c72e21c99bb7564425dc9b451465b30d83e7d2cc3673c416a1145bf239e6f608

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05/10/2024, 11:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

178382b439672c15c090cd1bba5fb1ca_JaffaCakes118.exe
Size

14KB
MD5

178382b439672c15c090cd1bba5fb1ca
SHA1

a541e5c3907d1e2d9e7a62f3568099e900f50462
SHA256

c72e21c99bb7564425dc9b451465b30d83e7d2cc3673c416a1145bf239e6f608
SHA512

08655c4f2f3c346229b49fcb394ad4fa12192120f91eb33421a5b081d0713d3cb3ec380e86fe7c14cf1dd1daf0d4fc681634f118a976333128aeb3de258cf684
SSDEEP

192:i76QyruGELq8mLI+u0TZbNGTOIP/3F/SPTwe+bXY1CDO8A:iIKGTLI+u0TZbYTOw/SseV1H

Score

3^/10

discovery

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	178382b439672c15c090cd1bba5fb1ca_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	178382b439672c15c090cd1bba5fb1ca_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1716	178382b439672c15c090cd1bba5fb1ca_JaffaCakes118.exe
1716	178382b439672c15c090cd1bba5fb1ca_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\178382b439672c15c090cd1bba5fb1ca_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\178382b439672c15c090cd1bba5fb1ca_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
867B

MD5
c5dfb849ca051355ee2dba1ac33eb028

SHA1
d69b561148f01c77c54578c10926df5b856976ad

SHA256
cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b

SHA512
88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eae70b6ce1eefb94faffc6f9be59863d

SHA1
8d7d55ea69affd1f8fb4df2f39b7b7f48388c7ca

SHA256
817e5b5f22c2f1782d5fce36d055549bf0a513aa68047b441c253bb637ce937f

SHA512
0a40de2ff7b4369dbeb07d880ee465e39a75d38e98f47487d4d0cd2447376cfac3c2535aea6f71e41f4b4ccc509e39b7f74c16a4986263e6edaf202c41c17f6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ddbd4b5bc3136050b445a9b46b9f42a5

SHA1
30320f33e2086515304ddb84d8cc6fb430b2909c

SHA256
8d39c15aa63e9657d688e3ae1915c2a4d55b1f034bd90558e1da94e093131994

SHA512
fdb2e6deed728de2bc6d293b0929375f132ae2d3d1a441621059a59b0a34f98d9312d39d52426905f5a270c3c35404970222ee4ed4cf80af73fa1d16e62bf62e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4ff85781fcf63070027b934881184fbc

SHA1
698383bab42b8841439a8d5c78ae3501820f7496

SHA256
b140da3b0845821ae4556c1bda770e98756e3ddeb535ea3d5d4a8ceba35acc9c

SHA512
e0ab412be8f99353141f21b14ad0dc57a51b7a090aea69a3d2876e90440c71f8a302b74ba8789eee37d1aebb805024574e0956606f6c624f9953252bc342c287

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5e9c3599244cd9841feeaf2d8f99f7cd

SHA1
6e6454bc297cc4cebde08f2345023fbc4f02c07b

SHA256
a14664e5a4793e851eaf496ee5cf8477bfcca5c5ca809c1f9c30249bb5bb4b7c

SHA512
fa671dae183b22d69cc2918be176d0c87882dacbfc34c616c2a41d96172fc281709e214cb51564533e0e0d62a39f885f7a8b2213f272e56bf31e208a3a197737

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aa9fdf3cdeb07a5976f2496d25d98413

SHA1
1ad07bc9238868ea60174e62bc8397beec16d4c9

SHA256
3951be74c448ba2524162894bb7818aa43a7ba1e4e248e461b43804e2eb4f6c7

SHA512
0cee2365c3a0c1f12c33d68815575193b38572e697ffec50a55b9f55691c5eaaa9257f9ff8fd3e29b6af0b465e6e09d5c2571d35be710b4fbb8c583755a47e06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
52dddbc2b53a11984875aeb9c556cf53

SHA1
6c4fbbd155f5fc4eec3e5f83466ad6c6d153d9f1

SHA256
9e41cb97a2df061af53db706e30bf1849f706e819074d7eee89fbf56f7a4a155

SHA512
f3868a7eb2b2f081d95ac540da00ec1ebc5ec01b29b4dc57ce39ff494108497fa60e6f79b75eb9c720e3b9258ac87041d4f6611e664032a86db46ab55b830882

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
154cb10018acb6b2a317deb7acc58762

SHA1
282df4b9b0432d209c759a3368fb39c6bf2327d2

SHA256
700325ef3d0d5e4b17c80c058b9254f4f4c8557ff55bcb89d453acd1cf7101d1

SHA512
f0bce83c186c7ee383d72593092b65c2a60ad46b028a0d041e24444627b1c84022352ce3b46ce3fec79c7e2c03e2b95ae211639cbcaac1d7f765852b5026d913

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a9997575ae10ef2bd7dc05f50d0e574

SHA1
c55b6c72048185691da57417851623facf761c96

SHA256
286b72495bda7c1cb6fffe17ecc99c3b803cbd3663d64f7bf05e6543c1fc16ba

SHA512
ba9b063b516e8f4b2581abca17a4547b661206159a1d8fa5d7a4cd94f71c82ac8d0b3c114c899d12fba6d188ca504ae668b5a1b6463138c32008cf4d61914524

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
395da620f06def4525699d71c874c9b3

SHA1
7c27875ee7968848526a7dc1a85546fd09cafee7

SHA256
424e57dc06c9a07cf8db084d3df54cc0749d5027840e015dd8286b4c96e7234f

SHA512
da737f265639bbdf030c190a1a8f21fa5ee7be07cf9bfe46cdb2f42739ab99d1952a037ceef5b67663446db725b24fe02fc65c08f9cb959292c5e9942c8747c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
242B

MD5
17447511ce2ce4e508b809c50c92adf9

SHA1
c97355cedf67e59b980391d5a0ab52abc0bea9c7

SHA256
8c823cb733a5d9de81d59203c9db5f6e4eaa8830d1ace31dfc42c8e7f41125e7

SHA512
d7611e97d2740ecb6770e580fb8ff3541f0db0f99d477adb919412a78f9c97174360ef6ea672e35b27ee121f4ce14ef0a3f9d422381f8f638fba70249ee31434

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabED00.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarED60.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/1716-398-0x0000000074DA0000-0x000000007534B000-memory.dmp

Filesize
5.7MB

Download
memory/1716-0-0x0000000074DA1000-0x0000000074DA2000-memory.dmp

Filesize
4KB

Download
memory/1716-5-0x0000000074DA0000-0x000000007534B000-memory.dmp

Filesize
5.7MB

Download
memory/1716-4-0x0000000074DA0000-0x000000007534B000-memory.dmp

Filesize
5.7MB

Download
memory/1716-3-0x0000000074DA0000-0x000000007534B000-memory.dmp

Filesize
5.7MB

Download
memory/1716-44-0x0000000074DA0000-0x000000007534B000-memory.dmp

Filesize
5.7MB

Download
memory/1716-407-0x0000000074DA0000-0x000000007534B000-memory.dmp

Filesize
5.7MB

Download
memory/1716-508-0x0000000074DA0000-0x000000007534B000-memory.dmp

Filesize
5.7MB

Download
memory/1716-509-0x0000000074DA0000-0x000000007534B000-memory.dmp

Filesize
5.7MB

Download
memory/1716-2-0x0000000074DA0000-0x000000007534B000-memory.dmp

Filesize
5.7MB

Download
memory/1716-1-0x0000000074DA0000-0x000000007534B000-memory.dmp

Filesize
5.7MB

Download
memory/1716-622-0x0000000074DA0000-0x000000007534B000-memory.dmp

Filesize
5.7MB

Download