2054b018bc60fcfbc69d629843275fd4c195bf97364acb99c2c90de3f041994d

Analysis

max time kernel
149s
max time network
149s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
18-09-2024 22:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea16e3a17d5084f3b7c77e06e352539e_JaffaCakes118.exe
Size

1.1MB
MD5

ea16e3a17d5084f3b7c77e06e352539e
SHA1

e546ed183633705c439e372eb1b486c027f27c96
SHA256

2054b018bc60fcfbc69d629843275fd4c195bf97364acb99c2c90de3f041994d
SHA512

8da1d5fcd5167fbf643163bf64c54a0bf230b50fcf308d4c502d746f7a6f0f3503b521b295b1849c9f8bae1e7efa7224631795be1b466a01f22be37a58c3d29a
SSDEEP

24576:kTDL7vaRF9NpvNXU0x0K31gWGWFSGrGGJ:ivrtf0WQSwG

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2404	ea16e3a17d5084f3b7c77e06e352539e_JaffaCakes118.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\PROGRA~2\is259432548.log	ea16e3a17d5084f3b7c77e06e352539e_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ea16e3a17d5084f3b7c77e06e352539e_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	ea16e3a17d5084f3b7c77e06e352539e_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2404	ea16e3a17d5084f3b7c77e06e352539e_JaffaCakes118.exe
2404	ea16e3a17d5084f3b7c77e06e352539e_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2404	ea16e3a17d5084f3b7c77e06e352539e_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2404	ea16e3a17d5084f3b7c77e06e352539e_JaffaCakes118.exe
2404	ea16e3a17d5084f3b7c77e06e352539e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\ea16e3a17d5084f3b7c77e06e352539e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ea16e3a17d5084f3b7c77e06e352539e_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ish259432111\bootstrap_59175.html

Filesize
156B

MD5
1ea9e5b417811379e874ad4870d5c51a

SHA1
a4bd01f828454f3619a815dbe5423b181ec4051c

SHA256
f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a

SHA512
965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259432111\css\main.css

Filesize
4KB

MD5
851e8212392dbc3ad0372784747c0990

SHA1
3681f2e5a3e6f582c03c70f0e1cc09951c37b76d

SHA256
f05ef7d37c4481499f1cf491f7686bf426c026188a8a991265994c8c6b2f7282

SHA512
1dba2e4fa6d2440d6583aeeff8301d5d488bd36e641c00cc214539de0a098f7170377494b593eced95df867b2dd8035f28d198d03cbb5e48630e24f6cf95f9d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259432111\css\sdk-ui\progress-bar.css

Filesize
506B

MD5
5335f1c12201b5f7cf5f8b4f5692e3d1

SHA1
13807a10369f7ff9ab3f9aba18135bccb98bec2d

SHA256
974cd89e64bdaa85bf36ed2a50af266d245d781a8139f5b45d7c55a0b0841dda

SHA512
0d4e54d2ffe96ccf548097f7812e3608537b4dae9687816983fddfb73223c196159cc6a39fcdc000784c79b2ced878efbc7a5b5f6e057973bf25b128124510df

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259432111\images\BG.png

Filesize
21KB

MD5
dc5d19f2077b62e8ddeeee75383cdc2f

SHA1
1d9a0320398733c2eeb33c23b2ca862d91598402

SHA256
41bef208ef967e414c724e6ae2bd61bb96b8266aa82241b61f99e33fcda387e8

SHA512
ce5d17737af9dee086f2b04c6bab3ec236067617334ad6766c7a72482c4d096be3fc3a6e82ef1ca56fc18496236e442fb1b2fd76991494de5525a72e42435a5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259432111\images\Close.png

Filesize
1KB

MD5
4ef6e91354d224e69fa27c23aa112292

SHA1
160bf79483349dd4b5ccb24858572fc04359b24c

SHA256
7092ec0f32de0a657a750c0716824336c87abea594b6cb93e8a79be117a73717

SHA512
3243f895b3dcf3bae51a8566f0f8679cc1ff45bba74c3255fc23b6e87136309f7867c0f1d5fcaec07db1d95aa077a51b535d348aed1964b383a3e8b37ceed378

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259432111\images\Close_Hover.png

Filesize
847B

MD5
22a6bb97e88adec5ec8a527a6537df39

SHA1
789cad57eda3841c00f95851d09f62ac156b9c7a

SHA256
e083fa1e85846a90e52e5134a146ed7c813a2e90923c4abd4ea3d3691ca4abbe

SHA512
54af79c28ca9385a84512c5881f99f2a8875543b103a90dac6f3be74a0f408d35e13adbaebbb8f1d155f57240458718dd20e01d614a97a84c55cbca02e266707

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259432111\images\Color_Button.png

Filesize
3KB

MD5
c3f6147ef2d96abdc3517c6bbfd3c07f

SHA1
b0bc49daae30ba111d3c38f900548ba3134c26b5

SHA256
626ba27c3fc8ebaf376e97976f7939782d7448baa75e4f043e1044886cc9452a

SHA512
c949d238c20dc9a6a408d6f3e8dec931325ebeaa622c7767aedfc17be2140cd00cf524454975f9ede6e36ceeb7833d249a6ad53fe793d203001e66b2e7a84152

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259432111\images\Color_Button_Hover.png

Filesize
2KB

MD5
1a40a99451778671cd3efcc0649b6e66

SHA1
7ed50daefa71faf942cd18cdc31d7b1b074e8834

SHA256
ec94426c9b8bc56b112d62cb2c37115426f66221d0cb6dcfa10edbd1617ac624

SHA512
960db7ddcb14620a85203b0b326d3ef9599ce07992274ec3a0500f4363010fa9b7232969d851700aac628a657e69320c8afdc35b1344d6d049826fe3e9e8076d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259432111\images\Grey_Button.png

Filesize
2KB

MD5
c43d97f4287e8116d4bbc057354addec

SHA1
0976b6581373b463d7b3f5a037dfba677f52867b

SHA256
aaaef948b36d66926ab7c2fb794d827f05cd0841dd04d37924353a2c35c0a9b4

SHA512
6d653e3f0ec4f43519209e71919608d964570e46b638351b181b5c1937913112abeaf5c3dc9c9e5ff28e436f528989b82081cc979a8ca022f7f5451f0daef1a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259432111\images\Grey_Button_Hover.png

Filesize
2KB

MD5
ee52d17a8550ebca927b58549e8bb34b

SHA1
fd2c80d3a8416f38f9f532a106ebccbbb9d46a3b

SHA256
6e97016fe43af723fa8346bb3332d5079af5c9c4d066c76e9d2847defa0d182e

SHA512
2d6020f3ecae91d0763347ac321fabb09913f1a36c0da3e04b413949e03f345b419d3e68ceef224177ef9a6da7455d1c03c8e5e52f2b545e2a2ac1047a937790

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259432111\images\Loader.gif

Filesize
10KB

MD5
57ca1a2085d82f0574e3ef740b9a5ead

SHA1
2974f4bf37231205a256f2648189a461e74869c0

SHA256
476a7b1085cc64de1c0eb74a6776fa8385d57eb18774f199df83fc4d7bbcc24e

SHA512
2d50b9095d06ffd15eeeccf0eb438026ca8d09ba57141fed87a60edd2384e2139320fb5539144a2f16de885c49b0919a93690974f32b73654debca01d9d7d55c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259432111\images\Progress.png

Filesize
191B

MD5
7cfcd85a7e07bc7e9bec5fa4d6115f3b

SHA1
84fe274bc2bbde5065ffc5d2d92e099b14dba9fb

SHA256
ebaf637228e1516bb4361cbbc9e5244c556826bf452b09231604dcc9fff669a5

SHA512
8f0137ca51fe1618d288ed2f39a463dca44c2f230c2c8683d9c824752f9df6c4154c43d58c2f1e544dbc6da996e34eee7d07dbaa004bc1502ad552a187e6f9c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259432111\images\ProgressBar.png

Filesize
958B

MD5
a545de45fdd30e59d9628ee6b5576426

SHA1
d408f2010a9afc4fdaf73bfb427f76f307dcc803

SHA256
e6d4e5647fa4356d0cfbb8a55226c824d65da92e137ea90ee45d4801336b67eb

SHA512
273b89d3d3630b13d88407d9b9fe7e5d979df241596e3e5216f8b2e085ac88bbbf7e87b7602b671a99556b34178dea66c40378173950b11dfddaf2683537de0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259432111\locale\EN.locale

Filesize
2KB

MD5
4e8e62a66c0d89240e6933119fe6aaf2

SHA1
dfb5920b9dbae1fc617c7368dab624a9d0b7b683

SHA256
1e00ec2b357214484fea1914bed0ba1d6764a11ce91d04198c7fa4e0fb3c8c4b

SHA512
dea5fd781e184f5c247abec38fd6052ba2f601e8f4c75cbdf8fdf362c010b32e879356f1d310b3a87809c91b5393b14844d82bfa3dccb4db252d4f375859436d

Download Submit
\Users\Admin\AppData\Local\Temp\ICReinstall_ea16e3a17d5084f3b7c77e06e352539e_JaffaCakes118.exe

Filesize
1.1MB

MD5
ea16e3a17d5084f3b7c77e06e352539e

SHA1
e546ed183633705c439e372eb1b486c027f27c96

SHA256
2054b018bc60fcfbc69d629843275fd4c195bf97364acb99c2c90de3f041994d

SHA512
8da1d5fcd5167fbf643163bf64c54a0bf230b50fcf308d4c502d746f7a6f0f3503b521b295b1849c9f8bae1e7efa7224631795be1b466a01f22be37a58c3d29a

Download Submit
memory/2404-137-0x0000000000400000-0x000000000052B000-memory.dmp

Filesize
1.2MB

Download
memory/2404-140-0x0000000000400000-0x000000000052B000-memory.dmp

Filesize
1.2MB

Download
memory/2404-132-0x0000000000400000-0x000000000052B000-memory.dmp

Filesize
1.2MB

Download
memory/2404-133-0x0000000000400000-0x000000000052B000-memory.dmp

Filesize
1.2MB

Download
memory/2404-134-0x0000000000400000-0x000000000052B000-memory.dmp

Filesize
1.2MB

Download
memory/2404-135-0x0000000000400000-0x000000000052B000-memory.dmp

Filesize
1.2MB

Download
memory/2404-136-0x0000000000400000-0x000000000052B000-memory.dmp

Filesize
1.2MB

Download
memory/2404-52-0x0000000000400000-0x000000000052B000-memory.dmp

Filesize
1.2MB

Download
memory/2404-139-0x0000000000400000-0x000000000052B000-memory.dmp

Filesize
1.2MB

Download
memory/2404-0-0x0000000000401000-0x00000000004DF000-memory.dmp

Filesize
888KB

Download
memory/2404-141-0x0000000000400000-0x000000000052B000-memory.dmp

Filesize
1.2MB

Download
memory/2404-142-0x0000000000400000-0x000000000052B000-memory.dmp

Filesize
1.2MB

Download
memory/2404-143-0x0000000000400000-0x000000000052B000-memory.dmp

Filesize
1.2MB

Download
memory/2404-144-0x0000000000400000-0x000000000052B000-memory.dmp

Filesize
1.2MB

Download
memory/2404-145-0x0000000000400000-0x000000000052B000-memory.dmp

Filesize
1.2MB

Download
memory/2404-146-0x0000000000400000-0x000000000052B000-memory.dmp

Filesize
1.2MB

Download
memory/2404-147-0x0000000000400000-0x000000000052B000-memory.dmp

Filesize
1.2MB

Download