f2345e9d522832adb87ffb61cde2d620c952957bae2ced494bd09282d1001d80

Analysis

max time kernel
145s
max time network
147s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
08/07/2024, 13:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2c9e731642e8a3dae079f69805b0c2ca_JaffaCakes118.exe
Size

1.3MB
MD5

2c9e731642e8a3dae079f69805b0c2ca
SHA1

f8f44d41ac56d215c741037cf185a210eff82ccd
SHA256

f2345e9d522832adb87ffb61cde2d620c952957bae2ced494bd09282d1001d80
SHA512

20b00d6252ada419d760adaa7632630a8e7baef9df8ee6b27405939ded2bd1ec2c2e6bd202da256e17b85f662a9ea5e9aa1ba0d7a1276dbcc464bf8b9421c77a
SSDEEP

24576:bZ9Tkkynm/EHsC2j3t5DrAUnz8w6Ecr1Mk/JOR7WI8LKE611YuLsS:bZ9Tkkynm1j3vSTEs1aYIDb4+sS

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2916-0-0x0000000000400000-0x0000000000625000-memory.dmp	upx
behavioral1/memory/2916-970-0x0000000000400000-0x0000000000625000-memory.dmp	upx
behavioral1/memory/2916-1192-0x0000000000400000-0x0000000000625000-memory.dmp	upx
behavioral1/memory/2916-1307-0x0000000000400000-0x0000000000625000-memory.dmp	upx

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	2c9e731642e8a3dae079f69805b0c2ca_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2916	2c9e731642e8a3dae079f69805b0c2ca_JaffaCakes118.exe
2916	2c9e731642e8a3dae079f69805b0c2ca_JaffaCakes118.exe
2916	2c9e731642e8a3dae079f69805b0c2ca_JaffaCakes118.exe
2916	2c9e731642e8a3dae079f69805b0c2ca_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\2c9e731642e8a3dae079f69805b0c2ca_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2c9e731642e8a3dae079f69805b0c2ca_JaffaCakes118.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
867B

MD5
c5dfb849ca051355ee2dba1ac33eb028

SHA1
d69b561148f01c77c54578c10926df5b856976ad

SHA256
cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b

SHA512
88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2e69db6cad154f65940136f9d5aa9968

SHA1
10e082c7be81991ae2f620e7c145154306da9e78

SHA256
019affa2484eb2f15c9949a1ba89ec4945115c52de703c647dd8b0d6700f6079

SHA512
0f7ce69be9c5608640de6c2c4b95208b32562f5340514329065075327bb487588c6f42de59b4c103f5a4a1fc513405a9bd4947c76642d5679c73a910075b3275

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a638d7b6df2e50bff21c2b8abeebbc21

SHA1
c95f1182e4ec7e0bc65e5266a1db81f8417ee77f

SHA256
bb8aa93af9449576faf16295ef31af0ba6accfeb7bfb7798ebb2ceeb0d4c8d02

SHA512
6ad89bdea575a956350434e133d8247fa7e834c542ad90749a85f4f994a2e00d6b4123fe5c9cdb1eabd7fb24afdb8c6f3c65518aad69057fc1a1b0ef73ec7970

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5f02d0525144fb84e283531797eac61e

SHA1
822e655f1b431998e590f3c9c6c069d2b6bd060b

SHA256
ffea17b710036ca4ca342c88ca92274a45a80c62d00cf46eb3d81311fa0d06f9

SHA512
5f3821f30c5e300a5b0effbea0822c0e8156a7de899291eebf093c9d9933ddf7cb15cb1ab056bab31f78f3fc4d27616cb0f3fc8e67b9b2047dea6f4719f2a4d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d5b8df8b4652dcde5a6e090c8811428e

SHA1
4f33976a85bd15476a5125a1dec654c30500d283

SHA256
22093542cfe5883271e46f32a92496d6d4559e6c113ca06d68454b60f50bb029

SHA512
c74a4eb4d273aa72bdb5b3734a0f45e60bfb292a8686556fbf478fdee1c4add3a21ff56f1acc33b5cd7884b7c56205913a2bd5bb87071f1c52b7742bd87eaab7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
009effafe13c181e95b84e1b93e1bec0

SHA1
1dded05fa5d806ec6a16ee25862ab9271efa4d65

SHA256
ffc5f7ea78b058e9036e571c1e99e8dc13632ee3f4131eca7bbf19cb0fbbf241

SHA512
271a77ebc2f2a357e22c948baa442111b4566bf347310a91cc6a03e7dd4bbd4ff56e5266046937c885515a23d1b0cf668807b6aa326b2b6b04b50de832249f1b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8e299dc69e6560ebcd581bf41f322212

SHA1
4fdd46ac9dd4313ab6db6029c1242662484aba08

SHA256
d3e5e6da1d9ccfa759a440d4fbf93fe4ad0afba20a4236c20068a54cfc77837e

SHA512
41d4341e4e0c592ad2c6cc4e85bfdad1ca2350f89237cd6547121ec3422c79f0126176b5ec353622b052f1ef9325925fb6f4d70db3241562d51213fafd209c3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
22bc9ad6e16aee69d1c13f75eb147389

SHA1
0d35348cc8de353136fa1e4def99af1ad11d0f9c

SHA256
2aac3a9943fa755aadcf2104aac82c84a2bca8d5867c29e9d3f2494f96728765

SHA512
1a7c9522df536142aeaf462df2155e24a250d73f875cf056d75f6ebf00675804fef0f0bf687aec43f4f2c3268192f5c727db75a713e3b418001c43924f5b641b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7622a9b45a78a822c66a77f6d82d86ba

SHA1
8fa86e6b8aaa03b59c0acd04cbee9080d740117e

SHA256
4051531bbda76d666dce785d79c8bdbe0c473b13dd13c600caa1eb1222f4c20f

SHA512
13a1b569d2ba8c7f2e3cee77c9cbfc66eb6524832ad36ffbe17ecd589ee789fc345d60807341772f1066c430ed4ff0e7bb85d03fc122456d19362c9ed87fb3a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b15765243f52810fe9c29362e71a38bf

SHA1
fccca81816dec77dc15a52fd82f123a3daaf467e

SHA256
8c1f02c31e0bb38fa8a46f010b196e3d5f7df2777446ffede063708adafa8a10

SHA512
76abdeff6aca48aa19fdcc73df5b83769f2e1b219a04c0998388ced2ce92e39108c4afec7802cf0cdb7f67ace76253e7b844effbed2b38b9374b24c1b24c22bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b6c3a90b8c883dee62750f262207071d

SHA1
6aac4075e16dec0982cfd90a288f1f29c4193f98

SHA256
101a80e27282fed31d2332809e977ee70097e7597343642015e28d6e772392cd

SHA512
6ae7f92e801a8a2afe3c90543933d742978b19140ae595690ba6a2ab65a4f6c0e638bc6dcc6b0fd3f6463c81c1b5b000184929492da983be0abf8b176fe8c7fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
91b706469d18e8e2d74aa32c5a5f2c84

SHA1
57381edac706736bc1ba24f377ac56e612527c13

SHA256
9e8252b4b60471700a463ff2265fa5fd207f75c43ba3c83c4324b6d7cd7ac1ae

SHA512
768f688c14e24b5cb9048a3e3dc247578637706caa9f9f7fa013485199a2d068a9e6c444db6a86f57a6a67ed8e06c5eca4723e55bee20a79df97bd10bd406f4b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fc701e2769b32dde98198907d5325228

SHA1
41708bb25e1990b85490c0546320f9a65a1f76f0

SHA256
0cc71cc56838ab97ce4d96c94fbc7fc281afc2037651e1f7eb7a8716ccea6558

SHA512
c1d178d55e4729c02826aefe59a1da5ec2070efd885cd9b6a65afb9bfac8f696ea3c8d8b175938966862810ec2781c4eff9f83c4e6d835dd7ab81508cae58627

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
feba81b20df97724f1401f63e8c62dd6

SHA1
e33db8727bf958a562ab236a8f30cfcef3b14c8f

SHA256
beeae86e9ebb3e5c2bf86d83074cf956c9c58cd595b310f1ac61d8cc4e5a09b1

SHA512
b58d70c839392c943a157b5474c7f846a7cd81582c16bf93802a1310c93efad9e0c6418098680fc9727aa03abdca2049b9f30e6819d6523d12061a026a235b3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
933c2b2488095c29a6c0eb8eab949b05

SHA1
2cbc14092ecf0fb6093277d60fb72ba4f59b740b

SHA256
9c2f52c957e078aaf927759b69a53980cf879b94ecd71a138aced3415e53accf

SHA512
9fa281f18eaea44d73159540fab275556a2c2e2ab5878824ad143a2303c489f94139032051ba2bfc17b60eaa8b1b498acad3355b9c2827e71fef003c0dbaf2a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
96968bbc5896e65120f3d64e4e24f913

SHA1
6d3cd3c0e66552f9021869e8e357e843fb87488e

SHA256
c3922d7560b9c5be1774a8b3db01c8f0012bac10c466dc866828c2e955638cae

SHA512
0501ade06ced07208fe17e0bc953874ed815901f20d62798d74a742540d85e1d4ddc10699b54758a085e653557ed9b97058c28d38249ebde21b55002c378ee22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
242B

MD5
c4bb27079f041b96b86f84d00a75ba2d

SHA1
65273d0963e7166f7977298674ab2be0493f84df

SHA256
1107bf1c013f4336db030d410829b240cbd3a97f281cd31238ec623e44a8e1cd

SHA512
43f05216b3cf6a2851381cf4b9a443145fd2b1d9bd455a501f20c219cad04d100b4199595ff1aeb612d9405a4fc96fa48bf0936be6c0840d6503c5dff3dcfcf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39GEHZPO\script[1].js

Filesize
96KB

MD5
bfc517188e31c284e6f920185ef9581f

SHA1
dc44e4b0baaa94841eaf301191236605e05aac26

SHA256
2cb9e929560926259750c4d840710fbf0a7d2c8da9a9a886ee478bc362829e7e

SHA512
d3f98cf4d1b282d8d673320910acf320de861f363f522dcb1ff7720575c0d80ccd8eda85acbb5ec9867f98010ab9c0e07f2a3dc08d5f0ad0ff1a4f3f82f048cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD6A.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarFAF.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2916-0-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/2916-970-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/2916-1192-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/2916-1307-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download