Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09-10-2024 10:42
Static task
static1
Behavioral task
behavioral1
Sample
2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe
-
Size
4.4MB
-
MD5
2fb036a2e2ab544da8694e7f92127e7b
-
SHA1
43d389e6fcaa04c73336e3c95fc9e4acb0706d22
-
SHA256
d5a6c25e2c62d37b1e385df59ed323825ab81a261dce8fcce1cf3947a1b37ac3
-
SHA512
7a49cc4c0d8196241a3bd64b0e22fbc0db08d819c29627553ab81577449087aff4ec319c91f8260f84c4fdce0a835f434108d1fac49290a2ad3b0dff061a202c
-
SSDEEP
98304:v97dhTV062z2ExkdWiu5TzCXE0ZzQ0w9Evi+VgXbql+CLWWBib:v9/J0Xu3u5CzZMT9EvihbYBwb
Malware Config
Signatures
-
Loads dropped DLL 37 IoCs
pid Process 664 2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe 664 2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe 664 2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe 664 2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe 664 2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe 664 2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe 664 2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe 664 2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe 664 2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe 664 2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe 664 2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe 664 2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe 664 2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe 664 2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe 664 2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe 664 2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe 664 2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe 664 2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe 664 2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe 664 2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe 664 2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe 664 2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe 664 2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe 664 2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe 664 2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe 664 2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe 664 2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe 664 2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe 664 2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe 664 2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe 664 2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe 664 2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe 664 2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe 664 2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe 664 2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe 664 2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe 664 2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\LinksBar 2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\LinksBar\Enabled = "1" 2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 664 2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe 664 2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\2fb036a2e2ab544da8694e7f92127e7b_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
PID:664
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
7KB
MD592debab0caea94c3e571e892fdde60dd
SHA1fcd1f711b3c649b5cf5cc134e19524489084e456
SHA256508b06710e1c3d4456d14a28ffa89c42097a9388ce44a6148ee1a3a3d5a26bcd
SHA5122169d071c0c570b236c7224141dfb460a4cd6eb6e2e7fdf081c8d88d9173f639881d0dc2e33bc4881432637fb1a7336b7815236a70cf5ee638f8142d787a94fc
-
Filesize
14KB
MD5a5a4cee2eb89d2687c05ef74299f0dba
SHA1b9bff5987be422887f2f402357b47db2288a1a42
SHA256cb82268b778703db75961cddef33a695a674f0dfd28b7e710b198ef2d26d3963
SHA512f485267c6239f84d294ed4b0a82f317081e6e2e0c5613bd012bbd496b9ebccb8aca6944e80f84af51d17ac13f4d83480c34edfe37a3a9508ce0e67fc9f0b96f0
-
Filesize
4KB
MD5f3d5fe8b0434e38b179546a8d32967e1
SHA1221bf35c3596e78cede2c4421ff61792f66e3914
SHA25653be818ad34482490f8f1f89a7586fd2f6185e753672e000a6ba92bb6b08b234
SHA51235661fc31895e9c4359fc43f60a56fd5ebc5ea65f2dee97c9b34fe6479feab327772d7e12389ac00ffd2b5aa825ab760cd599ae4be31146e02b155a339d6c308
-
Filesize
4KB
MD5aad75be0bdd1f1bac758b521c9f1d022
SHA15d444b8432c8834f5b5cd29225101856cebb8ecf
SHA256d1d1642f3e70386af125ec32f41734896427811770d617729d8d5ebdf18f8aa7
SHA5124c6e155cdf62cc8b65f3d0699c73c9032accefaa0f51e8b9a5c2f340ec8c6f5fab0ea02aad0abed476b3537292ba22d898589812850968e105ac83680d2f87d0
-
Filesize
11KB
MD5960a5c48e25cf2bca332e74e11d825c9
SHA1da35c6816ace5daf4c6c1d57b93b09a82ecdc876
SHA256484f8e9f194ed9016274ef3672b2c52ed5f574fb71d3884edf3c222b758a75a2
SHA512cc450179e2d0d56aee2ccf8163d3882978c4e9c1aa3d3a95875fe9ba9831e07ddfd377111dc67f801fa53b6f468a418f086f1de7c71e0a5b634e1ae2a67cd3da
-
Filesize
84KB
MD5e2708529cf75797672d4348b548b9627
SHA12b8cdd3d404697e307376ca35d9a095041541ab7
SHA256e978acd60052be119510d6ff0cc948240a43143588d49240e393a8aadadf15ac
SHA51245307bee4fe5d4e50ff340ffc1fb3a8bbc96a57d25b91eceb895cf8cece07a73924efa1a4b39b26ea792ebe5b2937c677c7d279f0ebc3b5ec3b22c3711e13ea0
-
Filesize
687KB
MD5d842a64a4f747750b0d568a89f8693f6
SHA1b06afd04f8a74ab38877b180223e6008e2910d02
SHA25639393119c2f5aa942fa3672423592fd5a9ab3f98d1cb4a67111cba7828c5e696
SHA51223e3ebd894ddfe9c9a2080af1ea14d04fb145ed33c15aac57696f0ceac137e6d6104534936ce6834cc822223a6d08c3008a61ad4b2cea64d87f0eeb90e3d367c
-
Filesize
384B
MD5ad21ecdcd2148b752efa6f430db4a437
SHA12533d2c20ec5818c4d6dd80a96da1501811bd6a8
SHA25688d1521cf3fddd35b3da8e6b58684e3cd197d710af5374195717ae46140ea1d7
SHA51210172cf9cd7275e41c968448856e96d785a40b7ca3f3cc5ed2d3b1a2d74d4f87409d650ff249b4e7e2865001babd21831cba115f74f47bd2a0b326664e4df9de
-
Filesize
459B
MD56684e8342c5db0c9d31ef1734e63ed8f
SHA1f71844bc2614b71bc96c70e6187983b2eb8ceaf6
SHA256bdcbafa9e284e991a323a80067f00dd804d2fbc0d4c11982c0575c31c2a13b2a
SHA51243a07766291da83410c13d0e7a85bae55bfec2f63e399d95579821b87c169a5b432b559f1cedc6324c145c3e50cea986b2def1209d5fb207bf47ce81b03f5711
-
Filesize
356B
MD5239116167acfa980379102fe021f6a52
SHA11b526894b342f2426c684f2977f9a23a2d8473f5
SHA2569d6142e20fe6fb88d5558202568a4cf09884bafb14983ff6173bf7ed9877945b
SHA512d3c0a4e3cbdff2540d01b333c72e5d915bfae14c5a2c2730b19f43fd38fea58d50f862efd3a529bb5258b258e10c9d3e7d9128cae28b7a514e5ede50d89012ec
-
Filesize
3KB
MD565eec079e354bc64724172cda16c7b25
SHA176a4b8de083a6031aa889d28e4f629f9eab21080
SHA25637d03a93fdd479fa01a6716cc69bf19158858331e9ebcf111722ccd9acb9e850
SHA51267c0164d10de5fb729209d2d22d6e4ce5ddf3b621f68bbd580597d2c4e97f1457d5868295e875119713c70042dd050b8ee192a998ac1b7d09234987a984cf8d6
-
Filesize
3KB
MD59bd13b749c8c5dcf527e14d9e2f1d927
SHA19367894304fb9363f1aadcd14ffbddeea30398f4
SHA2565aeb7c99db84887e9fe1cd18080d971eda04a0586e3558eed4ffa05a0e371f5e
SHA51233fd8f3ffc9fe0013cc01f7fac501c55b1f8cb56b6e3a1938dcd9bf307df28f1b03e1118b5cd557114dcbab395be0cc72caa852af193bacb1d7592c929966e32
-
Filesize
21KB
MD592ec4dd8c0ddd8c4305ae1684ab65fb0
SHA1d850013d582a62e502942f0dd282cc0c29c4310e
SHA2565520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934
SHA512581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651
-
Filesize
9KB
MD58ced0b79f7b9033d0795aab3be6d627c
SHA190c2043ffccd068f407c624c50ac7b795db1e132
SHA256495bddc0be6e18e981db82fab9d1de55c7e269ab4ec3ff43035193bc017a307b
SHA512e38f63a342729f5ff6d0db607d7877b65c33ed19e2b5a97dd868ece8c2a3e829d4153624943444be2f0de885496161d54c1da9594bdc0a5a0bcc8b727e2facb0
-
Filesize
11KB
MD50ccc0b4b0b610d5fd681390b055d06c8
SHA125511581141f04561ad7ce9f6f0aac4be65a38cb
SHA256425bbf77b14b58d792be4749b5d12b8dd7d2ea903b514a11ca9c48059c682d45
SHA51297e6577b18ff94c5b3ea596cb26532f1e0cf0ac699d38dab2a16d104226a549bca7802407bdb345f7766bf8e3d78584c6c67f3086d69c42159ae5973ff2ed0bc
-
Filesize
34KB
MD502c673b333a44ff8272e1580bd84a4f4
SHA124606c13e68385485c4279a383ee2ce3da89a034
SHA25656426aa8873328af4df302060d7b36c466993a5be603fe008c10d1e1e0aed3fe
SHA512b3452437f0985d86a51fa9ca45723c69a308f05bf78a7191a375b073fb6a3047e55a454bb4cb15bcb9417b030e7dfea77f6b2c839eaa36ae8f0cb3d717f9ec20