3046fafed0a87fea9f52c5e82390590d4dfc995410a558f3f2a55732210147d9

Analysis

max time kernel
149s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
10/07/2024, 21:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

367e67ff2e319c45db8b9fcae7bab8a5_JaffaCakes118.exe
Size

854KB
MD5

367e67ff2e319c45db8b9fcae7bab8a5
SHA1

065d3ec1dcd008e9d6490af3d6f1cb23185b5518
SHA256

3046fafed0a87fea9f52c5e82390590d4dfc995410a558f3f2a55732210147d9
SHA512

2ed7a11c34d3d98cda28bb3b964b2bc5e2eb638e62d723593a7589785829b9cdbd1b4bcc33d25d6cbab9752b7a1808a58c1adb9eac6c5ebda9637947f366a61c
SSDEEP

24576:t3ERiCusoH2/JCpljs1yCG2LOOhDJhqIUYJ6aG:28Ch/JC3yy9JORFxJG

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "C:\\Users\\Admin\\AppData\\Local\\Temp\\367e67ff2e319c45db8b9fcae7bab8a5_JaffaCakes118.exe"	367e67ff2e319c45db8b9fcae7bab8a5_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TypedURLs	367e67ff2e319c45db8b9fcae7bab8a5_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	367e67ff2e319c45db8b9fcae7bab8a5_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1596	367e67ff2e319c45db8b9fcae7bab8a5_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1596	367e67ff2e319c45db8b9fcae7bab8a5_JaffaCakes118.exe
1596	367e67ff2e319c45db8b9fcae7bab8a5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\367e67ff2e319c45db8b9fcae7bab8a5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\367e67ff2e319c45db8b9fcae7bab8a5_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C

Filesize
579B

MD5
f55da450a5fb287e1e0f0dcc965756ca

SHA1
7e04de896a3e666d00e687d33ffad93be83d349e

SHA256
31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0

SHA512
19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C

Filesize
252B

MD5
1f27a11ad0863462918299541297e2bf

SHA1
5a7fe64f5843e84e54b1aedfcdbfe3a60fe45733

SHA256
9aac52353313c06bf4b950f9911649ff8ea90a4d494b709816c8a56f5f7805de

SHA512
071a37b134cfecb55c68af24fa2d00ad29d0301fd140786bac523e100fe68c1cc3d9ad78c9e40db0e7110f5fe9f0803ec8b3416d26215ff6114228d0724d9c30

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e80dc088041d38b13d44f6137fbd7160

SHA1
41ecc32c35505a778b38e394e34c605d33d7354e

SHA256
2b22c697f8b03e344185582658cfb212818fa5b896afbcfb5e3e01fc97b8e0cf

SHA512
d7d6254582eb2c0bb7e6ffd67fdff441fb1193ee0d7d766813e768961508496dd56c5934d00d4cd35ca220ae9b4487e25aae00285f6fe696275ae926bc94b11f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
371e8208887f171a553c42de43fec1c4

SHA1
42eb98faea067d0d5ea3b7e10260941512b88eeb

SHA256
cc80f1656db23bb9d40d7a2596f1e3b3108ae2f2e4eed26b3d8f26f812ecfff4

SHA512
1ef24fb2d37324ff84f36438949a3251a55f04456f2111148eeda3de4977dddded6607a98e492b9bc9ecac476c30709d136fe193a6e62656bc71187d28b1c055

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0d8ed9fb6e4168d96b338efb7301a184

SHA1
534ed12ed2ac5740220b2c2ddafcda9b7d6918bc

SHA256
4b776c391c94328c014c11e7645dbe954ec522c65d30ea96ded4bb8da0212c98

SHA512
f7142794ed489b76bf89c1357ed7ef7d9bde38140e3e245ab02b57f3465dee7396dd5aa6220b0a6559eb581b27f386773f08383568905babd9cbafa768422326

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b83f63f2611c079efb2e288a275fd51c

SHA1
0468621149b019244b29a883c5a9ab88173a14f5

SHA256
b2fec432c566adff0571684250d02b01bc6f4ebb1b664ecae6a02dd8e135f259

SHA512
9d134fdc1e8133721f809b3f1a2be6a785db3b997abee8e5a8a1c14deae49cce0101d6e8eb1d5326e5b016e80aed7ff544014c7598ac4f090bcced04e7396010

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
743147ac9981a2ed098b41d7afc4cdbe

SHA1
d1c3738bc6210788b4af5131218a06b7e223e424

SHA256
3a894b99088f5bd5296d6b3420bae93d4a9a40630599a73cc77723ed659cf662

SHA512
4506c08ff0b63b461e76b4bad17960134686223ce7fd302004e8c272d8c2397351f332e0348ba0174a1cff0a9cb2405642049abbefb68a08b50069851bf01677

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c34b17dae3011b9f76ff1f35e6bfef61

SHA1
58ad150bca078757a52d2d50263c2dc8ab81b17d

SHA256
ae17bc7f61dc4990e218333007e9d370e841f7ebbd4dc9a4522d56cf86ce9f82

SHA512
8eebe299a793b63d852a56dbf11d8a8f8e6c05bd169b6a367cae2442253c302d2cc90c3e53f69723eb221a98c4f9e8a82337fe6a0871890e6e7c98dd996e4211

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fa72c7b28243c2c59f006d95eee6099a

SHA1
202f081683b2e1835c86caf9540599dd5398f624

SHA256
5a8088e13f8eb292e091692b5d53be3a4e79ea6edca1b3fd5973a3fe55e3281b

SHA512
fd45c1f7534fb2917fcaf6e26e1a5101f20d2005757421d63b7ba09637e6501f04d7b98e3b8926296e945a1b2d90686ce1e8f42e68be3d5d0f86b22adb4073d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
931a77cc4badaae77b20eb2b99c13521

SHA1
643901d4473fde27c7463f1fc641cf98c981740a

SHA256
29b9c102a69230d003538f3528bc8e152519bde49443bb7af51b990ab31e0620

SHA512
18877243662bf3955eee7b696a1ebc8e484c0ec75c820d385593d11d278d1f4682194a3a20643d1266a378ae8aee67998ec55fe9715a3606f6d54e39da7eb824

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cee22d3f65bf9562debc16fb32839967

SHA1
ab8c6a5a28e4e5798fdc10be170c5ea8321796b4

SHA256
c5f3439d812e1a996120b60694e6897fa51fe394ede650554ff0e9d3d1b18f27

SHA512
b1a6e901f1b092655396b1022c99a77de46206944b8f27fac7c7174c1a11d69a61f453297aee7db5f6cf10944a9c8bb7b786bc5f0b95cfed64db41ffb75ce126

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4fda12a0e43e257461e6532b2f10b548

SHA1
db7cf60458a52ee655b4551ef30e53c5655d81b0

SHA256
b57d6ea6978058dcaeecb1a7fb181b55eeb9e9d367f6cf0d54c03ab0fda99cd7

SHA512
d5cf7d35383c51f49c4f65213b5810f581534398edca1d13ee88ec30c4c48520d8f08cd136b265f8d03a364f6a3e2cf7f700fe08969ea2bf6e2dcaa67256b1b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0b703b4d11d154d8eb0c4f805c0451f5

SHA1
ee939774ff2c77a468578849565d872c62158fba

SHA256
705e679b35563903e6356861ff74064902a35d78e9e9e6540e620bec47a1266f

SHA512
731ac24dbf905a5213cbba1f27f3c3e5b6f4ec4a4d1e60a4fd5a5afc301f1adacd944639828856587549d1b57dc05018ee6dad30a49b819880d5a6697be526ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d36541a957b508b866b0aa47b4e6e7ab

SHA1
720ff757f76814bb723aed774f50c4c91de0de54

SHA256
c16118f707b890f3fedb7967eb0354e6428b7b3e207803ff84ec12e01954299d

SHA512
49d0ca681a9d1e90b35a764368e23db67a15959fb1c2d7705b4e02065442558c23f13303d7472a046fd2ac8ecb4930db8de379e07a2a68bafd216505108da9cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4551dff3a9428587aa5a232d922e9cbc

SHA1
d0a463e0883e619bef1c2735afe8ea102402d5b1

SHA256
1d0b45b084574c32e780ba625fa4d0b0840415d71d9d1ac36204445dfe7b5b23

SHA512
b1c566993d45f5cce8d21c1ef8d96efc420e879e0f4b88a2b9194da02de5cd688d88913e473c3b3209049726100f94a65fcf9ff6f1985668d9a55b2a691e2b42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ee1237c41779a5861e8fb037fa96d5c3

SHA1
be262f1c76f5a0f07efc3ab08f3e4a9ec342dd1b

SHA256
e81f5321df6c1a395bc59f600d98f5ba91ad2668376a1d5772303223514fcd0b

SHA512
01f47225275bc646d1ce4bfefd50c7ba72d4f34f94eddd8d01b74e57642c37355a5a2538ea2f633d46220125a05b4ba1475fa3f8e615250f51b3fd9558ae84b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
391fb5f3fdb7924e5bafa87c63272232

SHA1
ea1b6929d8eece5fc73b88b3318ff747c8b521b1

SHA256
375ed8b84a200bed83be7c83d5aff2acadcd15866caa10f9ba60064e295104f0

SHA512
2a913a943f27a96b6ca820ff4f265fca25b163f829e478d202cf9fb27d659afc5b46293d9da82f0803746ed4155561c8eccb8cda858d029eadf77e12ac9632e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dde0b497a47d95495c123cfcd7ea5f27

SHA1
ea9597e4963b0f16aafbe7f1ee237787546c2b95

SHA256
9f4e5f43eb20b6557348eb5497815097ad2a69bcfa342cb0c772c4c631bb153e

SHA512
d1fa82bb14c90e0680ee421914f9018ff4f6e18d8288508d59cb9f7bf14d6beb4c99a5a72717ab75bdaab4184651f0182c4584db4ce17bd3f598b94a6261b1d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6a0c5e65bac8ebb1a783f2398dd6f2cf

SHA1
438804342449ab0a52bae6587de188ca3a9b5c12

SHA256
af62e8ae3724d1850c26046221d80e03f1e2e5802b85e407353234f81c975a8c

SHA512
f8ef4f5054ba4c9f2cb0b98491c01075de24f15563486d122a04ab73729fa58dfd3e6b9c921aaa74940300bbe709a9ea4bd1bc4be184a567b0189d1643d31ec9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a31dc111f42792b8c952ca664cfb1e24

SHA1
bcfefde1810a869b1ff4389bb19f2cd2b196497a

SHA256
9cbbbc81b0f5fc4e8d2f59d98305ebe94155a702dc32e0dbb4f317d1c3343824

SHA512
4351e8cf5b2d47d09e702c6d62804af567cc64af68b1c8497c94aba750d9480fc73260c5a66bb3eecbcbef25b3a13e5fcc820914654465bc8d42bc267dab0c0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bdbbc1cf6d3228e18567c00f734cf79b

SHA1
b7e4be2b79164381466c2833adac00ef18a06e21

SHA256
66c3b8c5bcf7af40f7b2af2020252b0da6f8c5cd96e6579974bb776a83cfb2f9

SHA512
8b34151d98e1d70695955e6dc51e369e805cc84de5c5c87917ed33500899e08a728dc82bea8b161a5d40a78a197bb97db0388a4df8caa3fd661688e383f45007

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
197e7d11a5018c35b1c5cc1f8b777fb0

SHA1
47347d2f2857a949c364932f509a53dcbf40caf3

SHA256
6d0442fcf09cf02c73bb1c2863e143dcdba8ed4a1eff8ce418594c019ee4a999

SHA512
d826d9751384d53b2764d60debab737e100204d5a5403e781495848ba0b817f46002336184e88277be8efe60b3dffe62c7224d175d70f8011734ad03ef2f9771

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a4e851a836ff4e16adba25ea613956a0

SHA1
d24b8a41d5f31e491deedabde6d1b07c5580a2eb

SHA256
810811d9a9e631e5e8d15f5908a406d292ca79124c11d5073aadc8f76be94d17

SHA512
fc8eea9fbf33c27f500ff03dc4e6a23fa19a94b743f9acde14f232833bb0aba287d0db867aaab0f06b28518c0242eb894bd95e86b7de499cefa522482cc79a41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ccafe44785ac1efae004c3563e14e861

SHA1
7743124f7ed9def361046612be5ebe236d3940a8

SHA256
1414c7963ee0e9f88a7006d2e0de55125be230d2d76d7c88ae637a8f49a4fded

SHA512
9d46f36a99f8aeb9a634fb8d7672b219cfd1a2bee09a3813661cf72e7c1a4eb725f7e3e23390d4ea9caa32558a25f5fd3568ea202a6c7f1552b9fc5c1c1d2e52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f682b0a68787f3b6913b6e06b868085f

SHA1
999e87816b4c19af594b458f2780acf01cd3982b

SHA256
4e830f4b5d5a3b634568900d792bfb917b70e555402a4618182da8487cb17722

SHA512
e0d3e0849981d546c9bbd67367af577509deef2ad9cf2d9eb0c44b3a2e89ab576c3187362ee75a9a3034905aabf21d4e39767302714118dfa2f50d9cd4797238

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
02c0201951cae467cb33f60749bac44f

SHA1
d9a2de77f53ca9fd0f8d0fe937eaa2886fe83461

SHA256
abc3d9ec9f21d77ef514ad60cae25fec2ed1ba8d18ba1b1b3d78d054c629fd24

SHA512
8040634341eb0b6fe368e345bb11579675e66b9287adf358ce26ff07d89948149869a29395902684fb5ac42a0d32a74a53ae88a09931e5caee8c725a79ce8db4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9A9C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9ABE.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/1596-1-0x0000000000230000-0x0000000000232000-memory.dmp

Filesize
8KB

Download
memory/1596-271-0x0000000000400000-0x00000000007F3000-memory.dmp

Filesize
3.9MB

Download
memory/1596-825-0x0000000000400000-0x00000000007F3000-memory.dmp

Filesize
3.9MB

Download
memory/1596-2-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/1596-0-0x0000000000400000-0x00000000007F3000-memory.dmp

Filesize
3.9MB

Download
memory/1596-1339-0x0000000000400000-0x00000000007F3000-memory.dmp

Filesize
3.9MB

Download
memory/1596-1340-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/1596-2024-0x0000000000400000-0x00000000007F3000-memory.dmp

Filesize
3.9MB

Download
memory/1596-2025-0x0000000000400000-0x00000000007F3000-memory.dmp

Filesize
3.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads