2393ccc9bc3ce581801b90bf3be4cb8ec1d981193dd485ab8d198893a95698b5faf074

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\languages\en.js

Filesize
941B

MD5
5d16ce172ee30af57c67970404346194

SHA1
1f792570b77b9e91eda328759ddb3421b72b3ea5

SHA256
12a6cb07c10ad7fe7e003d96306852e6aa8ad4adc2c924d6d070e6c0a82d3d04

SHA512
dd822d9b717186dfea6f9b054ae98d7e5df7e9c2e19d1cf7e25149c63b7891689c8b1e194eaec2ea02f8b6f82eae158d3e91bea739571c20e8865f1217a17516

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\packageData.json

Filesize
90B

MD5
145ddfb679078efec58b8a7168002d23

SHA1
449a8b37aae318cb8d31a333a9b337200ea16d16

SHA256
d013d598d8a8ab02c5912e742c21b537d7a18ab94991b9f6cfe4d807e49f26ac

SHA512
bc9a580a97012bd90469bf39e1da5f11e487f8b565d2868458e898363b0bfe76a99c449ad42abe83ecc9f30c32be44298fa53307320025d8cc4d82c5a52edf82

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\run.hta

Filesize
2KB

MD5
293b3999e5f735e5a6e0b89b96d9e42b

SHA1
f58517464e9a49536b50f53271f3b9f31edce8fb

SHA256
5f3e3734d33ebfd1f9b5d967eecc977d3671a9025b9b29e0ed8c6fa1c1bb8aa9

SHA512
c08d0a05cb109753755552f2fd1cd2ddc238783bc53f8ddfb5a9db207ab8140649b99bf09d72bcc80678becde74583107673bb2a228ead904007bd2eecf36d64

Download Submit