ac2dffeaad45f78eb7ab384ab50b3d6b3592fab4a60c088243ef76abede0f855

Analysis

max time kernel
140s
max time network
126s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04/10/2024, 18:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

147ccadaa73dbadfdede2fd13ecc4f87_JaffaCakes118.exe
Size

1.2MB
MD5

147ccadaa73dbadfdede2fd13ecc4f87
SHA1

57016aa672a0348e5eb493674c8733e7f8a52acb
SHA256

ac2dffeaad45f78eb7ab384ab50b3d6b3592fab4a60c088243ef76abede0f855
SHA512

3c0dd3f3f5ccd282f39ba0429af32924f430e483fa33b1bdb1b2835dd1a20ae746b96ebfe21bc465edbfd4c147ecc1b5be22de3de709331d0716182d0bc09f98
SSDEEP

24576:lZzyAOF7YoV+OjkLWOi6Xf9zTFPLm0Q9BBA+TmrxxEfVaEL+:LJOpY3PBv95CB3iQf

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2412	147ccadaa73dbadfdede2fd13ecc4f87_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\PROGRA~2\is259453624.log	147ccadaa73dbadfdede2fd13ecc4f87_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	147ccadaa73dbadfdede2fd13ecc4f87_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	147ccadaa73dbadfdede2fd13ecc4f87_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2412	147ccadaa73dbadfdede2fd13ecc4f87_JaffaCakes118.exe
2412	147ccadaa73dbadfdede2fd13ecc4f87_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2412	147ccadaa73dbadfdede2fd13ecc4f87_JaffaCakes118.exe
2412	147ccadaa73dbadfdede2fd13ecc4f87_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\147ccadaa73dbadfdede2fd13ecc4f87_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\147ccadaa73dbadfdede2fd13ecc4f87_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ish259453281\bootstrap_39198.html

Filesize
156B

MD5
1ea9e5b417811379e874ad4870d5c51a

SHA1
a4bd01f828454f3619a815dbe5423b181ec4051c

SHA256
f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a

SHA512
965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259453281\css\main.css

Filesize
4KB

MD5
56a0bdab3f06ec5f4694107b5b971b4a

SHA1
50569e7426d9ca631b6034eda9e3bfcb1f56de3d

SHA256
0a426b4fa49438a2f1f68075464ee60e3cfe7980ba0b6f905ec242478799e527

SHA512
94c69e29111fe7fc3bc4ed341b54ff06944e18345974202ea32b0b1e12619cf0c0bf8463c513fca395984c2dd94019a712eb75edeeb6e37626ddcb73ed854cd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259453281\css\sdk-ui\progress-bar.css

Filesize
506B

MD5
5335f1c12201b5f7cf5f8b4f5692e3d1

SHA1
13807a10369f7ff9ab3f9aba18135bccb98bec2d

SHA256
974cd89e64bdaa85bf36ed2a50af266d245d781a8139f5b45d7c55a0b0841dda

SHA512
0d4e54d2ffe96ccf548097f7812e3608537b4dae9687816983fddfb73223c196159cc6a39fcdc000784c79b2ced878efbc7a5b5f6e057973bf25b128124510df

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259453281\images\BG.png

Filesize
63KB

MD5
674ebeb11c056b0cdf01802020b8b41a

SHA1
16fba8a46be739be737fcce768021a83142dc7eb

SHA256
b2f6875b12c8d4d583f93380c34babc18bb027cb15ed4e8a39bfbb5d9848f0b7

SHA512
71a826aca996b7db61a23e3011d4b3d9e61469f82620e6c0b08b1c85492d81da0d151d4c9aac6b3c168b53f0e4314bc2af6d5949c1e579f062f2697ae86be40b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259453281\images\Close.png

Filesize
1KB

MD5
60e7a3f760637dd125a1150474e7f6bb

SHA1
46e4b53480dd7b3db532e3511a7ad3b9e99b2f48

SHA256
d244e6d623fb3706340ead5491bb61663e5d53a3f7d96d4b613175c875c42184

SHA512
d279b197d330c4fe7de5e891b45e60273b603d58c84a502461ba2edf008ed51e6bcfd8768a74ee95bc9558bcbe8294f9f759c188327f7c54b1483d1072b32268

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259453281\images\Color_Button.png

Filesize
1KB

MD5
a4987c1267f6e8361800aa3d2dc840a2

SHA1
6d428d5e9333f78ffb65f8ac3aab06c8915078a3

SHA256
1b7fffc6ecbde629472f7e1b534243f7f7da06a6f2fed082cf1c62b6b002e9d5

SHA512
5fc4a1619851dddb8e689cbb342570f3004a7e4c030c593ac361b55584cda6178b3ce6a4baeed810467e569c07587affde5180420d793eb380782f440b23660a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259453281\images\Grey_Button.png

Filesize
991B

MD5
8a99e16e48ab5bfd0084ccd49281b036

SHA1
ab40545bb33ab2bad0891d3b71c3f618a916cb1d

SHA256
e44a2c233a1b29a6cb3bdd5955dece4ddd1e7497d3529bb55add8da124ad3fef

SHA512
f8b5fd65300cfd1f7554e381d0a3313ce8611aa092b44322c1b59ebc145e915707825f0fcf8e2e979ef6464df713db4d3897f4624f5ab9d777d4f8c4c5ef95cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259453281\images\Loader.gif

Filesize
10KB

MD5
57ca1a2085d82f0574e3ef740b9a5ead

SHA1
2974f4bf37231205a256f2648189a461e74869c0

SHA256
476a7b1085cc64de1c0eb74a6776fa8385d57eb18774f199df83fc4d7bbcc24e

SHA512
2d50b9095d06ffd15eeeccf0eb438026ca8d09ba57141fed87a60edd2384e2139320fb5539144a2f16de885c49b0919a93690974f32b73654debca01d9d7d55c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259453281\images\Logo.png

Filesize
5KB

MD5
45d8e7f1e721db59eca3dc36e932bf8b

SHA1
974fbb730c8c1ae66c6187f99d887f44d8a77a56

SHA256
f8cfaea0b23c976a4e7a67ffe79dd82210c5fea7d6eba2383a3cc33f8802ae05

SHA512
85b671dc81758977e5f807af91333573e1733ce8ca6721100dbe8538a481d8811d6d36754517948ff6a5ad984bb5ed0724790f43ba30dafdafb8c94735e249bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259453281\locale\EN.locale

Filesize
2KB

MD5
4e8e62a66c0d89240e6933119fe6aaf2

SHA1
dfb5920b9dbae1fc617c7368dab624a9d0b7b683

SHA256
1e00ec2b357214484fea1914bed0ba1d6764a11ce91d04198c7fa4e0fb3c8c4b

SHA512
dea5fd781e184f5c247abec38fd6052ba2f601e8f4c75cbdf8fdf362c010b32e879356f1d310b3a87809c91b5393b14844d82bfa3dccb4db252d4f375859436d

Download Submit
\Users\Admin\AppData\Local\Temp\ICReinstall_147ccadaa73dbadfdede2fd13ecc4f87_JaffaCakes118.exe

Filesize
1.2MB

MD5
147ccadaa73dbadfdede2fd13ecc4f87

SHA1
57016aa672a0348e5eb493674c8733e7f8a52acb

SHA256
ac2dffeaad45f78eb7ab384ab50b3d6b3592fab4a60c088243ef76abede0f855

SHA512
3c0dd3f3f5ccd282f39ba0429af32924f430e483fa33b1bdb1b2835dd1a20ae746b96ebfe21bc465edbfd4c147ecc1b5be22de3de709331d0716182d0bc09f98

Download Submit
memory/2412-130-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/2412-136-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/2412-129-0x0000000000401000-0x00000000004D0000-memory.dmp

Filesize
828KB

Download
memory/2412-0-0x0000000000401000-0x00000000004D0000-memory.dmp

Filesize
828KB

Download
memory/2412-131-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/2412-132-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/2412-133-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/2412-134-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/2412-135-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/2412-34-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/2412-138-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/2412-139-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/2412-140-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/2412-141-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/2412-142-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/2412-143-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/2412-144-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/2412-145-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download