b064ee1b5361343f4757f7873e624f21011773b40d14e3adc15f35992553a4ca

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20/08/2024, 12:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

af500d9dacc55abed8a44a2aa82892b6_JaffaCakes118.exe
Size

538KB
MD5

af500d9dacc55abed8a44a2aa82892b6
SHA1

08886ed5937630bbb24201f036a4ce867e3d0b24
SHA256

b064ee1b5361343f4757f7873e624f21011773b40d14e3adc15f35992553a4ca
SHA512

77836f4138e526089efca9026d642632f6fee94842b0ac560a3b29b05eaacb1dfa68f09dfaeef516575aae82bfd67cb51c8db5e547875b2ebb07731ab93aee00
SSDEEP

12288:ecjM+Pj9lOGYEhjpBQgwfbPqlw9ltYuXSnLWHl2YhG3evA63+trR:FM+LvV9hYW0dl2YhGuvAk+trR

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4252-0-0x0000000000400000-0x000000000051C000-memory.dmp	upx
behavioral2/memory/4252-1-0x0000000000400000-0x000000000051C000-memory.dmp	upx
behavioral2/memory/4252-3-0x0000000000400000-0x000000000051C000-memory.dmp	upx
behavioral2/memory/4252-130-0x0000000000400000-0x000000000051C000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af500d9dacc55abed8a44a2aa82892b6_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4252	af500d9dacc55abed8a44a2aa82892b6_JaffaCakes118.exe
4252	af500d9dacc55abed8a44a2aa82892b6_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\af500d9dacc55abed8a44a2aa82892b6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\af500d9dacc55abed8a44a2aa82892b6_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ish240623359\bootstrap_31702.html

Filesize
156B

MD5
1ea9e5b417811379e874ad4870d5c51a

SHA1
a4bd01f828454f3619a815dbe5423b181ec4051c

SHA256
f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a

SHA512
965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240623359\css\main.css

Filesize
5KB

MD5
c88186716c6b877d6dd968484868fcdc

SHA1
7fedf0554e8fe9fecd1aa3d96d707962d94dca44

SHA256
c01a363bb8d985b78d620539b33e5f20271b9aba5ec88ca2a142d2c9c84f9fa7

SHA512
74eb24eb161c89a1336a2d0b6222482f722b43cc5b61d276dc2912ee76477c3ba46ea4ffad610b79d8d0a27ebc8d00cda0e296bc9470c000781e5fec25f363b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240623359\css\sdk-ui\progress-bar.css

Filesize
506B

MD5
5335f1c12201b5f7cf5f8b4f5692e3d1

SHA1
13807a10369f7ff9ab3f9aba18135bccb98bec2d

SHA256
974cd89e64bdaa85bf36ed2a50af266d245d781a8139f5b45d7c55a0b0841dda

SHA512
0d4e54d2ffe96ccf548097f7812e3608537b4dae9687816983fddfb73223c196159cc6a39fcdc000784c79b2ced878efbc7a5b5f6e057973bf25b128124510df

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240623359\images\Lightning.png

Filesize
1KB

MD5
e930d95e5e4c2eff0870697d1376b660

SHA1
b7f53be0e26e90296ba53eb27d65ddf86d829d53

SHA256
6c3485cea35d4c9a999bb5b6c75b46f9376f1203e37ee1cf0d488293e0c967e4

SHA512
451cad74246f777d20d0d34276faaa91b56aec93564339e8eeea00e2b2fe4ae366f28aa5af5bdae9a8556d8c8a90512d7f207243699517aca03efc5aafc86264

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240623359\images\Lock.png

Filesize
1KB

MD5
f743f45b919b7552854bb394f032224b

SHA1
cd9f7f827269c40f7ae5634c9a93ff34d18ef259

SHA256
6d22757ab8ed8bb5213185a58464b50abad98e45404888ff4b8d7111f0dcfb5c

SHA512
231bdc9d2c9814fd5db9204b17b39c66263e1b44b835fbb5a3fb6bfb705a8860b27aa4e54eb07cb784cb2bb35eb1d39bb7f65c5d6f4aad21144857143945c6a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240623359\images\Next_butt.png

Filesize
1KB

MD5
573e4c3eebb98067cf9b779929eeb0f8

SHA1
ff0ef6f78362f4238243a0d1347b9175cb0ec153

SHA256
592e96106fe336ac6d8f789aed867165ce0c0760713167a5c7bb9997bb661e8f

SHA512
52dd3fde599312f0aae71ff7fc64b776d91a67ce097e7a865815af0a0fc4e86d314b0565de1e495e9a32e9f44cb599e107bbad49c3b95fc8b448e822234e69e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240623359\images\back_butt.png

Filesize
1KB

MD5
55dab03359fcc0a763c04e5a8a2e5320

SHA1
355af27721b76ddb1155754456c1218f395133b3

SHA256
b088d3acb05f8abd81f50167619e3600f16acf16f15c56d5d269d073478d33d3

SHA512
29a0c36452431cb5b7809f02f53851a6cc63e9e21a88645d1f9ec5be606cc79fbfe20b12728e369083a59b8df7c5c98a5d7f0b08bd07d807d9a846bbb3df59b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240623359\images\bg.png

Filesize
4KB

MD5
1cecd54e3826d1670e4f9ded9790b033

SHA1
2cab81e2e8174ae85d31c1394c3779704e63265c

SHA256
6f96c82331cb9029a698aa09eef259647b7a45593d37662819540f62fc58daa9

SHA512
1e711c8286f762944613671ed90f471193a655308c1555ca0290d27f80d63fe2fd70d8cc7c9a257495cd2e8a6e1df7e17c4b84cfbb96e3737c18d047c20f640e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240623359\images\close.png

Filesize
1KB

MD5
49d7c7d120857d03229b6dee84340610

SHA1
2c8f3992ae822e99141c6972918c71d13bc894ed

SHA256
e777ab1397949c6f2dfb0f65f214ffbfafb5600c9bd363f585b17772af12065a

SHA512
b8f2a2987722a490a2c79923299129dc250db935f80bb59b841cc18b4efa8c28d91c85c53eccaadc12b50841d359cf647a68341b6e2205c05943e6406c1a95d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240623359\images\loader.gif

Filesize
10KB

MD5
57ca1a2085d82f0574e3ef740b9a5ead

SHA1
2974f4bf37231205a256f2648189a461e74869c0

SHA256
476a7b1085cc64de1c0eb74a6776fa8385d57eb18774f199df83fc4d7bbcc24e

SHA512
2d50b9095d06ffd15eeeccf0eb438026ca8d09ba57141fed87a60edd2384e2139320fb5539144a2f16de885c49b0919a93690974f32b73654debca01d9d7d55c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240623359\images\pause.png

Filesize
550B

MD5
c9e0cfd6f98defd493246b31ac1cae46

SHA1
3e36ac0f53c61d3828465ee1770f37414a8c7bef

SHA256
21cb7ce3071912e06ee9b06b94b580996b094ea5a34393ad409891778c3c51c9

SHA512
0eb00ffa74749a897394ea731bb9aba3e72fe3865e8020e99dd199c7a4047192d31874c82c57dcda12c6b4f7a354b5a2df58adece283040ae38bc808e1cb3aa4

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240623359\images\play_butt.png

Filesize
722B

MD5
efaea38121b9473bac8fc94d3c944698

SHA1
5bac1621a834b553e7795cdabea8450548709724

SHA256
6d464e18f2dded878d20d11a47958bab3ef952f94e160ff3753adfa1af14d68b

SHA512
de13d83e3673f8a21b553281096e0b2cea95c7eced769d704b943a838bf37826370116035c6f0437590d08dbc01922bdf5afd2d43af8d0ec2c3248a96cedce3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240623359\images\progress-bg.png

Filesize
853B

MD5
6c4399fef0d921a5997019ea484317e7

SHA1
a267a7a444b7fad6573f171424350936383eaf70

SHA256
f0e89d6f68ba2fc9a00ad0e973db13b6b8b46aedd811fb69e73e4d891634b824

SHA512
a4dc1b30a97e05828e4dae20dde024cc856391866bc67094c59a7e6dddf7069e23dde89849c68954954c1c3c698dc5c52c0d305411a4dba52ff64b5ab4339d20

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240623359\images\progress.png

Filesize
148B

MD5
817e2e5cf2119d681efbae7267de740d

SHA1
1f30ecc0758cafd215cf089ba4da13cb6d12cbbc

SHA256
cdd9512ac8b5f5da8e6350d5ceaae925ac401b12cdec7ca7370a55742f521e6e

SHA512
a8d6e31ce0640bcfa00d0df58d341c7dbbb31935a9f8c579d5d48e4f6622817606ae35532752d6d41f8ba0b003351f38d21f2377819ac2b215a13b66fcdba9d4

Download Submit
memory/4252-0-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/4252-2-0x0000000000401000-0x00000000004CE000-memory.dmp

Filesize
820KB

Download
memory/4252-1-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/4252-3-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/4252-130-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/4252-131-0x0000000000401000-0x00000000004CE000-memory.dmp

Filesize
820KB

Download