730dd818831a4cb5193c0fb3c2392bb859cedfae98e32c1163a8a7aecc45576b

Analysis

max time kernel
141s
max time network
52s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11/06/2024, 20:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9f7a03d4c3034292c3bdf72818c1f0e6_JaffaCakes118.exe
Size

581KB
MD5

9f7a03d4c3034292c3bdf72818c1f0e6
SHA1

6c0f139949d6c7e52d88b617ac785f933687cc93
SHA256

730dd818831a4cb5193c0fb3c2392bb859cedfae98e32c1163a8a7aecc45576b
SHA512

230a926152ada4ea6436800664973b50f783e31bef390e8b0b97e1bacac1c90dc8b1ad0aaf209041728f8f634afddf10e044bea1f69729e02880acb1c5b6a70b
SSDEEP

12288:3QFagl4ZjL++kpFDI+4hPBH1S4+gHRMEM9LCB9Gl/DN:3QFNC+fI+g1S4+gHOt9LCc/D

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2984-1-0x0000000002170000-0x00000000022A2000-memory.dmp	upx
behavioral2/memory/2984-5-0x0000000002170000-0x00000000022A2000-memory.dmp	upx
behavioral2/memory/2984-4-0x0000000002170000-0x00000000022A2000-memory.dmp	upx
behavioral2/memory/2984-109-0x0000000002170000-0x00000000022A2000-memory.dmp	upx
behavioral2/memory/2984-110-0x0000000002170000-0x00000000022A2000-memory.dmp	upx
behavioral2/memory/2984-112-0x0000000002170000-0x00000000022A2000-memory.dmp	upx
behavioral2/memory/2984-111-0x0000000002170000-0x00000000022A2000-memory.dmp	upx
behavioral2/memory/2984-113-0x0000000002170000-0x00000000022A2000-memory.dmp	upx
behavioral2/memory/2984-153-0x0000000002170000-0x00000000022A2000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2984	9f7a03d4c3034292c3bdf72818c1f0e6_JaffaCakes118.exe
2984	9f7a03d4c3034292c3bdf72818c1f0e6_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\9f7a03d4c3034292c3bdf72818c1f0e6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\9f7a03d4c3034292c3bdf72818c1f0e6_JaffaCakes118.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ish240599812\bootstrap_9317.html

Filesize
156B

MD5
1ea9e5b417811379e874ad4870d5c51a

SHA1
a4bd01f828454f3619a815dbe5423b181ec4051c

SHA256
f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a

SHA512
965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240599812\css\main.css

Filesize
8KB

MD5
a9078730cc4e7b4c957e78d1b719e57a

SHA1
fe0e5b20118bddf1ede10c6fbf3145a6f2774d45

SHA256
6b1f56f153418f94caf0aa276f745d73013af2e6b99b16dfdcaa4f4f0354ec59

SHA512
00d6ca11087c0285d7f656442c30495ace0a8607145d16f80547aa657706df4d241a236264c67a647b9e74906d049926cec30cb9a57adabb2c09743cbf570dc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240599812\css\sdk-ui\progress-bar.css

Filesize
506B

MD5
5335f1c12201b5f7cf5f8b4f5692e3d1

SHA1
13807a10369f7ff9ab3f9aba18135bccb98bec2d

SHA256
974cd89e64bdaa85bf36ed2a50af266d245d781a8139f5b45d7c55a0b0841dda

SHA512
0d4e54d2ffe96ccf548097f7812e3608537b4dae9687816983fddfb73223c196159cc6a39fcdc000784c79b2ced878efbc7a5b5f6e057973bf25b128124510df

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240599812\images\BG.png

Filesize
11KB

MD5
f0fc6b439d8feaf764b2a4ba2da2ee8d

SHA1
3de546e0a73b6c63742cde41aa3940d970094ddd

SHA256
22e81cdf1647b04677c4d63a19f9b82fd753bfe36e15441c0ac33d04e8d47088

SHA512
1c0d52748826878d1504c78b821ed07bfacf7aecc59e78d99af2de54c691100ca553c2c4c282d387c69b09d7394af9b7318559914e32d983d4d974d3e83ee321

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240599812\images\Close.png

Filesize
207B

MD5
c222a4f3d309721c0898606960120266

SHA1
cdee967961a3ea87565ae7ca287be8ed20496160

SHA256
f638cc042b7ade6f43f2faf0077e020137562e559178396b7e975db39ac13df6

SHA512
db52224964ffd03fa65fddabea29d4f7c23840a18d1ad1028f228589c8c642280a762d2f4250159106f911455b8f0706a3b204dcbbb0484638d4f41f4f54a836

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240599812\images\Grey_Button.png

Filesize
1KB

MD5
85abab15d5168028bd968db91a951e9c

SHA1
e6f3d4a07f9f1283a8c9ea7e2be0e036fd30b7e0

SHA256
3000553907a30ebd4ae854ae79c29a16502d0499aa8cbcdd412b9538d77f62ba

SHA512
eb909e55afd407a13abdfd5f81d76b251ae0a6cb9b48cd4d65e9f0b3db85552564fe47125e03ee0d823f0f480eacbee69a021a8361a419ad9cd928c761b0586b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240599812\images\Loader.gif

Filesize
10KB

MD5
57ca1a2085d82f0574e3ef740b9a5ead

SHA1
2974f4bf37231205a256f2648189a461e74869c0

SHA256
476a7b1085cc64de1c0eb74a6776fa8385d57eb18774f199df83fc4d7bbcc24e

SHA512
2d50b9095d06ffd15eeeccf0eb438026ca8d09ba57141fed87a60edd2384e2139320fb5539144a2f16de885c49b0919a93690974f32b73654debca01d9d7d55c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240599812\images\Minus.png

Filesize
932B

MD5
2495958dab43defb9fcedd04e9e3bba8

SHA1
4bdb3bf19b6856d8f83cbcc1325cbf1c6a076209

SHA256
9d28738b69f33a151d930f923b131e108da6051817b096347a2128b41811bd5e

SHA512
03f8deb4d0d460275bc6e9919cf5426d43ffc53a1fad6682f718440b0594dd2c2ca03decde48858623f6b59cee1a25a71d71e19cade1b8d6f0f41e25a244f1a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240599812\images\Orange_Button.png

Filesize
2KB

MD5
35938ae84506723fd785ae34dcab22a9

SHA1
1941ff436f5aad01469167bb6ca3a6c0b6293219

SHA256
274c453213655e111f856bf9932306ab67fb091f957d09617ef4b5c1fd0bfb53

SHA512
4c2a057df4e2cf7f2619bb6375d175897c22f41f585ee4e8592044b1d131f12c0b0319a545d8e4ad24c3af959b9a05019d6927ec281eeb7e4764509b8f82cd08

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240599812\images\Progress.png

Filesize
1KB

MD5
d7c39c02e8b572450cc7a7752333865e

SHA1
099c0eb09940b7a2930c75996516634224471d00

SHA256
229d3156df602001d8bcadc19421a1050b740a82bed17366021ed44549834f69

SHA512
d3375d2deccf7e9f8f97068a418b84611082ec6f0bf640a2870e2d55bc53fbf6c72e50e81a90b02f6ff2b19111d63f074854fef2be037ad5d9b39ae4928860af

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240599812\images\ProgressBar.png

Filesize
1KB

MD5
ecb887f370374fc622ce5fe1ffbe67fa

SHA1
22ca410baadb8305769827a91a0c7495081d262b

SHA256
61e25792584f35db8e18d7c527da203de24699cee02d0fdf4ab106660910df5d

SHA512
c7197fecfe720493bff0f1e94fadd9bb4bc831112abdb98f1db7ba940b61c6be2b01c6f9c972295f39f312c3d6f8512c7444a7524e96bcc24c495ef8ba904d55

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240599812\images\blackarrow.png

Filesize
1KB

MD5
df75d8bdf2b1d9809676f89fb06d8e10

SHA1
277645c19f9251f2e340c954cdf22300a27004c3

SHA256
d9f779686ee4442a307226546aacb7f3686fe0c856a24d6ef7583765901e27fb

SHA512
d45cd1d77df1bf60956ad0c61b14f16d5fcd6291885947a719de5cfc74cda2c687d811f16cb1af0410055d9f5e24827ff8fe09308ac07d4ef96ba873cd6263e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240599812\images\pause.png

Filesize
1KB

MD5
847670a02f845a1320f0b9075f06b97f

SHA1
7e2490eca1bb5c56f3823d0bc7dda80c21ee4be9

SHA256
5c0b07e306020b6dd148abf5f67b5b27d614250e4c45072f8755d577aff08926

SHA512
b59804eae88f24deed354215488950c110e8d2f718cae5b95a4c5fe0a99848c563aca11f9c35a8ee28e7426b32a5e0d0fc3e5d35a5eb38a590e8a73f2e5688f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240599812\images\play.png

Filesize
1KB

MD5
d63f3e33e47921d6caad3110a8093145

SHA1
6cf31b89c992749d300613c8d73c256fdeb4a556

SHA256
edfc7102fcf17eb0a5d0e4ff353afc85aa0d25afe74c45440cbc7b9b7b00d028

SHA512
a9414a4c23f7cf27a4aa98a70d5d7971cb14955d9e4db2a9c57aa2c30d16a96f90372786e2b714e0aaeb811587354db426a980fb78a4bfdc98ca9027a3bb65fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240599812\images\textbox.png

Filesize
1KB

MD5
53ecc0908bb384121d75f4e5c337d6cd

SHA1
11345001635fbe7cb2da4a0f3bc32ec7e50aac8a

SHA256
0428e3744ce87e7e4973dfc80e65f98020105fb9804c6c287b639501e58366af

SHA512
9496b965e5e4588a08836fc0bff15dbe65a969ef1ec02a99f90027e73289772c919fd2a64d3140bdccf1949ec93eee66764de2ba7e07b1299e6887e31d6216c1

Download Submit
memory/2984-0-0x0000000000401000-0x000000000040B000-memory.dmp

Filesize
40KB

Download
memory/2984-112-0x0000000002170000-0x00000000022A2000-memory.dmp

Filesize
1.2MB

Download
memory/2984-4-0x0000000002170000-0x00000000022A2000-memory.dmp

Filesize
1.2MB

Download
memory/2984-110-0x0000000002170000-0x00000000022A2000-memory.dmp

Filesize
1.2MB

Download
memory/2984-113-0x0000000002170000-0x00000000022A2000-memory.dmp

Filesize
1.2MB

Download
memory/2984-5-0x0000000002170000-0x00000000022A2000-memory.dmp

Filesize
1.2MB

Download
memory/2984-111-0x0000000002170000-0x00000000022A2000-memory.dmp

Filesize
1.2MB

Download
memory/2984-6-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2984-109-0x0000000002170000-0x00000000022A2000-memory.dmp

Filesize
1.2MB

Download
memory/2984-1-0x0000000002170000-0x00000000022A2000-memory.dmp

Filesize
1.2MB

Download
memory/2984-153-0x0000000002170000-0x00000000022A2000-memory.dmp

Filesize
1.2MB

Download