Analysis
-
max time kernel
140s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
14-10-2024 19:32
Static task
static1
Behavioral task
behavioral1
Sample
43d5e5d745f484440ebbfc4f3ee90be9_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
43d5e5d745f484440ebbfc4f3ee90be9_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
43d5e5d745f484440ebbfc4f3ee90be9_JaffaCakes118.exe
-
Size
2.3MB
-
MD5
43d5e5d745f484440ebbfc4f3ee90be9
-
SHA1
8c6a02f87a6aed334f53ddfc85319d73812d8737
-
SHA256
77dddde482b41d95dd1690843f2c487f6450edb735bae5d32bd67834c88944ce
-
SHA512
d144fd4b9458bb9e77b603be47c7fea357265f1f7fdc9a48209f679d8532b15d8d57f262420ca2f18006030f84d8e3dc96f66338449b32e7ed068d06d5f3ebe7
-
SSDEEP
49152:pIP7UZkspoROF6/ev4IvqTLc0J7RiC4PafPfEwp0NCFdaQP+BDc+jJYe0:2yb5Ao0HiNvwp0NCaQkweJYD
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 43d5e5d745f484440ebbfc4f3ee90be9_JaffaCakes118.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main 43d5e5d745f484440ebbfc4f3ee90be9_JaffaCakes118.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch 43d5e5d745f484440ebbfc4f3ee90be9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" 43d5e5d745f484440ebbfc4f3ee90be9_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2372 43d5e5d745f484440ebbfc4f3ee90be9_JaffaCakes118.exe 2372 43d5e5d745f484440ebbfc4f3ee90be9_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\43d5e5d745f484440ebbfc4f3ee90be9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\43d5e5d745f484440ebbfc4f3ee90be9_JaffaCakes118.exe"1⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2372
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD500b221f36d039abceeb532b9aa914d04
SHA1c0b69f090f691c51b7590f2fb619d8e60c79b3ee
SHA2562004220ac5bdaadb47c04751754b9fc9687a8a8fd269d2a29e393c0551656ec4
SHA51250ece1c6005ba82df4cd4aeead4fd0f25c54ee1c69d0ecf11debc6504760f57215beadfa3ede27f03e93ee65c2099ffe53993963795e4c15afbc74b50cb5ac41
-
Filesize
1KB
MD5527f43519fe0214a023d4243b4b290fc
SHA13027c479e5b13eb8a67f160c631ffdb21b3f4b1c
SHA2561c47e654d32b16c290f538d738338103121ce661ec33e18d72153dfdadb7020b
SHA512b8800d46206355c50d71caf53d02d69cc45a834333fe0faaf1c4f545ac1ecb61a0d5b4558a907c6fb2c717df76ec02b3f693a73e7150cf4e0aca28dcc3bc47f8
-
Filesize
91KB
MD5ddb84c1587287b2df08966081ef063bf
SHA19eb9ac595e9b5544e2dc79fff7cd2d0b4b5ef71f
SHA25688171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd
SHA5120640605a22f437f10521b2d96064e06e4b0a1b96d2e8fb709d6bd593781c72ff8a86d2bfe3090bc4244687e91e94a897c7b132e237d369b2e0dc01083c2ec434
-
Filesize
37B
MD5343350043c3125c340289ec827f9c501
SHA1b96455c64a684899a1103de6b2ccd4842bee5d76
SHA25642a2b9a1b52e91f993d9ae4f17fed6bf5a56ad0d384bff67ebd1e8894d2bcf18
SHA51265f4ec9be67e2301d119b0eae0bcc7b47b2bba8b5a90247a3a36e7a02a70a8f61e0f4637503cfd7cee737b75f6c7725cc625710e9cb63ef2a5cf65eb9f62e32e