Analysis Overview
SHA256
a59f4e9896c128232dd7df54e68fe550688527348b57fdc79a355b82d9352285
Threat Level: Likely benign
The file JaffaCakes118_4370f30a8ff5ca6a92cb41dd5c6eb630 was found to be: Likely benign.
Malicious Activity Summary
Unsigned PE
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-01-27 20:33
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-01-27 20:33
Reported
2025-01-27 20:35
Platform
win7-20240903-en
Max time kernel
121s
Max time network
145s
Command Line
Signatures
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4370f30a8ff5ca6a92cb41dd5c6eb630.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e2b60a113624754ca09e04382d0e78f00000000002000000000010660000000100002000000046db46e7802300c2d68bf2d3fadfe69deb9fba8d8d25e105a5a0058c59f7138f000000000e80000000020000200000006769abc79234c4c7dc245e21aa0f8b26ab8c541d7e6ee8d90b7eea608f36c0e420000000844204c67920287ac323a017eb5a5aea48eb5d020ff824ff34cf11b2a08a9b5b4000000005485133eb237a076d0ca5851729346fc202a0c78466cce5e100d60dfe3bd84cc78bddfaa8e91c600c71ba822ba4f53414c26e3be55f52f12189ea04dd5a89b5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F65A2731-DCED-11EF-8B05-6E295C7D81A3} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 004614cbfa70db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "444171874" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4370f30a8ff5ca6a92cb41dd5c6eb630.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e2b60a113624754ca09e04382d0e78f000000000020000000000106600000001000020000000b8ca35558210394a77f3fc60f223d6d14084bad3efc57cb617e4055114aa3767000000000e80000000020000200000001f3b39e04de16e621d01f15083ede7b139b85aa7c620becfbea1c7e7fd3ea49f90000000f9c64c31f4e3a1074bdde6f2bf9677e1e14abd34212936327c9e6c434ec3c3020c1dd1e37d216e951525a17122c2649b783044569c527c8d5a7b34acbf95e5881c8a05e8c8010ee2d9170619543d605f450a734d6ac91895db0edf9aefbac0a76786116bb2a86819a03617ceb5438e9ca79ad857696c5eea3356ab08cc9ca1f7380045eddb749aa3fcd246fdba053a0040000000b91321622c9d3d51b7e5c8e6126090b9e6c1334741f1e9cb1dcfe218d894d792241584ad03940a46649eff6cd751193891f997b466d6546ad96e23ca219bf374 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4370f30a8ff5ca6a92cb41dd5c6eb630.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4370f30a8ff5ca6a92cb41dd5c6eb630.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4370f30a8ff5ca6a92cb41dd5c6eb630.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4370f30a8ff5ca6a92cb41dd5c6eb630.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://www.flvtube.net/12224
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1248 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.flvtube.net | udp |
| US | 198.58.118.167:80 | www.flvtube.net | tcp |
| US | 198.58.118.167:80 | www.flvtube.net | tcp |
| US | 198.58.118.167:80 | www.flvtube.net | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
memory/2384-0-0x00000000001D0000-0x00000000001D1000-memory.dmp
memory/2384-1-0x00000000001D0000-0x00000000001D1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CabCA54.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarCB03.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ed9d29837424f875a69162a65fa1035 |
| SHA1 | 3911548f8236b3e56365b709b2d9238989754ba9 |
| SHA256 | 9b3460c2e86e46fb836ef1f6b337380bef0c0c6b95c1afc365335b30a93cd973 |
| SHA512 | 1f4f669fa49b7e4cc35fba5458534b59535964b495500f20a40d8f0b6d8c188c240c8a85fbb9aad75a3190e71ba69e6d2580142eaecc23b6ae0e8ea2497ea5c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d328ad55b007417c757d248ea832581 |
| SHA1 | 644975330d9581d6902062b13941f2a959893d28 |
| SHA256 | 692d0973e1e3f374e7bcac951b3793002a114d57487186aa5f6b46b60291c050 |
| SHA512 | 97deea4a2a56df859799b2184e7d05d865eb93c392d311cf62d53c48f303b53a0a8119084eb45f42549a843164514107812f594b2cd465b794abe41203c1cc81 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef2eddfcd1b84a57ee116db7faedc120 |
| SHA1 | ea649b41387c41c6d35e54ae00425489f1ec25ca |
| SHA256 | f596aa216c5162dd63b1620df83ec4286c45906eb2fdc950461b6eb72faf6902 |
| SHA512 | 72a8aa0c2d9bc288245b5ba382c4291ebd0d4f6c56116120e2278ceb975309fbef52bb3c933348f38df796acd36b3e7f70d8306dd6fd8fc69e7701b9b123d80e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 77bf5f1b0bd069f76d135593c7020f75 |
| SHA1 | d8882efbe948bae1ed6877060fb80c5648341c38 |
| SHA256 | 8245a1b4fef938392d2a3e8d6d52c6640d07b485bfaacb6782094bee9d577db3 |
| SHA512 | 89d092a03f249f31da2a16f789d3985c297951fc2f492ef9dddb152ecd08bba69a15ebef8d0f9dd7313a1392995c601c7f4678c8e8c73f8f05128ecd8494ab25 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a5d5776ffacb7f86c65bf8d88b2e2c6 |
| SHA1 | 67511ad54754abc27694ad36a1ca7e56a706584d |
| SHA256 | 6dc553dbef03bb597e9855804428ff93604f47cbc0977528fb757a9edbb8ba20 |
| SHA512 | 516b84b135f77ad06892621d9879b4d8921c2c1136256f23a3e5309deb808eaf1479202d9e86741a3be47d3a75677b4dd40bc4c497e0984e86b1ba52edd67a9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a39b5cbeb00ae1f1096e1c82f613e8c1 |
| SHA1 | 2864a4f1843e249bbc27ecd35caafde5ed087d4f |
| SHA256 | 7895e7fafefa09d0d64b00823a0d453c84e3f84761ec51817818090784b1c1f5 |
| SHA512 | 2ac2e20843a67aaf9de4bb95e907245b2ac7f35d565525568b894696263db12a0f02969adfbf7a7b9b45632be95641c0b1ddf3e08859930d8641a6214ec841f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9296d59c819eeba7734e6896a3f2416d |
| SHA1 | bb153564dceb3c889031dbd60c519a3808bf8465 |
| SHA256 | defa71f2178a01a26e604af0997db9c4619d959550dce1e437a7c5f62d234d80 |
| SHA512 | 7b7741ba6378859cf44c78c4f1136918c4c7346550dcfa088dc21db5f3fb7d2a960371794bf10849349535fef4f43cb5236f870f0f909f78b880e3d8bad91cc9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b8ee18eed7c05a152c16d85f5629d5f9 |
| SHA1 | 3ee13751cfd9898ed2bbfbffaeb7291790f938f4 |
| SHA256 | 779fce436e0c0425df1b651a940ef5d49997b2168c106a8f74618cced90de43d |
| SHA512 | 508c99195c6d8b06b67b60340951fcd734b9fddba3b5187fb7843f0c750f0eeeca1b7abc7b7e26c6006715f12627f8f9d2760dc4496c057b430a6d57fffef844 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8978a83306d0f80821068e19dcbd45eb |
| SHA1 | 4931235d1808bb242c39e53e0040e82425996ca1 |
| SHA256 | 07b23e31fa2163b819b915d45bea779efd6a8dbce2b78d6c9689f29022df12d2 |
| SHA512 | 043c5dae1c904d9681d9658167c93f9e231890d2a000f9b265388c075d249e0f034c4727f063bffa97bb6d893316633e63c1c9c4edc8a64684a4724cd664de10 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b591d5b5bc854996c46f354ff08a703e |
| SHA1 | c27f5a773310c9f47691db82a13247758dcaaf36 |
| SHA256 | f85b6f60692928640494fd8d242a6e8c00f97c6b249b98f0368fd0d2eb009028 |
| SHA512 | d60f2e0fba94e489dead926021ce25a73f1e0739432ba4614bbcdd17a9fe1c074c4b3c6ae59cfc6f3f597deb525f8539a3520ccdb508b8b3df864a489e276047 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20302650a4a80ea8f06544e5d42b264b |
| SHA1 | 7bb88e7f7e177080bd567ea47d1783c28899f221 |
| SHA256 | c637748b031375be70138102c2cb7de04a74191d1734d2bb462d15cc8a470934 |
| SHA512 | 72eaa6745526bec5fd231fc637ce30f1fc398edc082c317605feed79ce3cac9a9789f3510a5916a96c0bd7940d2ee966335938e4ed37fba9e8ec5006840f25d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74df6b7111af43b6da603c0dd558c165 |
| SHA1 | 5b227a51031e3cfefb9d80d137c1f1e06765c089 |
| SHA256 | d51147d23fb938497fa9e645e2d276837361a615c4e86e6562e0621e1bb4b0bb |
| SHA512 | 4f5f49a6dcd18d3dee936a37ae536c02ba7f0ab0b79fb50a8df23d10636a6baf7431f5642b2913a5904693f9248f35fbf6537cfdac826510e40dc26ef1ee64b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d073f3b8e4c8b1ca54ac05d0f6309896 |
| SHA1 | 66421636c6e52a4dd41aa325f9911592cffb69e0 |
| SHA256 | 1466fc9476a2f0bf6bd43b3a808155614f329258de066b1dd0cc0f048d46d8ea |
| SHA512 | 737946d14566e6dd8a8732e57c573b9774f332308fefb449c19c3027bbfaecb7ec4f31673a4a735854e974d273644ae85a6ff74c73e144e6cb7186216de8be3a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fd6ff487c320978a6f4e1e20b273cc76 |
| SHA1 | f91c4d57b734b488eec7c2419e1388ee31b2fb1f |
| SHA256 | c0f7e552498e8a7cac4bb5bd42a2231b378d4c9b58580af91f63a8d54e39a8ff |
| SHA512 | e34d9a0f05e8dba64e1799588521cca25e40d6ba185d3daa3526efef8eb3214d8ed518ed2fb55513e3c87cfbaa70051278b65cb9ee3309b1ebbc360893cc504c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b94f7224aab0ef9d975654ce1af1fe0a |
| SHA1 | b5d2da0d35b415d250f81d5d4b9621180c964752 |
| SHA256 | a93f6721c4dbea69e403192a8561f737f549e9141210298bf511acfedf013152 |
| SHA512 | 34ed8ee233ed63cf0fefef623936e2c1f1b7575ea94af3d945d3fe957914ecb30a1ee0c621c02351c9c8ffb5b18a6db19324afa0f8212a79e48278e489ae6627 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f2be240c2440279634046b4e618aaa1 |
| SHA1 | 2f5a9282ef12f46df9b5421497346c08ecb006a9 |
| SHA256 | dca901fe24ebf94dc77238dfe6278eec3b320eda87f1e2c70b4e9888c68ec863 |
| SHA512 | 2a291705dabbf6f21b802caa35beba99d3f2a189eb3cac79fcb23fcf5857c6cc12376eba8ab6335ef4fb6bffcb2c5376315baee83dc833df388330985b31d0bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 63f061498ce3f098b77c4130f150cebb |
| SHA1 | 0ca27f0504d97e05181d7b5fc549789451e9d9d6 |
| SHA256 | 55a90243eaf6c1344580ed519b5e36db5668c92fc72bbac8e0c0d2de4e8556bc |
| SHA512 | ad9f7bf08907f66768218e3be242234b4bdbb8681aba50fc515c711f16b60f9adbc9d07225534a655a82fddce86ce14d814f91ebbcace31e0accaec9e787bfa3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8aff0e863b62909f8c67071f5735148c |
| SHA1 | 4d26384512a497e8e0056cf2a7ad58ab6576b39f |
| SHA256 | d6eebaf53a6d5b8cbea68d910106b4c04ee81f02d01071953c338ebc91100d35 |
| SHA512 | ac517ac1f390c09925541411b08e7823d8f4e72949af675ae6f8d6b600ccc5884499b6938a8564c84eaf6e10839ff611bab8bd86658e7dd375834fe44fb0b12e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 299c519a4ecb234d087508613ad95e46 |
| SHA1 | 33ac29aa07bb0fdbaea53b619234464ee116c778 |
| SHA256 | 34227b46268010a02eaefe881e8036ccadba3dd78234dd8f13e201851208c733 |
| SHA512 | f26c5c9a889eaf42216550f3c942c9787abd42012c8890fc994fdbaeae09edb2e25fafe134871d17bd66bd425401154db72690dc0ec584452bb40ff2cfdad440 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db6d705e66c769b01504262dc377390d |
| SHA1 | aa40703587f19b57c1a9cbe4c0a8f7a4925a0e24 |
| SHA256 | ad362909d9132b775e335b6e9a653263f075c42aa96f74f0d636523f78eeca28 |
| SHA512 | 8b27dce97a07f5f28362e764ebde26cff2af79657aa14fa2597d5e9b518e91d6a5be9562e2ba0ba02bcda36b4c84c18680911bc24e44ae60192b3e55d4d5b6c1 |
Analysis: behavioral2
Detonation Overview
Submitted
2025-01-27 20:33
Reported
2025-01-28 02:19
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4370f30a8ff5ca6a92cb41dd5c6eb630.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4370f30a8ff5ca6a92cb41dd5c6eb630.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4370f30a8ff5ca6a92cb41dd5c6eb630.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4370f30a8ff5ca6a92cb41dd5c6eb630.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4370f30a8ff5ca6a92cb41dd5c6eb630.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.114.82.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
memory/1312-0-0x0000000001560000-0x0000000001561000-memory.dmp
memory/1312-1-0x0000000001560000-0x0000000001561000-memory.dmp