833e0e039fd3b6469e9c0cae9fb15d0375a43c7c989e5d80641cd3f1a8a07f64

Analysis

max time kernel
148s
max time network
150s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19/07/2024, 00:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

59c5467251302ccb41084aebeef7b8e4_JaffaCakes118.exe
Size

592KB
MD5

59c5467251302ccb41084aebeef7b8e4
SHA1

240f1d53d124ad6fc87c40fc029148c626b041d6
SHA256

833e0e039fd3b6469e9c0cae9fb15d0375a43c7c989e5d80641cd3f1a8a07f64
SHA512

ee3e534f73c550ef9646729cba54fa5dc19bfda1c7538cc22b21c4b5c4edbe2ca6034d1b08d6afe3db6bd506a25dee363e4db8dbe26748894386b380a7d00b7b
SSDEEP

12288:i4pecsd5vm0J4wgOS4S4x7c0A01G2yON1DUZ5sxQAvzgky1wKGW7z:iAc5vfCBTp4C0AJ2yONBUZ+VgU7W7z

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2992	59c5467251302ccb41084aebeef7b8e4_JaffaCakes118.exe

UPX packed file 20 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2992-0-0x0000000000400000-0x0000000000555000-memory.dmp	upx
behavioral1/memory/2992-1-0x0000000000400000-0x0000000000555000-memory.dmp	upx
behavioral1/memory/2992-21-0x0000000000400000-0x0000000000555000-memory.dmp	upx
behavioral1/files/0x000700000001a489-159.dat	upx
behavioral1/memory/2992-187-0x0000000000400000-0x0000000000555000-memory.dmp	upx
behavioral1/memory/2992-188-0x0000000000400000-0x0000000000555000-memory.dmp	upx
behavioral1/memory/2992-190-0x0000000000400000-0x0000000000555000-memory.dmp	upx
behavioral1/memory/2992-191-0x0000000000400000-0x0000000000555000-memory.dmp	upx
behavioral1/memory/2992-193-0x0000000000400000-0x0000000000555000-memory.dmp	upx
behavioral1/memory/2992-194-0x0000000000400000-0x0000000000555000-memory.dmp	upx
behavioral1/memory/2992-195-0x0000000000400000-0x0000000000555000-memory.dmp	upx
behavioral1/memory/2992-197-0x0000000000400000-0x0000000000555000-memory.dmp	upx
behavioral1/memory/2992-198-0x0000000000400000-0x0000000000555000-memory.dmp	upx
behavioral1/memory/2992-199-0x0000000000400000-0x0000000000555000-memory.dmp	upx
behavioral1/memory/2992-200-0x0000000000400000-0x0000000000555000-memory.dmp	upx
behavioral1/memory/2992-201-0x0000000000400000-0x0000000000555000-memory.dmp	upx
behavioral1/memory/2992-202-0x0000000000400000-0x0000000000555000-memory.dmp	upx
behavioral1/memory/2992-203-0x0000000000400000-0x0000000000555000-memory.dmp	upx
behavioral1/memory/2992-204-0x0000000000400000-0x0000000000555000-memory.dmp	upx
behavioral1/memory/2992-205-0x0000000000400000-0x0000000000555000-memory.dmp	upx

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\PROGRA~2\is259442423.log	59c5467251302ccb41084aebeef7b8e4_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main	59c5467251302ccb41084aebeef7b8e4_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2992	59c5467251302ccb41084aebeef7b8e4_JaffaCakes118.exe
2992	59c5467251302ccb41084aebeef7b8e4_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\59c5467251302ccb41084aebeef7b8e4_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\59c5467251302ccb41084aebeef7b8e4_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ish259441955\bootstrap_20532.html

Filesize
156B

MD5
1ea9e5b417811379e874ad4870d5c51a

SHA1
a4bd01f828454f3619a815dbe5423b181ec4051c

SHA256
f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a

SHA512
965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259441955\css\sdk-ui\images\progress-bg.png

Filesize
2KB

MD5
32a6846fe53388eb03be3ada2221297f

SHA1
1c1baec7b7fe7a420ccf68d3112384b44f8ba89e

SHA256
5c6d20c98c106bc6df49447b9939a90ba6a5e3c20d89ca0621677a7501bdb127

SHA512
79c4f3a72467b61c27d6e93415bae3fc61a9fde62aae4202ba8ed1de6328f5facc48092bfe57db70338a0a4b50f571d501eed04aed8b047d20aa28ee7446ce98

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259441955\css\sdk-ui\progress-bar.css

Filesize
506B

MD5
ca913240f3c5b51aa404ae23d8893a2f

SHA1
052090ca9b1e0c8f96a5b75258a6dd3975cd9227

SHA256
8f67635d39f2eda26c117cbc758a00766d7881d3bf6a605ec5b718c768feb7d5

SHA512
59dbd423086926849ca2d2c6039f008da51435b982565c3d6536e6b944485de31a1690054a3a71350d7c516c522bfa8993150a05aabbc8f952890eb15486246a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259441955\css\style.css

Filesize
7KB

MD5
a0acccb73307cf2b19d345623b6cfce8

SHA1
bd546a14add39d4f00f9ee236d790ba32a3d8218

SHA256
9da1f46d683e1f3cd6066bf07a4bf493b6a4a76c0e419088d987f6c9a7f91ada

SHA512
9fb9f1ba7ec4fd5c94472c80be11bac436961f88483465189245c0beecadca64f67bd8bed10c1012830613d86e496ac1ad3eb390235f626bb0ba86cb155ac7d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259441955\images\box-funmoods.jpg

Filesize
15KB

MD5
216b5d5163dd2cd1130395e2fd8f7299

SHA1
4c83f49ed808951bf3e40850f1a6e1f1e4274f72

SHA256
5616347b29ae2a1ad6673059c1b8ea294ffa54ee67ed23552b09caf7a53a4480

SHA512
8b9bc199823814ee46595c2e4b4d74a1b7ff20740a0acd02a4235d6c0714f94c6bcb39b2df496d3ee61555e0daf6f2aa97e6b4bc75c4a055c1f975bfeebbc095

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259441955\images\buttons.png

Filesize
4KB

MD5
2b5176fba35064ad131e0583ce558ceb

SHA1
493dfcb9f5b717c740dca2417e9d386f94bfc89f

SHA256
3f794e085c15e930dfd712ef91d6dd1f9c75a2119542b61aaa9b8a0604bd1aec

SHA512
131c151d8da89043903efc401bed2c791538bd2f981ed1087fca7f57e9bf368052d4842bb64d5f4ef1d4e2a253c5c8d2c9b419291c12b6037cf07db1a2d1f789

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259441955\images\logo.jpg

Filesize
4KB

MD5
aa1e90cb1cd9f486470b51b640e1552d

SHA1
648d7b772010b963e418e5397cae859934168698

SHA256
f284b2b6633c2eb73d9c44c56dd8c58d60449df5207c227fb7985a24c20b35fb

SHA512
484e2d0fe2a48b0c78d6b21bd6d39490c28d881892d82b3c4423f306622100a3680db49f3940f65ff91f117b5aa571579f54e9b767e5cdd8a09821f3169acacb

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259441955\images\x.jpg

Filesize
424B

MD5
ebb0d89df0631fba54dddc9460b3bd51

SHA1
2e99ca75ed7a7ac980127616d384f756b98a7679

SHA256
fa38da6097d666e324f2fddce393fd518ab144372003a3cbe6f3510df66935d3

SHA512
cb4a9aa605c663ff773249416ac0b0eef392b306bb4ae71b82e7df17ffa4d57201eca055d15cf2d501f4cbe7af68eb745b35f5bcdba8ca37b3b74028026b9358

Download Submit
\Users\Admin\AppData\Local\Temp\ICReinstall_59c5467251302ccb41084aebeef7b8e4_JaffaCakes118.exe

Filesize
592KB

MD5
59c5467251302ccb41084aebeef7b8e4

SHA1
240f1d53d124ad6fc87c40fc029148c626b041d6

SHA256
833e0e039fd3b6469e9c0cae9fb15d0375a43c7c989e5d80641cd3f1a8a07f64

SHA512
ee3e534f73c550ef9646729cba54fa5dc19bfda1c7538cc22b21c4b5c4edbe2ca6034d1b08d6afe3db6bd506a25dee363e4db8dbe26748894386b380a7d00b7b

Download Submit
memory/2992-189-0x0000000000401000-0x00000000004C4000-memory.dmp

Filesize
780KB

Download
memory/2992-193-0x0000000000400000-0x0000000000555000-memory.dmp

Filesize
1.3MB

Download
memory/2992-21-0x0000000000400000-0x0000000000555000-memory.dmp

Filesize
1.3MB

Download
memory/2992-1-0x0000000000400000-0x0000000000555000-memory.dmp

Filesize
1.3MB

Download
memory/2992-2-0x0000000000401000-0x00000000004C4000-memory.dmp

Filesize
780KB

Download
memory/2992-187-0x0000000000400000-0x0000000000555000-memory.dmp

Filesize
1.3MB

Download
memory/2992-188-0x0000000000400000-0x0000000000555000-memory.dmp

Filesize
1.3MB

Download
memory/2992-0-0x0000000000400000-0x0000000000555000-memory.dmp

Filesize
1.3MB

Download
memory/2992-190-0x0000000000400000-0x0000000000555000-memory.dmp

Filesize
1.3MB

Download
memory/2992-191-0x0000000000400000-0x0000000000555000-memory.dmp

Filesize
1.3MB

Download
memory/2992-192-0x00000000038C0000-0x00000000038D0000-memory.dmp

Filesize
64KB

Download
memory/2992-161-0x00000000038C0000-0x00000000038D0000-memory.dmp

Filesize
64KB

Download
memory/2992-194-0x0000000000400000-0x0000000000555000-memory.dmp

Filesize
1.3MB

Download
memory/2992-195-0x0000000000400000-0x0000000000555000-memory.dmp

Filesize
1.3MB

Download
memory/2992-197-0x0000000000400000-0x0000000000555000-memory.dmp

Filesize
1.3MB

Download
memory/2992-198-0x0000000000400000-0x0000000000555000-memory.dmp

Filesize
1.3MB

Download
memory/2992-199-0x0000000000400000-0x0000000000555000-memory.dmp

Filesize
1.3MB

Download
memory/2992-200-0x0000000000400000-0x0000000000555000-memory.dmp

Filesize
1.3MB

Download
memory/2992-201-0x0000000000400000-0x0000000000555000-memory.dmp

Filesize
1.3MB

Download
memory/2992-202-0x0000000000400000-0x0000000000555000-memory.dmp

Filesize
1.3MB

Download
memory/2992-203-0x0000000000400000-0x0000000000555000-memory.dmp

Filesize
1.3MB

Download
memory/2992-204-0x0000000000400000-0x0000000000555000-memory.dmp

Filesize
1.3MB

Download
memory/2992-205-0x0000000000400000-0x0000000000555000-memory.dmp

Filesize
1.3MB

Download