c3e71f50f748e1bc4755b3028ffb73c8b68c481c29a25a9a1a44d9de6fcb42d3

Analysis

max time kernel
144s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2025, 22:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_67a918709ce2cd0d3049563490699b3c.exe
Size

148KB
MD5

67a918709ce2cd0d3049563490699b3c
SHA1

52dd1ce8e57317eade0021dc3016121f0de852a2
SHA256

c3e71f50f748e1bc4755b3028ffb73c8b68c481c29a25a9a1a44d9de6fcb42d3
SHA512

8babaebb042fbabad14263e7ce18c0af9e191f2d3933defb213c3551f5873a5935301c450c380b295736da719e16e2a10c6bd1961caf2ba995cebb9b99d6e819
SSDEEP

3072:rGPo9St8WHxSD+0T+SG4O++Rt8WHxSD+0JKogj:af8CA6SGTrr8CA2

Score

10^/10

google discovery phishing

Malware Config

Signatures

Detected google phishing page 6 IoCs

phishing google

flow	pid	Process
45	1736	JaffaCakes118_67a918709ce2cd0d3049563490699b3c.exe
45	1736	JaffaCakes118_67a918709ce2cd0d3049563490699b3c.exe
45	1736	JaffaCakes118_67a918709ce2cd0d3049563490699b3c.exe
45	1736	JaffaCakes118_67a918709ce2cd0d3049563490699b3c.exe
45	1736	JaffaCakes118_67a918709ce2cd0d3049563490699b3c.exe
45	1736	JaffaCakes118_67a918709ce2cd0d3049563490699b3c.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
33	sites.google.com
35	sites.google.com

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_67a918709ce2cd0d3049563490699b3c.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1736	JaffaCakes118_67a918709ce2cd0d3049563490699b3c.exe

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_67a918709ce2cd0d3049563490699b3c.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_67a918709ce2cd0d3049563490699b3c.exe"
1⤵
- Detected google phishing page
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Temp\systemidelMan.dll

Filesize
871KB

MD5
f97502597ffadf47c029f302e0a8429e

SHA1
13b11636ef2f8feee36369e1cb0c3a78a7389090

SHA256
da0ef6852d54f1a3a036c68f9e184f9cad521ba4090785b5129caaeeb29d6517

SHA512
c0af05b422b6b0bd551078956616c3b58734ae2bafde707b448036559bb6d7000aa8ab71ead8d2aba700d2963d7b98d66f149022dc4f8cf6a50327170ed0f9ab

Download Submit
C:\Windows\Temp\systemidelMan.dll

Filesize
871KB

MD5
655a4f07cbc0c22aa3d0492ed9b7924e

SHA1
47b4034d3e754aa3207514736be4aec9aff6abcc

SHA256
9491475bab70945bd87e8939dcf80c87ab7ef6900f88da6d23d865fe2fde6240

SHA512
e311908eb861467768213d3b2ef11a825f6296124618201cf510a5c0c2818e5dc5fd61d1e081b70da235d7f9ca8b7b3b494a03f24a5b45bc2401584653fd80a1

Download Submit
C:\Windows\Temp\systemidelMan.dll

Filesize
871KB

MD5
13d5725a17bdce72b0b8206f0b95e183

SHA1
173acaee623e53da244cdeb0912b67a78f35b1dc

SHA256
1a7c3a91eab90b6174c1091496499a925906cfbb684fb5536894001b2bfef62d

SHA512
fe64418a04292dca143e2b920d42e161fa4b51158ff676e7031a14b4f75706c8bd5f566face634c1fe5c7b8c38800981470ee8e03853b409509530f01193e9f1

Download Submit
C:\Windows\Temp\systemidelMan.dll

Filesize
871KB

MD5
4640b9043b8a8eb18f6541bbe1dd86c5

SHA1
6fd9ec0fcc3baa224eda8bf511d4c5b0d41af5b3

SHA256
7bf3a1dee1fe907f94d7182cc73e7f9e495a31c1eb9c88b99c0aff7a4b4b981e

SHA512
297edd283f77fe002d019b396d2158fb920268ef738a65e080daa899a7d0bbf53317c9d13caabbb0d838694be838015a4edc9c3862427155f5779c620d0c6e10

Download Submit
C:\Windows\Temp\systemidelMan.dll

Filesize
871KB

MD5
f5e84c764595354eafbedc21e0715c11

SHA1
aee12d534ee02cbcc8d89e34952fd2f13d3144e6

SHA256
3c8d365ea52b0ef9ab84264295a68ff5283ff8618d0a1e92e44998cf70066106

SHA512
e8ad8d15641387f685cad4276f74a0c1c2a895c8965c131482901c2b684f54b36e85c639624c42ba888f0199cb0712143bd6a98f89e39ff667193b5023c0d986

Download Submit
C:\Windows\Temp\systemidelMan.dll

Filesize
871KB

MD5
0df5eb81c00d4732dc66ae6baf7f4738

SHA1
399f5679be8f2e819ed36c4e4d385447d2b1e065

SHA256
93e470ea35db4694090988cd2e75b34a7002f1d128e56ee6a832706a8b039530

SHA512
d14eb7a67936435ca199e41dad4501086205700c4ba0c6be8d3fe6886e345258efc9d1192a3406b8f5a0c80d1f9d8b7b3c3a23a4ac08a39cb3c27c4d261f090c

Download Submit
C:\Windows\Temp\systemidelMan.dll

Filesize
871KB

MD5
9c4332f3f350b3ad7302b64449c89b48

SHA1
1137958393b7354bf619cbfb5844ca04afa54125

SHA256
52c647a98d87495a08377232015f9d017a9858f7a864fc55db3b273c0917f0bd

SHA512
b199b4b39c0f5e65cac9073981eb3310340ecb296a92393d96e5de484a842a042504eb7dde8a59198c0b9dbee398f0ed9a50c2c23de9c79382b141584ef1ede2

Download Submit