b3c65d5866cb2de94b96580857f772e1e4fb95981ae4feae226429e69b86b643

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04-10-2024 17:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

14467958cb33c94ac267a34013102251_JaffaCakes118.exe
Size

555KB
MD5

14467958cb33c94ac267a34013102251
SHA1

8ee015d9b0985689cd73971ca2efb304be7def61
SHA256

b3c65d5866cb2de94b96580857f772e1e4fb95981ae4feae226429e69b86b643
SHA512

4ca3142cb3dc34e8ae3c9510db27740315984ecf97c638325163d2ddc9485aab6fbb7e559ab65389cf55349e5cf3fe88465766c857ad06da5a14b6472e30a25f
SSDEEP

12288:BK44k+DkT6rGnxTVNBmbmYGxGNYIOmDHamziorXphx/Ok8yi58kNY3v:B4yTmCxlhez6mLXphpCf8kNY3v

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 19 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2340-0-0x0000000000400000-0x0000000000546000-memory.dmp	upx
behavioral2/memory/2340-1-0x0000000000400000-0x0000000000546000-memory.dmp	upx
behavioral2/memory/2340-30-0x0000000000400000-0x0000000000546000-memory.dmp	upx
behavioral2/memory/2340-171-0x0000000000400000-0x0000000000546000-memory.dmp	upx
behavioral2/memory/2340-173-0x0000000000400000-0x0000000000546000-memory.dmp	upx
behavioral2/memory/2340-174-0x0000000000400000-0x0000000000546000-memory.dmp	upx
behavioral2/memory/2340-175-0x0000000000400000-0x0000000000546000-memory.dmp	upx
behavioral2/memory/2340-176-0x0000000000400000-0x0000000000546000-memory.dmp	upx
behavioral2/memory/2340-177-0x0000000000400000-0x0000000000546000-memory.dmp	upx
behavioral2/memory/2340-178-0x0000000000400000-0x0000000000546000-memory.dmp	upx
behavioral2/memory/2340-180-0x0000000000400000-0x0000000000546000-memory.dmp	upx
behavioral2/memory/2340-181-0x0000000000400000-0x0000000000546000-memory.dmp	upx
behavioral2/memory/2340-182-0x0000000000400000-0x0000000000546000-memory.dmp	upx
behavioral2/memory/2340-183-0x0000000000400000-0x0000000000546000-memory.dmp	upx
behavioral2/memory/2340-184-0x0000000000400000-0x0000000000546000-memory.dmp	upx
behavioral2/memory/2340-185-0x0000000000400000-0x0000000000546000-memory.dmp	upx
behavioral2/memory/2340-186-0x0000000000400000-0x0000000000546000-memory.dmp	upx
behavioral2/memory/2340-187-0x0000000000400000-0x0000000000546000-memory.dmp	upx
behavioral2/memory/2340-188-0x0000000000400000-0x0000000000546000-memory.dmp	upx

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\PROGRA~2\is240617609.log	14467958cb33c94ac267a34013102251_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	14467958cb33c94ac267a34013102251_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2340	14467958cb33c94ac267a34013102251_JaffaCakes118.exe
2340	14467958cb33c94ac267a34013102251_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\14467958cb33c94ac267a34013102251_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\14467958cb33c94ac267a34013102251_JaffaCakes118.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ish240616812\bootstrap_19038.html

Filesize
156B

MD5
1ea9e5b417811379e874ad4870d5c51a

SHA1
a4bd01f828454f3619a815dbe5423b181ec4051c

SHA256
f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a

SHA512
965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240616812\css\sdk-ui\images\progress-bg.png

Filesize
2KB

MD5
32a6846fe53388eb03be3ada2221297f

SHA1
1c1baec7b7fe7a420ccf68d3112384b44f8ba89e

SHA256
5c6d20c98c106bc6df49447b9939a90ba6a5e3c20d89ca0621677a7501bdb127

SHA512
79c4f3a72467b61c27d6e93415bae3fc61a9fde62aae4202ba8ed1de6328f5facc48092bfe57db70338a0a4b50f571d501eed04aed8b047d20aa28ee7446ce98

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240616812\css\sdk-ui\progress-bar.css

Filesize
506B

MD5
ca913240f3c5b51aa404ae23d8893a2f

SHA1
052090ca9b1e0c8f96a5b75258a6dd3975cd9227

SHA256
8f67635d39f2eda26c117cbc758a00766d7881d3bf6a605ec5b718c768feb7d5

SHA512
59dbd423086926849ca2d2c6039f008da51435b982565c3d6536e6b944485de31a1690054a3a71350d7c516c522bfa8993150a05aabbc8f952890eb15486246a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240616812\css\style.css

Filesize
8KB

MD5
c0c9b657ec29d3314b1603964c5c3850

SHA1
b6db5d4a0871e9bde4cf8c267979ff0cc7858535

SHA256
19c16898fa659cd6390e9ce5f280417b0a6d01a8927a345e2f50aa3d4d7c8e43

SHA512
8d8aaf95cee6917d454c759d9afdf30601136d7f9fd10ae47510defabf0404360931281835fe1aad3c5b3d5b94f8a0e080a2dd600e30774f6a4f4205a6168a75

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240616812\images\box-facemoods.jpg

Filesize
30KB

MD5
98899ddf07a22fb1adef95c099471801

SHA1
e89b4733713f17371c230f3c1610e67242bd086b

SHA256
fee33ba334e19dcc60128ce675118262399494b71032ed082bf7a610f62171ed

SHA512
4689a05e2a57ba6e1f7d2920ae7a5df5e607ec7a7712a179b11c3ca1f4801f8ccf621f74f3a2b10a47afb6e4aca900edcdcdb1e01084b91d220a5b6e6a4df059

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240616812\images\buttons.png

Filesize
4KB

MD5
2b5176fba35064ad131e0583ce558ceb

SHA1
493dfcb9f5b717c740dca2417e9d386f94bfc89f

SHA256
3f794e085c15e930dfd712ef91d6dd1f9c75a2119542b61aaa9b8a0604bd1aec

SHA512
131c151d8da89043903efc401bed2c791538bd2f981ed1087fca7f57e9bf368052d4842bb64d5f4ef1d4e2a253c5c8d2c9b419291c12b6037cf07db1a2d1f789

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240616812\images\logo.gif

Filesize
7KB

MD5
09a3c893a07fae4eb0c6e5671437bc2f

SHA1
aec239f8efada850bc2ac0da37f331a9449d684f

SHA256
65fbc36001236999b3d33045760518daf97f267697be5eb5bc4978a3cb7a1cea

SHA512
ce50e3c6d9fce4972942ff23bf257a0922c7f2b582fa5aa4f2b9b222fdc0515f85122d02e67839c85a352c4458a84a62df0999cf7f220a92b3b848a08b3dd31b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240616812\images\x.jpg

Filesize
424B

MD5
ebb0d89df0631fba54dddc9460b3bd51

SHA1
2e99ca75ed7a7ac980127616d384f756b98a7679

SHA256
fa38da6097d666e324f2fddce393fd518ab144372003a3cbe6f3510df66935d3

SHA512
cb4a9aa605c663ff773249416ac0b0eef392b306bb4ae71b82e7df17ffa4d57201eca055d15cf2d501f4cbe7af68eb745b35f5bcdba8ca37b3b74028026b9358

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240616812\locale\IT.locale

Filesize
4KB

MD5
c2697a04ad56afeb1916748201a0793e

SHA1
b4c029c84141aa0d7d97a2380e66ab8e94848a05

SHA256
cf2c8ed534312d37c66f35c499d5742734839057e8508fffe0c9905d551c8432

SHA512
1f0272a2692583131af2948b028428f92c1c5f93605ba9e0bcbf0fa45cde9d266dc4afadf7157fce2b8188923edb6d4948d535fa7f8d2c8ce1957594709b4ebb

Download Submit
memory/2340-172-0x0000000000401000-0x00000000004BA000-memory.dmp

Filesize
740KB

Download
memory/2340-178-0x0000000000400000-0x0000000000546000-memory.dmp

Filesize
1.3MB

Download
memory/2340-1-0x0000000000400000-0x0000000000546000-memory.dmp

Filesize
1.3MB

Download
memory/2340-2-0x0000000000401000-0x00000000004BA000-memory.dmp

Filesize
740KB

Download
memory/2340-171-0x0000000000400000-0x0000000000546000-memory.dmp

Filesize
1.3MB

Download
memory/2340-0-0x0000000000400000-0x0000000000546000-memory.dmp

Filesize
1.3MB

Download
memory/2340-173-0x0000000000400000-0x0000000000546000-memory.dmp

Filesize
1.3MB

Download
memory/2340-174-0x0000000000400000-0x0000000000546000-memory.dmp

Filesize
1.3MB

Download
memory/2340-175-0x0000000000400000-0x0000000000546000-memory.dmp

Filesize
1.3MB

Download
memory/2340-176-0x0000000000400000-0x0000000000546000-memory.dmp

Filesize
1.3MB

Download
memory/2340-177-0x0000000000400000-0x0000000000546000-memory.dmp

Filesize
1.3MB

Download
memory/2340-30-0x0000000000400000-0x0000000000546000-memory.dmp

Filesize
1.3MB

Download
memory/2340-180-0x0000000000400000-0x0000000000546000-memory.dmp

Filesize
1.3MB

Download
memory/2340-181-0x0000000000400000-0x0000000000546000-memory.dmp

Filesize
1.3MB

Download
memory/2340-182-0x0000000000400000-0x0000000000546000-memory.dmp

Filesize
1.3MB

Download
memory/2340-183-0x0000000000400000-0x0000000000546000-memory.dmp

Filesize
1.3MB

Download
memory/2340-184-0x0000000000400000-0x0000000000546000-memory.dmp

Filesize
1.3MB

Download
memory/2340-185-0x0000000000400000-0x0000000000546000-memory.dmp

Filesize
1.3MB

Download
memory/2340-186-0x0000000000400000-0x0000000000546000-memory.dmp

Filesize
1.3MB

Download
memory/2340-187-0x0000000000400000-0x0000000000546000-memory.dmp

Filesize
1.3MB

Download
memory/2340-188-0x0000000000400000-0x0000000000546000-memory.dmp

Filesize
1.3MB

Download