Analysis

  • max time kernel
    142s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    27/01/2025, 14:57

General

  • Target

    JaffaCakes118_40beaae473968f6fd4c6ff333f1ced1e.exe

  • Size

    499KB

  • MD5

    40beaae473968f6fd4c6ff333f1ced1e

  • SHA1

    b103a295537a209192cc2895f4ff30cda98cfb2f

  • SHA256

    c175074bdf29a0e9a3aa7bbd59726e7e475467e3e1f747340dfb99ed5339322e

  • SHA512

    49747c78b3f27ae6f70e128f719701e1a1200f9b7f050935d9841330d5aa22fe10e72a116099e75143e8d41a5103b97bd45909cfc00a208ad613f2ac4a9b3fd4

  • SSDEEP

    6144:ke34R2dsf2zh36dqXEV2rnCUZG/t7FTBqTzP7n7O7L6K2Bfo7pY:K2mOzh36VV2GC0ZTsnz7O7L6ju7pY

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 10 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_40beaae473968f6fd4c6ff333f1ced1e.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_40beaae473968f6fd4c6ff333f1ced1e.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1920
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://pf.toggle.com/s/3/9/39820-82307-driver-c-media-cmi-8738-pci-audio.zip?t=1737989874
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2508
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2508 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2004

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          94aa16fe1e89579f300d026d91c3ebbc

          SHA1

          21f17ecd8674d3d7a7894c3fa06d6f9be8163b8a

          SHA256

          06f553ee0058c6f477475831356f28cda6efc175868715c78da663b803e8936d

          SHA512

          42f78df94e9b0f44b667658a8db7f26041d06eeae9620d0aa28428cdd06dd75842ec4ca11d3fc7bfcb12306bb21536869045fa56b54be03185bed627e0882195

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          9b969298a9276f7b9898e4b5a6a10ef1

          SHA1

          3f45ac1cd9bf32172c59092260c6bc237b3c0402

          SHA256

          a81ca34f0db8402ed7d01b98407d73d6365751745331c5cb9a09ff0780758de7

          SHA512

          525b1dd88083ca1084b74e35dddf1134909266724675866332fa935c80488d85b6821944522063cf7a48bd030205fd76dfbd2f35b278e1f7cffbf07e73c8bb0a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          2319c529a12e504bd56341a65557d203

          SHA1

          89e405153dd3982ec7ad9d46053651746e78a8b8

          SHA256

          324ac1d713490522fe7c513c05752781a51128271928f0d48ce4a2f60145b8fe

          SHA512

          ca0ad1dd4f1e11a9bb3beb1db3f475f20861f0309b8914d2f5759c60aa36bf926ebd88f94f6cd3b190daab8b8b87a044af64d2375fe5216b1c9e364cd286cf4f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          eb32e8a0530dcb72db16649735bef00f

          SHA1

          075fa876ac9b30cba3303fd0b68dec6832468926

          SHA256

          bf4aa0dd64fb2b6eae7bdbd6a01f789e3f3fdee65fb5f9d8f0659498c609dfdf

          SHA512

          c6ac5fd9c92ebfe5ebbe6ea7d0c8892c0a763235167e93d84751425c1dfa480b222a453aca54e6d243dda73646a73dcb22ec3282a34844341dbe9c99e40d6a49

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          0e1b7ebb50a05e31d8c52e06161cb70d

          SHA1

          5bf7a1c8ef66c899f1171770748cda7be704004b

          SHA256

          6bfc99ae600152a1499cf35afa53167754224efecf605c8c4a8eb770979d87b6

          SHA512

          e7dc7ab0160806c15d8eefb06441078f5e31d6e7428ff2be3f8c2e69e2891e86ba37241502b787b1780ffd912488740f5750a857e5b884467fafc987c2ae032c

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          599701f5d24b9e485d2a1fa998ecc67f

          SHA1

          5b9eafcb376587d6c0bb2d37554093930d1af74a

          SHA256

          6e3f1a6836da453849091351017370d977923afe80342ddb61c8c5ef8fa6272e

          SHA512

          f2be745ff247e018b2fc15acedf74183a93765553349740de24ab17c6bdcaf83a384031f7909602e95f207b98aac7fe9a0b40e7ba2731122d8bb636dccc1bd2e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          b740c8865810020e24538b8839b0bc27

          SHA1

          4c3c3c35bcefa6773de7a20cdfad28727a2e222c

          SHA256

          f7ff2242731e7e6c2668f261de9316eb4db99da79399ba14c4c02cd3d51108fb

          SHA512

          0885daa2f528fba0802706863266fc111894166635ddbadf615f06ef5bea206aab87ea097ac3efbe2e356d39463370f4bfba9e39fdf17c57303f2ac426c29403

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          5c953fd8665886758edb53e02896584f

          SHA1

          3c6cbdf2de7c533f77a04a134ea363b768109aa0

          SHA256

          b6ec8cc69850352be1b38018f6ccf1a0e89dc6f80183402bd84d1ea85160f1c7

          SHA512

          6ff70621d060cc6232be8e164b50424418a295cc4c19149ffd233c2a7c596a505785d65d794f6e76e2e4476c242e0fa1b850a1ec7b17e9939d02faac3723a2b9

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          074017c14d6e1e73eefa2e7da559e93a

          SHA1

          1826ecf433fdfb7875d12bac408a34bab74dd6c7

          SHA256

          a8005949b0c765d1f486743d5098a578a77ea38e0e3988c9ea7fbcda64913c6a

          SHA512

          2a0f9b205b6f86dfcbce664cbce49fa98ef45994f619485ffe84fab9622023a23715ffe9375c41024d47f2e832a685a248df489fe63d05454735a7de7c7aaded

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          763851845831a8d7f53ab36781af7251

          SHA1

          a357740934b0be0b5dd8d717bc623901415ede15

          SHA256

          e3fae810ff09c696151116d17374e70a3bdb3bb9c3c28d2dc1bab0d58d63cf60

          SHA512

          aed99432545f912f6b4e2cc94e4b6186afbb96167752c3371d4e21ee9a35b75b5dd493536e64732d8a2395f41c4cb0d71f27ae4cd8c7e3be56ccddc10a990c45

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          3cfeff3dc3d01a98842501be1d3637c5

          SHA1

          7f0e7af52e84ee30549cf383247b17d4b95ac0b6

          SHA256

          fd2da7a7974752da48f88be88cb994a68af3563ffd6b36932b3da121c1d5ecf0

          SHA512

          7b0847c0fdb29e0855f26c355daf1ac1626d8f1fdf69066d81a2fb8ff94b78e0c81007de9d7d7f88192b7088745114ec911a65b57ab93b8340133175f0aee4d2

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          c1d8f446c37754f4ef2d01490fb22fb2

          SHA1

          7f4b22658008fc7d5706db0f1ba221bdf4133492

          SHA256

          bd0b11c5f508d7c0026ec01d46873deb0bc022ee5921ff40d89f3f1a4f138f29

          SHA512

          73905d0d6530004b9b7b863f7f43e63fe71b0eea4f150b0e701e772360fd58cc4d21d4b9f6d516f68dafa9a70fc231ec522ea6e6ef544a9186d331f814d92970

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          aaaa3e886f7fc787e4726346c2164db4

          SHA1

          bf4001f8b4b3a0d0ec4385c03da5cfdbef6e476d

          SHA256

          ffbf79bb65c02d98b2f2f734471885f4c93b832fedf252f7b46279eeb53a95a8

          SHA512

          c5d1e18de5bf0de6f2ad22e6d266b116ac9d1b27f44dba3c1af4fc8e663b9f44a951fc9899e90e82bdfbd66a145779dd8a7edb933e86bc540b6af3c33590b29d

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          2072ac6245cb9c140ab4770cf73a26b6

          SHA1

          11f52e063f489e23d75b1a1d45b19dbe098b2f50

          SHA256

          9e106f2ea8c4be3215a574f0ce4940e422403cf8e622e86ea2e9d49134fb33fa

          SHA512

          848978c3ac75e8fea138846de40dd65caf80707fe35c4f0b94b81da4790c2834bbeb6fb8b8fbac5b7ef554f5af50ea0b3bcf434509c4415dec67e1660bee1c74

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          fea2d637730a6b545bff3da4346f130a

          SHA1

          8c6e35ecadb471c6929e8905054f526459c088fa

          SHA256

          69ab12e3dae33b87d009a3677fc1643b0771c9d08adefc6b279cf0a364aac549

          SHA512

          d40007042b02d7698cd742fa41b12eab8bc1c546c0b64ca5f433ddb5b2d611119fb2a0a6f7c74e9f00f8b5eec167c062a6f154dfc285995eb5eb309272edf82f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          d7dca6baeafa80131b66ff6aaac993a9

          SHA1

          2679e977979989ab581ddfacfa62462cde3d25ea

          SHA256

          b77957542417771cfd263935a102e7644f96d6c79775ffbbc2f7223058bd6510

          SHA512

          6428360756a32463e632730e8b8fd737df0613b2d12ee1c1bd271843f45b31518abb278b90768df6cdb8aec84686f9167515485d72141361ff6ba0c8fc0e2fd8

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          61b04a5fd909b7550edfedebc0c049d4

          SHA1

          861800791ab252f7ee6d30328043602f85c32a76

          SHA256

          c7a2a2dc862df9f670403754c1f00e25ca1df6709227b8925937b14043087433

          SHA512

          4473740782c52ea721daaeedddabc3a259fc9b97f35c991ddb1523a3be6fd011234e205fda3e6a9d89bc4fca24f9456730034cd86b552582ca461303601bd90a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          2489a17e213cb71c6d99207b330f76ff

          SHA1

          2a0ae50c65436e18aa50216695842823d8623589

          SHA256

          38827b8595581307f13f8d739042da018712f4dcf8609e03c5e463455ee4fbf6

          SHA512

          1bc8ded169aab72f02412ba3251fa549ba97b808bbf9ca0cf5f3a535251babe704110e8704f15ef3a970b6056c81c7771363e345579f46cba3735ec7d1c18db7

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          109c75b4e8dda104f7009af4afa38e90

          SHA1

          24c7701d8d46cece1f15b05172af9bdd8f092830

          SHA256

          a71d51ff1248109db500354ce26c72c62285d75b61b6af1ddddd65ba0508d5f8

          SHA512

          7cc556a29d1d161d3d53977707d2aa9cde3886e04b5469111d73a5006ad7d35467661aa02fcf7648ccd1453bbc6ed26a811c24759f1ecabf08c712aeabc93763

        • C:\Users\Admin\AppData\Local\Temp\CabDF6A.tmp

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\Local\Temp\TarE018.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        • C:\Users\Admin\AppData\Local\Temp\nsy86CD.tmp\ioSpecial.ini

          Filesize

          1KB

          MD5

          e63d625cda6d13e4c78d562260658f6c

          SHA1

          fdab46f32175e969941148bfda804404f382c51e

          SHA256

          19e7def2c61f69793027a5b96d9fa7117568d46bf3465ab7856eeb4862232b8e

          SHA512

          491c7c89acaba4cd8627d40d4c85764a48ef9c389e0d2f0bb3264d5162189bd5f86dd5bbf32380d3a0f91f93a91ed1056949981f4f04a6816fce8493df4816a6

        • C:\Users\Admin\AppData\Local\Temp\nsy86CD.tmp\ioSpecial.ini

          Filesize

          1KB

          MD5

          1da01d443e746ab3d8d8e21a38de301b

          SHA1

          982205ee449339c50d87d2111ffad5bea999ffce

          SHA256

          7b4ee5f4182f601472870824b12916408517a2f7ac106ba73cd269e0f07dc2a2

          SHA512

          a024fbd2c6dafc34a497965228f5d9c5816123a19b4871070947c0e261eeb8a4e54c18ed82593b159493f4acc8aba75a47d280bf751224637605b5a0f240272f

        • C:\Users\Admin\AppData\Local\Temp\nsy86CD.tmp\show_page_toolbar

          Filesize

          820B

          MD5

          15c70a60db44e88597d80f47e2737cbc

          SHA1

          3dbb85874e46bc2dfc8cb7673771ffb3f3447ce8

          SHA256

          c1500657c22097893902b3b260278e6306174c2ca977bb17532a4b524753f7c9

          SHA512

          e2bf670150d1c1ecd1fbfedd75ca93bb3be75b6c26c443e80759725fb97c9f4ec8020a6d18a5cd2586425d579d33965b00d855bdace1518f632c4ca8c6646791

        • \Users\Admin\AppData\Local\Temp\nsy86CD.tmp\InstallOptions.dll

          Filesize

          14KB

          MD5

          325b008aec81e5aaa57096f05d4212b5

          SHA1

          27a2d89747a20305b6518438eff5b9f57f7df5c3

          SHA256

          c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

          SHA512

          18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

        • \Users\Admin\AppData\Local\Temp\nsy86CD.tmp\LangDLL.dll

          Filesize

          5KB

          MD5

          9384f4007c492d4fa040924f31c00166

          SHA1

          aba37faef30d7c445584c688a0b5638f5db31c7b

          SHA256

          60a964095af1be79f6a99b22212fefe2d16f5a0afd7e707d14394e4143e3f4f5

          SHA512

          68f158887e24302673227adffc688fd3edabf097d7f5410f983e06c6b9c7344ca1d8a45c7fa05553adcc5987993df3a298763477168d4842e554c4eb93b9aaaf

        • \Users\Admin\AppData\Local\Temp\nsy86CD.tmp\NSISdl.dll

          Filesize

          14KB

          MD5

          a5f8399a743ab7f9c88c645c35b1ebb5

          SHA1

          168f3c158913b0367bf79fa413357fbe97018191

          SHA256

          dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

          SHA512

          824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

        • \Users\Admin\AppData\Local\Temp\nsy86CD.tmp\System.dll

          Filesize

          11KB

          MD5

          c17103ae9072a06da581dec998343fc1

          SHA1

          b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

          SHA256

          dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

          SHA512

          d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

        • \Users\Admin\AppData\Local\Temp\nsy86CD.tmp\UAC.dll

          Filesize

          17KB

          MD5

          09caf01bc8d88eeb733abc161acff659

          SHA1

          b8c2126d641f88628c632dd2259686da3776a6da

          SHA256

          3555afe95e8bb269240a21520361677b280562b802978fccfb27490c79b9a478

          SHA512

          ef1e8fc4fc8f5609483b2c459d00a47036699dfb70b6be6f10a30c5d2fc66bae174345bffa9a44abd9ca029e609ff834d701ff6a769cca09fe5562365d5010fa

        • \Users\Admin\AppData\Local\Temp\nsy86CD.tmp\inetc.dll

          Filesize

          20KB

          MD5

          50fdadda3e993688401f6f1108fabdb4

          SHA1

          04a9ae55d0fb726be49809582cea41d75bf22a9a

          SHA256

          6d6ddc0d2b7d59eb91be44939457858ced5eb23cf4aa93ef33bb600eb28de6f6

          SHA512

          e9628870feea8c3aaefe22a2af41cf34b1c1778c4a0e81d069f50553ce1a23f68a0ba74b296420b2be92425d4995a43e51c018c2e8197ec2ec39305e87c56be8

        • \Users\Admin\AppData\Local\Temp\nsy86CD.tmp\linker.dll

          Filesize

          7KB

          MD5

          122754bdae09014ed8be78a8dd3618c0

          SHA1

          8a1d4a0b8202d2261a12d97aebfe33144c274444

          SHA256

          67552ebf58e98e841dcd9f4213ad3eb134d595f04839771618f0bb1c48ea2b92

          SHA512

          7b9b5f8b52db793b4833a75bd8f122f28f2df00d43bd35efc831c2b8457009d51fe39874c691389c2fdc87ed411919b59da50199e3f719bd4cfb166367f185d9