d85777cc02153af29bc14cd8d65e8604b758f4dea94054163ea8d55ec8066dc4

General

Target

64e387ea3f640e430c0633918035f5f5_JaffaCakes118.exe
Size

1.1MB
MD5

64e387ea3f640e430c0633918035f5f5
SHA1

ea49d7132f01f6a5a04a5d25d8c83cf47b219f39
SHA256

d85777cc02153af29bc14cd8d65e8604b758f4dea94054163ea8d55ec8066dc4
SHA512

71072137422adc218d747c6191d9e0ca6a5f4dc72d1a71d36e87b359a0948e067b0c86839e1b0f771abf5b5425facb15e001aac27a854078ee3be600114314b1
SSDEEP

24576:IonDXPWboTOTHgPlG8PVJ4peJHnor08YNVdKg/kkkWw0KcI:IODOUT8Zk3o0dKnR

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\PROGRA~2\is240617562.log	64e387ea3f640e430c0633918035f5f5_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4616	64e387ea3f640e430c0633918035f5f5_JaffaCakes118.exe
4616	64e387ea3f640e430c0633918035f5f5_JaffaCakes118.exe
4616	64e387ea3f640e430c0633918035f5f5_JaffaCakes118.exe
4616	64e387ea3f640e430c0633918035f5f5_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4616	64e387ea3f640e430c0633918035f5f5_JaffaCakes118.exe
4616	64e387ea3f640e430c0633918035f5f5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\64e387ea3f640e430c0633918035f5f5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\64e387ea3f640e430c0633918035f5f5_JaffaCakes118.exe"
1⤵
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ish240616734\bootstrap_56130.html

Filesize
156B

MD5
1ea9e5b417811379e874ad4870d5c51a

SHA1
a4bd01f828454f3619a815dbe5423b181ec4051c

SHA256
f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a

SHA512
965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240616734\css\main.css

Filesize
4KB

MD5
b15ded8300679f3856ca6cddeab9ae00

SHA1
2071438ecc3666240436bb181278e534d51e7f74

SHA256
fdb71f5dd4d3a12536a82120c2b29a646bea8b7ba9fadc2dc707fa12916a5951

SHA512
61a43da805fab94a1f139d88b85a6f19cc8dd2ab547266fa105edf7342b88bf504c6c75603179814e5d7af7f38c8a927ead236097ad61ae155d1e4cdd4f57ec8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240616734\css\sdk-ui\progress-bar.css

Filesize
506B

MD5
5335f1c12201b5f7cf5f8b4f5692e3d1

SHA1
13807a10369f7ff9ab3f9aba18135bccb98bec2d

SHA256
974cd89e64bdaa85bf36ed2a50af266d245d781a8139f5b45d7c55a0b0841dda

SHA512
0d4e54d2ffe96ccf548097f7812e3608537b4dae9687816983fddfb73223c196159cc6a39fcdc000784c79b2ced878efbc7a5b5f6e057973bf25b128124510df

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240616734\images\Close.png

Filesize
1KB

MD5
4ef6e91354d224e69fa27c23aa112292

SHA1
160bf79483349dd4b5ccb24858572fc04359b24c

SHA256
7092ec0f32de0a657a750c0716824336c87abea594b6cb93e8a79be117a73717

SHA512
3243f895b3dcf3bae51a8566f0f8679cc1ff45bba74c3255fc23b6e87136309f7867c0f1d5fcaec07db1d95aa077a51b535d348aed1964b383a3e8b37ceed378

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240616734\images\Color_Button.png

Filesize
3KB

MD5
c3f6147ef2d96abdc3517c6bbfd3c07f

SHA1
b0bc49daae30ba111d3c38f900548ba3134c26b5

SHA256
626ba27c3fc8ebaf376e97976f7939782d7448baa75e4f043e1044886cc9452a

SHA512
c949d238c20dc9a6a408d6f3e8dec931325ebeaa622c7767aedfc17be2140cd00cf524454975f9ede6e36ceeb7833d249a6ad53fe793d203001e66b2e7a84152

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240616734\images\Grey_Button.png

Filesize
2KB

MD5
c43d97f4287e8116d4bbc057354addec

SHA1
0976b6581373b463d7b3f5a037dfba677f52867b

SHA256
aaaef948b36d66926ab7c2fb794d827f05cd0841dd04d37924353a2c35c0a9b4

SHA512
6d653e3f0ec4f43519209e71919608d964570e46b638351b181b5c1937913112abeaf5c3dc9c9e5ff28e436f528989b82081cc979a8ca022f7f5451f0daef1a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240616734\images\bg.jpg

Filesize
20KB

MD5
40fbbf98b21a44ed47a844c340e52413

SHA1
1dd83e08cf48e310ea8f4539d943506b43418931

SHA256
73edd8528c636bb132d3bfefec6be4ce69bcc159b0fe77760fcfe9e9131c930c

SHA512
1e702d02dd7aca482f7b2d8559970d62af680e53faf0a316368a52a6b93e3be8f9e685a040df0d55591d3af723dd8eae3497f6d2bfe3daf44c08add6dda0bf86

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240616734\locale\EN.locale

Filesize
2KB

MD5
d847564eb2951ef8900b098528883ad6

SHA1
01d19ae88301d965ab2c2b80e0fba5d0f1f648fc

SHA256
deaf1e77cc85a3b867d00ad32398f2c612c27f14787b3e8d7613b5ed69be9deb

SHA512
641a6d83293abe80730dab9879a36532ea07560115c94e10609119fc47ca804f97997e6b163b8c0341c099f96c256363714c69ec62e5f748b7c579e2344b6fcf

Download Submit
memory/4616-118-0x0000000000401000-0x00000000004D4000-memory.dmp

Filesize
844KB

Download
memory/4616-124-0x0000000000400000-0x0000000000516000-memory.dmp

Filesize
1.1MB

Download
memory/4616-116-0x0000000000400000-0x0000000000516000-memory.dmp

Filesize
1.1MB

Download
memory/4616-117-0x0000000000400000-0x0000000000516000-memory.dmp

Filesize
1.1MB

Download
memory/4616-0-0x0000000000401000-0x00000000004D4000-memory.dmp

Filesize
844KB

Download
memory/4616-119-0x0000000000400000-0x0000000000516000-memory.dmp

Filesize
1.1MB

Download
memory/4616-120-0x0000000000400000-0x0000000000516000-memory.dmp

Filesize
1.1MB

Download
memory/4616-121-0x0000000000400000-0x0000000000516000-memory.dmp

Filesize
1.1MB

Download
memory/4616-122-0x0000000000400000-0x0000000000516000-memory.dmp

Filesize
1.1MB

Download
memory/4616-1-0x0000000000400000-0x0000000000516000-memory.dmp

Filesize
1.1MB

Download
memory/4616-125-0x0000000000400000-0x0000000000516000-memory.dmp

Filesize
1.1MB

Download
memory/4616-126-0x0000000000400000-0x0000000000516000-memory.dmp

Filesize
1.1MB

Download
memory/4616-127-0x0000000000400000-0x0000000000516000-memory.dmp

Filesize
1.1MB

Download
memory/4616-128-0x0000000000400000-0x0000000000516000-memory.dmp

Filesize
1.1MB

Download
memory/4616-129-0x0000000000400000-0x0000000000516000-memory.dmp

Filesize
1.1MB

Download
memory/4616-130-0x0000000000400000-0x0000000000516000-memory.dmp

Filesize
1.1MB

Download
memory/4616-131-0x0000000000400000-0x0000000000516000-memory.dmp

Filesize
1.1MB

Download
memory/4616-132-0x0000000000400000-0x0000000000516000-memory.dmp

Filesize
1.1MB

Download

Analysis

Sharing