Analysis

  • max time kernel
    141s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-07-2024 04:02

General

  • Target

    76fa3163f3c12257a52d7078d5a8bc93_JaffaCakes118.exe

  • Size

    449KB

  • MD5

    76fa3163f3c12257a52d7078d5a8bc93

  • SHA1

    daa60d9e98d85b6242fc77c1498c9de7c81d4234

  • SHA256

    91d9b35792a4845e85d3a22ad46e08a28d6a7819dd30f8fb729cb4aa10605f85

  • SHA512

    6afc4f6518680f44ac131f0e2cdf9af766d27cb206e5db332204755c005b163d7dc2533bcb1bfa1d2834372ef8b466b1bc1c57e1846f111d0ecf79562243f191

  • SSDEEP

    12288:yGFP4rsBRjSLvxZqWPo3jTza+YoH34kc9dtjkvq:3Jw4iloja+Yp9dtjkvq

Score
7/10

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\76fa3163f3c12257a52d7078d5a8bc93_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\76fa3163f3c12257a52d7078d5a8bc93_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:3036

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\ish240614437\bootstrap_39060.html

    Filesize

    156B

    MD5

    1ea9e5b417811379e874ad4870d5c51a

    SHA1

    a4bd01f828454f3619a815dbe5423b181ec4051c

    SHA256

    f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a

    SHA512

    965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa

  • C:\Users\Admin\AppData\Local\Temp\ish240614437\css\main.css

    Filesize

    4KB

    MD5

    1d7b7d4b58ae79b4c4cadde36b409242

    SHA1

    e3531bb7b293dd813c4b1a5481e71cb40b0e316a

    SHA256

    3826a540a97d51774fe379434fd4044bbf2b3e31452e684e38f5da1d31f0d68e

    SHA512

    c17d99b298aa64861fdea1ec5440f16bb7aed282e232610d4440c050018cbaba2a6c88446e13cc610f8903c2b2f48c819f9defec0845ef6e23ffe72f9b13d8b1

  • C:\Users\Admin\AppData\Local\Temp\ish240614437\css\progress-bar.css

    Filesize

    508B

    MD5

    e1fcf8b6066af9a266ae34738ed5c000

    SHA1

    4d1079ccdfe311b77177bed54163c7cc73d7d1be

    SHA256

    d6021b1977f3c67cb78981b0b19be54d3a702bbc6c5320bb95b7226e69b5fe1a

    SHA512

    5412b3e83587086f67cc0a4b3b12f828d76b54954b47ff61a9fd6e593cee2a6207fc135c7159808c085a80ffbb7b089198b417859a44d788b4994b561a9f41ce

  • C:\Users\Admin\AppData\Local\Temp\ish240614437\images\green_btn.png

    Filesize

    485B

    MD5

    b570ea77375823be8510c0f27768ed62

    SHA1

    096ed270c93ad811039738b7fb53e05eaae7f4bb

    SHA256

    5fbbad89a2ab5257aacd3fd525d684443c5c4b07f2b47d58357091ce00ff743c

    SHA512

    3c9829c52521d537a530a9d695b48b67a33fe68e4ec7edc8cd09a7f1a989432ee33276dd9005c8c15d1aa5dddc7d23deea6a0213194a80363935ad702ac56cbe

  • C:\Users\Admin\AppData\Local\Temp\ish240614437\images\grey_btn.png

    Filesize

    360B

    MD5

    501821d95e958528fed4747e4190b39f

    SHA1

    70e3c15d3ce5853a67aa741ec701d3af307d7bd9

    SHA256

    562aade6e95f22e50010c9ff189c36bf4be9390fa4060a0bc2f1217119c84417

    SHA512

    0c45ab94c5302c8ee4ec52acd2a293c4d4993f7bc1834e9c46794b2db85fb4a845062f2d6538aba358e1b94d9dd4d1f370d58d8b9f5b46062ab8e9e06fa8e05b

  • C:\Users\Admin\AppData\Local\Temp\ish240614437\images\loader.gif

    Filesize

    7KB

    MD5

    edb71146254d3b8ebae18607e801398c

    SHA1

    8775027da6f6cc19c72d20c7f1615a01112e5d3c

    SHA256

    3e3610a947c3c6ced9971d16d4231ee3699f71f404894da4ce39090a8170c71a

    SHA512

    4eb29933fcaed8ad368309377bdcf69cb4e9f469d0c882d5ddd2fa3b0723d0ced29480ec024cab44b86b737351d49471d58601b121bb380079c5c696164f8d20

  • C:\Users\Admin\AppData\Local\Temp\ish240614437\images\main.png

    Filesize

    21KB

    MD5

    1a2ad75c0af449d5719473655ef5af04

    SHA1

    82c5ba738b9cd2508ea2d69da7985d586a4f0dca

    SHA256

    7fd43f4e80aac98a7586ba5fbe951cdbe19dcb99fd41471e9e6e73e1f79ecab7

    SHA512

    0db8650d8a272d9aaf0ecfe7077928ab771ffca575bc52d5c08b8c0797b77c3b60dbc0a7c7c39920b4ab98c22604d0ae43a4ccee12441c85a50e3da8402968f6

  • C:\Users\Admin\AppData\Local\Temp\ish240614437\images\offer_box2.png

    Filesize

    2KB

    MD5

    61f74251810068cb9edaeaada3c50d29

    SHA1

    3b779b8e723ca1e1e73ac534a2d415a18fb2db6e

    SHA256

    245213c4b0f5af429823ec4f0b9f3fcf0dfee92f049cf053b630feb4e4cefc23

    SHA512

    dda26dd5417150291c60d452724dc10881f888ec4717d0066b01845c0a5a97cec17149658cffce2f8a3c5ab642013d6ca462e1e8820bd383dfad51bd32c70409

  • C:\Users\Admin\AppData\Local\Temp\ish240614437\images\pause_btn.png

    Filesize

    982B

    MD5

    14b92cbe22ef5a31a5533d0ab114537e

    SHA1

    e428f1b0236f7a85faf045237a7cd29a305d936c

    SHA256

    a2226e2f7dd1ea319e49b1ff1d277a44b35a314ea6d32be1832e71ddebcc18ba

    SHA512

    b585c5852960d89726d97ddb8e757abe0d36bfb2b5c91a30885e299728d836a048c7a3c5b5e85fbd514e2217d547330d816de497f38204578d333654c8d19f6c

  • C:\Users\Admin\AppData\Local\Temp\ish240614437\images\progress_bar.png

    Filesize

    456B

    MD5

    26588a39e960e2f5ba70fc082a8f02af

    SHA1

    116b62c07995d60f9bfc492296cc9c5c5a1ad26a

    SHA256

    97210d3d0cbce804baef4efa6c2a01e52cbc30047d849d37201450455f45f652

    SHA512

    ee722e9b4bf56d154216ff1d3b2b0b5df5d714092da8741bb25e5c2deab239c20501da31d8d07c212eac5404a36a58b25ba74263c0a22aab7f430b429ae093da

  • C:\Users\Admin\AppData\Local\Temp\ish240614437\images\resume_btn.png

    Filesize

    985B

    MD5

    05e22e0225f53b69a44b443540c20324

    SHA1

    af5eb7ebf4f053b17d19a678ec84c329e632b2df

    SHA256

    139ff055cec5379c1b58b9b1eb1f205890c5464f58f86eee80f9bc938857705a

    SHA512

    1c754458da075e504f3463cb72d683b8affa553a39083a2565ebe2e664ebf3400546bc687e0058097d256f86f0cc538439178ad8ee0c91abaa745c1bf977dbc5

  • C:\Users\Admin\AppData\Local\Temp\ish240614437\images\secure_dwnl.png

    Filesize

    2KB

    MD5

    6f2b1f7689b06eef2d9c4e5e00b9ee2e

    SHA1

    bdb0b30006af53427194ea79f0615992cb84a99b

    SHA256

    a85622887fc7b035edf0ff9b7e296768cea04fa4a7dfebbd149e383837c96d70

    SHA512

    930da8f935f8a186a3f5ebb45a74872942cdaa4cb46bfdda0fd5fef589ec51364d6e43eb0173310642da8978edaf60662d2a78519d80fae3fe1bc23bc7b570d5

  • C:\Users\Admin\AppData\Local\Temp\ish240614437\images\welcome_prod_box.png

    Filesize

    1KB

    MD5

    93791bdb5453514a501ad84985b69824

    SHA1

    4fd167c14ddbc76472082c3c5adb37052c96d6c0

    SHA256

    0a771df975a8a733eed11854702075ac0858954fd322d7d58bc68d59792cfe7d

    SHA512

    e36729aa139cd63205e966231663fb9b1e69ab39a43c45d80244a81f8d08722e240f3d7af1acc6bb935830dc77946c00648971a26058ab0e14925259fbe330a2

  • memory/3036-0-0x0000000000400000-0x000000000050D000-memory.dmp

    Filesize

    1.1MB

  • memory/3036-1-0x0000000002510000-0x0000000002511000-memory.dmp

    Filesize

    4KB

  • memory/3036-109-0x0000000000400000-0x000000000050D000-memory.dmp

    Filesize

    1.1MB

  • memory/3036-111-0x0000000002510000-0x0000000002511000-memory.dmp

    Filesize

    4KB