411fd0521ab3216560bb9e91123cb115e921ab911b7d272cbe7a21f1385ef5e9

Analysis

max time kernel
149s
max time network
154s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
27-06-2024 06:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

150b5e102835e70359f48d38778208b7_JaffaCakes118.exe
Size

1.1MB
MD5

150b5e102835e70359f48d38778208b7
SHA1

343c6e7b27221d2fc7b5948db86a73486ff4ccdb
SHA256

411fd0521ab3216560bb9e91123cb115e921ab911b7d272cbe7a21f1385ef5e9
SHA512

b56321b25bb9942b7ac70f512b6ce4f26024927a014774fce65740b2400d5663ead585bf0b0413ea3663196bae7ea2c3c9e6001a3f8dff130d710e528389774c
SSDEEP

24576:rADw37P6j9OQGAi2tLZ0EeLNXSaLIYJV6Ns142NrQw:ccLyxHiKZ0DiaLIaV6Ns14YrQ

Score

7^/10

spyware stealer

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1728	150b5e102835e70359f48d38778208b7_JaffaCakes118.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\PROGRA~2\is259396699.log	150b5e102835e70359f48d38778208b7_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	150b5e102835e70359f48d38778208b7_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1728	150b5e102835e70359f48d38778208b7_JaffaCakes118.exe
1728	150b5e102835e70359f48d38778208b7_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\150b5e102835e70359f48d38778208b7_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\150b5e102835e70359f48d38778208b7_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ish259396200\bootstrap_30212.html

Filesize
156B

MD5
1ea9e5b417811379e874ad4870d5c51a

SHA1
a4bd01f828454f3619a815dbe5423b181ec4051c

SHA256
f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a

SHA512
965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259396200\css\buttons.css

Filesize
1KB

MD5
63e5607b6ca179f4022438b4c1ebb8cd

SHA1
3a51b4c95b4210058242ec0f3025cc28cec16cf6

SHA256
86c77fbf9666fae956c11a2711fe2596a03443aeb935bdc430509741cf43e530

SHA512
47d51c36a0482c0359282a9c42c3f3380fbcdbd4ce904b0bd3edcd43cbcbf4e694e6ae4ed513f4aabb4d21063bb7e54fbc1953874bd18cde2aec5477f80da502

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259396200\css\main.css

Filesize
3KB

MD5
98f9b28b30fbfa06b35e880caec410f5

SHA1
b9c5ebca5f9b4fd1a02b40be1d89561b0bda1c76

SHA256
0aa4af275722cf97ac03536dd5296c0999e34d31ba82a5bf8c4fe5aec57a8f02

SHA512
039c38574348b914a18918a445a0be8c03d7f1d02fa23a12d04c735e1694d46ccadf955d07f82fece33ec744aad464e9ca448c363c454d929e263458b135482a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259396200\css\sdk-ui\progress-bar.css

Filesize
458B

MD5
f047788b88f4dace0e828635437e565f

SHA1
159d7a6b7563e4e4756796a83a4c019b3862d86d

SHA256
2264c4f20115e93ea2d609e7bc088cb82f0947bc41e65c6cf546e2cabf5f48d7

SHA512
a61be4cbeb5ce48263b60d75a07c4614973203b76918d0489f31dd147c8b1a57340189f12a92b98b2ab7365849b12d31f694a6931c90b55b8a336a5990a34790

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259396200\images\back.png

Filesize
991B

MD5
8a99e16e48ab5bfd0084ccd49281b036

SHA1
ab40545bb33ab2bad0891d3b71c3f618a916cb1d

SHA256
e44a2c233a1b29a6cb3bdd5955dece4ddd1e7497d3529bb55add8da124ad3fef

SHA512
f8b5fd65300cfd1f7554e381d0a3313ce8611aa092b44322c1b59ebc145e915707825f0fcf8e2e979ef6464df713db4d3897f4624f5ab9d777d4f8c4c5ef95cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259396200\images\bg.png

Filesize
63KB

MD5
674ebeb11c056b0cdf01802020b8b41a

SHA1
16fba8a46be739be737fcce768021a83142dc7eb

SHA256
b2f6875b12c8d4d583f93380c34babc18bb027cb15ed4e8a39bfbb5d9848f0b7

SHA512
71a826aca996b7db61a23e3011d4b3d9e61469f82620e6c0b08b1c85492d81da0d151d4c9aac6b3c168b53f0e4314bc2af6d5949c1e579f062f2697ae86be40b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259396200\images\close.png

Filesize
1KB

MD5
60e7a3f760637dd125a1150474e7f6bb

SHA1
46e4b53480dd7b3db532e3511a7ad3b9e99b2f48

SHA256
d244e6d623fb3706340ead5491bb61663e5d53a3f7d96d4b613175c875c42184

SHA512
d279b197d330c4fe7de5e891b45e60273b603d58c84a502461ba2edf008ed51e6bcfd8768a74ee95bc9558bcbe8294f9f759c188327f7c54b1483d1072b32268

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259396200\images\icon.png

Filesize
5KB

MD5
45d8e7f1e721db59eca3dc36e932bf8b

SHA1
974fbb730c8c1ae66c6187f99d887f44d8a77a56

SHA256
f8cfaea0b23c976a4e7a67ffe79dd82210c5fea7d6eba2383a3cc33f8802ae05

SHA512
85b671dc81758977e5f807af91333573e1733ce8ca6721100dbe8538a481d8811d6d36754517948ff6a5ad984bb5ed0724790f43ba30dafdafb8c94735e249bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259396200\images\loader.gif

Filesize
21KB

MD5
360281e85620142c3329848262da263d

SHA1
032ae1e422af859d78d172e918573fb0f55318de

SHA256
6c7d0d5402ebcf34cb6280473b4dac5966aae2a4bdadf80c796245663e2d9b55

SHA512
48ea37754839abce73898d29c6cb1ede20ac980dcd0b8c0f1274a690ea0bb44659129aba7581bd473ab7a735b7b9d08d6d041973bced4fe3fc0b70b3a73ec2a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259396200\images\next.png

Filesize
1KB

MD5
a4987c1267f6e8361800aa3d2dc840a2

SHA1
6d428d5e9333f78ffb65f8ac3aab06c8915078a3

SHA256
1b7fffc6ecbde629472f7e1b534243f7f7da06a6f2fed082cf1c62b6b002e9d5

SHA512
5fc4a1619851dddb8e689cbb342570f3004a7e4c030c593ac361b55584cda6178b3ce6a4baeed810467e569c07587affde5180420d793eb380782f440b23660a

Download Submit
\Users\Admin\AppData\Local\Temp\ICReinstall_150b5e102835e70359f48d38778208b7_JaffaCakes118.exe

Filesize
1.1MB

MD5
150b5e102835e70359f48d38778208b7

SHA1
343c6e7b27221d2fc7b5948db86a73486ff4ccdb

SHA256
411fd0521ab3216560bb9e91123cb115e921ab911b7d272cbe7a21f1385ef5e9

SHA512
b56321b25bb9942b7ac70f512b6ce4f26024927a014774fce65740b2400d5663ead585bf0b0413ea3663196bae7ea2c3c9e6001a3f8dff130d710e528389774c

Download Submit
memory/1728-136-0x0000000000400000-0x0000000000528000-memory.dmp

Filesize
1.2MB

Download
memory/1728-143-0x0000000000400000-0x0000000000528000-memory.dmp

Filesize
1.2MB

Download
memory/1728-135-0x0000000000400000-0x0000000000528000-memory.dmp

Filesize
1.2MB

Download
memory/1728-0-0x0000000000401000-0x00000000004C6000-memory.dmp

Filesize
788KB

Download
memory/1728-137-0x0000000000401000-0x00000000004C6000-memory.dmp

Filesize
788KB

Download
memory/1728-138-0x0000000000400000-0x0000000000528000-memory.dmp

Filesize
1.2MB

Download
memory/1728-139-0x0000000000400000-0x0000000000528000-memory.dmp

Filesize
1.2MB

Download
memory/1728-140-0x0000000000400000-0x0000000000528000-memory.dmp

Filesize
1.2MB

Download
memory/1728-142-0x0000000000400000-0x0000000000528000-memory.dmp

Filesize
1.2MB

Download
memory/1728-37-0x0000000000400000-0x0000000000528000-memory.dmp

Filesize
1.2MB

Download
memory/1728-144-0x0000000000400000-0x0000000000528000-memory.dmp

Filesize
1.2MB

Download
memory/1728-145-0x0000000000400000-0x0000000000528000-memory.dmp

Filesize
1.2MB

Download
memory/1728-146-0x0000000000400000-0x0000000000528000-memory.dmp

Filesize
1.2MB

Download
memory/1728-147-0x0000000000400000-0x0000000000528000-memory.dmp

Filesize
1.2MB

Download
memory/1728-148-0x0000000000400000-0x0000000000528000-memory.dmp

Filesize
1.2MB

Download
memory/1728-149-0x0000000000400000-0x0000000000528000-memory.dmp

Filesize
1.2MB

Download
memory/1728-150-0x0000000000400000-0x0000000000528000-memory.dmp

Filesize
1.2MB

Download