57399738b905cce2e791e8fb943b3e0e560b29a7daf425c79f2553a139641459

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
22/08/2024, 20:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b91987805c3fef2fd4d8fbfc0afd9a53_JaffaCakes118.exe
Size

443KB
MD5

b91987805c3fef2fd4d8fbfc0afd9a53
SHA1

2dd3a133c3638c4f8da895d00ec264c2dcb610ec
SHA256

57399738b905cce2e791e8fb943b3e0e560b29a7daf425c79f2553a139641459
SHA512

9dcba5ae1ac387371e6806670930e1a219015bb4bd610a7265969f74d3bad153e99e3409fdb6c9a68a293da0f6d76882703c46140420d2ffdbbba6d56ff80706
SSDEEP

6144:DA+SBz0oAt5c/572jwhhwVgS0YYljRKSVAQSeTrJQOcsPWWqXMsZ1RdHnW++PgqS:wBzKc/5721VghlVP1TlQEW5XvzjJqed

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2368-30-0x0000000000400000-0x000000000050E000-memory.dmp	upx
behavioral1/memory/2368-122-0x0000000000400000-0x000000000050E000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b91987805c3fef2fd4d8fbfc0afd9a53_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main	b91987805c3fef2fd4d8fbfc0afd9a53_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2368	b91987805c3fef2fd4d8fbfc0afd9a53_JaffaCakes118.exe
2368	b91987805c3fef2fd4d8fbfc0afd9a53_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\b91987805c3fef2fd4d8fbfc0afd9a53_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b91987805c3fef2fd4d8fbfc0afd9a53_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ish259465761\bootstrap_53236.html

Filesize
156B

MD5
1ea9e5b417811379e874ad4870d5c51a

SHA1
a4bd01f828454f3619a815dbe5423b181ec4051c

SHA256
f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a

SHA512
965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259465761\css\main.css

Filesize
2KB

MD5
1633a849b3259c9f3bf42a61c7dc4aad

SHA1
563284abaa9a4766b0386d84953a8025a710e706

SHA256
8801d8472baeba473bdfbddc07a681399641744e0096f5738178016de9f2b699

SHA512
52eef17ae9b4c9f6dc7a42eb4e18762ba275b903d97291ddad367b5d3040ed831d760f21162fae7b262e9754af2c2a112facf6563f0f3074a2e64d3c65ee6f5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259465761\css\progress-bar.css

Filesize
354B

MD5
02e0568b3ec869192fd02ac1c8dceb01

SHA1
34fbcfeff36bf67480d002422d045da318b1b066

SHA256
ad868e38e0a3652e9ade55414240ee10a5b611be43e813b5e5c3a8a7267184ee

SHA512
12d8853c3a0ed8619a1c142c4f47fc80e84dce85ceed757c024d7a05999aaa6b6e199f595a956e9c06b68d4a66f55d68b216c0110ca41906062d040f566a4776

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259465761\images\green_btn.png

Filesize
1KB

MD5
af79093f546c33df9c7d611b1679b204

SHA1
b20cd1e4305ecf062c600744a69354378b2d5b0c

SHA256
d7d33460bf7ba5d80af40e9d7436fa9fd1f270fdbce7246dfb1af5e74c52a8c0

SHA512
c93c6551d103a0e466247318df6dc01e56096f61a07c865c928a6c622923b279ec358481daf54a98c4a2aeb1c9675831cc68b3b284b9503c6a950ddf41837191

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259465761\images\grey_btn.png

Filesize
1KB

MD5
a3a8fc73c463d664e974deb785879a54

SHA1
9921ac8f3ad125419875c53dff60b72bb461d8a6

SHA256
e9c48318d514b58c2ac8cf9005806579e87313e47d521823c15dcd389247ac80

SHA512
28ec81c6b47c11dda34667e2b3c68d509c28977a5adff1d97423638be2d3b1192d09ee193ce7f71f41986312b4f5f0fc31ce1fe5e6c5fd1d9237d756e99308fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259465761\images\loader.gif

Filesize
8KB

MD5
a27ffbba261e7d202bc595db4ef02a24

SHA1
83be172e78b7c4cf303b7bd3bccfbf2fc0330029

SHA256
6a5626abfd30faa68956f7b0af4bf0c8977adbc9b5f69217b19421cd9fc1f68e

SHA512
1bd82e41755608dfede0077ba1c053afaaec2152030da0d5aa4f4879d4d15f89d6fd3f4522aee522b2dab18a65d9b80ae7e9c870adeeef7b279b293172297b09

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259465761\images\loading.gif

Filesize
419B

MD5
bf09337ebdd68763060cbd7b5e934fda

SHA1
14cd064c97c60da895c1b08569dc7961fc5320b5

SHA256
b27be16124eac99a97922357fdac1aef7d1efb339a223946dcf50a1b0fd9913e

SHA512
dd11a82b4a18d3111c85f7829020dd5e37f3935f8c2142992557187a98ca1aec58ad572382b386fee16604a32aa57a607361a7775bcf07e08a03324c2d9c9c00

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259465761\images\main.png

Filesize
4KB

MD5
8279be72a28bcf097489e57b58df98e9

SHA1
8a1c9c47449c8291ce4ec6c27e19598c75ed3ed7

SHA256
505219690ce590ec4fafe19ed4a4a1eb453be5d6d236ab5210b0a260b768420e

SHA512
0cea0b6f5b2ff6ade1260a68b97532842cd5f6867e04083f70c25e38aa5a26309996d54a4a057d9805dec3aef07484efcd1ef869c6631d48f4c6859d89143e0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259465761\images\offer-loader.gif

Filesize
8KB

MD5
d741c1ae58697a7b931f86c44f0add9b

SHA1
41c7a22a3bef3f75b29fcbd86f5c4793bdd43e70

SHA256
2dab75dfae14d9bdec1b1457b8fb5949189f0784bcd5f56ced0db87b803886ab

SHA512
d581235ba3d018df8d70ee100a2ec3228dffb95f936140c4a552530a0bb5955173fc9a8ea275013415b7cc84154bc2b367c10a3e6718dc26f7ed5cc7f59b5062

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259465761\images\pause_btn.png

Filesize
982B

MD5
14b92cbe22ef5a31a5533d0ab114537e

SHA1
e428f1b0236f7a85faf045237a7cd29a305d936c

SHA256
a2226e2f7dd1ea319e49b1ff1d277a44b35a314ea6d32be1832e71ddebcc18ba

SHA512
b585c5852960d89726d97ddb8e757abe0d36bfb2b5c91a30885e299728d836a048c7a3c5b5e85fbd514e2217d547330d816de497f38204578d333654c8d19f6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259465761\images\progress.png

Filesize
153B

MD5
80223145f64ca1caf3d884dfac4301e8

SHA1
155399ce252ef81f06351bb2adf44c21f1f37037

SHA256
c388b032baee6032d1a76093c51c5eda840d0116da48336401b78a61297e64a7

SHA512
285bf4b5c42971e150eae995479994bf7cccac8b2c7b8f5458ba2cb6b4e2cb4816b5be24c511d41bccca0944cebb931fd31d8bcccba33a503259ef127e90359a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259465761\images\progress_bar.png

Filesize
331B

MD5
db095e8b1e60adee3f06435486e35d37

SHA1
da83976c1ad827de006a0febefa12a164e4bc03c

SHA256
e18c192348d1ee923d1d3d25740d8972abddb2316708456320df78b7001c1df5

SHA512
985b010c5dfd4c9a7de2cbb95803a36117b647c12e69a9582b46b0394343994f65f38d3d82ffb5e4c4f723f7fcf9b05e9936e33f9a053be36e86605beca51466

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259465761\images\resume_btn.png

Filesize
985B

MD5
05e22e0225f53b69a44b443540c20324

SHA1
af5eb7ebf4f053b17d19a678ec84c329e632b2df

SHA256
139ff055cec5379c1b58b9b1eb1f205890c5464f58f86eee80f9bc938857705a

SHA512
1c754458da075e504f3463cb72d683b8affa553a39083a2565ebe2e664ebf3400546bc687e0058097d256f86f0cc538439178ad8ee0c91abaa745c1bf977dbc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259465761\images\secure_dwnl.png

Filesize
2KB

MD5
cc19d50e4929c2f34469ac0048d61ef7

SHA1
2018d01bbc54da234108a48eecb2a44aec65e1b4

SHA256
9a30ef045db96855ecd50ab0bbc33d7bc0e6ac496df0416163fa9112ca23567b

SHA512
75c2867c5850c556b19cfd06fea8e3f8ec126a95315757ef0349b0f930f83c1b80aef71135f94a7e881c300cf224363829e9dba40aaad617ab94455ad92b3e97

Download Submit
memory/2368-49-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2368-30-0x0000000000400000-0x000000000050E000-memory.dmp

Filesize
1.1MB

Download
memory/2368-122-0x0000000000400000-0x000000000050E000-memory.dmp

Filesize
1.1MB

Download
memory/2368-124-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download