236331819ef7fe66218b6915197d68e70627e0bca870c9a81bdcc4d62d6d1c0a

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19-04-2024 07:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
Size

52KB
MD5

f9c922fca988830388702e184d8673d5
SHA1

02c777729365f53c86a1a1baedc7733913bd7817
SHA256

236331819ef7fe66218b6915197d68e70627e0bca870c9a81bdcc4d62d6d1c0a
SHA512

22e97cdebb6892fa170af0629fd7bb6c2cd9f6dd7a9b1f327798bb8ac1a018f09d4a0017658a117b6b1e9c6b3c3cfd869ce63d5af9279699d03be8848c63d836
SSDEEP

768:kXVLeWYvwFJnmZpaKwVohZjczS2GqYNyvj7JD7lAdyljampBbgpQ:5zwFJnmZp2MZjhHKUdef

Score

6^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 907635812992da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31101481"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{EDF6181B-FE1C-11EE-93B1-5EFEAEFCD988} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{C54333F3-FE1C-11EE-93B1-5EFEAEFCD988} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000eff37c862a6ee54d80c54a61ff7ffa5a00000000020000000000106600000001000020000000bd9c028b043ff034144e72754df13796c0ee67d01d44e7bc309ca72cc6d98b8b000000000e80000000020000200000005817cf1ebcebcd25c5bb5b08bb5b98b591e176098fb4082b699c9405bc752c02200000003a93af8098bbd94c159ecdb75f43b9b78932d30436ad285082a1f6f610272a0b40000000806ec4e99b0296c24c1ec948501da8e3c0d21f01d74115dbed7aa2b1120a2f422554bc66cb1e96bd95b552a075b66a61b16df8f2d103981fd409f799d00c94b0	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000eff37c862a6ee54d80c54a61ff7ffa5a00000000020000000000106600000001000020000000c738a7b651364d215e333b3edcbb1b9889520d1a6eb5b4ad6c897fd3c5721636000000000e80000000020000200000002cf8724405014313891cbbb1f6c4000e9816bfcb83d5c69bd491e2dc4a216a3220000000df5aa4ccc6bc8ba06277bc57676d752542ccfacb25476fe821bc8f011dd4ca03400000001897436a54b7b69e0c36ca9ddfb33d7778c3d9515a976362dfc3bfbef681d8df57bbf4448c845694e297a557e52f8f26eab1efa9a99f221e6eaf2de30a3d693c	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31101481"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000eff37c862a6ee54d80c54a61ff7ffa5a0000000002000000000010660000000100002000000027d2d4b03b31399fbf65fee30ff32cac35a6c6789f16f6696d43d904f9b96e4f000000000e80000000020000200000005ac26528633b8a4b0077e703418246aa6632650aeca4fb474d25432f15cb07bd200000002b53b8964411d3376ee3bae48b661d6a75f9416b1014003fae46671fd0f2d7394000000060670044182febf831f2710a4ea68dbe8402d8f61d178c21a6a2815828aace6233d53ce7266f942c41c70ccbfeda923673ebb4253ce56f1bc09b5e1dce1d9711	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{AAEA57A3-FE1C-11EE-93B1-5EFEAEFCD988} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2135578731"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000eff37c862a6ee54d80c54a61ff7ffa5a000000000200000000001066000000010000200000000434b8ec6b86afee3521642166975a3798af24fbeafa22b5ce1b9f0b8626a64a000000000e8000000002000020000000684dfd928db2a49f3de370985b4834b36524633cdbf8896dafbb7f4a37cad11120000000aaa7d4035e6addfe742780090e2e728f2e9e8ac56839350cf937d6e3bb79974b40000000f70755f620470dedb5f2eb54d9de3f3f4c9b221a96bc05b6cb0bfe5a6a0073cb566ede66e14e452d55039d4f0254653117c708d43b3176c0b856e78ad064ad6d	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E0396BDE-FE1C-11EE-93B1-5EFEAEFCD988} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{D2B5F746-FE1C-11EE-93B1-5EFEAEFCD988} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000eff37c862a6ee54d80c54a61ff7ffa5a00000000020000000000106600000001000020000000b089806f5fc351035053a502ed20d5ea9e54ca7dc9b8da2d7986597c19aea9d7000000000e8000000002000020000000a00a54a404a541dfdf445d19e4b70878c8291ebca3170509f1e81ae4c30e73ad2000000065bc9601afb6ae071057aa2fdc055b1d281783c08cd099d933da00b3a0b0ceac40000000ab4ebf186ad114bef20555f03b50353c06e683df8e5169f9c16d519f9f299f056310d2a872e45b9ed1876cd3007131f87c6bbd94d33842399e1c5d82a4eb5af5	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

f9c922fca988830388702e184d8673d5_JaffaCakes118.exe

pid	process
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

f9c922fca988830388702e184d8673d5_JaffaCakes118.exe

description pid process

Token: SeDebugPrivilege 1076 f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
Suspicious use of FindShellTrayWindow 6 IoCs

Processes:

iexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exe

pid process

1140 iexplore.exe
4908 iexplore.exe
4928 iexplore.exe
1744 iexplore.exe
3264 iexplore.exe
2464 iexplore.exe

description	pid	process
Token: SeDebugPrivilege	1076	f9c922fca988830388702e184d8673d5_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 24 IoCs

Processes:

iexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXE

pid	process
1140	iexplore.exe
1140	iexplore.exe
2244	IEXPLORE.EXE
2244	IEXPLORE.EXE
4908	iexplore.exe
4908	iexplore.exe
4084	IEXPLORE.EXE
4084	IEXPLORE.EXE
4928	iexplore.exe
4928	iexplore.exe
932	IEXPLORE.EXE
932	IEXPLORE.EXE
1744	iexplore.exe
1744	iexplore.exe
3656	IEXPLORE.EXE
3656	IEXPLORE.EXE
3264	iexplore.exe
3264	iexplore.exe
4620	IEXPLORE.EXE
4620	IEXPLORE.EXE
2464	iexplore.exe
2464	iexplore.exe
3204	IEXPLORE.EXE
3204	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 18 IoCs

Processes:

iexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exe

description	pid	process	target process
PID 1140 wrote to memory of 2244	1140	iexplore.exe	IEXPLORE.EXE
PID 1140 wrote to memory of 2244	1140	iexplore.exe	IEXPLORE.EXE
PID 1140 wrote to memory of 2244	1140	iexplore.exe	IEXPLORE.EXE
PID 4908 wrote to memory of 4084	4908	iexplore.exe	IEXPLORE.EXE
PID 4908 wrote to memory of 4084	4908	iexplore.exe	IEXPLORE.EXE
PID 4908 wrote to memory of 4084	4908	iexplore.exe	IEXPLORE.EXE
PID 4928 wrote to memory of 932	4928	iexplore.exe	IEXPLORE.EXE
PID 4928 wrote to memory of 932	4928	iexplore.exe	IEXPLORE.EXE
PID 4928 wrote to memory of 932	4928	iexplore.exe	IEXPLORE.EXE
PID 1744 wrote to memory of 3656	1744	iexplore.exe	IEXPLORE.EXE
PID 1744 wrote to memory of 3656	1744	iexplore.exe	IEXPLORE.EXE
PID 1744 wrote to memory of 3656	1744	iexplore.exe	IEXPLORE.EXE
PID 3264 wrote to memory of 4620	3264	iexplore.exe	IEXPLORE.EXE
PID 3264 wrote to memory of 4620	3264	iexplore.exe	IEXPLORE.EXE
PID 3264 wrote to memory of 4620	3264	iexplore.exe	IEXPLORE.EXE
PID 2464 wrote to memory of 3204	2464	iexplore.exe	IEXPLORE.EXE
PID 2464 wrote to memory of 3204	2464	iexplore.exe	IEXPLORE.EXE
PID 2464 wrote to memory of 3204	2464	iexplore.exe	IEXPLORE.EXE

C:\Users\Admin\AppData\Local\Temp\f9c922fca988830388702e184d8673d5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f9c922fca988830388702e184d8673d5_JaffaCakes118.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1076

C:\Program Files (x86)\Internet Explorer\ielowutil.exe
"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
1⤵
PID:1104

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1140

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1140 CREDAT:17410 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2244

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4908

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4908 CREDAT:17410 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4084

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4928

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4928 CREDAT:17410 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:932

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1744

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1744 CREDAT:17410 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3656

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3264

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3264 CREDAT:17410 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
PID:4620

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2464

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2464 CREDAT:17410 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
PID:3204

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4H6GDT3Z\bullet[1]
Filesize
447B

MD5
26f971d87ca00e23bd2d064524aef838

SHA1
7440beff2f4f8fabc9315608a13bf26cabad27d9

SHA256
1d8e5fd3c1fd384c0a7507e7283c7fe8f65015e521b84569132a7eabedc9d41d

SHA512
c62eb51be301bb96c80539d66a73cd17ca2021d5d816233853a37db72e04050271e581cc99652f3d8469b390003ca6c62dad2a9d57164c620b7777ae99aa1b15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4H6GDT3Z\httpErrorPagesScripts[1]
Filesize
11KB

MD5
9234071287e637f85d721463c488704c

SHA1
cca09b1e0fba38ba29d3972ed8dcecefdef8c152

SHA256
65cc039890c7ceb927ce40f6f199d74e49b8058c3f8a6e22e8f916ad90ea8649

SHA512
87d691987e7a2f69ad8605f35f94241ab7e68ad4f55ad384f1f0d40dc59ffd1432c758123661ee39443d624c881b01dcd228a67afb8700fe5e66fc794a6c0384

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4H6GDT3Z\http_404[1]
Filesize
6KB

MD5
f65c729dc2d457b7a1093813f1253192

SHA1
5006c9b50108cf582be308411b157574e5a893fc

SHA256
b82bfb6fa37fd5d56ac7c00536f150c0f244c81f1fc2d4fefbbdc5e175c71b4f

SHA512
717aff18f105f342103d36270d642cc17bd9921ff0dbc87e3e3c2d897f490f4ecfab29cf998d6d99c4951c3eabb356fe759c3483a33704ce9fcc1f546ebcbbc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FM7P9K7Y\ErrorPageTemplate[1]
Filesize
2KB

MD5
f4fe1cb77e758e1ba56b8a8ec20417c5

SHA1
f4eda06901edb98633a686b11d02f4925f827bf0

SHA256
8d018639281b33da8eb3ce0b21d11e1d414e59024c3689f92be8904eb5779b5f

SHA512
62514ab345b6648c5442200a8e9530dfb88a0355e262069e0a694289c39a4a1c06c6143e5961074bfac219949102a416c09733f24e8468984b96843dc222b436

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FM7P9K7Y\down[1]
Filesize
748B

MD5
c4f558c4c8b56858f15c09037cd6625a

SHA1
ee497cc061d6a7a59bb66defea65f9a8145ba240

SHA256
39e7de847c9f731eaa72338ad9053217b957859de27b50b6474ec42971530781

SHA512
d60353d3fbea2992d96795ba30b20727b022b9164b2094b922921d33ca7ce1634713693ac191f8f5708954544f7648f4840bcd5b62cb6a032ef292a8b0e52a44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\JP1Y1JJ2\background_gradient[1]
Filesize
453B

MD5
20f0110ed5e4e0d5384a496e4880139b

SHA1
51f5fc61d8bf19100df0f8aadaa57fcd9c086255

SHA256
1471693be91e53c2640fe7baeecbc624530b088444222d93f2815dfce1865d5b

SHA512
5f52c117e346111d99d3b642926139178a80b9ec03147c00e27f07aab47fe38e9319fe983444f3e0e36def1e86dd7c56c25e44b14efdc3f13b45ededa064db5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\JP1Y1JJ2\errorPageStrings[1]
Filesize
4KB

MD5
d65ec06f21c379c87040b83cc1abac6b

SHA1
208d0a0bb775661758394be7e4afb18357e46c8b

SHA256
a1270e90cea31b46432ec44731bf4400d22b38eb2855326bf934fe8f1b169a4f

SHA512
8a166d26b49a5d95aea49bc649e5ea58786a2191f4d2adac6f5fbb7523940ce4482d6a2502aa870a931224f215cb2010a8c9b99a2c1820150e4d365cab28299e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\L3XUK4I4\info_48[1]
Filesize
4KB

MD5
5565250fcc163aa3a79f0b746416ce69

SHA1
b97cc66471fcdee07d0ee36c7fb03f342c231f8f

SHA256
51129c6c98a82ea491f89857c31146ecec14c4af184517450a7a20c699c84859

SHA512
e60ea153b0fece4d311769391d3b763b14b9a140105a36a13dad23c2906735eaab9092236deb8c68ef078e8864d6e288bef7ef1731c1e9f1ad9b0170b95ac134

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF56648C0083EA3C92.TMP
Filesize
16KB

MD5
6599e8c7b97c086846b931bd7b46b48c

SHA1
8d72e04ed6b22b01cbb50bc0824448669e4322ce

SHA256
20e60bd00e2d0760f2e44e3f4a399cac4318c6ae9948467eeaa1913075ea3b5d

SHA512
95a52072dc010966a27e15b975b83dc885ad126c806daa8a8c9c3e7576b49483c44bb1365aba88c3504cf0966051cc1169b8be4dad00f9eb58d197686faf3474

Download Submit