5c1dd1be3ad545813c2412eaf0e6121b25ab4ba2682329964a8c90c559c67666

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21/09/2024, 20:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f08ec4ea3eee7874c522d16216d60ecd_JaffaCakes118.exe
Size

246KB
MD5

f08ec4ea3eee7874c522d16216d60ecd
SHA1

6d2766789fa1b943e5625f1c04b51590831485ec
SHA256

5c1dd1be3ad545813c2412eaf0e6121b25ab4ba2682329964a8c90c559c67666
SHA512

e9666d069dd32eed0d44ccf4f8b29c6b8d659eb79d7e0120024ae354fccab01db15e3a8ce78765478b3b90543a1ec22a46875475e79d1397724b93535c5411a3
SSDEEP

6144:ssW/w1dckFA1hbmGmLuW/1NJfzxIS1t4XnoNcCjQxhVHhROMX:8w167hbmlRJLx6oNcCQhbR

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 5 IoCs

pid	Process
2228	f08ec4ea3eee7874c522d16216d60ecd_JaffaCakes118.exe
2228	f08ec4ea3eee7874c522d16216d60ecd_JaffaCakes118.exe
2228	f08ec4ea3eee7874c522d16216d60ecd_JaffaCakes118.exe
2228	f08ec4ea3eee7874c522d16216d60ecd_JaffaCakes118.exe
2228	f08ec4ea3eee7874c522d16216d60ecd_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f08ec4ea3eee7874c522d16216d60ecd_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	f08ec4ea3eee7874c522d16216d60ecd_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	f08ec4ea3eee7874c522d16216d60ecd_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	f08ec4ea3eee7874c522d16216d60ecd_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2228	f08ec4ea3eee7874c522d16216d60ecd_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2228	f08ec4ea3eee7874c522d16216d60ecd_JaffaCakes118.exe
2228	f08ec4ea3eee7874c522d16216d60ecd_JaffaCakes118.exe
2228	f08ec4ea3eee7874c522d16216d60ecd_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\f08ec4ea3eee7874c522d16216d60ecd_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f08ec4ea3eee7874c522d16216d60ecd_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsyCD30.tmp\Install.html

Filesize
2KB

MD5
f882b249e1deb5a5cdda2cfab284c0b2

SHA1
223d087bad389500c6a901e2a5de0479800478f7

SHA256
255eaa5728f7d228feac448884ccead6a0211b2e609dc709ba3b29c0f196693b

SHA512
1b61fd16b0752d63b6165959e3e5a06c2af77c4cbefdd2b64a01615818546d59dfee899861b0016dbc256826943d23e8485b0adb4ae1f898be4fc7fd9beffe88

Download Submit
\Users\Admin\AppData\Local\Temp\nsyCD30.tmp\InetLoadEx.dll

Filesize
55KB

MD5
9fae574b1004bb0650eebba3d8040c59

SHA1
541583ec14af05915b8efefe520edd4f25914c9a

SHA256
73f4a1529acf2ea56d4db9ed8134bed0498cea38903105f7c2af8cc7d11b8db3

SHA512
ab25c429301f2d8a2da6b7c2a222c4028ad8e393c67dde83606762a8ba49c6c49460538624a799969dd0b3c810623d7e471c65a390e8661228a621580d7d54c7

Download Submit
\Users\Admin\AppData\Local\Temp\nsyCD30.tmp\LangDLL.dll

Filesize
5KB

MD5
a401e590877ef6c928d2a97c66157094

SHA1
75e24799cf67e789fadcc8b7fddefc72fdc4cd61

SHA256
2a7f33ef64d666a42827c4dc377806ad97bc233819197adf9696aed5be5efac0

SHA512
6093415cd090e69cdcb52b5d381d0a8b3e9e5479dac96be641e0071f1add26403b27a453febd8ccfd16393dc1caa03404a369c768a580781aba3068415ee993f

Download Submit
\Users\Admin\AppData\Local\Temp\nsyCD30.tmp\Progress.dll

Filesize
80KB

MD5
15e01578481287bbcf32d2217f1b5246

SHA1
67a7d05bb2f8b33980867d3352280fa0cd0b4e9f

SHA256
61d8f9eba68cc6e2a83ec6d1689b2aa45e06bc32e13cdfcec8b593a14bc8bf70

SHA512
9a83832faf20eaef5043f69d468bfe032d790274df25bae73bce4f7830ac83587d7e23dba531bff04951cbed67399386d9ea4337002a99d8cf61de3f8e33b674

Download Submit
\Users\Admin\AppData\Local\Temp\nsyCD30.tmp\System.dll

Filesize
11KB

MD5
00a0194c20ee912257df53bfe258ee4a

SHA1
d7b4e319bc5119024690dc8230b9cc919b1b86b2

SHA256
dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

SHA512
3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

Download Submit
\Users\Admin\AppData\Local\Temp\nsyCD30.tmp\nswebgui.dll

Filesize
168KB

MD5
1b9f617c4124bbbad818545c7d3b73d0

SHA1
b634ca27b1cb099eeeb473782456df4cc58c9b1d

SHA256
70695d0b5b0584a81231c695fa06ab1b5b44fb707a18c514b08b78a8a49ae81c

SHA512
b10794069830581fdc479ff01a8a0706396a89ba08b6ed22353c6be4b266737ca4c73b3c684947adb102e10cc1ffd4c67b3a5af5e51e866b86ac1f4c8eca2659

Download Submit
memory/2228-15-0x0000000000440000-0x000000000046F000-memory.dmp

Filesize
188KB

Download
memory/2228-27-0x00000000003E0000-0x00000000003F9000-memory.dmp

Filesize
100KB

Download
memory/2228-31-0x0000000001D70000-0x0000000001D71000-memory.dmp

Filesize
4KB

Download
memory/2228-51-0x0000000007830000-0x0000000007843000-memory.dmp

Filesize
76KB

Download
memory/2228-54-0x0000000001D70000-0x0000000001D71000-memory.dmp

Filesize
4KB

Download