68d6f421a6db55ecd11e6ffaa112f2efe6903f892049597767757c030c0e8615

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240319-en
resource tags

arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
submitted
11/04/2024, 14:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ed97c77911ea9c3880bcacd079da0d00_JaffaCakes118.exe
Size

6KB
MD5

ed97c77911ea9c3880bcacd079da0d00
SHA1

c5998582e20c93f08bbee4c0cb0325627b7164e2
SHA256

68d6f421a6db55ecd11e6ffaa112f2efe6903f892049597767757c030c0e8615
SHA512

6c73d1b358cbfe0f7642fde27975dd7476692813ea8f6f7b12b69b53f23bf3713180f8114fd7ac4bfab5b9e7eec79be0d8368bcc7aa540fb016b450818fc7f18
SSDEEP

96:GApUFHAiCZYVfEcp4uS7rdZnR9frnsBKOrXCX4:GAor4uGfnvnKKiCI

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "254865390"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 007d3715198cda01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000516244317b44ad49b8c99564e34e94d30000000002000000000010660000000100002000000006bd50fe0a9f299891092ec22914180372105331e3b7abc2f3f1cf05a8bb195b000000000e800000000200002000000077e5502d467671ff01aab6cf79bd220ea2db721b1ad7a907525093775d75790e20000000014eebea9a7c08d092133a39a091ac6a6ec0db076807bb658063e9fa91f36d7b400000009b6d89dca99c8ad286a3202d95beed7c6960b37146f6cd19627d421df8025081e8b7f80649ee2ff5c743ca90143c48793e7b77932f22c9faa58ee75aa0afb122	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40af1f15198cda01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31099929"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31099929"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "254865390"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000516244317b44ad49b8c99564e34e94d3000000000200000000001066000000010000200000007d0377dea1b458a05cd430b7de6c2acf425e2b7725bd5cfddb3e64f34f8fe989000000000e8000000002000020000000cc0bbfdb5e920ee8a7bdb62758c093e04cc77ec7ae9bf5aa8b4da6097d026aab200000002dae4bf88b6e087929e70a5b5aa00a0a6b48f48efc5a316b6e463b298049326440000000577a54c58b8ef0100388782a62bd0376b81ac2121b0ec02987f9cb7863b14528e4a1594b212aa0961379f4770c265e48b5d002434473bbf54460a9059d30287c	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{3A2C6D56-F80C-11EE-BC8C-5A42532AD2EF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
244	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
244	iexplore.exe
244	iexplore.exe
1868	IEXPLORE.EXE
1868	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 244 wrote to memory of 1868	244	iexplore.exe	97
PID 244 wrote to memory of 1868	244	iexplore.exe	97
PID 244 wrote to memory of 1868	244	iexplore.exe	97

C:\Users\Admin\AppData\Local\Temp\ed97c77911ea9c3880bcacd079da0d00_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ed97c77911ea9c3880bcacd079da0d00_JaffaCakes118.exe"
1⤵
PID:3560

C:\Program Files (x86)\Internet Explorer\ielowutil.exe
"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
1⤵
PID:3888

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:244
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:244 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3096 --field-trial-handle=2284,i,13100272738549420251,6151825632958897606,262144 --variations-seed-version /prefetch:8
1⤵
PID:3280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads