b5650720642078125d2f193bae958113e2c0d9c38f4a7b369fb30acf3d886eba

Analysis

max time kernel
141s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
11/08/2024, 10:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

89f0d49ff1e4512b7dea95c303a6894d_JaffaCakes118.exe
Size

553KB
MD5

89f0d49ff1e4512b7dea95c303a6894d
SHA1

b8f475419b2d714a43d51bc017851ea3e59f4987
SHA256

b5650720642078125d2f193bae958113e2c0d9c38f4a7b369fb30acf3d886eba
SHA512

3d0bd37f1b5ab3fc84716dfbf428037bf4aed04b3edcdd82dbac047c34a184ddec1fa6bdf01e6e0a60a02f8617c0b5254e995d5d77eefb795e6e478c16408f64
SSDEEP

12288:4md3AwEFtvWlBs3xh++v1oQW/gLOf4qlTqetWeXZlr7+eLhV:hjEBX++KBILOf4qrlP

Score

7^/10

discovery upx

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2292	89f0d49ff1e4512b7dea95c303a6894d_JaffaCakes118.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2292-0-0x0000000000400000-0x000000000051C000-memory.dmp	upx
behavioral1/memory/2292-84-0x0000000000400000-0x000000000051C000-memory.dmp	upx
behavioral1/memory/2292-46-0x0000000000400000-0x000000000051C000-memory.dmp	upx
behavioral1/files/0x0006000000018c05-107.dat	upx
behavioral1/memory/2292-138-0x0000000000400000-0x000000000051C000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	89f0d49ff1e4512b7dea95c303a6894d_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	89f0d49ff1e4512b7dea95c303a6894d_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2292	89f0d49ff1e4512b7dea95c303a6894d_JaffaCakes118.exe
2292	89f0d49ff1e4512b7dea95c303a6894d_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\89f0d49ff1e4512b7dea95c303a6894d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\89f0d49ff1e4512b7dea95c303a6894d_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ish259412549\bootstrap_45387.html

Filesize
156B

MD5
1ea9e5b417811379e874ad4870d5c51a

SHA1
a4bd01f828454f3619a815dbe5423b181ec4051c

SHA256
f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a

SHA512
965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259412549\css\main.css

Filesize
4KB

MD5
826510cae3cf897bf426524c6bb97153

SHA1
69af3bf1f848568752e53ed44d7ff9479372ca17

SHA256
574f9275e7fee9d44977bca11d6194add6d598fb3ac8b33ac80168a99c193984

SHA512
7a3253a1935e3a3c3a98996508100c07f27d0ad6dc7c96b660d969d4c85a9967f59ca31a8006d31c0f4f403d8bff3d7da2d992e0cf172d452ebf9e702c4b595d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259412549\css\sdk-ui\progress-bar.css

Filesize
506B

MD5
5335f1c12201b5f7cf5f8b4f5692e3d1

SHA1
13807a10369f7ff9ab3f9aba18135bccb98bec2d

SHA256
974cd89e64bdaa85bf36ed2a50af266d245d781a8139f5b45d7c55a0b0841dda

SHA512
0d4e54d2ffe96ccf548097f7812e3608537b4dae9687816983fddfb73223c196159cc6a39fcdc000784c79b2ced878efbc7a5b5f6e057973bf25b128124510df

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259412549\images\BG.png

Filesize
26KB

MD5
9ae4e8f4f88b32cc958c274a025e0b46

SHA1
c7b9e9cff3a7260405a87a4ca4f45a72d2776bd0

SHA256
75493ad0114d4c977b0b4fe82f48d696bb15734cf2433d2521f0f7f261bbbda0

SHA512
a111b167cb87365fc03b696552308fc2e5b94ca569c367c6eeb97b3e0a24514b1cb2b42f885aefaa52235a3efef4086adb88217757aa93772bf2c76449ddd53e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259412549\images\Close.png

Filesize
1KB

MD5
968a7588017d6fe1f5b99ca84352d6b2

SHA1
afa05048f27ee178c5152f196206e08c9c64754c

SHA256
973fa912d38fd720fc0b1c240c96d3e8f5f99a211e2e936854206fe5427f6314

SHA512
b5ea00689d72a4593f92cd823a094d15471b716913cfaba87887e0c132c479ca0d597b96951fa4f811a43492aa4d72debe9b8fd2966dafad68847a556e3df6dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259412549\images\Color_Button.png

Filesize
1KB

MD5
359e3ea385ced3ea2fb7ff53169314d2

SHA1
d2945f781b945f2e8af9e20f12478a9096e85fc3

SHA256
b4176432d62aae5c4d25bf896c147203910faf3d8a14b512ecf6936ed72c9f55

SHA512
4eed41d3bbd341994ad2c7b71f42005c50202c9aedb6227c2e5c2abda880b81061164d85d9caf1bceedf185a0e41e5e5b6daebc028e70720b852bdee168104de

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259412549\images\Games_Pics.jpg

Filesize
12KB

MD5
3d508e41c8e160e70b4f2e1a9a66b1bc

SHA1
900e64092e3849cf54bf61957e78d4d78faf612f

SHA256
1ca7924ab528b00d5508b442f15288043448a63f2860307253019d901f4f9d82

SHA512
40b0a138df819c09d8fd2b551cd4e5ee02480a6630f77676e52e4b48587447fc323d4d95553e6309e43f4abac9fb0a7f9e91632be50cd878fc870e395f0c6547

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259412549\images\Gray_Button.png

Filesize
1KB

MD5
272b96321df5708e3088691d0edfae63

SHA1
0a4b85c33482fcea8a6e7c018d6b4fe3a9c4475c

SHA256
282c5388007c77f2df1e0635fb3603710c7ac852166fbacec0e4b2b42d77f64b

SHA512
a108e9ff8eef0b4c4fb230d1fa2f0b19abd38cc36825659760b8d7b884c7015f3f5be9845eea3d76178eeed706d54051cec4c26bbdd7b24906078019c0a42767

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259412549\images\Progress.png

Filesize
1KB

MD5
d5227623956455829b3eb50e1acd09fb

SHA1
855ea588cb98a5920907418813882b5f31dc619b

SHA256
fb4ff2bb2a96b5371245196038d05c1ac910d112692bd37a1c26ef53c8b240c8

SHA512
5e35a8d0af3cecfab554d754fe8a7f74fa55d767747428f1cd8a6203e4ef203c2af23861fc1f6a8a09208251ba89a4f74c85d561754c8aedafa8e5ffd53f05e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259412549\images\ProgressBar.png

Filesize
477B

MD5
830234f26fce01833c8f74f1829d7717

SHA1
38207d8cbf96b4e1a7d6182b7da4b25c31e538dc

SHA256
fa8bfed0f1e98d212938e307160d1c5b68f134f67ea0826b9f75f2284be9e2f2

SHA512
f4ab75c710c1eb287002a6640e0ec4c5061d2e921a49d1b5b37be5e83c217d77536a5754cca3b57d446c663b402377280c283d99d6b6667eaa7ff38b8a2e49e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259412549\images\loader.gif

Filesize
21KB

MD5
360281e85620142c3329848262da263d

SHA1
032ae1e422af859d78d172e918573fb0f55318de

SHA256
6c7d0d5402ebcf34cb6280473b4dac5966aae2a4bdadf80c796245663e2d9b55

SHA512
48ea37754839abce73898d29c6cb1ede20ac980dcd0b8c0f1274a690ea0bb44659129aba7581bd473ab7a735b7b9d08d6d041973bced4fe3fc0b70b3a73ec2a6

Download Submit
\Users\Admin\AppData\Local\Temp\ICReinstall_89f0d49ff1e4512b7dea95c303a6894d_JaffaCakes118.exe

Filesize
553KB

MD5
89f0d49ff1e4512b7dea95c303a6894d

SHA1
b8f475419b2d714a43d51bc017851ea3e59f4987

SHA256
b5650720642078125d2f193bae958113e2c0d9c38f4a7b369fb30acf3d886eba

SHA512
3d0bd37f1b5ab3fc84716dfbf428037bf4aed04b3edcdd82dbac047c34a184ddec1fa6bdf01e6e0a60a02f8617c0b5254e995d5d77eefb795e6e478c16408f64

Download Submit
memory/2292-110-0x0000000002040000-0x0000000002050000-memory.dmp

Filesize
64KB

Download
memory/2292-46-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2292-0-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2292-59-0x0000000000401000-0x00000000004C7000-memory.dmp

Filesize
792KB

Download
memory/2292-84-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2292-138-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2292-140-0x0000000002040000-0x0000000002050000-memory.dmp

Filesize
64KB

Download