d67a6c9da79f97381e00e0f7dfd08b200d078aad75fda4997a205cadbf868439

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
10/08/2024, 18:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

87300a93077addad9c2afc27a90b0e4f_JaffaCakes118.exe
Size

3KB
MD5

87300a93077addad9c2afc27a90b0e4f
SHA1

28e436296e8af4c0b341a284120fabd2c55a3c5b
SHA256

d67a6c9da79f97381e00e0f7dfd08b200d078aad75fda4997a205cadbf868439
SHA512

7cc388bcfad958479f3f9c2fc48969e04ca1e4f55266c5a29628d7170755a9cf2766fa457d10472daf7611501af1fd1c9490809c1b5c417b8fe04e4f39d1ca25

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\paytime.exe	87300a93077addad9c2afc27a90b0e4f_JaffaCakes118.exe

Drops file in Windows directory 12 IoCs

description	ioc	Process
File opened for modification	C:\Windows\tool4.exe	87300a93077addad9c2afc27a90b0e4f_JaffaCakes118.exe
File opened for modification	C:\Windows\tool5.exe	87300a93077addad9c2afc27a90b0e4f_JaffaCakes118.exe
File opened for modification	C:\Windows\uniq	87300a93077addad9c2afc27a90b0e4f_JaffaCakes118.exe
File opened for modification	C:\Windows\kl.exe	87300a93077addad9c2afc27a90b0e4f_JaffaCakes118.exe
File opened for modification	C:\Windows\tool2.exe	87300a93077addad9c2afc27a90b0e4f_JaffaCakes118.exe
File opened for modification	C:\Windows\us.exe	87300a93077addad9c2afc27a90b0e4f_JaffaCakes118.exe
File opened for modification	C:\Windows\tool1.exe	87300a93077addad9c2afc27a90b0e4f_JaffaCakes118.exe
File opened for modification	C:\Windows\tool3.exe	87300a93077addad9c2afc27a90b0e4f_JaffaCakes118.exe
File opened for modification	C:\Windows\secure32.html	87300a93077addad9c2afc27a90b0e4f_JaffaCakes118.exe
File opened for modification	C:\Windows\ms1.exe	87300a93077addad9c2afc27a90b0e4f_JaffaCakes118.exe
File opened for modification	C:\Windows\toolbar.exe	87300a93077addad9c2afc27a90b0e4f_JaffaCakes118.exe
File opened for modification	C:\Windows\hosts	87300a93077addad9c2afc27a90b0e4f_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	87300a93077addad9c2afc27a90b0e4f_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\87300a93077addad9c2afc27a90b0e4f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\87300a93077addad9c2afc27a90b0e4f_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:2732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\40WV1DY9\ms1[1].htm

Filesize
246B

MD5
59e325e6b41a2fa61e8807ffa51bdb40

SHA1
5110c2776d4d991f0721f6e288808a41e268c2ff

SHA256
6d8ea0ab5926da5be8013564476a36acd7a9aae86744d81f88776e77da1cc0f6

SHA512
b74b52f35b400bcb87b4e748b20d9ccf2b8d6c4b8630d925c517b8ffd23c0c3512efe1dcafd59bae22ca8b0fb6f3afe395713818ab6966858ef34efebfb5fa3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\40WV1DY9\tool5[1].htm

Filesize
248B

MD5
942823f7a14790c53178e0ee0563eca2

SHA1
b98f2a3a237686248b9ca3a719e89e303733bd04

SHA256
15939c395d96e30d87d952411566e390b8b53809aec1afcd7987d36af835cd62

SHA512
8c7d7606cb7f5642c86e6bcb7a6d6b8fc92b5c289140218d7361e2c084699636b2a26efed495cdedba80fce2647e3978f4a5783e8b61dd23fd05c9bd1545cc14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\40WV1DY9\toolbar[1].htm

Filesize
250B

MD5
04bdae4a3f5a5555a5c322ee16e59a83

SHA1
c0ae69c4730c17ca1ced31cc440d08b25abaa867

SHA256
02402a0e0557813768f05e358aed0a0551aaafc38dc514c58f9ad800fcc5cf6d

SHA512
080278ad9a61f36d8b5aac5f2f2ba1aa4d26ee8c9a068d48e56ccf8e1c2d040e6ac148b7ef3a6b0739a57935607aef481ed0a2d7c2237587850b9358b9c7e1a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8B420DKQ\paytime[1].htm

Filesize
250B

MD5
4d7cda4f317c32b08a54878837564fb2

SHA1
4510554a8fd522b326e273cfc4d5618aff0575a3

SHA256
8fdd424de739d5834f8462cd1f8ef40bc505c15727bc36d9b996c5ba699b889e

SHA512
a7349b9a9fe1209d4e45e77093ed91ad300ef1e9934b692eb5489ffc89ad0ff6971f32741e5d77df7083e6d3434cd3a8baea3d8b3e9fe1ff73cd1fc488bdc059

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8B420DKQ\tool2[1].htm

Filesize
248B

MD5
92c7410d5afbe4751ad7d866e833f725

SHA1
f21f61ff0019629ec87fe9ff22d1e35c4b176a77

SHA256
ec3ceddf49b0f7bf6df2e6a4c84ef181f530f3b1fa336bd3acee1271f3922ac9

SHA512
e50b86f1916552b3c6d636dcb10f999c12d75acc6e438ec10d2b710864b7a49bd8d4aaa31ebaf9ee419c515cc576c9a84040264d0cfb0fa2b6d7cfcbb1842139

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8B420DKQ\tool3[1].htm

Filesize
248B

MD5
12c4712a38a043c99d627f8ecfe9c545

SHA1
3e738bdc2cfb6a6b1c9e4fc531bb507cd5710701

SHA256
5b503a28314a38f2420b9ce56f82919f2f9cc00e2247b5f5074424f45a3c71a6

SHA512
593e0c96ec4058d7507cb21040255b820c07fc5071a9d11e8f1e8c37b1b7e011be971e244424395bc80cf853b9ac357e3989f5eec33bc68e0fdde3042d4deedc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDDDRHWK\hosts[1].htm

Filesize
248B

MD5
c43745d662969ae616b7072fd30a673c

SHA1
b16f523919d31e68a0a0ee41cdb3ec5094f014fe

SHA256
28b971610a0a300f285431ed6e3da1c3271c82b840dfeaf3c117e1df78eeb823

SHA512
7661c830f5b1dd84e8ad24c767df43c7f748177581e2bbf12cb5bceeb38d7998d40579f3d70c945209095f9c7c75f10d6774ca36a3fd38ec52ba048ba60ed05b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDDDRHWK\tool4[1].htm

Filesize
248B

MD5
8fa91ae54c6d10470de5d0dde0b9663c

SHA1
fb12e6c0349bc530421afeb7d30c80d6f93a4c91

SHA256
8c51a13d17ee210c4866ffe7b4f0837a3755c99c5848f236739c5dd460ed2bb7

SHA512
fb729942ad94ceaaac600488db77651096361ca612397b5c5365f5a3687631e9d4b2585a8ea09b2d095cf6176d4a02a20d6f0389d457b90d80b5e4f06888b515

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDDDRHWK\us[1].htm

Filesize
245B

MD5
504c022f340d3a690190270966b33649

SHA1
a214719428280993c6557ac2ad40fb1af7698353

SHA256
338eec30219212b723fdc18ee0ec7ffc55c8fa583a5bb557d416135058e1f466

SHA512
8ac240864219f4c20d331ea41922e6cace73b9bf17287a722a3d880aff56d11d8ac49c35b4171c8b412ba6e1ef2e2030d45ad87b388103067fda775a42a3cb59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LW44N8OS\kl[1].htm

Filesize
245B

MD5
e35eddfc4abd195ec67144862a355019

SHA1
4260f0bb8488dbcfb393baf4c1dac163918aeee0

SHA256
3274065b87f64845fdcfef3a65a054cdee19367e533ba8071f5193929eee18b2

SHA512
0f70289c920416a675dc0bf22d83433631338ea189d445d6adb0349bbb315c1d2a7bff167add10431704455797564dd503d4fb73b204bc4fc5ab2a4b7cd6b88f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LW44N8OS\secure32[1].htm

Filesize
251B

MD5
951d7c97c031ad1518573d89a1b4b013

SHA1
efe274bb7a72ef2c9f9831ea70f07decb5d6d01d

SHA256
2cbee582ad6de83d8f62ac105d203005243cbfb4b099b3ca41f86ac386cd265e

SHA512
796ae9135a984dbbc331882a812bba545f369af53f140b325b80896156b515a672c6d370fad5267c1299a46bdc6c0372d5fa055daa7fe5445555ec8412972639

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LW44N8OS\tool1[1].htm

Filesize
248B

MD5
33b0998076cd53ecff44d6d2bf76a750

SHA1
43cad86548043be25d19abfeba7c5b1082c0a6fa

SHA256
9200493964a45023c8ab4e8aaf7aa6edd7220afdf7c1322310d519edc29fbe35

SHA512
a1f011e53220edf83b34dafa6f1b19d4df746af9435b9e76f8015eedd50100d8d9918571a1caa187955c8e3bd26b4d5563a074922b475a20255a9682146e05b1

Download Submit
C:\Windows\SysWOW64\paytime.exe

Filesize
31KB

MD5
69a7fe7cdc06aa32be840ce14b74008f

SHA1
ac0e48a9ae52ad73c5627a6833fcce5b89146cec

SHA256
1f2f5972595cc7bb4bb07c2c4a87580d0b6e120272fa42d5ef558fcad19f9cf9

SHA512
ad580178569d886af842ecdeaa8bee4f0fe58ef6bcad871b20549767b2ba192aa10c452b93400bfe0adb3b6c0802d64705b80b8f2fd866a87589ff9a5f282fa9

Download Submit
C:\Windows\hosts

Filesize
31KB

MD5
353a0fd8658f3ec50c1d51e2bcbc3565

SHA1
203b282c6bbafeb0ede4cf8754791188883a5958

SHA256
5c28138f31a2c7f795d177da167aac6b305a2e74cb1362ed9a95bb3155701489

SHA512
52d049b99140caf1884693917d2a2f6196ceae27a6f961efbc704704d376bf746de79cfea4e875ed5753d980141666060103135394a75d6e7d42d27203060c98

Download Submit
C:\Windows\kl.exe

Filesize
31KB

MD5
460e0115c4428edc4a43106e1a3c84db

SHA1
7f12d722eb9017226c36e0643d7dd6bb6714b3c9

SHA256
9d84202a1542fb1228948e81e86d0ab68e43e459ac2775099aae5700a6a65ca2

SHA512
8403602ccaefb0fa76a229aa12880de3ecaa4383b054070c3ea758bf950acc08a278b8f198dc52ad60371af7662c851258f7d649690f94916239b9b710ad9d61

Download Submit
C:\Windows\ms1.exe

Filesize
31KB

MD5
a4e5fb8d1ccec88d32166e6d7ae3a5e1

SHA1
0902c8ffc546d2a17a5a98e7f6935c422a25c6ae

SHA256
f8d3b930bd31df66d2ee93f1151f224150f64a59aca7a87e78c54e249389650d

SHA512
14cc20268d963c02ec4e135a6e51756d0339179e228cd4bf93e39ab317a8861471fe19dc9c7be78582f2f87dfe5f12a8e7662624e9355d3f2253ce2c306eff0b

Download Submit
C:\Windows\secure32.html

Filesize
31KB

MD5
7d8ae1d1703948b1ed2c302fc46af977

SHA1
7147ea0c13184608b87c5335773dfcecb8fc35af

SHA256
82e5144dd8e6678c8057c29bb7bc8d201e2d91a512593974172fd35f4fc2e5fb

SHA512
64750e9abd79944f799c21f78bcc6a3ff0a7a5b4e6be6da466d4b438aef170c4f01fde5ee7a5cb7fa67eb86eb014038fd77d2ad0188e6c15a23ad9be383c9302

Download Submit
C:\Windows\tool1.exe

Filesize
31KB

MD5
5bc9bc0ef1508866e629adc34e3ea2f3

SHA1
e386ac4919f836d6f13827a304d629375d33d964

SHA256
6cb01d088f11e57e6158a98846c1e02f37c7ac57a7559577f2d1769772b3ff3a

SHA512
8a1c55e8f2534926dfbd55ebf1c698a5813ca55a1a87a4f0bd3c9dcfdbd773666c5d734fba2f087d3b776c866f7760e4f011374ffcac53a4b98a89d8dd64925e

Download Submit
C:\Windows\tool2.exe

Filesize
31KB

MD5
8ed32bf08e7827ac0a69ce58d63bffb4

SHA1
f85ec7c4605cc8a834348d6623e0e8cbaab07f8e

SHA256
ec261636b71155ca5bc58ebe69f9a4c7abada9ea224dedcc754962a53594bf31

SHA512
f087068efe68dd19bde0e9f13754625e2b71b520f662c0b62cbb9c70ce2566c865e2fb0e7ade59af791fe9ef7b921571a6fc19c0018472f3ff9a8757a14c27b8

Download Submit
C:\Windows\tool3.exe

Filesize
31KB

MD5
8d27b2e93fc0ea013ec81a6407fcc700

SHA1
5cdbb49a1a81d2412994fd147509e7ee16d2cd03

SHA256
61b0c6201e165995561f0accbf418b18213588d80e75972e5257deab38874b82

SHA512
dc4e13e580580ccf9a56808aae78b0846d69d02bf8e32d33154df1916f7c755f2343eee22d02a3bda3738b7f988d7659e9dae74fb89d6b939ff5d38c142e13c9

Download Submit
C:\Windows\tool4.exe

Filesize
31KB

MD5
28f9fa883722698e4a8947ded090a39e

SHA1
1f1d6dea58d88dda9b99d063821bc5d93aa77c49

SHA256
36c7e1fd208c42d2338eacd27d47483de8686c415eae1a07cecbd8980ed0dba6

SHA512
d63b175819ef19a28803e3e4c4a6968bf43fa9d56a6f76417c7139be670de49f3024d57fdd7665d082bae9213ee70e3d497fcf250410a84cdc6ec2e7581188d6

Download Submit
C:\Windows\tool5.exe

Filesize
31KB

MD5
3444696029d9d8dda40b7306c568d50e

SHA1
60ff9a17e387465f7aae765df8f280d45090c4ff

SHA256
0ff09a54ce4d6c7d3cf7fa6c10b084d03ab43ea556a54913677b6df0e7c904c1

SHA512
a2b08ee90cfc277d14cb54fd4d1a538b0c2d18a7c5849d345e602ea3fc98c017e5a6db834ce6abf6cf7e84f5584ac8dd923c437fcb94f4098b267995b5f0918a

Download Submit
C:\Windows\toolbar.exe

Filesize
31KB

MD5
c1bb5999c5c5c767f32b18a859305a73

SHA1
87a8845050c077bcbe10b81f5a3b86888ea3b314

SHA256
09e89f21adc7caa0c69163dd4578847d8beb3511f15473105818b7eef390c0dd

SHA512
da88533c437ed9c31b20420048e383f0611dc73dafda3f9c9bcaa960dacf7270aa50b34ce770fd6469e890d24e27c86bf1bde8c8de1b6cd64911bb2a8e2cc72a

Download Submit
C:\Windows\us.exe

Filesize
31KB

MD5
1c084fc22fdd2bc3771d61e72e6c6472

SHA1
064b913198e5632ca6bfe2f93c4b1316b2798796

SHA256
80470659b10941328ab76fbecd3565d9b3221528b2c54a65877ccc18eb985843

SHA512
beb5f217ec741b5aed444e0d16533b8ef98b64c91ad6810d690c95e1d1c4f547441789ce040dacb35f137024d8c4521593a77bde6f813eb50d61a947b0761f5d

Download Submit
memory/2732-143-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2732-125-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2732-103-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2732-24-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2732-168-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2732-49-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2732-84-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2732-186-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2732-65-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2732-191-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download