28d72cf88c9359d2af27eaf850e6cf987c076a762bbcd7611a82d5691f623999

Analysis

max time kernel
150s
max time network
151s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
08/07/2024, 14:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2cb9adfa260d281745cf9e740259e529_JaffaCakes118.exe
Size

1.0MB
MD5

2cb9adfa260d281745cf9e740259e529
SHA1

915b413d2e2752ae2c770d05a504fa0a0cca87e3
SHA256

28d72cf88c9359d2af27eaf850e6cf987c076a762bbcd7611a82d5691f623999
SHA512

279a7b5ae43d0de17130bd1796631d0576079036c83dcbc85d9ac2f6a685a992ec0e21f435e8f569b8ea1e3eb1e141fe44b96696ce0eff7e13340c75f34d0f08
SSDEEP

24576:VrtT9ftpOJ2Kzn+aQJaf/t/4GIT4AwCyB:VhT9Fpezn2QXRwTmZ

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1288	2cb9adfa260d281745cf9e740259e529_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	2cb9adfa260d281745cf9e740259e529_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1288	2cb9adfa260d281745cf9e740259e529_JaffaCakes118.exe
1288	2cb9adfa260d281745cf9e740259e529_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\2cb9adfa260d281745cf9e740259e529_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2cb9adfa260d281745cf9e740259e529_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ish259429662\bootstrap_22707.html

Filesize
156B

MD5
1ea9e5b417811379e874ad4870d5c51a

SHA1
a4bd01f828454f3619a815dbe5423b181ec4051c

SHA256
f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a

SHA512
965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259429662\css\main.css

Filesize
3KB

MD5
f18ae6a48534beaa026771827422a8c0

SHA1
6ebe285cc9110371bb37a932d8a60f17fa07428b

SHA256
235d0d7c6db79b68c8306c95e50fd6ccf7566ed97f86439a28547ce5c4b676b3

SHA512
e2847df3f2f6946a8a62926256ba97e3b1868072155c5e29077522c438513a9212493f31f4d61fcbc07594cb0fe1b245412cbc36bbda24505bbacb89b330f470

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259429662\css\sdk-ui\progress-bar.css

Filesize
506B

MD5
5335f1c12201b5f7cf5f8b4f5692e3d1

SHA1
13807a10369f7ff9ab3f9aba18135bccb98bec2d

SHA256
974cd89e64bdaa85bf36ed2a50af266d245d781a8139f5b45d7c55a0b0841dda

SHA512
0d4e54d2ffe96ccf548097f7812e3608537b4dae9687816983fddfb73223c196159cc6a39fcdc000784c79b2ced878efbc7a5b5f6e057973bf25b128124510df

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259429662\images\BG01.jpg

Filesize
36KB

MD5
91c1bc8794631a8ad346e60ef3e723dc

SHA1
2511e9e07fdc2515935c1b0b6f9933a90bb39ef9

SHA256
ddb186366dca85ddcf57a75cf4ff8954cd8fd5952da05c95cdf0d6ec8b80858b

SHA512
114ac7a7cd33b8dadf2be586b147ee1e6e67331aced50f96fb75d5619973640a5609b096f66fd215d79780d38d604bc2c8f425e30010da3b19e53ef73f919ee8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259429662\images\Button.png

Filesize
3KB

MD5
1c52b9598b6ea71433f1db0b97f9c847

SHA1
8718101beb67d504e4ccd6b855705da4ddb96b9e

SHA256
18f9082965d2e40aecb2086c8ae7ea1941132a0d1c5c1efb9615fb55385e3c2f

SHA512
09b79b733617ebc6a17196131b7209659cac841b0a845c9171d12a0cdf64bac035afdd7c65ae1a08ae0fd36a80f888da2d3a2172ec48d78c50f9f3876e8ff7a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259429662\images\Close.png

Filesize
1KB

MD5
6d8f8d67e5ede2cbedc0a70622334a90

SHA1
06e2c343ff2fec077708e39f35a28be45b94c702

SHA256
cc8e347b601c3b81c939ff37ad7363e50793fdb43b85cb83bd7e899ae0490f33

SHA512
7dfad7d10a77eb5f65acc7812e474862c94b396f8aff20f0b26246f67ff2a3ab03ee0f6dc8d35299b787c8019e5708310a249e2c6a3ac365d07c54fd8305d280

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259429662\images\ProgressBar.gif

Filesize
553B

MD5
b1b4bcb59704bff7af7301938c411bf3

SHA1
8bb19462dd89099174db290ba22292bc3ddbcf92

SHA256
28ce7e40d24394b5eb0235c6fd5854419380761e7d395d80b376486de0c77b56

SHA512
918022a8befa93be97a309b2b570410b43f2ff156ec5e8a3f7b0d4872f32df61fe754ff2854ca34455383405f18739e70855d4b74ab0bf40a0a2de5d93132794

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259429662\images\ProgressBar_element.gif

Filesize
37B

MD5
8433d6e8a0a5f61f398cecf5fc612bb3

SHA1
80a6d9bb58483107fdca58a55166ea83dc8ee810

SHA256
9320b4df9f56381da410d1a20010a441d0d7c455a6a056dbcacbdadbecca5435

SHA512
f3b0c151811b3919484f41e942c2e47ad94355db61cf8cb444c25d1e89708c2455b94990f7b3fd0419e924e7abc783b794fe117f0808b81f1d40eda33e49b44d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259429662\images\loader.gif

Filesize
10KB

MD5
57ca1a2085d82f0574e3ef740b9a5ead

SHA1
2974f4bf37231205a256f2648189a461e74869c0

SHA256
476a7b1085cc64de1c0eb74a6776fa8385d57eb18774f199df83fc4d7bbcc24e

SHA512
2d50b9095d06ffd15eeeccf0eb438026ca8d09ba57141fed87a60edd2384e2139320fb5539144a2f16de885c49b0919a93690974f32b73654debca01d9d7d55c

Download Submit
\Users\Admin\AppData\Local\Temp\ICReinstall_2cb9adfa260d281745cf9e740259e529_JaffaCakes118.exe

Filesize
1.0MB

MD5
2cb9adfa260d281745cf9e740259e529

SHA1
915b413d2e2752ae2c770d05a504fa0a0cca87e3

SHA256
28d72cf88c9359d2af27eaf850e6cf987c076a762bbcd7611a82d5691f623999

SHA512
279a7b5ae43d0de17130bd1796631d0576079036c83dcbc85d9ac2f6a685a992ec0e21f435e8f569b8ea1e3eb1e141fe44b96696ce0eff7e13340c75f34d0f08

Download Submit
memory/1288-126-0x0000000000400000-0x000000000050D000-memory.dmp

Filesize
1.1MB

Download
memory/1288-134-0x0000000000400000-0x000000000050D000-memory.dmp

Filesize
1.1MB

Download
memory/1288-0-0x0000000000401000-0x00000000004C6000-memory.dmp

Filesize
788KB

Download
memory/1288-127-0x0000000000400000-0x000000000050D000-memory.dmp

Filesize
1.1MB

Download
memory/1288-128-0x0000000000400000-0x000000000050D000-memory.dmp

Filesize
1.1MB

Download
memory/1288-129-0x0000000000400000-0x000000000050D000-memory.dmp

Filesize
1.1MB

Download
memory/1288-130-0x0000000000400000-0x000000000050D000-memory.dmp

Filesize
1.1MB

Download
memory/1288-132-0x0000000000400000-0x000000000050D000-memory.dmp

Filesize
1.1MB

Download
memory/1288-133-0x0000000000400000-0x000000000050D000-memory.dmp

Filesize
1.1MB

Download
memory/1288-1-0x0000000000400000-0x000000000050D000-memory.dmp

Filesize
1.1MB

Download
memory/1288-135-0x0000000000400000-0x000000000050D000-memory.dmp

Filesize
1.1MB

Download
memory/1288-136-0x0000000000400000-0x000000000050D000-memory.dmp

Filesize
1.1MB

Download
memory/1288-137-0x0000000000400000-0x000000000050D000-memory.dmp

Filesize
1.1MB

Download
memory/1288-138-0x0000000000400000-0x000000000050D000-memory.dmp

Filesize
1.1MB

Download
memory/1288-139-0x0000000000400000-0x000000000050D000-memory.dmp

Filesize
1.1MB

Download
memory/1288-140-0x0000000000400000-0x000000000050D000-memory.dmp

Filesize
1.1MB

Download
memory/1288-141-0x0000000000400000-0x000000000050D000-memory.dmp

Filesize
1.1MB

Download