Analysis

  • max time kernel
    143s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    27/01/2025, 20:33

General

  • Target

    JaffaCakes118_4371e0b3bcfa81138662d019fc615938.exe

  • Size

    497KB

  • MD5

    4371e0b3bcfa81138662d019fc615938

  • SHA1

    82dcef2238d35ec09cef3ee1dc5ceefcec72035b

  • SHA256

    68700c9d82230fa15e5893650b80a871d2c9b050759906b72ca4de229b1ccf94

  • SHA512

    f6587a15e4001cd4edf4b653fa63d67b9f99f705af6f38e14b128fd80e185b8dbe6fb71b5dda53c14783770341265dfd81ca9b442eff71e59c01d59759658f61

  • SSDEEP

    6144:xe34R2Ze/zh36dqXEVTrnCRZG/t7FTBqTzP7n7O7L6K2Bfo7pU:J2ozh36VVTGf0ZTsnz7O7L6ju7pU

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 9 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4371e0b3bcfa81138662d019fc615938.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4371e0b3bcfa81138662d019fc615938.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2396
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://pf.toggle.com/s/2/2/227983-661201-edius-6.zip?iv=2012092401&t=1738010047
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:872
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:872 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1684

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          23b8544c1e170d32f74520e5f6cedd41

          SHA1

          2818a66ad949c47de87c30b1d9b4f83a1cf8c458

          SHA256

          d541c61e7a29d4ddeebc66855d9d421fa78dad29ecb389b8a7e7080dc24651cc

          SHA512

          bc0a7015ea9b36405e35655fe90e6a758799a77009341009dbac8faa7cc5e4f8837ecdfc5cd275c8078692f28bad4b91b0ba5e2b3a09319d2a560060de4f4b0c

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          96871a9c2229e759a9461d71554e95c0

          SHA1

          dbe722ed70b97c30aba439947e654552c13ef100

          SHA256

          200dcf17ff93122d5d3705ddf8f3ae3328162f85361791ad4700bb29a57edf3c

          SHA512

          1c7259b1d0e775537aadc5ae5451ea967043b5d96d265abe5f1a734bc12cc43eab5d57bf13bd9e4ffd6d09fc4c5665c7dc5a9cd971fe68ddb6df4a148cc0694c

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          d625b665cd18c70db97f0a81dd2f849e

          SHA1

          ee7b3b21a5d4048bdf20829159952c29bc056367

          SHA256

          52e8ac906aba34cb533ba6e014f3561954548fc1652bfaf155ec596f6f68bc31

          SHA512

          f46c85daa201bde3a2fcf469f05cff301a00711331f7420303dce1a6e47098e845ea4ef1977457311765bcf88af426b6bf5ae66ff4a13339e2e5f4c7b9c02288

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          8b9376823fc0b03dfad7e7d65bd5c0cd

          SHA1

          c5b38eb47e2158efa05e7f3366ca846b75c5196b

          SHA256

          a910a3b8ec508f51505d4c3e57e0f0e63e7636e3c83f000183aefe76a5a594b5

          SHA512

          90b2fd3508ac170d025995178f7c123980bb9ed9c03eaddfd52b41260eb6f00d0de893c793864a76fd79c08015399714b298e1120939ee85bc23571b920e53f8

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          06203a00a6abebbb2f71da4090e92437

          SHA1

          1465862579aa32478a12253b567dcd50df9f5740

          SHA256

          ba390b71e13736d74a9b575fed828bba74b0252ae0a2364d44215cbf44496bdb

          SHA512

          a83bb76b80dced9d260b157bd9832d1ea63746f4bcc0efb2ca63cdc27a35644014eb089f8f712b66151d4cc4e4fdcaea3516de050498f85903f3d8ce236549bf

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          b48ecb042eddca6a4f4058a8db76ef20

          SHA1

          5a6b6faed64a9d7d2258a7a3cd6ca9cb03df88e2

          SHA256

          b232ce759a20ec49e1ea96084e8a5ce25dfc9aa20a4ada81b66d0ce2d45f88d6

          SHA512

          da85de666b90997914257196acfc41a00ee9fcf0d7e1736f9ce1f268373f755551173a2850207f75c16db5131f085ec7ec7e27f4edcd3712630449c9cb741780

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          d0f2d0a374cb66ddc858405ce55c1334

          SHA1

          1913367d838c49ebc8dd12467f99a3886a126385

          SHA256

          3f81666b63c223d7bdf9f43542b397c370b79b761aa67ce351a1291e227b24ea

          SHA512

          7d42fb88583d018636976f779f86069f575250aaf3349cd370bc118e721cc30ae96603cd9bd65ee4fbf2d65e7cd7ee02072357d7046868f28436c292373cd03e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          777dcd1acf869d32cadbffde420fa353

          SHA1

          693ef2226c494bfd5f68b42cf8eb10dfe8a36fe7

          SHA256

          fd219f5a061ed57482e2eb95b220963526658b1c27c17d073c8737e97556a245

          SHA512

          34357cc11f5da668f191125c29a2c751375306184996c643166c5104deb11b1b449e294d07bd672d895dc61d7e73e226f972399a60e7850c3b9a90c7ccfb48dd

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          df74d9e2a5a7186b0d45c0e3c10b9f22

          SHA1

          3e747169c059f4302f376617b26e933744124e00

          SHA256

          c5f4b8b41710219baae3a469588974af0566589b538f6f6cfab04644ecf9245d

          SHA512

          72b148295d1e6ef81063a3e8b8d236869154e4c6149546263c9ed8fa1922ee428a9afca480cc318465b5ef8ede48e3d857b690c6eebc0918f5e65e87d074e63b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          d0bbe0fa9803a83a983b06f442b6582a

          SHA1

          e98d430eed853f47d37c31ecc2cde1af839159d3

          SHA256

          5eeca339a4c5d63a4bd578c803760a6160f3ad049186b21543d1b550296b89d4

          SHA512

          a232dd843a9c083b14696d97d75f419e294de258f2ea328b9a7ae4a6771a9116a042a7392ab190a98a2d40c754bf0e052e2492e63892c65aff48fc2074a0a520

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          d9af75c48e550a96c0517f1ac00b2d74

          SHA1

          d405a1853bad11de79674a5edae375a8322c240d

          SHA256

          6b67d25e6357778270ed383458e4899103f27562f62d31b2d09e2899768f7262

          SHA512

          5cd70c199e3cbf0b71288d97f76bcbfd3fcd5aa0578fcc12f685dcdce78a6bc27609cf0d5d3692bdc467b7ac396d2afb37ad07de1c837c2e29dd2377c09baa5b

        • C:\Users\Admin\AppData\Local\Temp\Cab8BB.tmp

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\Local\Temp\TarA92.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        • C:\Users\Admin\AppData\Local\Temp\nsdB194.tmp\ioSpecial.ini

          Filesize

          1004B

          MD5

          8af6efa4e52f9c4a46c6981b34354b78

          SHA1

          0c8d4fe3e738f895c608e34f2e6a5b65501ef3ca

          SHA256

          843b6e00f52cb31372e8ab772a4ded9810ec9b0187d34f999275e753bf277889

          SHA512

          9781611f04e0189539d458c85d155917f77ce283d3b1d7b9210321fc6f520af3dc9851cdc11b1f99fb02a4cd9c78f22bc0c750f6bf714f53955511e9d409168d

        • C:\Users\Admin\AppData\Local\Temp\nsdB194.tmp\show_page_toolbar

          Filesize

          816B

          MD5

          2121a2c8f6bc44c7309f2173f1aaa523

          SHA1

          0e658f8a1d0fda3f82e0d894cb6332a862f4c4c1

          SHA256

          ccdd16441921b80ef5464c16739ca7c8681ec6dec38a9c1901b513960dc3cb7e

          SHA512

          b57fe1e3ca217bf928287cc6fc325429e6eb6d29ddde9968c7074f71eb0856bdc5b2d8bddbaa604fccd5613602c2afa157c906c4075c4e692e734239685765ab

        • \Users\Admin\AppData\Local\Temp\nsdB194.tmp\BrandingURL.dll

          Filesize

          4KB

          MD5

          71c46b663baa92ad941388d082af97e7

          SHA1

          5a9fcce065366a526d75cc5ded9aade7cadd6421

          SHA256

          bb2b9c272b8b66bc1b414675c2acba7afad03fff66a63babee3ee57ed163d19e

          SHA512

          5965bd3f5369b9a1ed641c479f7b8a14af27700d0c27d482aa8eb62acc42f7b702b5947d82f9791b29bcba4d46e1409244f0a8ddce4ec75022b5e27f6d671bce

        • \Users\Admin\AppData\Local\Temp\nsdB194.tmp\InstallOptions.dll

          Filesize

          14KB

          MD5

          325b008aec81e5aaa57096f05d4212b5

          SHA1

          27a2d89747a20305b6518438eff5b9f57f7df5c3

          SHA256

          c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

          SHA512

          18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

        • \Users\Admin\AppData\Local\Temp\nsdB194.tmp\LangDLL.dll

          Filesize

          5KB

          MD5

          9384f4007c492d4fa040924f31c00166

          SHA1

          aba37faef30d7c445584c688a0b5638f5db31c7b

          SHA256

          60a964095af1be79f6a99b22212fefe2d16f5a0afd7e707d14394e4143e3f4f5

          SHA512

          68f158887e24302673227adffc688fd3edabf097d7f5410f983e06c6b9c7344ca1d8a45c7fa05553adcc5987993df3a298763477168d4842e554c4eb93b9aaaf

        • \Users\Admin\AppData\Local\Temp\nsdB194.tmp\NSISdl.dll

          Filesize

          14KB

          MD5

          a5f8399a743ab7f9c88c645c35b1ebb5

          SHA1

          168f3c158913b0367bf79fa413357fbe97018191

          SHA256

          dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

          SHA512

          824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

        • \Users\Admin\AppData\Local\Temp\nsdB194.tmp\System.dll

          Filesize

          11KB

          MD5

          c17103ae9072a06da581dec998343fc1

          SHA1

          b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

          SHA256

          dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

          SHA512

          d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

        • \Users\Admin\AppData\Local\Temp\nsdB194.tmp\UAC.dll

          Filesize

          17KB

          MD5

          09caf01bc8d88eeb733abc161acff659

          SHA1

          b8c2126d641f88628c632dd2259686da3776a6da

          SHA256

          3555afe95e8bb269240a21520361677b280562b802978fccfb27490c79b9a478

          SHA512

          ef1e8fc4fc8f5609483b2c459d00a47036699dfb70b6be6f10a30c5d2fc66bae174345bffa9a44abd9ca029e609ff834d701ff6a769cca09fe5562365d5010fa

        • \Users\Admin\AppData\Local\Temp\nsdB194.tmp\inetc.dll

          Filesize

          20KB

          MD5

          50fdadda3e993688401f6f1108fabdb4

          SHA1

          04a9ae55d0fb726be49809582cea41d75bf22a9a

          SHA256

          6d6ddc0d2b7d59eb91be44939457858ced5eb23cf4aa93ef33bb600eb28de6f6

          SHA512

          e9628870feea8c3aaefe22a2af41cf34b1c1778c4a0e81d069f50553ce1a23f68a0ba74b296420b2be92425d4995a43e51c018c2e8197ec2ec39305e87c56be8