21d5747bfb9baebcb597fe1314868c42a8c4d9cbc90aa7b23029fac14047a795

Analysis

max time kernel
140s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21/09/2024, 03:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eef9cc47679296944eb6f30516a68122_JaffaCakes118.exe
Size

5.0MB
MD5

eef9cc47679296944eb6f30516a68122
SHA1

2ac5b50f99def7420a5deebd70baad041ec83d0b
SHA256

21d5747bfb9baebcb597fe1314868c42a8c4d9cbc90aa7b23029fac14047a795
SHA512

60da1ae29a2b6ea2ad261cf52fc56b5a4d73ab2b6c17ff724d5adaa9ee4b14821f795b01b157064051959cb81320859470125392796c3c5bde0325f976ee09ee
SSDEEP

98304:kz3kirKWkMhxiAjngofHlh4TSydzNfNxvUW4h6OigrxvwYhkx61d23yN:Q0qDkM1/fFhABdtvUdFjhYm

Score

7^/10

discovery upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0008000000015ce7-7.dat	acprotect

Loads dropped DLL 1 IoCs

pid	Process
2172	eef9cc47679296944eb6f30516a68122_JaffaCakes118.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0008000000015ce7-7.dat	upx
behavioral1/memory/2172-45-0x0000000004270000-0x00000000042CB000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	eef9cc47679296944eb6f30516a68122_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	eef9cc47679296944eb6f30516a68122_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2172	eef9cc47679296944eb6f30516a68122_JaffaCakes118.exe
2172	eef9cc47679296944eb6f30516a68122_JaffaCakes118.exe
2172	eef9cc47679296944eb6f30516a68122_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\eef9cc47679296944eb6f30516a68122_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\eef9cc47679296944eb6f30516a68122_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\~zm_{FA0057E4-77A2-4754-ACFD-8BAD54B53522}\images\bg-office-2.jpg

Filesize
174KB

MD5
46905d7b2cc6a0e809f2dc0f055d962a

SHA1
e49262c08844ba1bd1d3e6c8784ca8ec6f383482

SHA256
edcbf6647dd7d9efc2853f6700086b335929d4112dda9e37ecf7193b025e72ad

SHA512
6c0e05760d060a79203d0b440d39f0ca492374854ae178cde45514e21742f0109a9d3139d4df63ab60734d8cdbbb1d3de7dfa75b6ee21272f42008cdafff4482

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{FA0057E4-77A2-4754-ACFD-8BAD54B53522}\images\btn-bg.png

Filesize
187B

MD5
df6389f4676a99c481cbbaed9d0179fe

SHA1
f386f5fd4bbab6fe738230b4a02066fe649f7aa1

SHA256
af4dc7304bfe9da3cff1646a90ed298a3a6df62047775970ff0abed7c6e9779e

SHA512
5a2e897daaceaff61e7a7fd4b2771e4a75e3973188bc546f0cdea8d15b19cb732bad99a470163a98336f53f33a2ec69153c028fd4dd62d16e26d2042a8e737ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{FA0057E4-77A2-4754-ACFD-8BAD54B53522}\images\pg_right.gif

Filesize
252B

MD5
c825fbb08a259d06517c7f564a4e2842

SHA1
a9f4c21f34d7d3c60a8d055378bebe415c7c881d

SHA256
48f0b9a3b62815359e0fea9d41114cb8b24d69e456c6617cd0088643e7de6c08

SHA512
d748d495a3514cf4882c9c6dfee746e60d5ffdf8ba363929820596a89aa236d5c3b8b0ade96bcbf2c57946d39b3cb38112722f1418bfacb56563561db3f82db7

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{FA0057E4-77A2-4754-ACFD-8BAD54B53522}\js\bramus\jsProgressBarHandler.js

Filesize
16KB

MD5
d645bc10d1d3209e03495ba67d167757

SHA1
1ea1c520251538032952825e11c55519a039189e

SHA256
f411aa3b252e12cb6192b052819337096a855cb182e89110f3bad35c68fc137f

SHA512
d640797b117f9ec0c2570565da0294f93e7fc3fc5dbff8492221266889d8c27c162bfa07dd1eb8d18e85fcc3e9f6d2801cc18cc9faa3e7cf123566b3f229f42e

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{FA0057E4-77A2-4754-ACFD-8BAD54B53522}\js\prototype\prototype.js

Filesize
123KB

MD5
d3a5b20d5368c1bcabe655b57b52d097

SHA1
015cf89260f3e8f0b86f5a17558125c933692989

SHA256
e9cca17c4320baac34e9ea5a41357ae0baffdd1beed813c2ef1f82d1179e9868

SHA512
1fd0889623b195a6faf905a2a662fc08173e76ac9490e2aaf9a96390f2184d71c1d5f29c61553bab34a3ea4626226fbd9eba4a2085afb5994290c31fb87a68c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{FA0057E4-77A2-4754-ACFD-8BAD54B53522}\page.html

Filesize
1KB

MD5
dfd5cb0181c65689729c3b0640802ae2

SHA1
dbedfeb009eb4f2c335bcf204496fd58070e7561

SHA256
4beb1f838c3cac30b7c18070dc8e1f608f7f2d17156488907ed186b89aa7fdfc

SHA512
46c70eacb6f671a7bd5c5d90081e70d86e53d4988398d3f860c972a8dc987ba8e3be7252925b9da6391e5d14a72b7fe7b5c77390c2137e45a6792d69ce6ad165

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{FA0057E4-77A2-4754-ACFD-8BAD54B53522}\page2.html

Filesize
1KB

MD5
b6a0eaa3a25bf3627cbdd37a76020772

SHA1
32d11a259c23b735905b295ac43385309ef8d988

SHA256
af97c6a025125211eba15a4c2063251572f107fa4e6afedcac3ada64c3c342c2

SHA512
e52bab167d4ee04f72422a79b211b926f60c406ab55dc55e1d42690d4836db3d58b94742bf0467de6a0492abe9488ee7caa99111a246a17c2ba12225edfe378a

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{FA0057E4-77A2-4754-ACFD-8BAD54B53522}\style.css

Filesize
1KB

MD5
87ff09923b8c1a22d13a0d2f78f17d91

SHA1
90fbbad0cc5b42fbe821869200f10f78f048a80a

SHA256
bb438eefda95142a71a5aa15bb340f12ffd5e745231ed3729a92c9b1fb8da6cd

SHA512
bc9af852a199e6e15123555b9c57b54239ff9bb0d38e2ad8061cde6fd4900c0d66008063be412d8bdf46233215c3c78fcdde5a624d236d889fe4b76b5da5f299

Download Submit
\Users\Admin\AppData\Local\Temp\{6D189595-ADB5-40F4-9742-27C30BB44555}.dll

Filesize
120KB

MD5
c9f333d1ff898672a34805f94a265329

SHA1
2deaac66698fb2e9b3868d23034c3211c508b739

SHA256
07e546811635574c77edfda126b0e5f5292b4ea13f35158eddedcfc3cbf74b6b

SHA512
048c71e48e2def0bfc69ebfb69b834d650a9377082782333f50728fdfd6675df8093d0c87e606022e55d09f81549d4ca3b640bcdd33b9ddc9aace03ee1466add

Download Submit
memory/2172-45-0x0000000004270000-0x00000000042CB000-memory.dmp

Filesize
364KB

Download
memory/2172-3-0x0000000000400000-0x000000000073A000-memory.dmp

Filesize
3.2MB

Download
memory/2172-2-0x0000000000400000-0x000000000073A000-memory.dmp

Filesize
3.2MB

Download
memory/2172-0-0x0000000000714000-0x0000000000716000-memory.dmp

Filesize
8KB

Download
memory/2172-1-0x0000000000400000-0x000000000073A000-memory.dmp

Filesize
3.2MB

Download
memory/2172-204-0x0000000000400000-0x000000000073A000-memory.dmp

Filesize
3.2MB

Download
memory/2172-206-0x0000000004270000-0x00000000042CB000-memory.dmp

Filesize
364KB

Download