3a3ecae5feb2629b83d9bee2e1c5f6867aea35077384bf9a5df19ab9f77acbac

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 06:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

eabfea8b3b71649cbc626e93a08fabbb_JaffaCakes118.exe
Size

244KB
MD5

eabfea8b3b71649cbc626e93a08fabbb
SHA1

8c4f28bf7e8723d4f716aa34cb4d038763414df3
SHA256

3a3ecae5feb2629b83d9bee2e1c5f6867aea35077384bf9a5df19ab9f77acbac
SHA512

d29b8a8e168498f2008d0fb06d1453188a53d7007c09a8a882c8e0543145a811dfbd6e91138c4b51d25f944d54cc8f3453fe940aea8f3ab09ed3cf112a2cba82
SSDEEP

3072:B2JKS9k13LYBkBduT2XGYjRpTHFeYhq7OPhq7OPJOPJOPJOPJOPJOPJOPJOPJOPg:MJ3BkBdQeGYblu

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	eabfea8b3b71649cbc626e93a08fabbb_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	eabfea8b3b71649cbc626e93a08fabbb_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2756	eabfea8b3b71649cbc626e93a08fabbb_JaffaCakes118.exe
2756	eabfea8b3b71649cbc626e93a08fabbb_JaffaCakes118.exe
2756	eabfea8b3b71649cbc626e93a08fabbb_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\eabfea8b3b71649cbc626e93a08fabbb_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\eabfea8b3b71649cbc626e93a08fabbb_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
867B

MD5
c5dfb849ca051355ee2dba1ac33eb028

SHA1
d69b561148f01c77c54578c10926df5b856976ad

SHA256
cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b

SHA512
88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7a855c49e2e94456048cebe46db94ce5

SHA1
13c9fe8823f7ebbb287bdac13838d640fc72f0c2

SHA256
842c50c38a94628e46b9f0284842faba31fd6199a964bd933748c7ed72908e80

SHA512
1feef105635ac98d42336ee0b3f433873cfe178239d8d3c6ae0e64841daa9c60f0dd1f872dc91ce614c7db166ec5ac0eebf13b1e2161868bea9448c709cd7b94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f1282cb95b12d5a37bc0bcfbeb475065

SHA1
e41228e0d07f2f66dbaf7eba5942cc7c970c0409

SHA256
b567e52246402d1c400c2ca585ed6271cdefbe9fd1c10bdb58961c73bd7f1e8b

SHA512
ab49baca26ff8f814e5d9aad0e94d174bf65d61f8c8fde1689b82a3abf113d3be47c7f33d6f81040ff9fc75a74428c1531b245417a60c76ab63034e1446b568f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
093451043d0606b9a72aeaeb556fc920

SHA1
da4daad28d48f2165549c3faec17c897bd6a91db

SHA256
3148320f5b7334da0c9d35050eb9c0ba070e214d0d665007d02dd54c97f7fc20

SHA512
ef7419fa7c48770a12b3446c29111c977bed4f4cb6ae19c88701646d8404c3d5ff9697557e7967b5dba3db56d4a1b5255d312ad96ce58d51c46c780a48964206

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
52ca1b3420bffd46afea3ca6b93bbd3c

SHA1
24c56b7fcd28db8e379b744b210a03da32228c00

SHA256
d5b64a921417d2dbcebfc981d6e1c753d77e78764684f272a8fcb4337d2bd836

SHA512
0205567b4dc6d136ba68dd823c8e89873be57bec05af9d28b94dcf6984f8bc394095d61c9db00fe19791dc499317a750b59442b35d89498b46b06d6c9876f085

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
af782750b5a03f4f2965e0cfdd757ac3

SHA1
d0dd57aebc976679924a2a3423097933aaf52aec

SHA256
4130aedba57503c12525e87308bfa175c9ba97c8335068a47a0c98e989748905

SHA512
fe75819ffd9556e22b3e03c824f1abed458220a1ea2e158313097423dea11dbbfb22494396c3c9bb62602ae0f852c67941937518d24668ff475790f8e3b00436

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5da933199d9f763ccf8582e0f085d1ca

SHA1
0c5ff8a23a84f51ff5bc8fb7f9f82e088607a500

SHA256
50413b355253492f6955158ff58f3c786acb3e24a6c36bc0b056face321302b1

SHA512
4e1687af13d4404e1270d84488b9c23bef6c0b61946ba2033c7a5e83d40fc4764432cfb3c95f79535ce7edde3f237266084bd50da502e46dfee39685429efa94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fc4a3493ee3fc7b00c2560b55e540e2d

SHA1
b1109750fc685fedfd612060e940bcb433c0b5ae

SHA256
9c05149d95c27252acfed4c8825e56e1daa7b3cc1051d84c8350e57e1c7efeef

SHA512
becb758567e3f100fe9f4eccf1dd6e7c2e624cf6acb87930f85c5c60e63b0b4cbd976680683c8baa0d96545bfb3348365c915d61123e947fb5414fb2889b4b2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5eaaa010ff63f0b987276ff4b2c54a15

SHA1
02147c320d89f16956ef7dc833825991612747c1

SHA256
4b86d4dd7f6f7220d0f9f77de813b6c751062f1dceb659815a6252edadc2c9a4

SHA512
2f8e55dc53db94c339d8dc90d38e99f35f23dac54d5c539b85c991cd18bd52c3cab8207c92712894eafb6664e36da0fd52e7a6babc727f869387fcf49cb788a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
62febd79b1e8e2673e4dfe6bf0ee355e

SHA1
5ef0f8c8fc5ce7eb58ff926fe5cfe7c95e4498c6

SHA256
b51a155bdcfe2d2cdd61d2b0317f809c55a6890f4fbe55473085e4ccd5b226f5

SHA512
fde69c6aeeedb8c20d67bc3efccbd8cf738766c44071eed339422abfbc3a53301fddd8745b1ff651c7eed0cd0e7f79360038990cbcfcb146470d0e082904d7f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
59ec0e7dabc5f57b4a2c426388949d03

SHA1
f9af78dc8f4653084bfee1f857ceedf0ce5503c5

SHA256
f7875efb2db1c20e10625d42c1f170339f622834103757e9c06460162e73d422

SHA512
a682310465db0c3417a94e08776361a3156944dcfaeebaa039008e8df57be4167b4afc3d30195cacee8dc065a8b5e242fb9671223cf9bfcd1f3f224812f17f5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
242B

MD5
c0f25c2edb0dfae6b98171d53bb71f27

SHA1
3998f110bf390df70a512f5471a23b07bfc00ba0

SHA256
9dd6b5fc4e1ea7e6115ad7853823864ddd69fe99527a057f0154781609493b25

SHA512
6ea712e17e98c20e016325d935515ab65e8449e894bd8f1439479d82d778c07c29f09a2dda927a236dda7c2d8d6478439c2f0a22f1e706041af22d64de871e2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab62EA.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar63C9.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2756-33-0x0000000006780000-0x0000000006B92000-memory.dmp

Filesize
4.1MB

Download