Analysis Overview
SHA256
a45fb48bcaae2e7afa07abe156ac1ed2518b99e5352465ce160c24c3cc25f454
Threat Level: Shows suspicious behavior
The file JaffaCakes118_1c780292151e63713a2563657116ec5b was found to be: Shows suspicious behavior.
Malicious Activity Summary
Reads user/profile data of web browsers
Drops file in Program Files directory
Unsigned PE
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-07-04 18:12
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-07-04 18:12
Reported
2025-07-04 18:14
Platform
win10v2004-20250619-en
Max time kernel
149s
Max time network
149s
Command Line
Signatures
Reads user/profile data of web browsers
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\PROGRA~2\is240626109.log | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c780292151e63713a2563657116ec5b.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c780292151e63713a2563657116ec5b.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c780292151e63713a2563657116ec5b.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c780292151e63713a2563657116ec5b.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c780292151e63713a2563657116ec5b.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c780292151e63713a2563657116ec5b.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | os.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdneu.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdnus.coolvideoconverter.com | udp |
| GB | 2.18.27.82:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | cdneu.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdnus.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdneu.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdnus.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdneu.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdnus.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdnus.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdneu.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdnus.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdneu.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdnus.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | cdneu.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdnus.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdneu.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdnus.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdneu.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdnus.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdneu.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdnus.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdneu.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdnus.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdneu.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | cdnus.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdneu.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdnus.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdneu.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdnus.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdneu.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdnus.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdneu.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdnus.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdneu.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdnus.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdneu.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdnus.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdneu.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdnus.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdneu.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdnus.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdneu.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdnus.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdneu.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdnus.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdneu.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdnus.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdneu.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdnus.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdneu.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdnus.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdneu.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdnus.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdneu.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdnus.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdneu.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdnus.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdneu.coolvideoconverter.com | udp |
| US | 8.8.8.8:53 | cdnus.coolvideoconverter.com | udp |
Files
memory/3196-0-0x00000000004D0000-0x00000000004D1000-memory.dmp
memory/3196-1-0x0000000000400000-0x0000000000528000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ish240625343\bootstrap_6845.html
| MD5 | 1ea9e5b417811379e874ad4870d5c51a |
| SHA1 | a4bd01f828454f3619a815dbe5423b181ec4051c |
| SHA256 | f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a |
| SHA512 | 965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa |
C:\Users\Admin\AppData\Local\Temp\ish240625343\css\sdk-ui\progress-bar.css
| MD5 | f047788b88f4dace0e828635437e565f |
| SHA1 | 159d7a6b7563e4e4756796a83a4c019b3862d86d |
| SHA256 | 2264c4f20115e93ea2d609e7bc088cb82f0947bc41e65c6cf546e2cabf5f48d7 |
| SHA512 | a61be4cbeb5ce48263b60d75a07c4614973203b76918d0489f31dd147c8b1a57340189f12a92b98b2ab7365849b12d31f694a6931c90b55b8a336a5990a34790 |
C:\Users\Admin\AppData\Local\Temp\ish240625343\css\buttons.css
| MD5 | 63e5607b6ca179f4022438b4c1ebb8cd |
| SHA1 | 3a51b4c95b4210058242ec0f3025cc28cec16cf6 |
| SHA256 | 86c77fbf9666fae956c11a2711fe2596a03443aeb935bdc430509741cf43e530 |
| SHA512 | 47d51c36a0482c0359282a9c42c3f3380fbcdbd4ce904b0bd3edcd43cbcbf4e694e6ae4ed513f4aabb4d21063bb7e54fbc1953874bd18cde2aec5477f80da502 |
C:\Users\Admin\AppData\Local\Temp\ish240625343\css\main.css
| MD5 | 98f9b28b30fbfa06b35e880caec410f5 |
| SHA1 | b9c5ebca5f9b4fd1a02b40be1d89561b0bda1c76 |
| SHA256 | 0aa4af275722cf97ac03536dd5296c0999e34d31ba82a5bf8c4fe5aec57a8f02 |
| SHA512 | 039c38574348b914a18918a445a0be8c03d7f1d02fa23a12d04c735e1694d46ccadf955d07f82fece33ec744aad464e9ca448c363c454d929e263458b135482a |
memory/3196-102-0x0000000000400000-0x0000000000528000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ish240625343\images\back.png
| MD5 | 8a99e16e48ab5bfd0084ccd49281b036 |
| SHA1 | ab40545bb33ab2bad0891d3b71c3f618a916cb1d |
| SHA256 | e44a2c233a1b29a6cb3bdd5955dece4ddd1e7497d3529bb55add8da124ad3fef |
| SHA512 | f8b5fd65300cfd1f7554e381d0a3313ce8611aa092b44322c1b59ebc145e915707825f0fcf8e2e979ef6464df713db4d3897f4624f5ab9d777d4f8c4c5ef95cb |
C:\Users\Admin\AppData\Local\Temp\ish240625343\images\close.png
| MD5 | 60e7a3f760637dd125a1150474e7f6bb |
| SHA1 | 46e4b53480dd7b3db532e3511a7ad3b9e99b2f48 |
| SHA256 | d244e6d623fb3706340ead5491bb61663e5d53a3f7d96d4b613175c875c42184 |
| SHA512 | d279b197d330c4fe7de5e891b45e60273b603d58c84a502461ba2edf008ed51e6bcfd8768a74ee95bc9558bcbe8294f9f759c188327f7c54b1483d1072b32268 |
C:\Users\Admin\AppData\Local\Temp\ish240625343\images\icon.png
| MD5 | 45d8e7f1e721db59eca3dc36e932bf8b |
| SHA1 | 974fbb730c8c1ae66c6187f99d887f44d8a77a56 |
| SHA256 | f8cfaea0b23c976a4e7a67ffe79dd82210c5fea7d6eba2383a3cc33f8802ae05 |
| SHA512 | 85b671dc81758977e5f807af91333573e1733ce8ca6721100dbe8538a481d8811d6d36754517948ff6a5ad984bb5ed0724790f43ba30dafdafb8c94735e249bc |
C:\Users\Admin\AppData\Local\Temp\ish240625343\images\next.png
| MD5 | a4987c1267f6e8361800aa3d2dc840a2 |
| SHA1 | 6d428d5e9333f78ffb65f8ac3aab06c8915078a3 |
| SHA256 | 1b7fffc6ecbde629472f7e1b534243f7f7da06a6f2fed082cf1c62b6b002e9d5 |
| SHA512 | 5fc4a1619851dddb8e689cbb342570f3004a7e4c030c593ac361b55584cda6178b3ce6a4baeed810467e569c07587affde5180420d793eb380782f440b23660a |
C:\Users\Admin\AppData\Local\Temp\ish240625343\images\bg.png
| MD5 | 674ebeb11c056b0cdf01802020b8b41a |
| SHA1 | 16fba8a46be739be737fcce768021a83142dc7eb |
| SHA256 | b2f6875b12c8d4d583f93380c34babc18bb027cb15ed4e8a39bfbb5d9848f0b7 |
| SHA512 | 71a826aca996b7db61a23e3011d4b3d9e61469f82620e6c0b08b1c85492d81da0d151d4c9aac6b3c168b53f0e4314bc2af6d5949c1e579f062f2697ae86be40b |
memory/3196-128-0x00000000004D0000-0x00000000004D1000-memory.dmp
memory/3196-129-0x0000000000400000-0x0000000000528000-memory.dmp
memory/3196-130-0x0000000000400000-0x0000000000528000-memory.dmp
memory/3196-131-0x0000000000400000-0x0000000000528000-memory.dmp
memory/3196-132-0x0000000000400000-0x0000000000528000-memory.dmp
memory/3196-133-0x0000000000400000-0x0000000000528000-memory.dmp
memory/3196-134-0x0000000000400000-0x0000000000528000-memory.dmp
memory/3196-136-0x0000000000400000-0x0000000000528000-memory.dmp
memory/3196-137-0x0000000000400000-0x0000000000528000-memory.dmp
memory/3196-138-0x0000000000400000-0x0000000000528000-memory.dmp
memory/3196-139-0x0000000000400000-0x0000000000528000-memory.dmp
memory/3196-140-0x0000000000400000-0x0000000000528000-memory.dmp
memory/3196-141-0x0000000000400000-0x0000000000528000-memory.dmp
memory/3196-142-0x0000000000400000-0x0000000000528000-memory.dmp
memory/3196-143-0x0000000000400000-0x0000000000528000-memory.dmp
memory/3196-144-0x0000000000400000-0x0000000000528000-memory.dmp