c518b346e4a232482b3604fa0216a70ea8028b9d2abe0d73b0d0bd56eadb6564

Analysis

max time kernel
140s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
13-10-2024 10:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3f69e975b07df497f3d8c02c603ab321_JaffaCakes118.exe
Size

481KB
MD5

3f69e975b07df497f3d8c02c603ab321
SHA1

382af71107142deabc40706a0da65b0510ff266c
SHA256

c518b346e4a232482b3604fa0216a70ea8028b9d2abe0d73b0d0bd56eadb6564
SHA512

d29a0868dadc94128c3bf572e514e3ab4182a2b646aea454ed461008a5ea662efedfd16e56680eb0444482721edaf60bd7196372f2f3ba91f7a20c8728568acf
SSDEEP

12288:J1RTcSj1d8QWGAwn+UPcQb+0BaKXLs0AU1zQVVD3DAPVdfK:bRTLj1d89GF+U5A+LsV3D3DQZ

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 46 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2156-0-0x0000000000400000-0x0000000000526000-memory.dmp	upx
behavioral1/memory/2156-32-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2156-53-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2156-52-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2156-51-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2156-50-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2156-49-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2156-48-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2156-46-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2156-44-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2156-42-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2156-37-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2156-38-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2156-35-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2156-33-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2156-27-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2156-25-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2156-23-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2156-21-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2156-19-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2156-17-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2156-15-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2156-13-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2156-11-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2156-9-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2156-7-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2156-6-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2156-5-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2156-4-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2156-3-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2156-1-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2156-126-0x0000000000400000-0x0000000000526000-memory.dmp	upx
behavioral1/memory/2156-127-0x0000000000400000-0x0000000000526000-memory.dmp	upx
behavioral1/memory/2156-128-0x0000000000400000-0x0000000000526000-memory.dmp	upx
behavioral1/memory/2156-129-0x0000000000400000-0x0000000000526000-memory.dmp	upx
behavioral1/memory/2156-130-0x0000000000400000-0x0000000000526000-memory.dmp	upx
behavioral1/memory/2156-131-0x0000000000400000-0x0000000000526000-memory.dmp	upx
behavioral1/memory/2156-132-0x0000000000400000-0x0000000000526000-memory.dmp	upx
behavioral1/memory/2156-133-0x0000000000400000-0x0000000000526000-memory.dmp	upx
behavioral1/memory/2156-134-0x0000000000400000-0x0000000000526000-memory.dmp	upx
behavioral1/memory/2156-135-0x0000000000400000-0x0000000000526000-memory.dmp	upx
behavioral1/memory/2156-136-0x0000000000400000-0x0000000000526000-memory.dmp	upx
behavioral1/memory/2156-137-0x0000000000400000-0x0000000000526000-memory.dmp	upx
behavioral1/memory/2156-138-0x0000000000400000-0x0000000000526000-memory.dmp	upx
behavioral1/memory/2156-139-0x0000000000400000-0x0000000000526000-memory.dmp	upx
behavioral1/memory/2156-140-0x0000000000400000-0x0000000000526000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3f69e975b07df497f3d8c02c603ab321_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	3f69e975b07df497f3d8c02c603ab321_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	3f69e975b07df497f3d8c02c603ab321_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	3f69e975b07df497f3d8c02c603ab321_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2156	3f69e975b07df497f3d8c02c603ab321_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
2156	3f69e975b07df497f3d8c02c603ab321_JaffaCakes118.exe
2156	3f69e975b07df497f3d8c02c603ab321_JaffaCakes118.exe
2156	3f69e975b07df497f3d8c02c603ab321_JaffaCakes118.exe
2156	3f69e975b07df497f3d8c02c603ab321_JaffaCakes118.exe
2156	3f69e975b07df497f3d8c02c603ab321_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\3f69e975b07df497f3d8c02c603ab321_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3f69e975b07df497f3d8c02c603ab321_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YW15VCHK\8isfXtPJuVPUNZHxvUIhcbzKWiY.gz[1].js

Filesize
19KB

MD5
2227a244ca78dc817e80e78e42e231d7

SHA1
56caeba318e983c74838795fb3c4d9ac0fb4b336

SHA256
e9d7b93bae57eebd7019ac0f5f82bac734b7ac3534d1fa9bdba6b1fc2f093a24

SHA512
624cc23d4a18185ae96941cf8a35d342e048476b0384f0595ec1f273e19163ca49b17b14760628eb9da9a5f5519d4671544669fb08985c4945faf663faf92e12

Download Submit
memory/2156-13-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2156-139-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download
memory/2156-52-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2156-51-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2156-50-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2156-49-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2156-48-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2156-46-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2156-44-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2156-42-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2156-37-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2156-38-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2156-35-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2156-33-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2156-27-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2156-25-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2156-11-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2156-21-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2156-19-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2156-17-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2156-15-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2156-0-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download
memory/2156-7-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2156-53-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2156-23-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2156-6-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2156-5-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2156-4-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2156-3-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2156-1-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2156-32-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2156-126-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download
memory/2156-127-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download
memory/2156-128-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download
memory/2156-129-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download
memory/2156-130-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download
memory/2156-131-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download
memory/2156-132-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download
memory/2156-133-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download
memory/2156-134-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download
memory/2156-135-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download
memory/2156-136-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download
memory/2156-137-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download
memory/2156-138-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download
memory/2156-9-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2156-140-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download