Analysis
-
max time kernel
119s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
08-02-2025 19:31
General
-
Target
JaffaCakes118_c69a4d5254922580b97027536e71354f.exe
-
Size
417KB
-
MD5
c69a4d5254922580b97027536e71354f
-
SHA1
65af75ea166bfeb08774967e4aa61dc1810e90f2
-
SHA256
dd95ff1cd98b08e9c099e668053ce125c5feed1820d8e1b1f03b422010417b00
-
SHA512
c86b4bc19816f700c4ba01521b227b5651c1dd93960dce1902b1cb6aca668ff71cf88a33ae22cfeb47020d87398cdc18e6563b78a6cfd922f71b8f48c7a5fcbf
-
SSDEEP
6144:j8PoYDUEeS6nca0WPwduwuh/u/mZpZg0a6itWkJZpVpBpeFTBjzP0UPQ4KNICn8e:3YUS2hVEuXwb6iI2lDpeFtzP0riCCg
Malware Config
Signatures
-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 13 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 13 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
NSIS installer 1 IoCs
-
Modifies Internet Explorer settings 1 TTPs 36 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SendNotifyMessage 1 IoCs
-
Suspicious use of SetWindowsHookEx 10 IoCs
-
Suspicious use of WriteProcessMemory 18 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c69a4d5254922580b97027536e71354f.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c69a4d5254922580b97027536e71354f.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\HTV\HTV.exe"C:\Program Files (x86)\HTV\HTV.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Program Files (x86)\HTV\qs.html2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:275457 /prefetch:23⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5d9e02f226fc338d14df200ba9a700625
SHA1414f134a16a309b31e418ed9e08c0c48aaf6e2bc
SHA2568165757efb79acceb9fd0bfae6b2c19b8f087cc0461abb17941d460dbdf2e260
SHA51213c73381602fe2593312d41ab4bc5cd5f922ac651f9e71e3fe3c58e7f0c5c73ecc9d79d61ec46f33a0a81cf73373421eeb510bd99650c0f53af30974ed61b8ca
-
Filesize
14KB
MD5661aab4571bea11f40a403b154d6dba8
SHA1731266406f6458c99bc8c1a9b3d3b7eb0d0eac6f
SHA256580e5897b0cd5ec956020f2d482dc953b57817bc83b2dfac72574e1e33c18412
SHA512b3cf1713f972839afded4b9760b615821d237d6fbab4b6215e5dc6aa964544f1d16ef9dc08f8d58e369cd91f56b3a6e06b15587b1ece4c680f3b2f98f6c2879d
-
Filesize
7KB
MD532dd7b4bc8b6f290b0ece3cc1c011c96
SHA1b979683868b399c6a6204ebaed9fc9c784a0429a
SHA2566dcce9bbba5c2de47eea3abf7597a9c4fb2e4d358efc3752fa65c169cccfa2a1
SHA5129e0d720799fe816f7d09c8a722b762203b6f12a8625c1c93cd640219ecc35969bd641b4d9e6dc04ab6f95ceb73235a438eb7d48ee9402118db3618b5760551ea
-
Filesize
5KB
MD5e8155b68775ed29590e14df80fdc0e9f
SHA1ed449da02e648a524004c265f3c37496d2f07f1f
SHA256b39ba894b0a9a3201461ddd9ee9b297928e793dff221a47f019e75c11df631f3
SHA512b14e00c46cf9bed0aca0f85775f624ff064f2d2afe1fa68b61bee5729db73cf9a8eced669c52d7cbb9504ff1b369a9a16a0f36c71a70c13c0bd1eaf5e07ccc11
-
Filesize
33KB
MD514d48e19bff3bfc93a44a4af777fa8a7
SHA1ccb4ef17fef63576f484618ccda0764928338b22
SHA256c485d51d0bb639d7bfdfb447337171af13cff1ad9c3e344e55395a7c17e1e1c1
SHA51211d4e09364b4e496e93b760708f1a403c3a39016d79e801cfb78e1adcf53dfac8ac6e7187d9faa6c4baf5bc008cbc2e8c56e636d8a8fc41bd90543f78f33238d
-
Filesize
44KB
MD583cac9da65204dca68d957c5731a7059
SHA10291f20c8144494e9eb06b818bed447afee91f09
SHA2569704a03d01c430189525b18b519d77337e230ccd09ca37d2ee1a25a38f5cec0f
SHA5124be4fc5cfd21ba4affff87ca1698ba63a62a2d899538ba6034e71a2451d63f545b4e29f8fd5875e0339f97eca360b46fac85d7ca26c7e37a8ea4b3ca65457673
-
Filesize
22KB
MD520fe009bce33b78dd40b48bc5f8accc6
SHA1cd614d9b9e088eecb7e63722f61a39a0cf0ec196
SHA256979c4b395172a53794b18d996df95c75c68d70ec3573aba66cdfe28c8d1cf0eb
SHA512f6be54be78bfdf770c7c131c5d108b0b33376886b9b4a66598e2c92543a2e83ffafdaea36b9d749784a978d4327cdf52ce0ac6feb9a28d683162b0b3f2f40a37
-
Filesize
1KB
MD540d00fa24b9cc44fbf2d724842808473
SHA1c0852aa2fb916c051652a8b2142ffb9d8c7ac87a
SHA25635b0f1bb808e1623ad534fbc1e72cea25ac28f71340e9c543f01d1bfdd094035
SHA5129eb750e08ca9750988290626ae8ed32a2ecfa7c8ca021b3e26b3da0a94de952b991a9a6a0ad5729d7d5ccf7b3b36fb36fd24047f705d0468ad04908ba8a7154c
-
Filesize
7KB
MD50ac69330c3b9181b8a109fddb91fa128
SHA1ef9698ccce041ce8ba3f4af37d0c2b577f19b375
SHA256e675fecb791ed568aae7f1c24b159f7c0f7e23fe8a7ce76f72b3dd1a4ac00e9d
SHA5123a74c04baf3e1e842c0a2568a6480e4ece05baef31171397763de638c6e5b0d26255cf1d7802ea53c355563b8e4b600d24d04afb5168fbc54f66414445327749
-
Filesize
954B
MD5998d1129c729c25b2936721c218d131f
SHA15f71c8b35c04522c44446b9fe28c00621d5ef333
SHA2565c09b09e7e7316030e9bff6287d850dd0d32ceb3b74948a3c576360f2ca33875
SHA512ae62515d6c1238d5392bc024e393d10a53de049a4b11755aeec15c2da87096ed16e121a6f124f8f6f1bf48a7366832ad410a7c52954acd97f7cf5e3495b08796
-
Filesize
910B
MD5dc254bd424b9f70d1f67285e4e402179
SHA18c14d51faccdc9c4b96bf5a11856abe00ce0989b
SHA25675850d32fe5c55e26d8b64343cbe10c9e7eb1f0483ac00e2a9d183d5e641d2ac
SHA512cf6c1b00db1cbe4056b9e77538407105570260a9b2b60c24cc674bdd39c915b26a35f49af98f4e145e0c343e0a83f72f5e80f3c345b16de0b09bbc572f756354
-
Filesize
968B
MD57f795f8b7b4d1ab682ee0e6101bbdae3
SHA1c600a1e80dd88277dd63f82edb8011f36748ccc0
SHA2565bbfcf266b3edacf73f821cdaad5c1508fe4b5f7670eb87d21b2c9b0b767b4bc
SHA512bfad786679405d68e9a86506c2bf5b9e63cd05f8cc642bb1567744e19e03eeaf33ffd8c77706b9bb571713d72364b19d5617dd24304d0ce7d734593b78afc3cb
-
Filesize
342B
MD56ecf2216daa7ef4717cc86cc170a9a25
SHA15b12d3c32aa3eea2b5cb1145179591a4d7b958c3
SHA256fd5ef9fc34cae9557e9654d00d1aa7690414540241977a379da688012473ce81
SHA512e2a377f7c1f839dd185fbb05efe481d08091b69cd5abe025096b65a49b6e037d5d12a5ae81f60367947cee820645ed51bd22e97bf46e70c09cef81b4dcf9895d
-
Filesize
342B
MD5c32abaf0e8721d20798bde616679bece
SHA18a6391e82f6c05c767042dc8d226a4bb11297e65
SHA256bc634dff62bb6f6d79859ea8b3a242da60edcbd1c9ae191fb694a880dd6617bb
SHA51211fe261761d56358f08b22e071b854b25db7efa27721cbe24a3d74d49163068bac99c95d9518f1149fa6308d9d0f27832dc4f05c603d647272a4bfa690062a04
-
Filesize
342B
MD54c85d1c387dd15eefc99688fd6faa742
SHA1d2268a6388f65716359e954940acab3f59d0f745
SHA25641279b43b24649ba3fc50b810feac04f2a6bd315b37a63e214165ec3b178e1b8
SHA5122173753a0cd2949e8334a03502ffc07adbac0c57252c530538fe3a8bf515ac342871f9fe9dae649bd99d2c63c720cca92f4e0ce2bbaf9f7005a77fff94c7d037
-
Filesize
342B
MD59f6f6162c3a74d010c6895bd6cb67bf4
SHA12e469f2e5675b1bdfd00bc00cf2ace1341f8ae01
SHA256a55bb3af8ec08ddbac6edc2dc66a35b2f5d8779a7502391c576dfc9fe4d5ed75
SHA5129d2c9683cd4b792f0d53e27c23059cbb9fae2b2006b92068745c1b799aaa9ed1ee12e0f8cad09dc5abcb698212fd7ba0afe874a63951976f813a5893eed90233
-
Filesize
342B
MD5e9278aa6c58588ec0ef8af040c99f9c6
SHA157f33cb46bb3a1b0f92f91b3eeac3a2d9065cf24
SHA256b3acd37e026dad9124091fdd896d7e241187b48522d2fe396da6e8998efbf5fb
SHA512823267a2a5e737adcb07e62fb0d98f23661ac03a9d399cb7da2cfe64f4efa7d966344a0936cae142388a7476f126ea59413df24795bb9fbd7c5d3dc41209ae0a
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
735B
MD5ca4fb82ffa0f2d9c1e2a9e39aed4d079
SHA14029befc1906df68784282ab040e2534598211bd
SHA256752138a105d9025dbd8ccd373c5e53d5df868e8e5427cb620bd4bcdc91c03e93
SHA512dc312facf63f706e9d76b7cf460802d4e91fd8625624acccaf727781ef430f789a720ae02402f4a4b0bf5eeadb8a27f705b3051be63756da907989487f2547d1
-
Filesize
393KB
MD524781fcca21b8baca869cf2307d7f9f4
SHA1148ed81fc561c9547ce4203926bf742162b177dd
SHA2560e0aa9ae7d0ff11c8757768527ca3ae61f56d51cb645e88421d4905db14c5032
SHA512e2769dc1194a909c9a9fc42faefc5c67c94297eded8cd95c8b4de5f1b5666ddbfd14fb5fdff0811c2840c6e318ff60b80693eaa78be3f7904887aa2122ae5b5a
-
Filesize
471KB
MD53c06bbc025b61d2182ef5573f2852bda
SHA1ebc1464c00b13fb5b3f80a59c80b595020e1fe7c
SHA256e7f64e7215284cdeb8ef1eba28733f7aeae7f6977f82809d8de1e76a2e249085
SHA5129d839ada211b85fc1efb1fe7bb3ce66fcf0e8069221d958234649c2ac5dc0f1bd06f1a016f9c727077af36fb46cac5409be9c8a8201d17f689c6b473aa01acdc
-
Filesize
12KB
MD5b3ebe1cb6bdd529302c121dd4e2e0d00
SHA1305f022e7e3ef0ae6cdc5f18bd6adc3032f64304
SHA2565a1696f9892567b3339faf2bf4df5eb1d2d886c49807529028b65f0f493e79b2
SHA5126f6ea4aec1588bb6f7ab4f8422942ac0acbddb8b916af2ead039b434bec6db4d0bf64deb3b8d6cc33666cabd70024a1208411ab6e0ee10bcf98c47951f8d359a
