d847f684603327e478cad6f3d91fe7a1c71d9b95178542d4a1a325ccf1e7ef1d

Analysis

max time kernel
57s
max time network
62s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19/07/2024, 16:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5cc3df5fd115f5abdaba74aaf9c3d20b_JaffaCakes118.exe
Size

488KB
MD5

5cc3df5fd115f5abdaba74aaf9c3d20b
SHA1

c65b073a7270ecfb863e84df9f4a384ce14e3747
SHA256

d847f684603327e478cad6f3d91fe7a1c71d9b95178542d4a1a325ccf1e7ef1d
SHA512

97fb7de21341e7e8216dab72ebec1acc642c6b1825cae82129aec38c17dce9c73364e12e12fbeb027ba3673588b4fa2016cc947acacb7dd90dee93ab54e4561d
SSDEEP

12288:5NR4chH/PbNxXNtUQ8hiGumBN56Hqitf+yLvYKmL/MM42T:lnpxIRiBmB/6ntLwL/MM42T

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2164	5cc3df5fd115f5abdaba74aaf9c3d20b_JaffaCakes118.exe

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2164-0-0x0000000000400000-0x000000000051C000-memory.dmp	upx
behavioral1/files/0x000d000000016d89-172.dat	upx
behavioral1/memory/2164-201-0x0000000000400000-0x000000000051C000-memory.dmp	upx
behavioral1/memory/2164-202-0x0000000000400000-0x000000000051C000-memory.dmp	upx
behavioral1/memory/2164-203-0x0000000000400000-0x000000000051C000-memory.dmp	upx
behavioral1/memory/2164-206-0x0000000000400000-0x000000000051C000-memory.dmp	upx
behavioral1/memory/2164-207-0x0000000000400000-0x000000000051C000-memory.dmp	upx
behavioral1/memory/2164-208-0x0000000000400000-0x000000000051C000-memory.dmp	upx
behavioral1/memory/2164-209-0x0000000000400000-0x000000000051C000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	5cc3df5fd115f5abdaba74aaf9c3d20b_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2164	5cc3df5fd115f5abdaba74aaf9c3d20b_JaffaCakes118.exe
2164	5cc3df5fd115f5abdaba74aaf9c3d20b_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5cc3df5fd115f5abdaba74aaf9c3d20b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5cc3df5fd115f5abdaba74aaf9c3d20b_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ish259540392\PIE.htc

Filesize
32KB

MD5
1997baeb3fa434282acab0f58d39547a

SHA1
0f7aa5344b5f41ab364433c5082b1d9b664455d8

SHA256
64bb2fc6dddf44d381cf5cf05c0a95814edb628ee9a41898d36286587995fb6d

SHA512
2bf15c2810e607ee6da48bcca19df7b27f1c401af5089e3dda18534e42658ddf4fe616da3d81827f703c2b0c0a31b83622468da6928eeab11d5ae487fc56b88e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259540392\bootstrap_30021.html

Filesize
156B

MD5
1ea9e5b417811379e874ad4870d5c51a

SHA1
a4bd01f828454f3619a815dbe5423b181ec4051c

SHA256
f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a

SHA512
965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259540392\css\main.css

Filesize
4KB

MD5
e23ee364a7504f2544c8f9915b7e4ab4

SHA1
ad22fbb4fae0c223f45e0f1f9eccde129e3bbddf

SHA256
6c0044a1e994764d5b308966d9f04599700c2a979f30f863b47386645a6a6b41

SHA512
f7b64120378f36eb24f90a1cdaa38bd5a3c982112637d154902b225c151deae85cd427fea4855625c4c716fe0d7e18b627eb693dd79b942065c326a9b4fa8140

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259540392\css\sdk-ui\progress-bar.css

Filesize
506B

MD5
5335f1c12201b5f7cf5f8b4f5692e3d1

SHA1
13807a10369f7ff9ab3f9aba18135bccb98bec2d

SHA256
974cd89e64bdaa85bf36ed2a50af266d245d781a8139f5b45d7c55a0b0841dda

SHA512
0d4e54d2ffe96ccf548097f7812e3608537b4dae9687816983fddfb73223c196159cc6a39fcdc000784c79b2ced878efbc7a5b5f6e057973bf25b128124510df

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259540392\images\back_new.png

Filesize
238B

MD5
208fa03c36ba27e49959aa1f7024b4d0

SHA1
cf6d12d2451e7476c775e7dbe34b27ed72520bff

SHA256
76d5bee9d9cd6e3aa2ea772f1f74c6a4ee1f3fe4c620a04118a41e68bc03e28c

SHA512
9dd009eccec1a43afa4f4e4a06016fd9aebf6d67fe1decd5541c53c5e36f4011bb92dbb07669f634455f93f8226b7d3f09cd7e758e9614b39cc0a1b724acd885

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259540392\images\background.png

Filesize
33KB

MD5
072e308cd22b70d7e24ea5561ac722a9

SHA1
c0afe32d3b001bd056f0b4a23c35bf11894e41d0

SHA256
74cfadb1c8beb4890bf8b2ea3f1ffd110e085fbe3235b20a66bd34c33a891a8a

SHA512
3c5ab3fbc866051efdfdc2d02caec60dec3886e124baa14b2f66b0564e5008d0db9f63df1b580f81dde74719502764f238675ac70f00a980d82efc7be88b9186

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259540392\images\close.png

Filesize
365B

MD5
69749961b3a71a1d4dea77263085d89f

SHA1
f6772a2deedf13860a0e2455c79ea8ea7659af41

SHA256
2b70a1fe0d47f3b744c337af1c7803b771b08608de16ee665403e82374f9cf31

SHA512
a34cca02d3c3cfe84d5ef943bd95671fcc6461b206e11842bd298c82149110a5a28ac325323511bb2c4ca7d0b0ecdbe3a2c78b8cbbe6207359694ef373459129

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259540392\images\finish_new.png

Filesize
580B

MD5
036219c6bedfca7791e4190fca5b89bf

SHA1
be8c46e29016bd1864c589f3c8515549b793b16b

SHA256
f8a9b01babc78ea09ef06e90fc6fe7892387be23e5798a1ff68d34fa345f904f

SHA512
9d4b1189f8a5ff007109c6ddbc45bc701518ac621f5e70a77c06140ef58156269eba456924adeeaaa02723b3eade9a4a821d49ecf7306760ffaa8872838f3898

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259540392\images\kav.png

Filesize
680B

MD5
22effd544a7be3aac48d83cbb13edf29

SHA1
9d0d99410071ce26de41d2bbdd6eebd26116b00e

SHA256
5db2cd9944416771718250fab2ed13be0fbbc2e528a41594dc78f5df73afef35

SHA512
dec99d85da9c49d4387f5cc181bfb88a3a28b154239fe160237e02a666a5857d8898db7a852157c4b9a857749d7e0a4afd239f18aca95ed1aed34c2d49aca2a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259540392\images\loader.gif

Filesize
21KB

MD5
360281e85620142c3329848262da263d

SHA1
032ae1e422af859d78d172e918573fb0f55318de

SHA256
6c7d0d5402ebcf34cb6280473b4dac5966aae2a4bdadf80c796245663e2d9b55

SHA512
48ea37754839abce73898d29c6cb1ede20ac980dcd0b8c0f1274a690ea0bb44659129aba7581bd473ab7a735b7b9d08d6d041973bced4fe3fc0b70b3a73ec2a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259540392\images\logo.png

Filesize
5KB

MD5
149c8a3eecfbcafaf39631abc076ad30

SHA1
8661c38d41b2dc7dfc80ae39c3dcab404540a81a

SHA256
8960ab839929ee9910168247f941988fca7852f57f46cea0c1b2ea040c5ac5a4

SHA512
60b97dfb26ea195a2e901522dee8ad894d5ae0c812c6d5b42b381a3c9c762b4da5baea173def669ab22ae5ef2b907a4400b9f566269586d028be00bfac80bf53

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259540392\images\logo_small_new.png

Filesize
3KB

MD5
eadb5b5b31a38b073b170bc5a435069a

SHA1
99ae9ecf5d4379f148736afb77be5e799a482a75

SHA256
ad0373886a7513a4d5504fc97518db54e582f2d6e1e5a08a67709921915f8097

SHA512
1f54cbb7320e7fa5902c435fe622b750ce9af141a5f3d6522f2208ee3929a3d88bbd00b879c0a0b288d739296829e1de3034dd2e973a52e30f80b2f26784b5b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259540392\images\next_new.png

Filesize
564B

MD5
684ea38641057726b7d9f78fd4976198

SHA1
2a163dab8f61967cc7bb23dbe4cacf5d2a624307

SHA256
4a99f1dcbfea042dc6ab7fa49cd4afc00f9e5cd61ddc501c02948c7d54556d5d

SHA512
8f976b330edd49cd2d0b914da330f9fb9db9481571ee20beca6dd15308e9c85b83122746538bf4072b9e2be6d32c257443c464616fc1855017d19d009002a80b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259540392\images\progressbar_new.png

Filesize
581B

MD5
b1ce781bd06fec40736f87fa1c7adc20

SHA1
6201ca8019c53dd008229bd13ac3f98d37b3b1bd

SHA256
a6af10b6d0a8889edf25d77e16f78394a8b0f082a584f17068f6bf776bd174b9

SHA512
9f51fb3514a9098d66f341503f6ca7602d008f45ec3e909f8111275b01c094cc0e8605cdfd429028900454204f235322684650e3e8720a699fc69f8dad923c1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259540392\images\title.png

Filesize
4KB

MD5
f2f254444b01b8ce1536543f96bcb4a4

SHA1
a310f10b65d777645ec69eec580a66808b10a2c5

SHA256
befeaf2f4e4da502e802549247c9c26ed88f79d9a503aabc86ba3c82655e4976

SHA512
7d8ded9f84303e57d41104d11c0794228bbe9e6810c7fc759666c3f3896545cddf236b847a7e13f5af503de21861ee08760d5682e7f040e62fe6b2e5e5cb5de9

Download Submit
\Users\Admin\AppData\Local\Temp\ICReinstall\5cc3df5fd115f5abdaba74aaf9c3d20b_JaffaCakes118.exe

Filesize
488KB

MD5
5cc3df5fd115f5abdaba74aaf9c3d20b

SHA1
c65b073a7270ecfb863e84df9f4a384ce14e3747

SHA256
d847f684603327e478cad6f3d91fe7a1c71d9b95178542d4a1a325ccf1e7ef1d

SHA512
97fb7de21341e7e8216dab72ebec1acc642c6b1825cae82129aec38c17dce9c73364e12e12fbeb027ba3673588b4fa2016cc947acacb7dd90dee93ab54e4561d

Download Submit
memory/2164-175-0x0000000005610000-0x0000000005620000-memory.dmp

Filesize
64KB

Download
memory/2164-0-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2164-1-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2164-201-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2164-202-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2164-203-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2164-204-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2164-205-0x0000000005610000-0x0000000005620000-memory.dmp

Filesize
64KB

Download
memory/2164-206-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2164-207-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2164-208-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2164-209-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2164-210-0x0000000005610000-0x0000000005612000-memory.dmp

Filesize
8KB

Download