b5a7df1bce14af47db87f45e2ee5c2f53408d181da89d3490298e49714902a03

Analysis

max time kernel
148s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 08:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5b3e5a4a762bd6146956662fcccff514_JaffaCakes118.exe
Size

15.3MB
MD5

5b3e5a4a762bd6146956662fcccff514
SHA1

7997623f1389c51f1ceee1d770d0798dbe68b4a1
SHA256

b5a7df1bce14af47db87f45e2ee5c2f53408d181da89d3490298e49714902a03
SHA512

2ba9a2e77a02826c2596b44c6592d1b2021acecdcca279a7eed789c85025830449e17fc96bb37a00491d868aeef3506fdedb3765f3446122ddd4761eb1945a97
SSDEEP

393216:hsoBVadFvFHs3y27WLCGcfREM6i8PLOrznGez:BgdFvW3y2kCG+njTz

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
512	Setup.exe
3136	ISBEW64.exe

Loads dropped DLL 16 IoCs

pid	Process
4316	5b3e5a4a762bd6146956662fcccff514_JaffaCakes118.exe
4316	5b3e5a4a762bd6146956662fcccff514_JaffaCakes118.exe
512	Setup.exe
512	Setup.exe
512	Setup.exe
512	Setup.exe
512	Setup.exe
512	Setup.exe
512	Setup.exe
512	Setup.exe
512	Setup.exe
512	Setup.exe
512	Setup.exe
512	Setup.exe
512	Setup.exe
512	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
512	Setup.exe
512	Setup.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 4316 wrote to memory of 512	4316	5b3e5a4a762bd6146956662fcccff514_JaffaCakes118.exe	91
PID 4316 wrote to memory of 512	4316	5b3e5a4a762bd6146956662fcccff514_JaffaCakes118.exe	91
PID 4316 wrote to memory of 512	4316	5b3e5a4a762bd6146956662fcccff514_JaffaCakes118.exe	91
PID 512 wrote to memory of 3136	512	Setup.exe	93
PID 512 wrote to memory of 3136	512	Setup.exe	93

C:\Users\Admin\AppData\Local\Temp\5b3e5a4a762bd6146956662fcccff514_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5b3e5a4a762bd6146956662fcccff514_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:4316
- C:\Users\Admin\AppData\Local\Temp\__1907202485320\Setup.exe
  "C:\Users\Admin\AppData\Local\Temp\__1907202485320\Setup.exe" /install_folder="C:\Users\Admin\AppData\Local\Temp\__1907202485320"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:512
- - C:\Users\Admin\AppData\Local\Temp\{EFAAE4FD-9D37-483D-8972-CD9A0D097B99}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{EFAAE4FD-9D37-483D-8972-CD9A0D097B99}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A42DEFF9-64B6-4343-9278-192E95FB0570}
    3⤵
    - Executes dropped EXE
    PID:3136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__1907202485320\Setup.exe

Filesize
4.3MB

MD5
81999315f4fb6e6944ecd0caed8df5e0

SHA1
461b7aeed4f52c1af768bfe8255bc55dc3b92f9a

SHA256
33cfcc4b00a9b0177a0730ab2066479c73b2982fb2eb586d4566869ef16f3488

SHA512
ada361833fbe2a1ed5ead26656b3a12fcc9277428e3cdfdbf03520f1c135d22d95fac3c3d511962f9f471b7eb8bd4e47ac3b0a80ce19d8467f265f132ad6b3cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\__1907202485320\install_config\EULA_en-US.rtf

Filesize
36KB

MD5
170913eb75e572099659fa21ee58cbc0

SHA1
a397539234d1f85cda9f91cf290a903b10a4cfab

SHA256
8b2017669fc4d91ad2b7a61b880c5665afa3664f21303b9eb0cd7ab67e5230b4

SHA512
18f3eb7d72dc980c9664a1f0dca2ecb5abcbf18ff11562a0d73535c8184dfb1d116252f6fd7a2b3841598531354b7d3b514c867126d0999334b6d2d27808893e

Download Submit
C:\Users\Admin\AppData\Local\Temp\__1907202485320\install_config\build_config.ini

Filesize
450B

MD5
e88b85c437cf6d3ce4f6a41ed12195f9

SHA1
79c6ec5c24e82ae8043b35de983f05e7ebaaf6a9

SHA256
58431db0b05a85131b25df93a356f4d38c003d46c31a1c27f32a43c127426f9e

SHA512
6c0844aa29822b18be853338616567093e21ed6e3128e1aa842e6b66c209444f4fb20d1843837ae7a997fb5206c443cf630521c96599d7ec1a0c8ce81afdf3bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\__1907202485320\install_config\install.ini

Filesize
71KB

MD5
6aa4d761b9813235d8561b9506c1f702

SHA1
60b6b732ef2e60ad583a2e74744deb629bee0923

SHA256
b86379191a8b0bf2bc072d7d43f3c271a2c284f14bfd9e9d9a459d034284d429

SHA512
9216002a2b4754f7d1f323269492c5567702be9892fda9eac4e9a0846329b69065ff7048906f546c84493a92ab470cfd7443af083609bbd4d9b22ff1a9f8f2fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\__1907202485320\install_config\text_install.ini

Filesize
261KB

MD5
7bb7c2b530ddab7d027e3f11dab805d4

SHA1
7b7ffb29d507bfe5cec964b25647d5fa43861f10

SHA256
118ce1d87850aac9977e57fc46b6273e338fb1e2752633ba755e0ebc1fd8052d

SHA512
5bc464981bdcba16d01dc5d6060cca4a4933c342f69a41a0e174db6cab16d5cddcd6f4003a848ca5cb0573bcbcf0226ffaa7edfb384aac7dad322efa48806601

Download Submit
C:\Users\Admin\AppData\Local\Temp\__1907202485320\install_dll\MReport.dll

Filesize
77KB

MD5
6af99582a98d1fb6939d653a4fed69d4

SHA1
abf6532a93ab7f48bc4fdfed709f859a5357486d

SHA256
fbd457011226a038c972f5596b85309cb2b5a43e238d2c61890ebd0d0edc05a5

SHA512
bb1386a2d2373b4faab0eafd6d2be2f2378703aa4c5f4761c319f666a82b35e0739c7b4bec09530e1996a440a704cb9ad7bfec7b33782efa0e1df24c9328feef

Download Submit
C:\Users\Admin\AppData\Local\Temp\__1907202485320\install_dll\MoveIt.dll

Filesize
466KB

MD5
bdcf9eaed2b597d34eed93086c457e9b

SHA1
a96600869f190f01860f0bbeabcaf937e19a10b9

SHA256
8613fdd04bc6a8ae403bb80453eb15287a8604d377a6388cd844e4305fa2fefb

SHA512
4a7b1f5123c05a77ce8beb06f69c1fa1ae37c480c5b3cf8564f9ddaaaec530ad1846d5ae6d962afcd63abe4abe91a422052b9463be2ef0a17c7422bc9bc925b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\__1907202485320\install_dll\_CustomDialog.dll

Filesize
136KB

MD5
ce7492dd0e0df523ad1d5e965b1fc1f1

SHA1
9374808bc6f4cfbbe4bf6a13ad00241d1a6a2623

SHA256
f735aef8de2ff8f270f2aff58177318c8d5aa3f15f26e815c298065580ae8084

SHA512
2d513b13417152e9a24bc11e5d9c35904550e168ab8d546cc3b9e950eafd7a23d9b932fc02c1b8fe400f61b8e6f39479ed0aa0a23d4617130b6798b458d80826

Download Submit
C:\Users\Admin\AppData\Local\Temp\__1907202485320\install_skin\Generic\button_browse.gif

Filesize
1KB

MD5
5313ef393128200d60c4f4cf46d338b5

SHA1
dd83bd6c020cb774565faff0f67aa6316ef24ba7

SHA256
d4e514f8f243da1873ec37c40b38819f23c7f9d9b64bbded29540bdd602757ae

SHA512
4ee07a8b1246f5659cc454d494132fb7aa808a99d7f2fc7e358e556403e7948cff3ca13452a11137cdef0c0cf266f3b21390dc02d4e88806c95945ea0f3fe528

Download Submit
C:\Users\Admin\AppData\Local\Temp\__1907202485320\install_skin\Generic\button_disabled_generic_large.gif

Filesize
474B

MD5
5ea16b1e9c041d62c3d994a4d5436587

SHA1
d568da80352cb6ccae7f61054b9d4151ab64b4ae

SHA256
56ddad8209198099d65d37222b53b711b3b7c633eaf355e24788987f1f76677e

SHA512
fddb3c9eccdb750860e820207b8bed7ee86307d1f7da11d2569ec43baae2a9b37334bf9ef907661262cc52be766a77ef4e48eb38876271322d5bc4fb6a1aafee

Download Submit
C:\Users\Admin\AppData\Local\Temp\__1907202485320\install_skin\Generic\button_generic_large.gif

Filesize
483B

MD5
4bc62505dbef020bb1ec8d1821b75319

SHA1
92ca210bf8ba7ed67881fb770f84b3daadba52ad

SHA256
415d01fa4390053c7685d5d7ff248931c94981ad4bb553ef2a26e008ce8651bb

SHA512
872355a14c8a9944f76f030bdcecdf3140dd1682b0fceded4e6e189e6dfe5318b8a27212c4c0cbd63bd15088846265b699ec2792a78b22586f215e3835aa7972

Download Submit
C:\Users\Admin\AppData\Local\Temp\__1907202485320\install_skin\Generic\button_pressed_generic_large.gif

Filesize
474B

MD5
3c16ad1f48acbd2cbbeb5eee587a30ea

SHA1
a90dd65349663d28baf8e3f1fd1c9e5d717590f0

SHA256
748c9a0ca57b9a7013a38a3ea1297a564176960effdf13b02ca5ea91a47ec6d9

SHA512
65cc412a18f2dc9cdc6052c0d558b39a3ee0f1931aa9b61f416b385fe1e17479d66fada81583d9f1be3f4c7c7b26fc8ae469d27b46325ba903d989c59613eebc

Download Submit
C:\Users\Admin\AppData\Local\Temp\__1907202485320\install_skin\Generic\main_dlg_generic.gif

Filesize
80KB

MD5
1e17cac2e3c504ee0d0967573beea598

SHA1
e398b37ff542685e541bb271bd0d94b0c8ee8c62

SHA256
1dc5dc02f023d5b462030868699acac70daf78acecc75fb3860aa1b7a255c82a

SHA512
b3f3410e352f2545a74450a839bdefb84f9f9a67472e1241c83f21542f3640ce287beb8d9c063157294f42efe467832d1eeb16b59b0af936c27fcbecedc2e87d

Download Submit
C:\Users\Admin\AppData\Local\Temp\__1907202485320\install_skin\Generic\next_disabled_generic.gif

Filesize
755B

MD5
40072d82e48310e1f5cf811a9b316fc3

SHA1
ca08a91bacc355977475f22ba0f2a85b0ca91c8f

SHA256
63d700473097318a15f124af005c88c5e10611ff539d381c3d527a7b1f5e6d2a

SHA512
e1e8f75ee754124df3e15480e0946fc7c2920b0c82b89ec1de79ebf13b286840e4e19fca3d1a4f41d6111fd34c5490c272aa3807f7c0f65ab9db5e772bd163b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\__1907202485320\install_skin\Generic\next_generic.gif

Filesize
1KB

MD5
5be67dccf1662fe9b2213ed66f4a2ed0

SHA1
b22216da5dee6526a69e99f5f704078f5fd63b18

SHA256
c93dd89b9abd95c5c3b0fbc00a6156af44ec58eacbc5f70797964423c8901e5a

SHA512
03dd255679735e4031d4d1eeee6b4866833f1f0876cdfaf0ee1dcee5daf7f5d12de3dd46833b8a2a69a3b946585ddd2e79ac1502ec8b61781eacd5295aadc3d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\__1907202485320\install_skin\Generic\next_pressed_generic.gif

Filesize
1KB

MD5
8e62bb7038e6ef1ef7bde334861a05b3

SHA1
d2a29bf634e46fb596239560d6242a8eb2b1671f

SHA256
a5e0a80f75c7aec4675aa6cdb8479aa95b5d45f962c8b8ad1be6041062e9e25f

SHA512
4633b19073939cd24d16d48e3544ed0faacb3f70532ca50c70126082d197737033aa47ac0f3de18a624cc3767a9ddc02c26f7fc560e180a74575d42dafebe1e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv88C8.tmp\MReport.dll

Filesize
89KB

MD5
22c91de8e4517c4e8af2cf3ad50a7464

SHA1
e045d5158e108dac4de4365190dbd17ce5b65064

SHA256
5d06bca579f9a7c37d8e319d77db3781f081e11d977ba4689b2765d8ec631a8a

SHA512
8e465d74e95dd4fea905bb622a30a67608bbd0328234b9d03829c043463396aa0c53222e8fc5983d7824590345c377dc766e1dbd10a8a5cb848f396781f89d46

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv88C8.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8037EC91-790F-4311-89C5-447A6B971483}\Disk1\ISSetup.dll

Filesize
523KB

MD5
6c48e05107eb494620ab0dc96d3c5b80

SHA1
e6ced277de082bd8e2ccbfad7a1d5cd1e9db85ab

SHA256
13223e7fbeb3dac968de77e6be974a36f86dc07884cc0e80eabf8b817ccb4a04

SHA512
983e3d3012114af3da009c5d46ce467c7a9c6023766b54afe58137654bb5a1c1eda2fd1ff4b1902102e8315b80557efa58dbcf01641dde07924285bd015a196a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8037EC91-790F-4311-89C5-447A6B971483}\_Setup.dll

Filesize
152KB

MD5
5d52df000ef2e882bc50c6796b1db21d

SHA1
acf07ee55eb79411a17d0fe3923dc5d207603bee

SHA256
b9848f612246a8c58ca223960d6cd563f4f46574bd23bfe79c286115f9f5a59f

SHA512
b43f627bcdfa19ab6b697514a46ef2477d0616e5ef0b189cd09d804a213ee15dedad62a24a33cffe986afab155d3e266e6a1bf042c6266906e45077a43bd6d1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8037EC91-790F-4311-89C5-447A6B971483}\setup.ini

Filesize
445B

MD5
dd93ad63d9340fce6f1213dd80f00a2c

SHA1
ce1bc050e9733a14b5ab69a629be1cd60c80d276

SHA256
77e3d6a34c3e6491417cbec2a16df87bfd87ba2f4ed46ce83aa6e1066aba1836

SHA512
a5b8745b1c266a159a88a93b768144390df7ae06cc519f98793c776f25fb6facc0ef76bbe31ae6ad6583a351acbe09c6be4136e51359a6d2b23cd656656d5139

Download Submit
C:\Users\Admin\AppData\Local\Temp\{EFAAE4FD-9D37-483D-8972-CD9A0D097B99}\ISBEW64.exe

Filesize
117KB

MD5
21ba1ba092a4964c7353a8a1e902dfdd

SHA1
7150416612778da593270807e31ab4ad8a79eff0

SHA256
fe3483bf3fc915aa5d2d66551cce5dc010a670b1ca8ebada0572286833da6cdd

SHA512
68124b387d52aedda07f8fe1ee4bf5089614a4f4ce1b81ca022aacd5efda4ec8e3f84e8d14ec5ce3ffe69cf7648d0434f99eb9211dfa0201587749ea26984f8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{EFAAE4FD-9D37-483D-8972-CD9A0D097B99}\{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}\7z.dll

Filesize
838KB

MD5
66eaaceb487dfb71aaafc22fc8c69a16

SHA1
ee35a9847c12d55e6e4bcd9c739f087e5374cabc

SHA256
b7b8c95e0e45cafe7bad13778ac6ba056a8afacc005864b3f3d84eb6ef2c8abf

SHA512
91bb0dbe79cec46b49beeef104b5f194338ba395a728887d45e4ca8049f47ae6306b6d94fcbc0b41e5f43c2a287e3de582dcb85f31e8753baeb243957ba57f54

Download Submit
C:\Users\Admin\AppData\Local\Temp\{EFAAE4FD-9D37-483D-8972-CD9A0D097B99}\{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}\DIFxData.ini

Filesize
86B

MD5
10baa5b67536f4433f37534b9c8bb828

SHA1
82e5c34b1279afda223b639b49078d03c52875f5

SHA256
1b9fd5c1f18357bd459be20bfcbf47ee18fa0c5d5cc42f6aed2705d5868b65f4

SHA512
49c6798ebb3b6137cafb78b88350d02094367523dcf8f9e580de1941e514b8b3df786d1d817090e5dab80ac4d0d015796b2ce28b296db31d111e0d0bbaeebb37

Download Submit
C:\Users\Admin\AppData\Local\Temp\{EFAAE4FD-9D37-483D-8972-CD9A0D097B99}\{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}\FontData.ini

Filesize
39B

MD5
00f313e3e007599349a0c4d81c7807c4

SHA1
f0171f15aab836a1979d3833e46b5e59e4ea32e0

SHA256
766ee687d90b0217eb41cb85aca04375bdc24db986a33536631f864b7ce1a08a

SHA512
8bb25a62c0b1640dec36403a493ed54c05f7cde7b7357c8faea785a79c4b76bbe6a3d6fe78db52b558a37abac90c2b2e8b13868a76294554d51670e9fa8764ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\{EFAAE4FD-9D37-483D-8972-CD9A0D097B99}\{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}\_IsRes.dll

Filesize
119KB

MD5
c30e31b1c428da04fbb79fb296c8ecff

SHA1
b808a2acedea1b351b236e9b61467b456a7cfe1c

SHA256
f5b0474a9fd81d8e406a1c0d6bac5425e2cbee2811201e77496b6cd9d1f5e00f

SHA512
c2b2446414804e536925a55c1d0e4df071ee21a889ee818f0fa2ff032b7588fde0935a15587001ba375160b56e419228590bc3ebb4c0e4c9deea1fcab856071b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{EFAAE4FD-9D37-483D-8972-CD9A0D097B99}\{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}\browserInstaller.dll

Filesize
477KB

MD5
0aa4db1128ee3da21ea1fa1eeeb33425

SHA1
cff9f4987f881663df18369e519dac39a0e887d4

SHA256
6af4c8691bbe7e07e12e0845b5a739321daf4de22e91543a560c4a612e46817d

SHA512
9a73788b0d71e94d0314d6a3afeaecf268741cc43baeec6bd515cfa8ac2c151c2edb057d6375331ab2733418cd78c695e4e0f39f9624a0e29502e304d4a928d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\{EFAAE4FD-9D37-483D-8972-CD9A0D097B99}\{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}\isrt.dll

Filesize
216KB

MD5
da0ee712706f39781c460acb57b5430e

SHA1
724e8f6c7360f20f6028df1955cad397062c1501

SHA256
02ed64d11444ca1242eaa221c077a2f68cb2f0fcda0b934cae63ba89e38741d6

SHA512
1b00b9bc376f3ad7b1ecf8852efa60c8017f854812aff12bc5ff535d169382335842bc8b7f641624ed3b7673ed6180d467bfb50200cd24b156934a5d14f1d986

Download Submit
C:\Users\Admin\AppData\Local\Temp\{EFAAE4FD-9D37-483D-8972-CD9A0D097B99}\{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}\setup.inx

Filesize
367KB

MD5
a87a99c74f8003b05f7c2438f777f2e0

SHA1
3721b1217638072d1d9089287c7f4eb70356de9a

SHA256
0c57d7e7134b796a52b40e617b9d42b8adaf8664f8fe68a166100595363e2635

SHA512
d0c3a6d9b7136e563e2ddc6c8a69dbc39bcda5ceb9b87c2abfa311548421227ecbf87c0da29380ec0c762a1f3a92480b2e21213c8cd54203211aa0b18a848194

Download Submit
memory/512-1580-0x0000000002580000-0x0000000002711000-memory.dmp

Filesize
1.6MB

Download
memory/512-1577-0x0000000002580000-0x0000000002711000-memory.dmp

Filesize
1.6MB

Download
memory/512-1571-0x0000000005BD0000-0x0000000005C57000-memory.dmp

Filesize
540KB

Download
memory/512-1581-0x0000000005E90000-0x0000000005F1F000-memory.dmp

Filesize
572KB

Download
memory/512-1578-0x0000000005E90000-0x0000000005F1F000-memory.dmp

Filesize
572KB

Download
memory/512-1417-0x0000000002580000-0x0000000002711000-memory.dmp

Filesize
1.6MB

Download
memory/512-1413-0x0000000002580000-0x0000000002711000-memory.dmp

Filesize
1.6MB

Download
memory/512-1416-0x000000000270F000-0x0000000002710000-memory.dmp

Filesize
4KB

Download
memory/512-1645-0x0000000002580000-0x0000000002711000-memory.dmp

Filesize
1.6MB

Download
memory/512-1646-0x0000000005BD0000-0x0000000005C57000-memory.dmp

Filesize
540KB

Download