517e4a64ab54256753ed3933da040edb98319d4693afac53b3578857fa976fc1

Analysis

max time kernel
144s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27/06/2024, 19:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

175279bf5eac5defeb2003908175bfcd_JaffaCakes118.exe
Size

1004KB
MD5

175279bf5eac5defeb2003908175bfcd
SHA1

790ce734eae069c21c8116dd5c2bfb2c67740644
SHA256

517e4a64ab54256753ed3933da040edb98319d4693afac53b3578857fa976fc1
SHA512

64f5b13ebfbeca1ac9e8d411252509c82c130f0a390f401f95615726f6e2b08f485cb2b1751cd9bffe7c868f114474b5dc214550e78f2f68c204ff78943c69c2
SSDEEP

12288:EGTKk/wGB7bEjUhAtOOulVK2aLqFuNu/+C/Bjy4k47RMk0:Ok/LBnEjUTKe/zjy/OF0

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	175279bf5eac5defeb2003908175bfcd_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1632	175279bf5eac5defeb2003908175bfcd_JaffaCakes118.exe
1632	175279bf5eac5defeb2003908175bfcd_JaffaCakes118.exe
1632	175279bf5eac5defeb2003908175bfcd_JaffaCakes118.exe
1632	175279bf5eac5defeb2003908175bfcd_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\175279bf5eac5defeb2003908175bfcd_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\175279bf5eac5defeb2003908175bfcd_JaffaCakes118.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\error[1]

Filesize
3KB

MD5
16aa7c3bebf9c1b84c9ee07666e3207f

SHA1
bf0afa2f8066eb7ee98216d70a160a6b58ec4aa1

SHA256
7990e703ae060c241eba6257d963af2ecf9c6f3fbdb57264c1d48dda8171e754

SHA512
245559f757bab9f3d63fb664ab8f2d51b9369e2b671cf785a6c9fb4723f014f5ec0d60f1f8555d870855cf9eb49f3951d98c62cbdf9e0dc1d28544966d4e70f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\stui_block[1].js

Filesize
10KB

MD5
1de94aa0f13ffd8a8046e4e07b3c9362

SHA1
6b5eb81dea351d1637cfa06a8d7c8ec4b5b52043

SHA256
d57988b0a7338d11cb56cba71fb25e360e2c6b08660d659612b0d356d14ba4f8

SHA512
24ef529fd1439bfdfcbee852c347d33815739064e0221b1afef38a269d259e6466d945e71fd6bc4017b10033cfd5c3f6467ca68b8e168a4749d53c51d6ac30f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\style[1].css

Filesize
2KB

MD5
2b4e8845e128d2852cb330ddbdd5bd9a

SHA1
56b3b7d7ee2513302ed3d7a861c195caafa98bad

SHA256
efb8607970300c4ec2e661490e586bd07c7fe2f879cd334e98b9bd2bd782d823

SHA512
9c30bc5a52d030756791cf31105bd61f348241cb644130680a1818a83be56a5a990208f61e8b3843cdd4f7d4515872780044a2d2d9dc3413eab26aea62b8eb14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\jquery.autocomplete[1].js

Filesize
24KB

MD5
5c47ab94acac05f22d9202a35ec6fb0e

SHA1
4feca1f899bb5d67337b70ef47188974975e2bea

SHA256
5292258c677d3557d4b8bf7b25178bd9b7d85e2ff78a6edd6176d7d497183dc5

SHA512
7696e11d2f430eb95fe7be8cdeeaa285120bb5e31d308419d075fb3845d5fa42bcdc2ff9eafc701c65a01581ab08503cc715b23b3ac627923ec8ca8fcfe375d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\stui_block[2].css

Filesize
31KB

MD5
3ccebe6a0120db03957c738d57955695

SHA1
8a8bee666946ec8910ed8819a5e6f7e9c3296ead

SHA256
6c8422c778be247e70c1cce1d15abdd5ef5f77a5e59e6a3fd0b451782c38bcb6

SHA512
51b97e562b6bf47c8efcc50c3747f868e4d5698821dce801cf211d09fd2f1ced958bbe9dae3f2cb21414577de7ccb71a054650fa9fd6dc9390977b71530c9e19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\stui_block_color[1].css

Filesize
5KB

MD5
5b2f14250eb2c9ddf1c30f4be8968679

SHA1
abf7fc935bec4f8071762479d132de0a8e97affc

SHA256
d8c677894a259142ccab97760fe0855a883e140e360bb5927515c981480697ab

SHA512
acd506ab1320e8d0110ec15286f0a3995c3e75c490cf7d0f3e368cd4c3663c4c3ae9e59234b1c044dfdef63fe1ff7dca8353eb0cec7a73f30165457919c5b71c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\stui_default[1].js

Filesize
126KB

MD5
c577f90876a717e52b1b0ff3e2fc0618

SHA1
a8d1b39de4d9e2ce75ce94c494924739bdf3663a

SHA256
55c5d8b344672089e45c1a0dd65d83b65f079c150b53bb810256d6e033fd57a7

SHA512
a7122d26535d7e64f184029f27c0286b03e8688352143f3af1c00fdd2a02bf559b066eb45ebc0e121bbd014be9a8b59e48585ad6a9e882244eb418bce28ad150

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\home[1].js

Filesize
30KB

MD5
74ce493b0204dce58301272dd7fcf6f1

SHA1
7130fe377a56fc840eba97795144bf9dcea36e4c

SHA256
cc4c4a2b422a6d729ac4c04e200981c48cbbf85e984bbb5c4745ecf82c8c20eb

SHA512
bd759eb6793d9be2467b042dc234cae0878c2f6ac5af4b332bc4afcb499c972575676bfc1e1eac60da204b404c9b2e89c2e020dbc3c2250448c18d7b032b2dde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\warning[1]

Filesize
1KB

MD5
124a9e7b6976f7570134b7034ee28d2b

SHA1
e889bfc2a2e57491016b05db966fc6297a174f55

SHA256
5f95eff2bcaaea82d0ae34a007de3595c0d830ac4810ea4854e6526e261108e9

SHA512
ea1b3cc56bd41fc534aac00f186180345cb2c06705b57c88c8a6953e6ce8b9a2e3809ddb01daac66fa9c424d517d2d14fa45fbef9d74fef8a809b71550c7c145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\error[1]

Filesize
1KB

MD5
b9bec45642ff7a2588dc6cb4131ea833

SHA1
4d150a53276c9b72457ae35320187a3c45f2f021

SHA256
b0abe318200dcde42e2125df1f0239ae1efa648c742dbf9a5b0d3397b903c21d

SHA512
c119f5625f1fc2bcdb20ee87e51fc73b31f130094947ac728636451c46dced7b30954a059b24fef99e1db434581fd9e830abceb30d013404aac4a7bb1186ad3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\iconfont[2].css

Filesize
19KB

MD5
25ec004ca1e6ac34cba489cbfa2ba441

SHA1
56c4561e8b1ee8b6ca78018a63bd4260204fd17c

SHA256
c4b5bd16643fa644f81c18e271f5a41ccc58544d22279a89e8ff50a231b492bf

SHA512
dd56a6f4505959c9415acc0a5f06186099ca07ec5cda5eed8d4334e93c19807de3f80d1ace851a2a394ac68bfd658b2e64db10d644e7dfe9358205f63cd1c51c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\jquery.min[1].js

Filesize
84KB

MD5
a09e13ee94d51c524b7e2a728c7d4039

SHA1
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae

SHA256
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

SHA512
f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\stui_default[1].css

Filesize
8KB

MD5
e69d2b3ffaf08b3c40ee138b4b63ef9c

SHA1
e25322f87c95a6f61e1d9ea1f19f9f4e3f0dd298

SHA256
dcb9d5bfda1ef2b5554ef8add1e37d2a117e91ad4ae599773eb22552cac3aaaf

SHA512
b5575145e3bfcc42333ba2bac62d2e66b5874b009afd8de0b7aba8de67d2b3399d8308405fccd53f73587c2b512f841adafecddaa83b6c27fe6770bc2bd4bd1c

Download Submit