c3e71f50f748e1bc4755b3028ffb73c8b68c481c29a25a9a1a44d9de6fcb42d3

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20250207-en
resource tags

arch:x64arch:x86image:win7-20250207-enlocale:en-usos:windows7-x64system
submitted
11/03/2025, 22:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_67a918709ce2cd0d3049563490699b3c.exe
Size

148KB
MD5

67a918709ce2cd0d3049563490699b3c
SHA1

52dd1ce8e57317eade0021dc3016121f0de852a2
SHA256

c3e71f50f748e1bc4755b3028ffb73c8b68c481c29a25a9a1a44d9de6fcb42d3
SHA512

8babaebb042fbabad14263e7ce18c0af9e191f2d3933defb213c3551f5873a5935301c450c380b295736da719e16e2a10c6bd1961caf2ba995cebb9b99d6e819
SSDEEP

3072:rGPo9St8WHxSD+0T+SG4O++Rt8WHxSD+0JKogj:af8CA6SGTrr8CA2

Score

10^/10

google discovery phishing

Malware Config

Signatures

Detected google phishing page 6 IoCs

phishing google

flow	pid	Process
14	1924	JaffaCakes118_67a918709ce2cd0d3049563490699b3c.exe
14	1924	JaffaCakes118_67a918709ce2cd0d3049563490699b3c.exe
14	1924	JaffaCakes118_67a918709ce2cd0d3049563490699b3c.exe
14	1924	JaffaCakes118_67a918709ce2cd0d3049563490699b3c.exe
14	1924	JaffaCakes118_67a918709ce2cd0d3049563490699b3c.exe
14	1924	JaffaCakes118_67a918709ce2cd0d3049563490699b3c.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	sites.google.com
6	sites.google.com

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_67a918709ce2cd0d3049563490699b3c.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1924	JaffaCakes118_67a918709ce2cd0d3049563490699b3c.exe

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_67a918709ce2cd0d3049563490699b3c.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_67a918709ce2cd0d3049563490699b3c.exe"
1⤵
- Detected google phishing page
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Temp\systemidelMan.dll

Filesize
871KB

MD5
ecdd8179ffb098aee769c5e668b9a096

SHA1
2bff045aceacb06e783e52b4ed7dbe7a30d8db68

SHA256
f250323ad526e4aeb7d44449d96606a090e1eef85870c815eff7ab43538bfda4

SHA512
5b381e9e07beff4cce9f556ecfeed7947aa3eac41b1d0ca55873976289e5b0e5b39dad596f50d65db8e6f65d5234214574a93ec746863896cd294a057f0bd666

Download Submit
C:\Windows\Temp\systemidelMan.dll

Filesize
870KB

MD5
d01d59eef7e9746e922db10a13854ae4

SHA1
7bd2a7e1aa1b66eb0a408d3a9a6f99c88312f46a

SHA256
0af13cb487e7f341b7dfe409f9a41bd6d61c241b01e8a46c6a3c8562c8e0b2fc

SHA512
37d0e65bf823369687d3774e1a8c74d7c480bf135e4648531c0c16c902dab5026d1a4aa3de30e9787df694dc7b55b39bbfe73b1dc304d41d61dd188976d39ea1

Download Submit
C:\Windows\Temp\systemidelMan.dll

Filesize
871KB

MD5
d3312ff54d37e1d5f8d59ef4d5c4552b

SHA1
46714e55c871c7e34fa900bfe01b98b871c801ea

SHA256
905edcfe48f4d1f6496dd5787c41c9d55f055b26f7ce24e1253340e5e8820806

SHA512
cfcf33f6440738dd244220093104f27d2e522729aa6e526e2551303afc50ae020381fd6d1a88fae7836fd88b57e64951f16e53822eb75cde7de7590872d34ff6

Download Submit
C:\Windows\Temp\systemidelMan.dll

Filesize
870KB

MD5
3c1fe42b5027f1136f4f96d159f6fcef

SHA1
1c01c72936f85ad3bafaa7416bf5eddcc135fb0a

SHA256
83a65e51af8e658bda7d08f6d7dfded81615cbb04af79c423e4a6b95586dcb36

SHA512
e4e58289d91053be7698c74eb11839df664cd7da18fe159ac77ccd92e5b792438250ead3bf8c87c21858d9ee0208d5df5a3db8c03901c33611e99def65b7d497

Download Submit
C:\Windows\Temp\systemidelMan.dll

Filesize
871KB

MD5
07abb530edafefb36bb09b2b044dda82

SHA1
35fc542731483ff88d0555d8b07dbc829dbd7232

SHA256
886c382b0a0fb2bca59813f931e779d2ea187e20f31e43ef56e428f809aa2678

SHA512
ef941d465a7b180395be0d8e9fd2a3f5d7cb37adf53832894568dcd218489a5b7345ef66725d093999a2b9010a66908f54702fc44b597bebf26daa4bdc3cb197

Download Submit
C:\Windows\Temp\systemidelMan.dll

Filesize
871KB

MD5
88bdda0564a04bde5cdad4aee4937c62

SHA1
f933c487481243ef4908ad26675b2c54fcd35332

SHA256
b4a15daa2d407b81451259088ef82ab7c84ee04bdb21b53dcf8d474d30c2c339

SHA512
e3affaaccf4512554bcac4d4d2002da5c97205ff0068d03997ce26a05f2acb3aa8f3f13f36b57cf5ddbda8b8e55a5c2884c359a2aaf4db2cf3b8b4971e442df1

Download Submit
C:\Windows\Temp\systemidelMan.dll

Filesize
871KB

MD5
227eb74aa3cd913e27898be8c2993386

SHA1
4f49448d89a9e477c76817b8de022f2b9a9979c1

SHA256
dcc53f5aa14e04bf766218f12e2ce91c9c702dd0475783bbb70bf635752e8ffa

SHA512
d1e1587f1b50b5ce5fe1106f09f94c068ebb8299d2db07ea34b155bd43fc2ac5e7042d0e917a15dccd82277bb41c4d04acc4471265f34203a92564a14700a93c

Download Submit