Overview

overview

7

Static

static

3

JaffaCakes...24.exe

windows7-x64

6

JaffaCakes...24.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/03/2025, 22:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_8a1ef7916a653c6b785b585bfc6c4424.exe

  • Size

    33KB

  • MD5

    8a1ef7916a653c6b785b585bfc6c4424

  • SHA1

    c3c33e9816a9540bc80f34f4b3af75fd999eec90

  • SHA256

    8b461384400e1329c025d692e5c6393a171c8721ede651d5189e7717f684b625

  • SHA512

    793b0dd6dd394c764ab4790c8d7e1c6b2add7a26f23bcc165e37f4105e8a39046728765d2a32a3c33be25244ecfba0a331a83696a63cad70db6f9c79e4c11a09

  • SSDEEP

    768:SuGP6od38fk9O7ZzTCgHIb1nYSs02HjdQqmyeZ4EYNoH///:Sn6odD4oECXCeRtYNoH///

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SetWindowsHookEx 24 IoCs
  • Suspicious use of WriteProcessMemory 21 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8a1ef7916a653c6b785b585bfc6c4424.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8a1ef7916a653c6b785b585bfc6c4424.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2092
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\a.bat" "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8a1ef7916a653c6b785b585bfc6c4424.exe""
      2⤵
      • System Location Discovery: System Language Discovery
      PID:4308
  • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
    "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
    1⤵
    • System Location Discovery: System Language Discovery
    PID:3984
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1292
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1292 CREDAT:17410 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1644
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3708
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3708 CREDAT:17410 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2808
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1896
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1896 CREDAT:17410 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3388
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2300
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2300 CREDAT:17410 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1068
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1692
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1692 CREDAT:17410 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1020
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3840
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3840 CREDAT:17410 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4672

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\28X5YDPF\down[1]
    Filesize

    748B

    MD5

    c4f558c4c8b56858f15c09037cd6625a

    SHA1

    ee497cc061d6a7a59bb66defea65f9a8145ba240

    SHA256

    39e7de847c9f731eaa72338ad9053217b957859de27b50b6474ec42971530781

    SHA512

    d60353d3fbea2992d96795ba30b20727b022b9164b2094b922921d33ca7ce1634713693ac191f8f5708954544f7648f4840bcd5b62cb6a032ef292a8b0e52a44

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\28X5YDPF\errorPageStrings[1]
    Filesize

    4KB

    MD5

    d65ec06f21c379c87040b83cc1abac6b

    SHA1

    208d0a0bb775661758394be7e4afb18357e46c8b

    SHA256

    a1270e90cea31b46432ec44731bf4400d22b38eb2855326bf934fe8f1b169a4f

    SHA512

    8a166d26b49a5d95aea49bc649e5ea58786a2191f4d2adac6f5fbb7523940ce4482d6a2502aa870a931224f215cb2010a8c9b99a2c1820150e4d365cab28299e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\H2HS1UOT\dnserror[1]
    Filesize

    2KB

    MD5

    2dc61eb461da1436f5d22bce51425660

    SHA1

    e1b79bcab0f073868079d807faec669596dc46c1

    SHA256

    acdeb4966289b6ce46ecc879531f85e9c6f94b718aab521d38e2e00f7f7f7993

    SHA512

    a88becb4fbddc5afc55e4dc0135af714a3eec4a63810ae5a989f2cecb824a686165d3cedb8cbd8f35c7e5b9f4136c29dea32736aabb451fe8088b978b493ac6d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\IUD94ZRE\httpErrorPagesScripts[1]
    Filesize

    11KB

    MD5

    9234071287e637f85d721463c488704c

    SHA1

    cca09b1e0fba38ba29d3972ed8dcecefdef8c152

    SHA256

    65cc039890c7ceb927ce40f6f199d74e49b8058c3f8a6e22e8f916ad90ea8649

    SHA512

    87d691987e7a2f69ad8605f35f94241ab7e68ad4f55ad384f1f0d40dc59ffd1432c758123661ee39443d624c881b01dcd228a67afb8700fe5e66fc794a6c0384

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VU6DIVIW\NewErrorPageTemplate[1]
    Filesize

    1KB

    MD5

    dfeabde84792228093a5a270352395b6

    SHA1

    e41258c9576721025926326f76063c2305586f76

    SHA256

    77b138ab5d0a90ff04648c26addd5e414cc178165e3b54a4cb3739da0f58e075

    SHA512

    e256f603e67335151bb709294749794e2e3085f4063c623461a0b3decbcca8e620807b707ec9bcbe36dcd7d639c55753da0495be85b4ae5fb6bfc52ab4b284fd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\a.bat
    Filesize

    38B

    MD5

    1bb08e1de6d8206457ccb5be7eaa90a9

    SHA1

    b895eee036fd4bbf20378b7bf71102fc1bf6de55

    SHA256

    acbe661b5145045fa3f319f23ca6d6043cb176492d2f7bb291880d107ec47d48

    SHA512

    4f905a5dac2249006262e93609428b8bb0305ca65eb61e2fe5e077db3e098e84a6cf4733b2d1a927f2f4ec2c2aa2ee7128b5cb735fb2aa922107612482e44f9a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~DFD8110B1974110086.TMP
    Filesize

    16KB

    MD5

    31494acd76965bb36fad6a7508a93d79

    SHA1

    3ed8138f003bd13fb7c2f014a46fccdadf653789

    SHA256

    12d78462fc78404a3a602f9b04d2187404111575d6059042d81e4dcde655c64b

    SHA512

    c06b634ad051e4d715a7921cbc7255a834395c556b28a0fe756cd761a5b7d8b1a9b53f7d0e63774dc68190b506f013a0c1a0d4194641d357f8857b7575f56ecc

    Download Submit

  • memory/2092-14-0x0000000000400000-0x000000000043E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2092-51-0x0000000000400000-0x000000000043E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2092-49-0x0000000000400000-0x000000000043E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2092-36-0x0000000000400000-0x000000000043E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2092-0-0x0000000000400000-0x000000000043E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2092-12-0x0000000000400000-0x000000000043E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2092-76-0x0000000000400000-0x000000000043E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2092-89-0x0000000000400000-0x000000000043E000-memory.dmp

    Filesize

    248KB

    Download