Analysis Overview
SHA256
103735dcc14bab45c670f5a6f50aa9d23479c1a487812cb63d0ef32931e69a31
Threat Level: Shows suspicious behavior
The file 93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
UPX packed file
Reads user/profile data of web browsers
Drops file in Program Files directory
Enumerates physical storage devices
Unsigned PE
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-04 00:06
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-04 00:06
Reported
2024-06-04 00:09
Platform
win7-20240221-en
Max time kernel
148s
Max time network
153s
Command Line
Signatures
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\PROGRA~2\is259433172.log | C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe | N/A |
Enumerates physical storage devices
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2768 wrote to memory of 312 | N/A | C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe | C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe |
| PID 2768 wrote to memory of 312 | N/A | C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe | C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe |
| PID 2768 wrote to memory of 312 | N/A | C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe | C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe |
| PID 2768 wrote to memory of 312 | N/A | C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe | C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe" /_ShowProgress
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | os.coolflvplayer.com | udp |
| US | 8.8.8.8:53 | cdneu.coolflvplayer.com | udp |
| US | 8.8.8.8:53 | cdnus.coolflvplayer.com | udp |
| US | 8.8.8.8:53 | os2.coolflvplayer.com | udp |
Files
memory/2768-1-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2768-0-0x0000000000401000-0x000000000040B000-memory.dmp
memory/2768-2-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-5-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-6-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-91-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-92-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-94-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-93-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-95-0x0000000001C90000-0x0000000001DD3000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ish259431394\bootstrap_34515.html
| MD5 | 1ea9e5b417811379e874ad4870d5c51a |
| SHA1 | a4bd01f828454f3619a815dbe5423b181ec4051c |
| SHA256 | f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a |
| SHA512 | 965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa |
C:\Users\Admin\AppData\Local\Temp\ish259431394\css\sdk-ui\progress-bar.css
| MD5 | 5335f1c12201b5f7cf5f8b4f5692e3d1 |
| SHA1 | 13807a10369f7ff9ab3f9aba18135bccb98bec2d |
| SHA256 | 974cd89e64bdaa85bf36ed2a50af266d245d781a8139f5b45d7c55a0b0841dda |
| SHA512 | 0d4e54d2ffe96ccf548097f7812e3608537b4dae9687816983fddfb73223c196159cc6a39fcdc000784c79b2ced878efbc7a5b5f6e057973bf25b128124510df |
C:\Users\Admin\AppData\Local\Temp\ish259431394\css\main.css
| MD5 | 67c969a4e52643367ede75f5f532c53b |
| SHA1 | b8fd0d25312b7988b69741c24c483077c4c04ed7 |
| SHA256 | 159cc6cd282a1ae07acd355c5c0bba831002af9878d4657d539dccc452d926c9 |
| SHA512 | 248c8e0905be0db5e3f1b1c76fc67c64c37ec6262c4d664190ac05983256bdd613af73cda674d29bb26587f6dcc57117649b3616e3561ee6209ff4b1fa9ff695 |
memory/2768-114-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-116-0x0000000001C90000-0x0000000001DD3000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ish259431394\images\Close_Hover.png
| MD5 | 62d7273f7bfd374313f6fb0155b2e7f7 |
| SHA1 | dcc738108fa120a4d8ec47ff3e6e71c336c59c16 |
| SHA256 | 8c7b475a063df4c3a3aaa79c26010eddc3259ab91d8ed904a539e17eea8e5caa |
| SHA512 | 76b316228fefc32424236019e931626611e9b50944960ded528a1e7f6c33b102f9f1326d758411b65fa3c96e99de222324ae3bc85989435da434005245d25a0b |
C:\Users\Admin\AppData\Local\Temp\ish259431394\images\Color_Button_Hover.png
| MD5 | 5cd0b8eeca192b93361d0b5d53c694f5 |
| SHA1 | 1de3542d5642e0ce08c374aac7055494d4c70a08 |
| SHA256 | 75918837bf5071469eb7faf5adfcfc192832d1896428bcac21b5ae0475aa2cc9 |
| SHA512 | cadcc46b628919e50a936c6ec9461383e7fcdd66f48c60b8c1200a5151178610092418c8feadbfb8f9e56b8f32225fe1fccce7a0871af64c8211b6f9072e6f0a |
C:\Users\Admin\AppData\Local\Temp\ish259431394\images\Grey_Button_Hover.png
| MD5 | 7af396fe907f2279c7be2f45c4a71f68 |
| SHA1 | e2915cd58658e004a528d6afb41a719e2f8bc906 |
| SHA256 | 79aaaa8a2c4196a8fe5608ed9638c02febca9a5f01aaccd024741543893c10a7 |
| SHA512 | 4b32408f9f8e101f93150fa991bbf7048b87d73ef284f1ab6b70e377ddf4dbd55d256a8be303f1a687b2b5d072444bd80fcf4905417524392dc4406157a5bdde |
memory/2768-133-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-134-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-132-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-135-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-136-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-137-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-138-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-140-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-139-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-141-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-142-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-143-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-145-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-146-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-147-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-149-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-152-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/312-154-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2768-153-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-160-0x0000000001C90000-0x0000000001DD3000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ish259431394\images\Loader.gif
| MD5 | 57ca1a2085d82f0574e3ef740b9a5ead |
| SHA1 | 2974f4bf37231205a256f2648189a461e74869c0 |
| SHA256 | 476a7b1085cc64de1c0eb74a6776fa8385d57eb18774f199df83fc4d7bbcc24e |
| SHA512 | 2d50b9095d06ffd15eeeccf0eb438026ca8d09ba57141fed87a60edd2384e2139320fb5539144a2f16de885c49b0919a93690974f32b73654debca01d9d7d55c |
C:\Users\Admin\AppData\Local\Temp\ish259431394\images\Grey_Button.png
| MD5 | 377a4cc417c35e8bca043b5fa45c76f4 |
| SHA1 | bba1d0a63c01c777536008dc177e8c8e3d1f3d0a |
| SHA256 | d6476ab7dab6839357bda90d337593833f42b95f474ee358db9ddcd5b689c2c5 |
| SHA512 | b6a5d34089d830ba39194d7a40b7f394609b5dd4c3297f9e168f66d41e8ca29ef84cb46a3dc59ca305235e8ce33fb0c52766056fede28405b9f78f2382d1b4e8 |
C:\Users\Admin\AppData\Local\Temp\ish259431394\images\Color_Button.png
| MD5 | 4bc69253486ba5f9a9b7ef5c6cdf44ab |
| SHA1 | d837c6bb223d954f50f0f5a99c30f15ff346410a |
| SHA256 | 786b492a45057f4019e0bdf71aa351b4b880f101ec77be50a0da0ae5898d379a |
| SHA512 | e43f5ab251de650aba16f601e6d7312e4d6c90dcd500b8c7ca24cd8d87acf52722d7eb05719f734e29b6f937d2eeb5d39ccaffd50f47864bf390d6509c15d7de |
C:\Users\Admin\AppData\Local\Temp\ish259431394\images\Close.png
| MD5 | 60e7a3f760637dd125a1150474e7f6bb |
| SHA1 | 46e4b53480dd7b3db532e3511a7ad3b9e99b2f48 |
| SHA256 | d244e6d623fb3706340ead5491bb61663e5d53a3f7d96d4b613175c875c42184 |
| SHA512 | d279b197d330c4fe7de5e891b45e60273b603d58c84a502461ba2edf008ed51e6bcfd8768a74ee95bc9558bcbe8294f9f759c188327f7c54b1483d1072b32268 |
C:\Users\Admin\AppData\Local\Temp\ish259431394\images\BG1.jpg
| MD5 | 6df40f246406cf460f897c8c2c511281 |
| SHA1 | 770c046c1d794ef8c0565019f371717b8251004b |
| SHA256 | 39272989cb5e5b10a83ff75e2f7e1a331265323747978900337aaed961a1164d |
| SHA512 | 3752aaca9fbab4b4c4e5fda9071de426b59ddbb6efe94c8959549a96f081f06289b5507f2ed824a8296e072a50075a46cea7c7f19752e61d3d386b66004d3c3a |
memory/2768-175-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-176-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-177-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-178-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-179-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-182-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-183-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-184-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-185-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-186-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-187-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-189-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-188-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-190-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-191-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-193-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-192-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-196-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-195-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-198-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-197-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-200-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-199-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-203-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-202-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-201-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-206-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-205-0x0000000001C90000-0x0000000001DD3000-memory.dmp
memory/2768-204-0x0000000001C90000-0x0000000001DD3000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-04 00:06
Reported
2024-06-04 00:09
Platform
win10v2004-20240426-en
Max time kernel
148s
Max time network
151s
Command Line
Signatures
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\PROGRA~2\is240602281.log | C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | os.coolflvplayer.com | udp |
| US | 8.8.8.8:53 | cdneu.coolflvplayer.com | udp |
| US | 8.8.8.8:53 | cdnus.coolflvplayer.com | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | os2.coolflvplayer.com | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdneu.coolflvplayer.com | udp |
| US | 8.8.8.8:53 | cdnus.coolflvplayer.com | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdneu.coolflvplayer.com | udp |
| US | 8.8.8.8:53 | cdnus.coolflvplayer.com | udp |
| US | 8.8.8.8:53 | cdneu.coolflvplayer.com | udp |
| US | 8.8.8.8:53 | cdnus.coolflvplayer.com | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdneu.coolflvplayer.com | udp |
| US | 8.8.8.8:53 | cdnus.coolflvplayer.com | udp |
| US | 8.8.8.8:53 | cdneu.coolflvplayer.com | udp |
| US | 8.8.8.8:53 | cdnus.coolflvplayer.com | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdneu.coolflvplayer.com | udp |
| US | 8.8.8.8:53 | cdnus.coolflvplayer.com | udp |
| US | 8.8.8.8:53 | cdneu.coolflvplayer.com | udp |
| US | 8.8.8.8:53 | cdnus.coolflvplayer.com | udp |
| US | 8.8.8.8:53 | cdneu.coolflvplayer.com | udp |
| US | 8.8.8.8:53 | cdnus.coolflvplayer.com | udp |
| US | 8.8.8.8:53 | cdneu.coolflvplayer.com | udp |
| US | 8.8.8.8:53 | cdnus.coolflvplayer.com | udp |
| US | 8.8.8.8:53 | 92.16.208.104.in-addr.arpa | udp |
Files
memory/2824-1-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2824-0-0x0000000000401000-0x000000000040B000-memory.dmp
memory/2824-2-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-6-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-5-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-91-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-93-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-92-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-94-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-95-0x0000000002120000-0x0000000002263000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ish240601187\bootstrap_24443.html
| MD5 | 1ea9e5b417811379e874ad4870d5c51a |
| SHA1 | a4bd01f828454f3619a815dbe5423b181ec4051c |
| SHA256 | f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a |
| SHA512 | 965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa |
C:\Users\Admin\AppData\Local\Temp\ish240601187\css\sdk-ui\progress-bar.css
| MD5 | 5335f1c12201b5f7cf5f8b4f5692e3d1 |
| SHA1 | 13807a10369f7ff9ab3f9aba18135bccb98bec2d |
| SHA256 | 974cd89e64bdaa85bf36ed2a50af266d245d781a8139f5b45d7c55a0b0841dda |
| SHA512 | 0d4e54d2ffe96ccf548097f7812e3608537b4dae9687816983fddfb73223c196159cc6a39fcdc000784c79b2ced878efbc7a5b5f6e057973bf25b128124510df |
C:\Users\Admin\AppData\Local\Temp\ish240601187\css\main.css
| MD5 | 67c969a4e52643367ede75f5f532c53b |
| SHA1 | b8fd0d25312b7988b69741c24c483077c4c04ed7 |
| SHA256 | 159cc6cd282a1ae07acd355c5c0bba831002af9878d4657d539dccc452d926c9 |
| SHA512 | 248c8e0905be0db5e3f1b1c76fc67c64c37ec6262c4d664190ac05983256bdd613af73cda674d29bb26587f6dcc57117649b3616e3561ee6209ff4b1fa9ff695 |
memory/2824-111-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-114-0x0000000002120000-0x0000000002263000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ish240601187\images\Color_Button_Hover.png
| MD5 | 5cd0b8eeca192b93361d0b5d53c694f5 |
| SHA1 | 1de3542d5642e0ce08c374aac7055494d4c70a08 |
| SHA256 | 75918837bf5071469eb7faf5adfcfc192832d1896428bcac21b5ae0475aa2cc9 |
| SHA512 | cadcc46b628919e50a936c6ec9461383e7fcdd66f48c60b8c1200a5151178610092418c8feadbfb8f9e56b8f32225fe1fccce7a0871af64c8211b6f9072e6f0a |
C:\Users\Admin\AppData\Local\Temp\ish240601187\images\Grey_Button_Hover.png
| MD5 | 7af396fe907f2279c7be2f45c4a71f68 |
| SHA1 | e2915cd58658e004a528d6afb41a719e2f8bc906 |
| SHA256 | 79aaaa8a2c4196a8fe5608ed9638c02febca9a5f01aaccd024741543893c10a7 |
| SHA512 | 4b32408f9f8e101f93150fa991bbf7048b87d73ef284f1ab6b70e377ddf4dbd55d256a8be303f1a687b2b5d072444bd80fcf4905417524392dc4406157a5bdde |
C:\Users\Admin\AppData\Local\Temp\ish240601187\images\Close_Hover.png
| MD5 | 62d7273f7bfd374313f6fb0155b2e7f7 |
| SHA1 | dcc738108fa120a4d8ec47ff3e6e71c336c59c16 |
| SHA256 | 8c7b475a063df4c3a3aaa79c26010eddc3259ab91d8ed904a539e17eea8e5caa |
| SHA512 | 76b316228fefc32424236019e931626611e9b50944960ded528a1e7f6c33b102f9f1326d758411b65fa3c96e99de222324ae3bc85989435da434005245d25a0b |
memory/2824-129-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-130-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-128-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-142-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-149-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-148-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-150-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-152-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-151-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-154-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-153-0x0000000002120000-0x0000000002263000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ish240601187\images\Loader.gif
| MD5 | 57ca1a2085d82f0574e3ef740b9a5ead |
| SHA1 | 2974f4bf37231205a256f2648189a461e74869c0 |
| SHA256 | 476a7b1085cc64de1c0eb74a6776fa8385d57eb18774f199df83fc4d7bbcc24e |
| SHA512 | 2d50b9095d06ffd15eeeccf0eb438026ca8d09ba57141fed87a60edd2384e2139320fb5539144a2f16de885c49b0919a93690974f32b73654debca01d9d7d55c |
C:\Users\Admin\AppData\Local\Temp\ish240601187\images\Grey_Button.png
| MD5 | 377a4cc417c35e8bca043b5fa45c76f4 |
| SHA1 | bba1d0a63c01c777536008dc177e8c8e3d1f3d0a |
| SHA256 | d6476ab7dab6839357bda90d337593833f42b95f474ee358db9ddcd5b689c2c5 |
| SHA512 | b6a5d34089d830ba39194d7a40b7f394609b5dd4c3297f9e168f66d41e8ca29ef84cb46a3dc59ca305235e8ce33fb0c52766056fede28405b9f78f2382d1b4e8 |
memory/2824-155-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-156-0x0000000002120000-0x0000000002263000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ish240601187\images\Close.png
| MD5 | 60e7a3f760637dd125a1150474e7f6bb |
| SHA1 | 46e4b53480dd7b3db532e3511a7ad3b9e99b2f48 |
| SHA256 | d244e6d623fb3706340ead5491bb61663e5d53a3f7d96d4b613175c875c42184 |
| SHA512 | d279b197d330c4fe7de5e891b45e60273b603d58c84a502461ba2edf008ed51e6bcfd8768a74ee95bc9558bcbe8294f9f759c188327f7c54b1483d1072b32268 |
C:\Users\Admin\AppData\Local\Temp\ish240601187\images\Color_Button.png
| MD5 | 4bc69253486ba5f9a9b7ef5c6cdf44ab |
| SHA1 | d837c6bb223d954f50f0f5a99c30f15ff346410a |
| SHA256 | 786b492a45057f4019e0bdf71aa351b4b880f101ec77be50a0da0ae5898d379a |
| SHA512 | e43f5ab251de650aba16f601e6d7312e4d6c90dcd500b8c7ca24cd8d87acf52722d7eb05719f734e29b6f937d2eeb5d39ccaffd50f47864bf390d6509c15d7de |
C:\Users\Admin\AppData\Local\Temp\ish240601187\images\BG1.jpg
| MD5 | 6df40f246406cf460f897c8c2c511281 |
| SHA1 | 770c046c1d794ef8c0565019f371717b8251004b |
| SHA256 | 39272989cb5e5b10a83ff75e2f7e1a331265323747978900337aaed961a1164d |
| SHA512 | 3752aaca9fbab4b4c4e5fda9071de426b59ddbb6efe94c8959549a96f081f06289b5507f2ed824a8296e072a50075a46cea7c7f19752e61d3d386b66004d3c3a |
memory/2824-135-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-157-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-158-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-160-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-159-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-161-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-163-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-165-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-167-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-168-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-169-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-170-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-171-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-172-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-173-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-174-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-175-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-176-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-177-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-178-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-181-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-182-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-183-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-184-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-186-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-185-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-187-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-188-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-189-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-190-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-191-0x0000000002120000-0x0000000002263000-memory.dmp
memory/2824-192-0x0000000002120000-0x0000000002263000-memory.dmp