0d208934bf252005a386e2251724b1170a0edd0be3e8ecb47cf6f9ea87ac5682

Analysis

max time kernel
144s
max time network
144s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
30/09/2024, 19:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0308b7d80c7c3b314edc30d1e2827850_JaffaCakes118.exe
Size

639KB
MD5

0308b7d80c7c3b314edc30d1e2827850
SHA1

a92f4435b506c3164538c9a51c077a459d4e1a1d
SHA256

0d208934bf252005a386e2251724b1170a0edd0be3e8ecb47cf6f9ea87ac5682
SHA512

40a7443acaa3aec6a49467a50cef6fd13b94970a9144f561dad1c0ac9f653c1227a5fa072736a584514e922434e3c0d123d4ae3cca122b5cde3bdaca896b6f57
SSDEEP

12288:cNyMJfsnZIjbmON6nQd2OUqPAA5jhForUrq+sjTvGd9T/ZOq4/LtG30AHQh6b:QyMJfsZpA6nc2bqP35jhFT0jTvGvTc/F

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 51 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1296-6-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-5-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-0-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-85-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-86-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-88-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-87-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-89-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-108-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-120-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-128-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-127-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-136-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-149-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-151-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-152-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-153-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-154-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-155-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-156-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-157-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-160-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-162-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-164-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-165-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-166-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-167-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-168-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-169-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-170-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-173-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-174-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-175-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-176-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-177-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-178-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-180-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-181-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-182-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-183-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-184-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-185-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-189-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-190-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-191-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-192-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-193-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-194-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-197-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-198-0x0000000000420000-0x000000000055C000-memory.dmp	upx
behavioral1/memory/1296-199-0x0000000000420000-0x000000000055C000-memory.dmp	upx

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\PROGRA~2\is259433500.log	0308b7d80c7c3b314edc30d1e2827850_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0308b7d80c7c3b314edc30d1e2827850_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	0308b7d80c7c3b314edc30d1e2827850_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1296	0308b7d80c7c3b314edc30d1e2827850_JaffaCakes118.exe
1296	0308b7d80c7c3b314edc30d1e2827850_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1296	0308b7d80c7c3b314edc30d1e2827850_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1296	0308b7d80c7c3b314edc30d1e2827850_JaffaCakes118.exe
1296	0308b7d80c7c3b314edc30d1e2827850_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\0308b7d80c7c3b314edc30d1e2827850_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0308b7d80c7c3b314edc30d1e2827850_JaffaCakes118.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ish259432798\bootstrap_12303.html

Filesize
156B

MD5
1ea9e5b417811379e874ad4870d5c51a

SHA1
a4bd01f828454f3619a815dbe5423b181ec4051c

SHA256
f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a

SHA512
965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259432798\css\main.css

Filesize
6KB

MD5
425ed652dd8efbe8b44a6d3c9c1e49e8

SHA1
62c1bd9223b94e45f5ae628cbab92803af2965aa

SHA256
be4f568d1fc4d7e8e9d7ade30d6f7cca1049d04b9388a64b67f2825f4f2db37d

SHA512
d812af5dac0d73b8947e137246d0efd54b5516d3fb0cbc6c2f734e1f5a69ecbac6c8b3afc23ce71cde94b4315bacf2b786887b03051c51cbe930626294e66dd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259432798\css\sdk-ui\progress-bar.css

Filesize
506B

MD5
5335f1c12201b5f7cf5f8b4f5692e3d1

SHA1
13807a10369f7ff9ab3f9aba18135bccb98bec2d

SHA256
974cd89e64bdaa85bf36ed2a50af266d245d781a8139f5b45d7c55a0b0841dda

SHA512
0d4e54d2ffe96ccf548097f7812e3608537b4dae9687816983fddfb73223c196159cc6a39fcdc000784c79b2ced878efbc7a5b5f6e057973bf25b128124510df

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259432798\images\BG.png

Filesize
27KB

MD5
73690cdfa0fa656dcaef01ed512adeba

SHA1
92397a9955cdfd057dcd9b7bf1786179824654c5

SHA256
35c4229c12a36fd0642313e4e4d1ae991ca37d3e156425d4b34bfb65b67933b2

SHA512
fec791a6d257c494131e068929d9fee4cd222b52fab0c20ec439d16bdabd1c71bd735b1b8ebb42d951019a9b054b6389c5db5e44b5853874ec9d018609161a20

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259432798\images\Close.png

Filesize
293B

MD5
75a9464e6e2e2d8efc82e5285ab0d95d

SHA1
03aa7ccf18666265cef894adc30aede977116405

SHA256
7ec62b84d0c741b8e1f4c735ba37fd4dc889690590cf900073793b8d6e44cd0a

SHA512
c52d190454e7d6fbafdd18960b5c95cc76da66ce02b7d0caf1eecc3335ae60b8aeb8b014be9adfaf46cafcdb7342029ec265d64576483cfc2b2439a514d9b63c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259432798\images\Close_Hover.png

Filesize
294B

MD5
aa5fc77754056e5cf059ae73ae3ffb93

SHA1
d6dea0e225dc926506c9c1bc8d9084cbaf7cc350

SHA256
cb4b816b428001c2756dc75791598a256ff2774c5dc9e87253ae77b5aaed8da0

SHA512
1c61531ed01bd48af185450f64f6a908784a4846085044109cf18f385592f783ae6c9b99cffe95b4d6fc1108fc2cebdfeccca30a01c682f5d47b019429b0e8a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259432798\images\Color_Button.png

Filesize
2KB

MD5
74e2fdcc7a0e8161c160c2614a67801c

SHA1
43a3ccee7e8e9f1448982662e567d1311e21b5fd

SHA256
6608965b76e3c0f43eb9ca66c75f5b916ae7348ef7250de5413dad735cde9398

SHA512
a7da8a7330a7beab2fd5e04ca3efc917c933cf8e4dadad531a8ac11e8add814890b4693ec9393408230e61e3a934075334953bd1ebadc6938bedf6a11c93f8c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259432798\images\Color_Button_Hover.png

Filesize
2KB

MD5
74900169442a73b94a452a43bde17248

SHA1
b211e593a3bc6559482ddb707399d7b7cf08d331

SHA256
c2e7c5e031b4e7bcefa800de4659c8c1ca072ad074d15860583588962beea9b5

SHA512
e0a24cf32e8865e9021e161f66f9c275f777ab592e3bb365dd568963aa998612e1dfe9eefdd71e3239ffb43657ef1f86367410192c7769968e9ecfcb6b6ef4c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259432798\images\Grey_Button.png

Filesize
1KB

MD5
aa1424f218bf3befbcca3c4c0e42a365

SHA1
c91d5dce4ebd543d905026577f8a05dff1d8357e

SHA256
e1a823582add59d1406fd36d3f7f86f98873e3201168e542cb49239d6c525ab0

SHA512
8ef2ea9613ff50bf028c9ef4611326d61b1cd07d01b89631faa2053449fab9a746e06e59a176dd5cda4f02f77fca8eedbb6e46ae4a78afa416ae8adb7ef0d93b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259432798\images\Grey_Button_Hover.png

Filesize
1KB

MD5
61b27f16ef13d3ad95833dd3a932f307

SHA1
9e0866a07c8309b8f5fb3fbec98531f2ebfbce6f

SHA256
be3dee9b5d9f2893607ff916b3c3313987a16092230650dbaeec6e9e36c63ad2

SHA512
c3d6a15a826c990bd77c4d2581fe8791fb71346477ee360af50f96a7521e83f5ae89c520af221a737787684eb2b6a714afe9e6d770d9103de4fcc18f767283a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259432798\images\Progress.png

Filesize
2KB

MD5
5995603e376b72b3f2f02d400b44584a

SHA1
4127535df235428d157f83006fa23225130215ce

SHA256
392d2b22da905e8f2092d96116b6aa3326dbede98fc6f0c45e5b9146f9fc2f48

SHA512
74aa387e04e79fab7b6ce570acada3d0cb882f440999f3539caf7bbd9ec505765d9b6b39cea5edfdb176b17186b302f21dcf059dc03ed0045a81595c9947a861

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259432798\images\ProgressBar.png

Filesize
1KB

MD5
41e2db8679de78b2a15a5ada20c0228f

SHA1
4e0cac7678928d838a61bf171c496b922c121f00

SHA256
cbd36783ed6c4a4bae2414f76102032fcd0905b911c5596014ed0d14c5685b7a

SHA512
aad04e4fd9ff2d90bbee9231b0c095f350393703c3e10351bafc1160896c30d0d3ed5f616bd9820742aed4295a698af392f6106995492bb532d0163d557642b2

Download Submit
memory/1296-155-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-166-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-120-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-128-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-127-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-89-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-87-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-88-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-136-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-86-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-85-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-0-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-3-0x0000000000401000-0x000000000040A000-memory.dmp

Filesize
36KB

Download
memory/1296-4-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/1296-5-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-149-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-151-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-152-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-153-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-154-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-6-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-156-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-157-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-160-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-162-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-164-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-165-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-108-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-167-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-168-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-169-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-170-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-173-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-174-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-175-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-176-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-177-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-178-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-180-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-181-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-182-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-183-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-184-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-185-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-189-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-190-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-191-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-192-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-193-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-194-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-197-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-198-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download
memory/1296-199-0x0000000000420000-0x000000000055C000-memory.dmp

Filesize
1.2MB

Download