3b457e07377c517efa8f09335180d58d61a9eef08fb0d0bbc2bf9a3ad4739ede

Analysis

max time kernel
148s
max time network
147s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27-06-2024 12:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

15f66a7abf468b29e360c01d3541274a_JaffaCakes118.exe
Size

1005KB
MD5

15f66a7abf468b29e360c01d3541274a
SHA1

fb769dbcb9a977772d392956c8153121ac43f39a
SHA256

3b457e07377c517efa8f09335180d58d61a9eef08fb0d0bbc2bf9a3ad4739ede
SHA512

073dc3abfb5bae07578c61d4094bd4cc08dede4c24da04cb648b90d803d6fbe7f60232112ef24fbcd31dfaf35a3b554e4877d72405046f8c1923d6f0c91e2530
SSDEEP

24576:/ORwmlLqjy715iWugP1o9XD8PGWywe5d+YbI+Yw/aCDmMTvxRwzqDTudbMbHi4xY:/ORwmlLqjy715iWugP1o9T8P+rjbI+Yw

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2148	15f66a7abf468b29e360c01d3541274a_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	15f66a7abf468b29e360c01d3541274a_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2148	15f66a7abf468b29e360c01d3541274a_JaffaCakes118.exe
2148	15f66a7abf468b29e360c01d3541274a_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\15f66a7abf468b29e360c01d3541274a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\15f66a7abf468b29e360c01d3541274a_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ish259399289\bootstrap_19294.html

Filesize
156B

MD5
1ea9e5b417811379e874ad4870d5c51a

SHA1
a4bd01f828454f3619a815dbe5423b181ec4051c

SHA256
f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a

SHA512
965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259399289\css\main.css

Filesize
4KB

MD5
e8c946c7fbba855117b36f21dbd1d809

SHA1
5e87068479a9470862f38a7fbc23fd0a67da6f30

SHA256
036bbd51236d33768448bd5f14a3f4cb4ef89c99ac17c344133b55cba898cfba

SHA512
6dfd63a77c3f2dd6f6f9149781c403fb634c0eb992302e2a09c775f3bfe3ec2234ed9126409baef954e8f958ff6c1a02def3cc1238713e8e36d717223e6c98a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259399289\css\sdk-ui\progress-bar.css

Filesize
506B

MD5
5335f1c12201b5f7cf5f8b4f5692e3d1

SHA1
13807a10369f7ff9ab3f9aba18135bccb98bec2d

SHA256
974cd89e64bdaa85bf36ed2a50af266d245d781a8139f5b45d7c55a0b0841dda

SHA512
0d4e54d2ffe96ccf548097f7812e3608537b4dae9687816983fddfb73223c196159cc6a39fcdc000784c79b2ced878efbc7a5b5f6e057973bf25b128124510df

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259399289\images\back.png

Filesize
1KB

MD5
4d34de8211e9b49e9f0ae6f7696d00ac

SHA1
59243402cbdbb696679f704395da2be8a72112c5

SHA256
c15e80f1aa0c2c33f4b36cffdaa1fc01e34fd5966ec210350402a510cb761a6a

SHA512
2a825ed0dd7357b96a994fac6f184045e910a70aeca7150ef19be0ef459c805820fcaacacc3c872bb27316494d7503f87ed46c5cc6a7f0b78fb1fdf9a7aec9e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259399289\images\bg.png

Filesize
14KB

MD5
3aac9d8a2cf7dea1097b344ed462fe4c

SHA1
90d411cecc914f8b470f50dbf4ca66a7d8e5c38c

SHA256
4e2200cffdebee44d76242e307a05cee7e753abbb6705318694e9f81cacd977e

SHA512
c3f9e65dc3d7e270554fb3ef9d44316a2138442e6a8250a11674c7d2115994c8b2571880b24bd79b6e7d0bbd179fe9d414b332bc95e10ee30c3154031e0f4f0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259399289\images\close.png

Filesize
1KB

MD5
a9557769c0a31909ce103269c5f95008

SHA1
94fb5d1caf747f4a1b15c0633268937ce05f1963

SHA256
0f9d8698c0c363b8272e97136a5f47d3a14bd2531ad1e6cc362bd701d2048555

SHA512
4acf5dee1699a947707afe4b9994f75efc1e244de3d70ebf7ede383f70bb6c1d833470c98b9992fd1b4fc71290e1838823fbbe4eb098811d00071639aa9a5849

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259399289\images\loader.gif

Filesize
10KB

MD5
57ca1a2085d82f0574e3ef740b9a5ead

SHA1
2974f4bf37231205a256f2648189a461e74869c0

SHA256
476a7b1085cc64de1c0eb74a6776fa8385d57eb18774f199df83fc4d7bbcc24e

SHA512
2d50b9095d06ffd15eeeccf0eb438026ca8d09ba57141fed87a60edd2384e2139320fb5539144a2f16de885c49b0919a93690974f32b73654debca01d9d7d55c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259399289\images\next.png

Filesize
1KB

MD5
17d8ab2743fcde586b288426317d34fa

SHA1
7758d85b9a5fa6e066034fa5b1d005ad35ba03ae

SHA256
acd2e29e70dc8e4d7ffe7af07cbcdbe4ca976fd7301e8452d583ffd0d0193bd5

SHA512
b1c562c46ba28737dbac7f1aa308b879c06961a1d3919716baab739ab85b1c838275bc262670676a4f059832408020427b30662af2bcb5ed04dc1e9a2064e13a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259399289\images\progbar_bg.png

Filesize
628B

MD5
723a13eac46e89e8049bca2150806791

SHA1
7f7dee96b6f846a071ead27b97d66bac0e81914d

SHA256
6d79e943fb24ca7c8984beb7ced5f922071a29fbeb12a3be961a5231cb789958

SHA512
4217cba780b32a1855523d91ac3d05b3b4782dd67d121cfce8c828c295bb40a120ed900a9fb2ec803051a045f4fd33e178ff9c5115ba0ced241fa5c9f9fd9fa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259399289\images\progbar_iner.png

Filesize
236B

MD5
ada299ca6c0de773065cfb3a4d126e18

SHA1
35ab592c8c3c0942343f495c70749a095448851a

SHA256
50afe4e8044b318c871628d6e2eb60f33c3758f6489594b64b09bf06516b4c4b

SHA512
3f1eb36069ef638263bbf846316131ebdb8f02642c740634ec245f5265f125769597723a14402f929bbbb1bdb0937d2c8245bf48cc8ea8445b6c0d2d3fb86ecb

Download Submit
\Users\Admin\AppData\Local\Temp\ICReinstall_15f66a7abf468b29e360c01d3541274a_JaffaCakes118.exe

Filesize
1005KB

MD5
15f66a7abf468b29e360c01d3541274a

SHA1
fb769dbcb9a977772d392956c8153121ac43f39a

SHA256
3b457e07377c517efa8f09335180d58d61a9eef08fb0d0bbc2bf9a3ad4739ede

SHA512
073dc3abfb5bae07578c61d4094bd4cc08dede4c24da04cb648b90d803d6fbe7f60232112ef24fbcd31dfaf35a3b554e4877d72405046f8c1923d6f0c91e2530

Download Submit
memory/2148-120-0x0000000000401000-0x00000000004C6000-memory.dmp

Filesize
788KB

Download
memory/2148-126-0x0000000000400000-0x0000000000505000-memory.dmp

Filesize
1.0MB

Download
memory/2148-118-0x0000000000400000-0x0000000000505000-memory.dmp

Filesize
1.0MB

Download
memory/2148-0-0x0000000000401000-0x00000000004C6000-memory.dmp

Filesize
788KB

Download
memory/2148-119-0x0000000000400000-0x0000000000505000-memory.dmp

Filesize
1.0MB

Download
memory/2148-121-0x0000000000400000-0x0000000000505000-memory.dmp

Filesize
1.0MB

Download
memory/2148-122-0x0000000000400000-0x0000000000505000-memory.dmp

Filesize
1.0MB

Download
memory/2148-123-0x0000000000400000-0x0000000000505000-memory.dmp

Filesize
1.0MB

Download
memory/2148-125-0x0000000000400000-0x0000000000505000-memory.dmp

Filesize
1.0MB

Download
memory/2148-1-0x0000000000400000-0x0000000000505000-memory.dmp

Filesize
1.0MB

Download
memory/2148-127-0x0000000000400000-0x0000000000505000-memory.dmp

Filesize
1.0MB

Download
memory/2148-128-0x0000000000400000-0x0000000000505000-memory.dmp

Filesize
1.0MB

Download
memory/2148-129-0x0000000000400000-0x0000000000505000-memory.dmp

Filesize
1.0MB

Download
memory/2148-130-0x0000000000400000-0x0000000000505000-memory.dmp

Filesize
1.0MB

Download
memory/2148-131-0x0000000000400000-0x0000000000505000-memory.dmp

Filesize
1.0MB

Download
memory/2148-132-0x0000000000400000-0x0000000000505000-memory.dmp

Filesize
1.0MB

Download
memory/2148-133-0x0000000000400000-0x0000000000505000-memory.dmp

Filesize
1.0MB

Download