d7c0b713ff8c3f704f1fd69bab5d2fc205a2ca759cf37a479ba79302b8d2cf2b

Analysis

max time kernel
141s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05/10/2024, 03:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

15ff17dc049e82560784839044790b53_JaffaCakes118.exe
Size

1.0MB
MD5

15ff17dc049e82560784839044790b53
SHA1

de6ec639cad269fd730fc0571a729ad90857417c
SHA256

d7c0b713ff8c3f704f1fd69bab5d2fc205a2ca759cf37a479ba79302b8d2cf2b
SHA512

7db5b07b7f7918924586f7a84c5fb23424d2c49374ff90bf846e801f00ee2fc44d035f95e52c50f914d686bf8e342eccc871fa81cc19151b40a09d1456a8fba3
SSDEEP

24576:5EyrCWiwk8ZQ64sEOTE2/SiOUCWv3l/EElGDyjXlT3BDp94:5rEuyzylT3B99

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2056	15ff17dc049e82560784839044790b53_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	15ff17dc049e82560784839044790b53_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	15ff17dc049e82560784839044790b53_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2056	15ff17dc049e82560784839044790b53_JaffaCakes118.exe
2056	15ff17dc049e82560784839044790b53_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\15ff17dc049e82560784839044790b53_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\15ff17dc049e82560784839044790b53_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ish259444654\bootstrap_50794.html

Filesize
156B

MD5
1ea9e5b417811379e874ad4870d5c51a

SHA1
a4bd01f828454f3619a815dbe5423b181ec4051c

SHA256
f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a

SHA512
965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259444654\css\main.css

Filesize
4KB

MD5
4188c91ed0c5be3e80541c3368da44b9

SHA1
7793338cf3f9c5daa3e0af137e1d1148de0d06d0

SHA256
740f9dba99e8c0b58a8b44fc2e33d14bbe7f7aeaacdb1863a2b3d7c641da506f

SHA512
0f4a92f91a665b9da4b496c9e00d834a897e5563deb365f3084fce73766c2705b498a9fb8a2af61d0fe9f01496c60d8106ee5f7f75b6f71d21bd6238d6acecb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259444654\css\sdk-ui\progress-bar.css

Filesize
506B

MD5
5335f1c12201b5f7cf5f8b4f5692e3d1

SHA1
13807a10369f7ff9ab3f9aba18135bccb98bec2d

SHA256
974cd89e64bdaa85bf36ed2a50af266d245d781a8139f5b45d7c55a0b0841dda

SHA512
0d4e54d2ffe96ccf548097f7812e3608537b4dae9687816983fddfb73223c196159cc6a39fcdc000784c79b2ced878efbc7a5b5f6e057973bf25b128124510df

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259444654\images\BG.jpg

Filesize
29KB

MD5
3746620be7cae395e6ec97a3e536acf5

SHA1
e4ad345f89880b8486018018b94800ccf354559a

SHA256
20133c55efd581a5de080d84097665658746913f9c46b6ef9e5ec7ad603638d0

SHA512
02f3d49d21437763f92d8c3e835413ad446c4ff606bfba86d64f90bb450632dfdf524280013ac8c9d60a7c8147f8c4580eb9f2241c5a7996eb95a73aa8afb5b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259444654\images\Close.png

Filesize
925B

MD5
249e564a2ac708877c7fbe9a73ed6b19

SHA1
65b20a84f59d70b63bb3198b394fd9577741a317

SHA256
ea7984a4af75179bd5a42e56bcdae7d06cb89d03d814a0168f8a223bebbed058

SHA512
86595185632af4fb7ae7b425eb2fd67818ffd2f079da4b236754a74dfc1d1e1e3b5904f122c6fa5e592e674d7c5d38c16be52fa362bc78773f90bf7ae6768222

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259444654\images\Color_Button.png

Filesize
1KB

MD5
be99b7a68a6227de0a2835eb685b8504

SHA1
a8ed5418569024e491b0a291af1679673c0d9979

SHA256
68dfdec6774cc440c5640fd0025a46299cd2a9b42d6223383229988af1d9e3ef

SHA512
325a6ad31949005a6eb56e273ec8579eb0c8b031f1f1e68a82084f23127c89602bdcbf9b4a08e9af26bdaf1e214702e933cca4023400d1bb7f6fcab90b380448

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259444654\images\Games_Pics.jpg

Filesize
12KB

MD5
3d508e41c8e160e70b4f2e1a9a66b1bc

SHA1
900e64092e3849cf54bf61957e78d4d78faf612f

SHA256
1ca7924ab528b00d5508b442f15288043448a63f2860307253019d901f4f9d82

SHA512
40b0a138df819c09d8fd2b551cd4e5ee02480a6630f77676e52e4b48587447fc323d4d95553e6309e43f4abac9fb0a7f9e91632be50cd878fc870e395f0c6547

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259444654\images\Gray_Button.png

Filesize
1KB

MD5
35800b05c4334c3a5cddf4260ac9d4b9

SHA1
54affc5d79378b688b64171c03434abe83b5c6c6

SHA256
d36de61d654cccf61b8767923efaecfea8b79e013aa0d0d1b832d23b9ab811ea

SHA512
76eeb5bb528949fcc5baa327463459d99991823c2ab5aa82366c797d74ac0db9b5bb5b8d5a55ee73990e0c1b0c3074f9ad09ccbf4ac19ec4737dd97d8687ba7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259444654\images\Progress.png

Filesize
461B

MD5
39d7639ef1e1db7099179cebecda726c

SHA1
3b65fe5142fed1478bd65cacc5bec45570b4b3a5

SHA256
a33d18689c5cd3661a9723b17f0d6f33672c1aed2429998b8d39bc4b7b19abea

SHA512
a8f7d08cb7c4a933075740f4db356e208b6c3eb2baa4c597d7739d0f302abea4fc3a8180181b66828c363407f8dbbc2ba7b6d68791e383f7dc3cd0e02353cf96

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259444654\images\ProgressBar.png

Filesize
477B

MD5
830234f26fce01833c8f74f1829d7717

SHA1
38207d8cbf96b4e1a7d6182b7da4b25c31e538dc

SHA256
fa8bfed0f1e98d212938e307160d1c5b68f134f67ea0826b9f75f2284be9e2f2

SHA512
f4ab75c710c1eb287002a6640e0ec4c5061d2e921a49d1b5b37be5e83c217d77536a5754cca3b57d446c663b402377280c283d99d6b6667eaa7ff38b8a2e49e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259444654\images\loader.gif

Filesize
21KB

MD5
360281e85620142c3329848262da263d

SHA1
032ae1e422af859d78d172e918573fb0f55318de

SHA256
6c7d0d5402ebcf34cb6280473b4dac5966aae2a4bdadf80c796245663e2d9b55

SHA512
48ea37754839abce73898d29c6cb1ede20ac980dcd0b8c0f1274a690ea0bb44659129aba7581bd473ab7a735b7b9d08d6d041973bced4fe3fc0b70b3a73ec2a6

Download Submit
\Users\Admin\AppData\Local\Temp\ICReinstall_15ff17dc049e82560784839044790b53_JaffaCakes118.exe

Filesize
1.0MB

MD5
15ff17dc049e82560784839044790b53

SHA1
de6ec639cad269fd730fc0571a729ad90857417c

SHA256
d7c0b713ff8c3f704f1fd69bab5d2fc205a2ca759cf37a479ba79302b8d2cf2b

SHA512
7db5b07b7f7918924586f7a84c5fb23424d2c49374ff90bf846e801f00ee2fc44d035f95e52c50f914d686bf8e342eccc871fa81cc19151b40a09d1456a8fba3

Download Submit
memory/2056-0-0x0000000000401000-0x00000000004C6000-memory.dmp

Filesize
788KB

Download
memory/2056-25-0x0000000000400000-0x000000000050E000-memory.dmp

Filesize
1.1MB

Download
memory/2056-138-0x0000000000400000-0x000000000050E000-memory.dmp

Filesize
1.1MB

Download