79b118ae98da7745af46b64d1ada2e5aca2ac201b56b801fae5c6b01a6fd3c3e

Analysis

max time kernel
144s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03/10/2024, 23:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

10f8fb075321e9e4b6e359ca4dd22431_JaffaCakes118.exe
Size

1.2MB
MD5

10f8fb075321e9e4b6e359ca4dd22431
SHA1

f90c422142d9d05e44bf42bd971c93396e2ef4e0
SHA256

79b118ae98da7745af46b64d1ada2e5aca2ac201b56b801fae5c6b01a6fd3c3e
SHA512

b788f59e425af9f7438df203e3dc057875d3b68b47ae48034f3c23d22955f383c38976b15f03e38f3f979776c0aafc0a3214653121f1c8bf9205bcc643fb08ae
SSDEEP

24576:PCPWKfD7Pz04I2QLbzjuXxpSzRMRPCTokLRRNyuJv:m5nz0BbzK+dlUWIO

Score

7^/10

discovery upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0008000000016eca-10.dat	acprotect

Loads dropped DLL 24 IoCs

pid	Process
1716	10f8fb075321e9e4b6e359ca4dd22431_JaffaCakes118.exe
1716	10f8fb075321e9e4b6e359ca4dd22431_JaffaCakes118.exe
1716	10f8fb075321e9e4b6e359ca4dd22431_JaffaCakes118.exe
1716	10f8fb075321e9e4b6e359ca4dd22431_JaffaCakes118.exe
1716	10f8fb075321e9e4b6e359ca4dd22431_JaffaCakes118.exe
1716	10f8fb075321e9e4b6e359ca4dd22431_JaffaCakes118.exe
1716	10f8fb075321e9e4b6e359ca4dd22431_JaffaCakes118.exe
1716	10f8fb075321e9e4b6e359ca4dd22431_JaffaCakes118.exe
1716	10f8fb075321e9e4b6e359ca4dd22431_JaffaCakes118.exe
1716	10f8fb075321e9e4b6e359ca4dd22431_JaffaCakes118.exe
1716	10f8fb075321e9e4b6e359ca4dd22431_JaffaCakes118.exe
1716	10f8fb075321e9e4b6e359ca4dd22431_JaffaCakes118.exe
1716	10f8fb075321e9e4b6e359ca4dd22431_JaffaCakes118.exe
1716	10f8fb075321e9e4b6e359ca4dd22431_JaffaCakes118.exe
1716	10f8fb075321e9e4b6e359ca4dd22431_JaffaCakes118.exe
1716	10f8fb075321e9e4b6e359ca4dd22431_JaffaCakes118.exe
1716	10f8fb075321e9e4b6e359ca4dd22431_JaffaCakes118.exe
1716	10f8fb075321e9e4b6e359ca4dd22431_JaffaCakes118.exe
1716	10f8fb075321e9e4b6e359ca4dd22431_JaffaCakes118.exe
1716	10f8fb075321e9e4b6e359ca4dd22431_JaffaCakes118.exe
1716	10f8fb075321e9e4b6e359ca4dd22431_JaffaCakes118.exe
1716	10f8fb075321e9e4b6e359ca4dd22431_JaffaCakes118.exe
1716	10f8fb075321e9e4b6e359ca4dd22431_JaffaCakes118.exe
1716	10f8fb075321e9e4b6e359ca4dd22431_JaffaCakes118.exe

UPX packed file 15 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0008000000016eca-10.dat	upx
behavioral1/memory/1716-12-0x0000000004270000-0x00000000042CB000-memory.dmp	upx
behavioral1/memory/1716-99-0x0000000006070000-0x00000000060CB000-memory.dmp	upx
behavioral1/memory/1716-173-0x0000000006080000-0x00000000060DB000-memory.dmp	upx
behavioral1/memory/1716-245-0x0000000006080000-0x00000000060DB000-memory.dmp	upx
behavioral1/memory/1716-314-0x0000000006080000-0x00000000060DB000-memory.dmp	upx
behavioral1/memory/1716-392-0x0000000006080000-0x00000000060DB000-memory.dmp	upx
behavioral1/memory/1716-464-0x0000000006080000-0x00000000060DB000-memory.dmp	upx
behavioral1/memory/1716-537-0x0000000006080000-0x00000000060DB000-memory.dmp	upx
behavioral1/memory/1716-970-0x00000000034B0000-0x000000000350B000-memory.dmp	upx
behavioral1/memory/1716-1114-0x00000000035F0000-0x000000000364B000-memory.dmp	upx
behavioral1/memory/1716-1182-0x00000000034B0000-0x000000000350B000-memory.dmp	upx
behavioral1/memory/1716-1474-0x00000000035F0000-0x000000000364B000-memory.dmp	upx
behavioral1/memory/1716-1547-0x00000000035F0000-0x000000000364B000-memory.dmp	upx
behavioral1/memory/1716-1690-0x00000000035F0000-0x000000000364B000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	10f8fb075321e9e4b6e359ca4dd22431_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	10f8fb075321e9e4b6e359ca4dd22431_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1716	10f8fb075321e9e4b6e359ca4dd22431_JaffaCakes118.exe
1716	10f8fb075321e9e4b6e359ca4dd22431_JaffaCakes118.exe
1716	10f8fb075321e9e4b6e359ca4dd22431_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\10f8fb075321e9e4b6e359ca4dd22431_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\10f8fb075321e9e4b6e359ca4dd22431_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\~ZMF94E.tmp

Filesize
79KB

MD5
e388b183baeadc91cb899bda5f220958

SHA1
df9e493fc522cc518851f43a4aa979906f8daa20

SHA256
70e3e0779b8abcefbd5ef9c5d171313b58a342d5ecf74d5d941ae104a2ad0c31

SHA512
5ab25e3ecdc7110b55e9aa0d0b70c0a793d0911f170313784705a9a307ed8c40277a9aa0219b9a2879c00f5982f46b55edbebaeae9a8f3d8d0ee76508baf49ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{2BD6C91A-76CA-45F2-8EDA-B293BA8ED844}\css\style.css

Filesize
2KB

MD5
51cf0ca782b2347e7ed67f79ee66002f

SHA1
f9974866cf3fe22ef59e264ec1f01d669b6049a8

SHA256
4599f0d57ce98eeb4de231348fdc9e6c61af7783d35a2deb37e481a0839dd5d4

SHA512
7e8d89990373a1565a515fb6e8ff9bf1bcb235d82eb78a50c6f264fb4f8e476bb74c9af2250aa586d0d5d6c3700ff5d3db573b6ff000667cd4e49d2ca8ddd15c

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{2BD6C91A-76CA-45F2-8EDA-B293BA8ED844}\images\bg.gif

Filesize
57B

MD5
4a6186f9eb9c930bb46f1038a073a451

SHA1
570471c1b1d5ac0bedc02e467208de6f99a892d3

SHA256
382f571efb24d7be12785ffe83a85144d73f1a56439f2ffd4c48eb8d246b7e27

SHA512
195f39c5ab1d13a02c98a9e1492b7e973498956be923d05697760f425049fc192abaf0e53832464a231e9162d3c43637eee1f045fb1e6a28d728273b90a84f4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{2BD6C91A-76CA-45F2-8EDA-B293BA8ED844}\images\logo.jpg

Filesize
26KB

MD5
408df44ec9ce27aa54dd4f6e8102cda2

SHA1
8f621db05618b632b0673e11acbd4667479b3686

SHA256
121686171d72cb8606fc89a575cfcc90908bea383c742a9855a469683922f4f9

SHA512
7c3d8512300232b2cc3aebb9301a794fc52905cf7bccadc3df4e8d1ab4ddcc462160d953a1ec51eef56f6cb05beddecd6a1a21e64119a9bed86823d14a3db2a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{2BD6C91A-76CA-45F2-8EDA-B293BA8ED844}\page.html

Filesize
1KB

MD5
d0a9aa7b96e1db87f11889208b215f6b

SHA1
f619d20adb977c19e29bc1977c136b16edd9ff31

SHA256
160bcbf76db4fadd50c3a3abee1c617027b71a4d913d470fa1ed8208cfe69c2f

SHA512
e70b1c9290fc0ce8f225a385ac34055e3b8d5ca569fc2268e6931df2028a6b2bfee8254f4717cade785aca7d9a4e989408797bf5ccffb80022eb48487add1b47

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{7CA34EC6-57D8-4745-ABAD-FF80C8C4BF4A}\act.html

Filesize
1KB

MD5
469032f670a8d8dccabab42794bd5dfd

SHA1
9337bff3bf58e664d7283f438e4a194c1eabf7b8

SHA256
6ca0071aa8299cbd4b8c0e8ea3994878a6adf35b102b6053234de7ec9cfe60bc

SHA512
9f27b203c8ea813f7e46115e4e325bdda1e95f127f1854a90cd9eec5c5cc3e91a3081c0157799acae4e2f5302c81c7437b44855ed49b0ed0207a749288d77eeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{7CA34EC6-57D8-4745-ABAD-FF80C8C4BF4A}\images\border.gif

Filesize
44B

MD5
928e9a9c2770188728e3cb538abf927b

SHA1
49826ccadf19113d41c0c5eebe8a3a7830694d23

SHA256
1e7f7a54dd08fd894544b2b61ad41a9851656f7f02faa33bec9bbcb542764456

SHA512
3138f7f535cec4a9736b5cdc0042c68b53774b63ba7464574737a02147681688c98d816645b1f64881daef9f11a00a0f8302a988af4b9fad8524673975bfdefd

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{7CA34EC6-57D8-4745-ABAD-FF80C8C4BF4A}\images\logo_small.jpg

Filesize
6KB

MD5
036969573ec4e4af2aa16ea73e2fc482

SHA1
d0337ff4520b96d4bea44e3f4f902b6d680e16d8

SHA256
03b81ecf0ccdb05bbcfe8fc8a78f85f7da574d492a81d59a17a4670e2b9a140b

SHA512
2f96f1929011e6ec491c1ca10a32667d902876639f490cc41f934210b66bb84cf0664cffd8fa769c2aa6c72fc9088148ff2691757f3d2b36bee9291da5db5b38

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{7CA34EC6-57D8-4745-ABAD-FF80C8C4BF4A}\images\pg_bg.gif

Filesize
1KB

MD5
8396873a19ce8cd72ef207184a6e8c16

SHA1
d23aea5de16e69199afd469861faa11dac199971

SHA256
cd066b2e1cd75d61abc23a8df154c31142001cb8b03aa8acaa0b2d8ae62a493c

SHA512
d8621c340e024a589a6b8d671c4157b343e0e9b76b717cda4b41157f049bf370d72bb2df54ef562a1e336f854001afecad3913cf28dfdbf8943b64a366118496

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{7CA34EC6-57D8-4745-ABAD-FF80C8C4BF4A}\images\pg_fill.gif

Filesize
103B

MD5
b329042c01fef0f3a857022723c8bb17

SHA1
72e638818277ffd08c26853322251f08951b44bb

SHA256
c326f095066971b33a91c49130f06fb48d0e780a3779bc2970e987b46880a259

SHA512
3a4479334593aaa5f4d9177cf4159ae7feb285b146fc03f282e38075380faa9f99c107636360e4ef3d2382e37873b2d7cff2b7d00292f11a980ba967799d4389

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{7CA34EC6-57D8-4745-ABAD-FF80C8C4BF4A}\images\pg_left.gif

Filesize
1KB

MD5
cf1411b3ad017737ca7cd6bde1e16889

SHA1
1fb89291b97237318354b3df6a8c380960117c8f

SHA256
1bfa623bd168314fbe0a482c8b778aec0305c08fda7d722da93d0014c1793ad1

SHA512
27292ae76bc11b66414fedbe1a7a0a46520ebd6aba823d3a3d7ed163f3a4e9a91c2857030189d3bc705c35cff34239679a0fe17544a44254eb5f014b60074f88

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{7CA34EC6-57D8-4745-ABAD-FF80C8C4BF4A}\images\pg_right.gif

Filesize
1KB

MD5
41d44b879b4ae9bff6a78c1187d90280

SHA1
807059de70fc0036e0644804f0170da91b900006

SHA256
7b47a14c272c9fe0089e4298d66e2a865a53b382e33a13bb190666badf77dd30

SHA512
44672da8442cf2ed02872abf1b0e218251002b6d0d7145d3556661efbc24b55a1987817eba2f67b7a95c555b40d070ab68d0c3b7993ed7b822b9d747416be576

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{7CA34EC6-57D8-4745-ABAD-FF80C8C4BF4A}\images\shadow_text.gif

Filesize
388B

MD5
761f73a7bd5e5a4094a13cb23a156ff1

SHA1
e5593b257159899fb2cf9c451e2acfc915ce1f26

SHA256
f14fa389d8a4f21823c9fa13ff804278a02fe25a97c37dcaea3fc1adcb81f638

SHA512
57f6fc7a468712d6b70e2ea18543e7cec64f3bf73937161cafa63ba5239c9b31113178ee3d919a2b5e5433bfc33618603989fbbfb2a05f6ae330eccdd99d64c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{7CA34EC6-57D8-4745-ABAD-FF80C8C4BF4A}\install.html

Filesize
2KB

MD5
0f44a2272716289251504283485eccc3

SHA1
ceaedb555ca37e6c5e12439557d030e27626903c

SHA256
bf030937553ae2c4906978eb1b8d68a6235ce4ee6f1682c02b8db0e82596b1be

SHA512
75250b59aa0b16832b1923c39b68a7881ca425761deb5e22efb59934df5dee8895cc5ae54ea9c08cec465d7113155a2d8defd3a7f21c8caf98a1b8d98dbd8b19

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{7CA34EC6-57D8-4745-ABAD-FF80C8C4BF4A}\jquery.min.js

Filesize
89KB

MD5
9118381924c51c89d9414a311ec9c97f

SHA1
71cce71820cc47b3bd1098618d248325fcf24ddb

SHA256
951d6bae39eb172f57a88bd686f7a921cf060fd21f59648f0d20b6a8f98fc5a5

SHA512
496d1b07bcd838dcce15d4e880b33c985fa5a6f49a3c7e7983e472c95f3e751664896e67fdcd603601a4e62db17f30cb4e63c7bd20aab1a884a19243893a135a

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{7CA34EC6-57D8-4745-ABAD-FF80C8C4BF4A}\page2.html

Filesize
17KB

MD5
edc9940a31a6e236a6417f4bb645304a

SHA1
7152331767c0db83a5e8d81e30239fae6bb1a267

SHA256
42fd562f2439c64e8d5b358eadd510271ec2342ddca3beb9d35d15dc871d0603

SHA512
c4e25d46fd2e78e6bb85506d6841bd1f8c5cd0131984306d3911f98d80d1f33eccbe07f92fa5477bd13397ddf6a4b9016a5e4afc6898d122e492b24e436b3e62

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{7CA34EC6-57D8-4745-ABAD-FF80C8C4BF4A}\where.html

Filesize
2KB

MD5
3aaec815e15f35f7a9aa153e012ef2fd

SHA1
5bf847d8e0e6560f29f5839fcb7fa6bbd03aad64

SHA256
ee6f749f88ca8f0c23cb0489bc6c913060b4c7f0e312024e18a36490e71974cf

SHA512
b811e1a620248050d2628dec183eb4c79df07ccf07dc1e362f7f34709ca7f2f1d8ed7f7d18647eddcd22ce095b66971bbd095680b642b0377d277f6b3ed90919

Download Submit
\Users\Admin\AppData\Local\Temp\{0C8ED7AD-0785-4F30-868E-AE8D068D4398}.dll

Filesize
120KB

MD5
c9f333d1ff898672a34805f94a265329

SHA1
2deaac66698fb2e9b3868d23034c3211c508b739

SHA256
07e546811635574c77edfda126b0e5f5292b4ea13f35158eddedcfc3cbf74b6b

SHA512
048c71e48e2def0bfc69ebfb69b834d650a9377082782333f50728fdfd6675df8093d0c87e606022e55d09f81549d4ca3b640bcdd33b9ddc9aace03ee1466add

Download Submit
memory/1716-165-0x00000000004FE000-0x000000000054E000-memory.dmp

Filesize
320KB

Download
memory/1716-464-0x0000000006080000-0x00000000060DB000-memory.dmp

Filesize
364KB

Download
memory/1716-99-0x0000000006070000-0x00000000060CB000-memory.dmp

Filesize
364KB

Download
memory/1716-90-0x0000000001EA0000-0x0000000001F86000-memory.dmp

Filesize
920KB

Download
memory/1716-12-0x0000000004270000-0x00000000042CB000-memory.dmp

Filesize
364KB

Download
memory/1716-4-0x0000000000400000-0x0000000000562000-memory.dmp

Filesize
1.4MB

Download
memory/1716-5-0x0000000000400000-0x0000000000562000-memory.dmp

Filesize
1.4MB

Download
memory/1716-6-0x0000000000400000-0x0000000000562000-memory.dmp

Filesize
1.4MB

Download
memory/1716-2-0x0000000000590000-0x0000000000591000-memory.dmp

Filesize
4KB

Download
memory/1716-3-0x00000000004FE000-0x000000000054E000-memory.dmp

Filesize
320KB

Download
memory/1716-1-0x0000000000400000-0x0000000000562000-memory.dmp

Filesize
1.4MB

Download
memory/1716-164-0x0000000000590000-0x0000000000591000-memory.dmp

Filesize
4KB

Download
memory/1716-0-0x0000000001EA0000-0x0000000001F86000-memory.dmp

Filesize
920KB

Download
memory/1716-166-0x0000000000400000-0x0000000000562000-memory.dmp

Filesize
1.4MB

Download
memory/1716-168-0x0000000004270000-0x00000000042CB000-memory.dmp

Filesize
364KB

Download
memory/1716-173-0x0000000006080000-0x00000000060DB000-memory.dmp

Filesize
364KB

Download
memory/1716-245-0x0000000006080000-0x00000000060DB000-memory.dmp

Filesize
364KB

Download
memory/1716-313-0x0000000000400000-0x0000000000562000-memory.dmp

Filesize
1.4MB

Download
memory/1716-314-0x0000000006080000-0x00000000060DB000-memory.dmp

Filesize
364KB

Download
memory/1716-387-0x0000000000400000-0x0000000000562000-memory.dmp

Filesize
1.4MB

Download
memory/1716-392-0x0000000006080000-0x00000000060DB000-memory.dmp

Filesize
364KB

Download
memory/1716-98-0x0000000000400000-0x0000000000562000-memory.dmp

Filesize
1.4MB

Download
memory/1716-532-0x0000000000400000-0x0000000000562000-memory.dmp

Filesize
1.4MB

Download
memory/1716-537-0x0000000006080000-0x00000000060DB000-memory.dmp

Filesize
364KB

Download
memory/1716-605-0x0000000000400000-0x0000000000562000-memory.dmp

Filesize
1.4MB

Download
memory/1716-677-0x0000000006080000-0x00000000060DB000-memory.dmp

Filesize
364KB

Download
memory/1716-750-0x0000000006080000-0x00000000060DB000-memory.dmp

Filesize
364KB

Download
memory/1716-749-0x0000000000400000-0x0000000000562000-memory.dmp

Filesize
1.4MB

Download
memory/1716-893-0x0000000000400000-0x0000000000562000-memory.dmp

Filesize
1.4MB

Download
memory/1716-965-0x0000000000400000-0x0000000000562000-memory.dmp

Filesize
1.4MB

Download
memory/1716-970-0x00000000034B0000-0x000000000350B000-memory.dmp

Filesize
364KB

Download
memory/1716-1109-0x0000000000400000-0x0000000000562000-memory.dmp

Filesize
1.4MB

Download
memory/1716-1114-0x00000000035F0000-0x000000000364B000-memory.dmp

Filesize
364KB

Download
memory/1716-1182-0x00000000034B0000-0x000000000350B000-memory.dmp

Filesize
364KB

Download
memory/1716-1183-0x0000000000400000-0x0000000000562000-memory.dmp

Filesize
1.4MB

Download
memory/1716-1326-0x0000000000400000-0x0000000000562000-memory.dmp

Filesize
1.4MB

Download
memory/1716-1469-0x0000000000400000-0x0000000000562000-memory.dmp

Filesize
1.4MB

Download
memory/1716-1474-0x00000000035F0000-0x000000000364B000-memory.dmp

Filesize
364KB

Download
memory/1716-1542-0x0000000000400000-0x0000000000562000-memory.dmp

Filesize
1.4MB

Download
memory/1716-1547-0x00000000035F0000-0x000000000364B000-memory.dmp

Filesize
364KB

Download
memory/1716-1686-0x0000000000400000-0x0000000000562000-memory.dmp

Filesize
1.4MB

Download
memory/1716-1690-0x00000000035F0000-0x000000000364B000-memory.dmp

Filesize
364KB

Download