Overview

overview

7

Static

static

3

3061d20a1a...18.exe

windows7-x64

7

3061d20a1a...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    10/10/2024, 14:37 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3061d20a1a77db0d34d361f911df8d3b_JaffaCakes118.exe

  • Size

    1006KB

  • MD5

    3061d20a1a77db0d34d361f911df8d3b

  • SHA1

    0b17681699ed1b43e2a8099454d97dbdb740b608

  • SHA256

    76803b3573b3267b43b50182e709959e175f6411b26d1e8d6fc19dd2e0225273

  • SHA512

    41e98d7fa079ac01c4ab7a82d81b41ecc1ba31ba770758cca83da4a057e419735780760e4b0c34030ffa42ab24610fe4afd0d115651709abe9e9d83548fc179a

  • SSDEEP

    24576:+f/RMpsocGdc9tzeFK9iQVg6aHjIlW83d0ERwbP2a4FU9c:IJM7/mnVDa8toua4+

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in Program Files directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3061d20a1a77db0d34d361f911df8d3b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3061d20a1a77db0d34d361f911df8d3b_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:1292

Network

  • flag-us
    DNS
    cdnus.extrimdownloadmanager.com
    3061d20a1a77db0d34d361f911df8d3b_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    cdnus.extrimdownloadmanager.com
    IN A
    Response
  • flag-us
    DNS
    os.extrimdownloadmanager.com
    3061d20a1a77db0d34d361f911df8d3b_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    os.extrimdownloadmanager.com
    IN A
    Response
  • flag-us
    DNS
    cdneu.extrimdownloadmanager.com
    3061d20a1a77db0d34d361f911df8d3b_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    cdneu.extrimdownloadmanager.com
    IN A
    Response
No results found
  • 8.8.8.8:53
    cdnus.extrimdownloadmanager.com
    dns
    3061d20a1a77db0d34d361f911df8d3b_JaffaCakes118.exe
    77 B
     150 B
     1
    1

    DNS Request

    cdnus.extrimdownloadmanager.com

  • 8.8.8.8:53
    os.extrimdownloadmanager.com
    dns
    3061d20a1a77db0d34d361f911df8d3b_JaffaCakes118.exe
    74 B
     147 B
     1
    1

    DNS Request

    os.extrimdownloadmanager.com

  • 8.8.8.8:53
    cdneu.extrimdownloadmanager.com
    dns
    3061d20a1a77db0d34d361f911df8d3b_JaffaCakes118.exe
    77 B
     150 B
     1
    1

    DNS Request

    cdneu.extrimdownloadmanager.com

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\ish259446401\bootstrap_41371.html
    Filesize

    156B

    MD5

    1ea9e5b417811379e874ad4870d5c51a

    SHA1

    a4bd01f828454f3619a815dbe5423b181ec4051c

    SHA256

    f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a

    SHA512

    965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ish259446401\css\buttons.css
    Filesize

    1KB

    MD5

    a84fee16240de0d25f1b3ec8df25a11c

    SHA1

    ff395834bb8ff730b31c1daefc8ff197ce280ad0

    SHA256

    1f0d38fefdd7a232dfaa16a68e7a95758329c0ed3e6b0adc324ba1fbf1c31107

    SHA512

    36b27fba9474d6bad64e7b91dae457e156367ccf3eb5eeddbf51fafca009625539c2ea1f894686bba61658f29208bbd381387312a02e7216d166bdc28201497f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ish259446401\css\main.css
    Filesize

    4KB

    MD5

    aff1b740c3a48c23e529e439a46f445a

    SHA1

    df7a706d577e51bd54d115620ca5497eb77edc2e

    SHA256

    212270d2b0b1e1e49f74b97ce75110e5eee1fca8a2216ad4f3c655674e6eeede

    SHA512

    c1cf10c6609697fe98e049e5ed7abc3104dfad724db241f03dc36cb649dd735f8d26b0051af722a3ad72da48413ac38f2d0e66f53a4c314d4b3acc08d836635e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ish259446401\css\sdk-ui\browse.css
    Filesize

    318B

    MD5

    10c359bc980927bb66b215407ece3e66

    SHA1

    4a2fc034bf7b4e84d832b6bbd9413d2055b9ec62

    SHA256

    5b12769a75d1c755a284a73e1b8422f73d6223c23b72e5bce698c17f50185aa8

    SHA512

    ed707c6bbf5023aa147571d9d186e8348b11da6fb462de69e4135480f2e10081c416c80745411752797401660221e2040e624b5a6d3e1a57ba59cdcc009eb16c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ish259446401\css\sdk-ui\button.css
    Filesize

    417B

    MD5

    37e1ff96e084ec201f0d95feef4d5e94

    SHA1

    4ec405f2668d5d93260525ad916abafa2414cb72

    SHA256

    8e806f5b94fc294e918503c8053ef1284e4f4b1e02c7da4f4635e33ec33e0534

    SHA512

    1a8a27a92abe35edaa2c950b130579c92f0d0d87b09971843c39569cf06d407b8e896751e73452676bfad45a363f0b6dd00cb6c5faf33966880539e106b19f94

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ish259446401\css\sdk-ui\checkbox.css
    Filesize

    190B

    MD5

    64773c6b0e3413c81aebc46cce8c9318

    SHA1

    50f84ef8331341b48981af82313b146863eba526

    SHA256

    b09504c1bf0486d3ec46500592b178a3a6c39284672af8815c3687cc3d29560d

    SHA512

    03e96bef74c0b3a31124c3d3c1bb78af1053a8719ca373c6b9316d63bac9545c1f4ecc2d747eb64341d8da31bc0f23da094e19c3e07ed46f65c28dc88e13bd3a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ish259446401\css\sdk-ui\progress-bar.css
    Filesize

    632B

    MD5

    8f6a2e09ace79158461b82d74ff6c7fd

    SHA1

    88f079fd001feb2cb302565b87fdb81c8995dd93

    SHA256

    b4bee76334ab9b4b0bdd2bff1b3f3a7b30d2e758bb8d4c6e457c9594bb62960c

    SHA512

    869305ea12f21564e56882fef318cdc21f88715f894e8140ae6b2cf3137a4c2002a34f2f8ae2719f770e2d0c892244b5e5f3229f1382e799dd309f52657cb98e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ish259446401\images\Bg.gif
    Filesize

    20KB

    MD5

    94d82a50272a4423dca66ae32e0602ca

    SHA1

    18a1300c684442bffb41dcba54d30c72888f48ec

    SHA256

    03903399fb31a966050a305d95f585b4d95118eccd9e05a866ac9cdfc7dcbe9f

    SHA512

    65ccc863b46fedfe5d1e4089cf4bc93a6248f0263266639bde133b416f58e9eb8765a7b15088173470cde1db68ec536bdf65563eba82020d363cb7b2cae18f33

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ish259446401\images\ProgressBar.png
    Filesize

    266B

    MD5

    0e0aead9873f985325c78c564830b2da

    SHA1

    339d70c35d53f322908be28dd80002379b739921

    SHA256

    bf07069ae477cdfbcbf2541c15f1c8b0cca5158d288ea3c0f86485bd45cefd98

    SHA512

    96d6f1edeaf4b7e76fb76fda7e14fe9dca86f21f3a1281d5445603a8b52f5201013a82541c1d1887c1cb36de7cb61c1a3a5cc93f1deeaec4c680c3eabff6008c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ish259446401\images\close_button.png
    Filesize

    1KB

    MD5

    83487401daf307d6c726a479de1ee6f9

    SHA1

    c173be4937a63672570078b325864c76b28040b8

    SHA256

    f4f0f59fccd9b87b208b416423797dcfb532472dcfef99bef41a11ea9f6f713b

    SHA512

    da69729b6682acd1c46587c7c3b4533d9afbcf84c17e55f43798f1fee0097c7a2f39860e6dbc6a9b1cb26dc63d9afab4511071981ad5fd494f36ad9659c56e50

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ish259446401\images\finish-button.png
    Filesize

    2KB

    MD5

    e37ec66b72996fc3ad929cd068570d4d

    SHA1

    e21be5ea412b4dc02b7d3a61ab3a798946224cae

    SHA256

    bb4c9ad7ce53b3f958f800f9f04200c0f70542a60e97bba8bdffe7d32dfe9ad4

    SHA512

    f0973de78b2299fa4116ebefb6944b0a02ff8b8e568eb8e1967b7939a041b31c09e166fc3a33b1ed74c143236b5e0faa7c3905db831b9c262e0de0af9211b9e6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ish259446401\images\icon.png
    Filesize

    3KB

    MD5

    b460d82eab7af8ba6e338e351dd0ecdc

    SHA1

    265b9a3f3c80f40f8534ddcfbf9c1ed61e3b1b20

    SHA256

    47a4ac193b9bdfe15d0b8a95370823739c2ae4f6ebf2015e1412b880cde6b81d

    SHA512

    e3add5d91a61da7f64c7860e6303344f37cd49e2fde15c677924d133fec607dfe4ab4d99ec8a3322587b0b186a58e71fcd326e67057a6ff7ef80ad8ed3f0e63e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ish259446401\images\loader.gif
    Filesize

    6KB

    MD5

    85954ea60a946e9c41e33260cee2bbc4

    SHA1

    a2b8147953636de537c66afb06105a3889a55915

    SHA256

    58ace53f649bfbc2825d6711e08fe94c3bd065a1c457a5c0ccae0130dcf3e2bc

    SHA512

    39bc4ae9584b69048613b66cf8e207f4fe6ebce1f3dedc6c05733e5cad06c8ab3c04af548c6c45a94b0a5769e1073c6a8f97fec5f47e4d3e0128d37539d68668

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ish259446401\images\next-button.png
    Filesize

    2KB

    MD5

    274548cb843bb96fcb50a79a2340b22d

    SHA1

    bb5253c868861ff10fd48dcce1309d847f087e80

    SHA256

    d4c02b2a0debcdd1689bcfbc7987826deeb6ec10806d5dd6500def9cd901735d

    SHA512

    a0117381f58b6b741b049dbb5eadb5917c4199002a73c62890c30cf5759bdf09e8a163e413dc8459dc0dbe0c2cef35d5d5d4653c3646a7214495ae51a4c0d538

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ish259446401\images\progress-bg.png
    Filesize

    176B

    MD5

    192b249d9413082d676f85d1509fe258

    SHA1

    4130ba10d3bb2267f19fa07dc0672e6ba23a8c4e

    SHA256

    b97788b954e0f774c72a3a5bf9e50031e0bffbd8185d05fe443a8f47cafc0660

    SHA512

    75955b892ae19c31b3180d58adc103292fc5dc764b9932b145464021aad347cfdcc5524b24712feb4f611aaa9f375a0088a194a072cf846f1fe625236ac1b82d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\ICReinstall_3061d20a1a77db0d34d361f911df8d3b_JaffaCakes118.exe
    Filesize

    1006KB

    MD5

    3061d20a1a77db0d34d361f911df8d3b

    SHA1

    0b17681699ed1b43e2a8099454d97dbdb740b608

    SHA256

    76803b3573b3267b43b50182e709959e175f6411b26d1e8d6fc19dd2e0225273

    SHA512

    41e98d7fa079ac01c4ab7a82d81b41ecc1ba31ba770758cca83da4a057e419735780760e4b0c34030ffa42ab24610fe4afd0d115651709abe9e9d83548fc179a

    Download Submit

  • memory/1292-1-0x0000000000400000-0x0000000000504000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1292-0-0x0000000000401000-0x00000000004C6000-memory.dmp

    Filesize

    788KB

    Download

  • memory/1292-141-0x0000000000401000-0x00000000004C6000-memory.dmp

    Filesize

    788KB

    Download

  • memory/1292-143-0x0000000000400000-0x0000000000504000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1292-142-0x0000000000400000-0x0000000000504000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1292-144-0x0000000000400000-0x0000000000504000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1292-145-0x0000000000400000-0x0000000000504000-memory.dmp

    Filesize

    1.0MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.