bbf7cc823102b3b049e08b1c4703b398b9fac20ffce1fd1517200048e848e93c

Analysis

max time kernel
131s
max time network
143s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
13/05/2024, 19:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe
Size

1.6MB
MD5

3c4e601d5ada88cb0625799fb674bf83
SHA1

59280531f1ce1119f4e710da2edbcf95d250ab83
SHA256

bbf7cc823102b3b049e08b1c4703b398b9fac20ffce1fd1517200048e848e93c
SHA512

6e6518f71561904ca5dcc420be796bc6a2f965d252cf24686b46fc690f2024be6740262768d8d1c8291122927a35b4fcaf94e671c5412099e8ed5374f30c22d8
SSDEEP

24576:H4dsNJHbwDu6eY98oDydl6nxDBd9zC3BMnwvK0eBU2g:DrUDu6eYudEBd9hT0eBU2g

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 32 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBSOCKET	3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_AJAX_CONNECTIONEVENTS	3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_DOCUMENT_ZOOM	3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS	3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe = "0"	3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS\3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe = "1"	3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION\3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe = "1"	3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_AJAX_CONNECTIONEVENTS\3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe = "1"	3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING	3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IVIEWOBJECTDRAW_DMLT9_WITH_GDI \3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe = "0"	3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT	3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT\3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe = "0"	3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING \3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe = "1"	3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_DOCUMENT_ZOOM\3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe = "0"	3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SPELLCHECKING	3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SPELLCHECKING\3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe = "0"	3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL\3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe = "1"	3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_NINPUT_LEGACYMODE\3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe = "0"	3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_STATUS_BAR_THROTTLING\3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe = "1"	3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_STATUS_BAR_THROTTLING	3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT\3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe = "0"	3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe = "11000"	3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IVIEWOBJECTDRAW_DMLT9_WITH_GDI	3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION	3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBSOCKET\3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe = "1"	3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_NINPUT_LEGACYMODE	3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL	3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT	3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2408	3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe
2408	3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c4e601d5ada88cb0625799fb674bf83_JaffaCakes118.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
PID:2408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2408-0-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download