36f2dcb438230c686ceac2732c181b4fe4e316389aa4e7f60fc097dbe7861335

Analysis

max time kernel
150s
max time network
151s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
26/07/2024, 07:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

731fac171109a4fc22bbf32264dc7bb6_JaffaCakes118.exe
Size

973KB
MD5

731fac171109a4fc22bbf32264dc7bb6
SHA1

f64128908bbdfec6178020434f2540ee3444cf0f
SHA256

36f2dcb438230c686ceac2732c181b4fe4e316389aa4e7f60fc097dbe7861335
SHA512

50ae273c2c27b54f479d8b0f069bb58d8225f0083a659c0dad61ec99db5ed3836dc19cb746bed279b24df352e3ff87ab9ed7a4fe4b2313868b0d26f23102a5ab
SSDEEP

24576:jxngSq0fYOdCfLtkVPHAfePCU0p3G6BlN+Y:mSq0AOdCfLyeqb0p3PD

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1280	731fac171109a4fc22bbf32264dc7bb6_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	731fac171109a4fc22bbf32264dc7bb6_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	731fac171109a4fc22bbf32264dc7bb6_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1280	731fac171109a4fc22bbf32264dc7bb6_JaffaCakes118.exe
1280	731fac171109a4fc22bbf32264dc7bb6_JaffaCakes118.exe
1280	731fac171109a4fc22bbf32264dc7bb6_JaffaCakes118.exe
1280	731fac171109a4fc22bbf32264dc7bb6_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1280	731fac171109a4fc22bbf32264dc7bb6_JaffaCakes118.exe
1280	731fac171109a4fc22bbf32264dc7bb6_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\731fac171109a4fc22bbf32264dc7bb6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\731fac171109a4fc22bbf32264dc7bb6_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ish259450036\bootstrap_12931.html

Filesize
156B

MD5
1ea9e5b417811379e874ad4870d5c51a

SHA1
a4bd01f828454f3619a815dbe5423b181ec4051c

SHA256
f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a

SHA512
965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259450036\css\main.css

Filesize
4KB

MD5
e3ae0509aa0376a2627a389f69740c30

SHA1
9c742f2f3d25bc1451f83c236061083e1e539089

SHA256
2ec63efa76c011e5f68a245387503755ed2e443dcacdc2b5f1691d8cd3d6cebf

SHA512
90e0dcf052e068c146f9e185085ee59be44982388a69168df3353d8064e179f8fe909ce1ae531d836c5a20d6f42000b10f3c73f2284ae8bc3cd137a802bf2cc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259450036\css\sdk-ui\progress-bar.css

Filesize
506B

MD5
5335f1c12201b5f7cf5f8b4f5692e3d1

SHA1
13807a10369f7ff9ab3f9aba18135bccb98bec2d

SHA256
974cd89e64bdaa85bf36ed2a50af266d245d781a8139f5b45d7c55a0b0841dda

SHA512
0d4e54d2ffe96ccf548097f7812e3608537b4dae9687816983fddfb73223c196159cc6a39fcdc000784c79b2ced878efbc7a5b5f6e057973bf25b128124510df

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259450036\images\BG.jpg

Filesize
13KB

MD5
0ae5c4a36e6c447085d2051bc1d4bc38

SHA1
3fc87e9e5a44b43e06bb095432a31b2bf4004409

SHA256
bb5834d343a659e13459cbc079a2ee55a94506bf9df4aba70e0f983f95b94b64

SHA512
74458c2e87d4d702f911d22f9692279ec65da6e8025d5e792d85cac5cc067bc1d411261fbf81420fe0dc34418b40447faab6f25d73458a190da5b260166d8658

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259450036\images\Back_Button.png

Filesize
382B

MD5
52ab66dfe5006acc114220ffbbb747de

SHA1
1c2e043bb22504e6a8cf6246c8d48ae5c688b0ae

SHA256
cc215947b8b168b649a04963fc928a35725d1d7e2fa8a8ec11a606d76e3d193e

SHA512
bb7e340286f10b9ad703ab552ab8e647dcea047764d122a006ef53c11958255e52b2fd0f81cc05415960054d628079e8a1e77ddd668884bcfec1a3fbd6d38b0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259450036\images\Close.png

Filesize
532B

MD5
7f619f0da821ffcd74a39b35159233d3

SHA1
4d68bb475be68d22292310175b272a309bdbf3b5

SHA256
804803573c0c9349a124fd2fa44a65ce506a9363f34910fea61fe73e8c92b543

SHA512
001867263ef4f65c1f885560b4da95181d5154d6ea98c3d22c6d7b27784f7d81149362336af4c3ad3804ba5e468ad220cdbc30d631f5875458b3ed8f155c0109

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259450036\images\Color_Button.png

Filesize
834B

MD5
5dfdc73c6568710fffc79888d7577b56

SHA1
c62d473f0d17ed786d2b9ff2ce518190d93d3e31

SHA256
37a2cce9d8751070ffa3309906387e028fd0ac9ad7c47a34fc351cd4296652c9

SHA512
db9662af56a354d60d32bfeb4b8d04e878dc7e11cd09bed17a71b96ff99172f56d59f8182a5dbf7e4fdf7b58ab26f35658fca39298fcd2d8e3d262fa426aa3df

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259450036\images\ProgressBar.png

Filesize
957B

MD5
3e55bee464f83eead9de61b8729a8115

SHA1
ddfc23d3a5ccbd7c79adb4de812628a6e2393a00

SHA256
e6934a7a54fb28facd5c3c08b94b2b09ae3e08ce3654221fbbe006cf741ff69d

SHA512
df82d61be12173c5295bf3f718bf1772c85be75fba20a969eedb9fc88e4afea232ecfeb7407fbcc47e1dce223d885d187d1319a7e30dc04d5b1e1b684798e7e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259450036\images\ProgressBar_element.png

Filesize
148B

MD5
b08343ecf2853b6bba2f884ad75c5af2

SHA1
78b06a993e80b53434ce7f3e6ccb9e04c9a5f037

SHA256
527a2e104197e0b70bee31f33170ba7e08e0a89885e3fe459a1888e6a65c87e2

SHA512
4ac3080ada28480302b6a159e4b13b26c4fd8ff20423b1d903621a71c233b671c0e2954252e54443cc44eff754240abd23258c7d5b5331ed62c81530225588c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259450036\images\loader.gif

Filesize
10KB

MD5
57ca1a2085d82f0574e3ef740b9a5ead

SHA1
2974f4bf37231205a256f2648189a461e74869c0

SHA256
476a7b1085cc64de1c0eb74a6776fa8385d57eb18774f199df83fc4d7bbcc24e

SHA512
2d50b9095d06ffd15eeeccf0eb438026ca8d09ba57141fed87a60edd2384e2139320fb5539144a2f16de885c49b0919a93690974f32b73654debca01d9d7d55c

Download Submit
\Users\Admin\AppData\Local\Temp\ICReinstall_731fac171109a4fc22bbf32264dc7bb6_JaffaCakes118.exe

Filesize
973KB

MD5
731fac171109a4fc22bbf32264dc7bb6

SHA1
f64128908bbdfec6178020434f2540ee3444cf0f

SHA256
36f2dcb438230c686ceac2732c181b4fe4e316389aa4e7f60fc097dbe7861335

SHA512
50ae273c2c27b54f479d8b0f069bb58d8225f0083a659c0dad61ec99db5ed3836dc19cb746bed279b24df352e3ff87ab9ed7a4fe4b2313868b0d26f23102a5ab

Download Submit
memory/1280-124-0x0000000000400000-0x00000000004FD000-memory.dmp

Filesize
1012KB

Download
memory/1280-126-0x0000000000400000-0x00000000004FD000-memory.dmp

Filesize
1012KB

Download
memory/1280-118-0x0000000000400000-0x00000000004FD000-memory.dmp

Filesize
1012KB

Download
memory/1280-119-0x0000000000400000-0x00000000004FD000-memory.dmp

Filesize
1012KB

Download
memory/1280-120-0x0000000000400000-0x00000000004FD000-memory.dmp

Filesize
1012KB

Download
memory/1280-121-0x0000000000400000-0x00000000004FD000-memory.dmp

Filesize
1012KB

Download
memory/1280-0-0x0000000000401000-0x00000000004C6000-memory.dmp

Filesize
788KB

Download
memory/1280-122-0x0000000000400000-0x00000000004FD000-memory.dmp

Filesize
1012KB

Download
memory/1280-125-0x0000000000400000-0x00000000004FD000-memory.dmp

Filesize
1012KB

Download
memory/1280-70-0x0000000000400000-0x00000000004FD000-memory.dmp

Filesize
1012KB

Download
memory/1280-127-0x0000000000400000-0x00000000004FD000-memory.dmp

Filesize
1012KB

Download
memory/1280-128-0x0000000000400000-0x00000000004FD000-memory.dmp

Filesize
1012KB

Download
memory/1280-129-0x0000000000400000-0x00000000004FD000-memory.dmp

Filesize
1012KB

Download
memory/1280-130-0x0000000000400000-0x00000000004FD000-memory.dmp

Filesize
1012KB

Download
memory/1280-131-0x0000000000400000-0x00000000004FD000-memory.dmp

Filesize
1012KB

Download
memory/1280-132-0x0000000000400000-0x00000000004FD000-memory.dmp

Filesize
1012KB

Download