3803f4727ec411be2be596fab421b3bac5d3767ba99d4751200d6342777c0e8f

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
20/06/2024, 10:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0505dde78620edb0e84e12150c95a5d6_JaffaCakes118.exe
Size

88KB
MD5

0505dde78620edb0e84e12150c95a5d6
SHA1

3ee67c978c88a52d754857ff425871a5d977ed38
SHA256

3803f4727ec411be2be596fab421b3bac5d3767ba99d4751200d6342777c0e8f
SHA512

a9ec4ba2bc98721f253cb8dcca2dd189d7ce28f280cd8e4820d4d71b92b5753061c0926cf03e1e648cbd53d0e25cd05f6b3f4015046bc55e5cb705ddb830f995
SSDEEP

1536:6/6P47JvlRQyPM2amYK6IvbrLt/aDL0pvihpfbt8ML:K6AWynam76IsDyGpfb/

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\msoff.exe	0505dde78620edb0e84e12150c95a5d6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\msoff.exe	0505dde78620edb0e84e12150c95a5d6_JaffaCakes118.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1840 set thread context of 1960	1840	0505dde78620edb0e84e12150c95a5d6_JaffaCakes118.exe	28

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425039956"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FEBDCD51-2EEC-11EF-B1C8-E6415F422194} = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1960	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1960	IEXPLORE.EXE
1960	IEXPLORE.EXE
3068	IEXPLORE.EXE
3068	IEXPLORE.EXE
3068	IEXPLORE.EXE
3068	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1840 wrote to memory of 1960	1840	0505dde78620edb0e84e12150c95a5d6_JaffaCakes118.exe	28
PID 1840 wrote to memory of 1960	1840	0505dde78620edb0e84e12150c95a5d6_JaffaCakes118.exe	28
PID 1840 wrote to memory of 1960	1840	0505dde78620edb0e84e12150c95a5d6_JaffaCakes118.exe	28
PID 1840 wrote to memory of 1960	1840	0505dde78620edb0e84e12150c95a5d6_JaffaCakes118.exe	28
PID 1840 wrote to memory of 1960	1840	0505dde78620edb0e84e12150c95a5d6_JaffaCakes118.exe	28
PID 1840 wrote to memory of 1960	1840	0505dde78620edb0e84e12150c95a5d6_JaffaCakes118.exe	28
PID 1840 wrote to memory of 1960	1840	0505dde78620edb0e84e12150c95a5d6_JaffaCakes118.exe	28
PID 1960 wrote to memory of 3068	1960	IEXPLORE.EXE	29
PID 1960 wrote to memory of 3068	1960	IEXPLORE.EXE	29
PID 1960 wrote to memory of 3068	1960	IEXPLORE.EXE	29
PID 1960 wrote to memory of 3068	1960	IEXPLORE.EXE	29

C:\Users\Admin\AppData\Local\Temp\0505dde78620edb0e84e12150c95a5d6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0505dde78620edb0e84e12150c95a5d6_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1840
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1960
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1960 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:3068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5a942b1e679e0b47b10aac50d0514ff0

SHA1
5b9b0e6fcf8f9387f61d767c9e5dec772d4283c1

SHA256
35e876f559c4552707ecf7f95e3da9f467fe15af51131b6bfc1adddc36251801

SHA512
bfea7cda25cda9e6151ca2b8d465af15f35eb5b65998150fa3c3050faefdefb602cad91611e907162095362d9b445dfde8aa47baee1120e090c317ee81f19874

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6b03a5d6c7865ca1ec43a1a5f745553f

SHA1
795590eac89ef8df5d6d7ab8bde41859cb59416f

SHA256
6831a1a6e8fe9846b3473b7d1eccd87124975129605f2124a4fdf7e0d29f865d

SHA512
8a6e057f516d988adaea301806c1c8809b2fe08ed540d1f1214a88c954b7e684ef7a5c9a2573de189c65b1383ec31645dc6d7fc6a2bf28f5325279365785d6af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0931d1c380f4c6066acf1e1e0aec214c

SHA1
24ba7dede86857e658a4e1be853272bf4e5ae664

SHA256
4f8811e55373ec8995b587653033ee3f1b7da8ef7f1eae8a0945eb4945ae1242

SHA512
37a13ee08ecd3e06d37a45e23c4afba5723c94e4df227607a8138b7ff285c73e63dad7a506532948bdee0d70441ecefd46baaf7ba9b58941683df2cc78ebd9db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a81e3c9b9d3bfd495565d0463a5ee4c1

SHA1
a35881a89c90423cb06494cc3f39b261da4c3412

SHA256
e501d5fa1d0c7c7545666328d3986e22242e5875305c89e591660883d84edb71

SHA512
f1437b96e8f9b5bc30b1489a3e8c781fb597450c32f9ab042dc395445e92fc9fc3e3ac742a80e8674a4aea92f498b67240242f697d16a0075832253e51e7b575

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f8c890a0575fede60694be585857b6dd

SHA1
5d080feead74f7dba27d6064d441c2f77ea94efb

SHA256
4d8994105704e586e082756faab1018d666e744ae7e7f8d5d6188b53b213f9a5

SHA512
15b59254a62853eea62b5bee96c58e924e739f77491980859335372adeffd22f274e923415b263c81847593d5289be9f6851403689189d1ab656c45246268b98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b26e30242225d61353a9712c6cad206c

SHA1
6466f38325679cb8323bbfc1ebcf247fc3fcd7fb

SHA256
5cbfc68c8fa9863691f69256ba7d23b6f1a9a651a2f4f629c7e44393fa0717c1

SHA512
81ed53d2af5caf4a4d02eb94eb95c11a287814dafd24080514e60ada56c331e23512810765219c309631cd921cc57815568ef912b44252ab103867108df0c063

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
049eedebe228103d15a7e26b3d25ef07

SHA1
e1ff7117c263ba28a626c68c1ddd4f28c3488f9a

SHA256
b902b9e676806f39e9f7cf0fca747cf58caa8d20aef7045193c19ca3dbbb97c4

SHA512
ededc1c415547aa359fbe89fa8b96194222647fbffd8f6364a05b4a36b76ab9bf52073b006c448882ef947c650f1a7d19148f0a74fbedb37a887dcaf9c328919

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d2c4247de29561c649defd6ee787e7e8

SHA1
e67fed2f531e5ed4a268da5a47ea07a0713be4cc

SHA256
d14b10de068bed4f864e605386d452f9df6aa46ad793ee8c81649887bef01baf

SHA512
c662af6b97d2bc895a118cd32dacbaf372231b8b9023c5806d475a686b30aec5d952069d4653320df3edbf8e7f2ebe8df4839cc86fa3c40818f2ab270df2a639

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4b698704a82d339e1d28b15d20538749

SHA1
70e6b9a468545b9130b4f36c1722299830aa82e1

SHA256
b8ac7dede2b4246cdfa549f74c959f23b0894fb00e995a6b921df90598c2ab41

SHA512
97912800814559f7cee2a5c800bce06cc2f2fd3767ec6074aefcb3be220dfdb7aa3ec6e29979ba1f27f71e7325bf07bac7c1455d2a432c16abbbcc059f17ada6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b18e64fffddac10ba49a1c5f023fb172

SHA1
b3bb59506f26ecaad5262398e7191d5e725e2386

SHA256
37f6dcc502fe95d7f547dbfee0dfd26f03bb86046efad01adda28f4b556f99b2

SHA512
1ad1a1223dc063bde31598bbf4dcb2dcc591474dbec4dd0b6d8bdec981ea22d6b1480c121331032bf82788dac9038957d7e4b5cd616f24a6acf721f76359ea64

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e42ef71a9bf477ff5d87404df04bcb79

SHA1
4c5ad3b23877b61b40784531a01645035698c2e9

SHA256
afabd018fbd0af4017c967f47b5721aafc2339af6dcbcda1084e4c7bde9da338

SHA512
f007d295880585244e63bcd0818dd8ad86fdd4c3c36ddfaa51c68ec9db9c8b364d7d8b499e85b508388a852e2f802090f3421a0ef10563657ae9ce38e99f9f6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
964dd4a19d81b545bc0202e81f445cb7

SHA1
eb69bf40724ff4192a6b5f022e2f4de0acefe984

SHA256
79b45ae06d4de4a1115430ab8a53dd12b571eb2c566880dcd34ffdf85c931d84

SHA512
5d32ed7ac588bdb5d48af1c1a32800ad2ca5b1e0fbd3434f1c3d67706f103f914ba9c1baef6f186c8033bba2a9c658e70c26364cf3c996bbc4b3bb09e8b2d134

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bf95754564fb4980261dc40e55481e1d

SHA1
6cd07c6bda3d6d9b2ef7f1c25a20a7257b2b1790

SHA256
fdcfda26e9f5adbca1b6750049679763460ee3d9840eac76e4a9877441c7a42c

SHA512
007ec5fdaf98093efc8f04b941e2ba7bccbc694161c142e9d79decebdef7319c1c44590ba0d93ebc1dfa0964075d6ee3a9d06a9c5632a013487e3193a2857a41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
08e6de4deed3e31aff991222a3d83ca9

SHA1
17e21c49c28de27a8585d2b555134160e2af8b5b

SHA256
f00ab1a19e0aa7f01dc478bd910b65b122e162b75e481523bb95bf0758843900

SHA512
6f629d253cfc6ce8b0044855d071009e7b26928e05acc8e1af689cc1c01bb465fa3e735d8b3abb2c8b1837ac60620d85daed7d775b6fcfbcc8c0d7f7b044fe56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
488c47f96b669d6a9002c311f86907eb

SHA1
5d00a8abe1dac48285c4fa174dee5c85e3c587cc

SHA256
ab1e202d13899b2c4d2c41757693867192f2f636df03acd5191f27c726f4f459

SHA512
52a554ac16620aa370ae54b45ef4dfd005781bd0ef5c4ea69d7130a92e423d2994013da120651c2d9f230f34739e9054230e5df392f95b9d37ec1b17e77f65b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
53fd27e5b2e651c253bae671e1da2de7

SHA1
ccedbc2c87b520ee1286b6b1426a4f790075c839

SHA256
7710f3004d63cbdfd7b847b480c8fd9e63dee7adff7f374e8cd3afef0731a9e7

SHA512
7d0ef6e0fd2d2c1169d760109c00205ec052c3a1068684056ba3d9909b9f0858c4770cf58f3f63501aefe02dcfc408c669f1311f595900f9b9e7025c243ce228

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e8178939a55677cce4b2c1de7e81b200

SHA1
af977849a103a0198d35f4479406865f084453e7

SHA256
9c28a3e1f7a5be333713c5e4661bc7c89403f0a8dc892e851c67846b4400e62b

SHA512
c5626634ecdb4871a748e5a90c3cf6f08afb0e311937796a579c62d052ac1c90cd4ae942a72fe7753af5b04ec8ee267f2e40816ea79a882cbb8edbeaf359a95a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6870bd4afc1ac695ba9ed370767817f9

SHA1
618cdefdb9f23dd1121186c4adf2db26825fed0f

SHA256
fa56642fff74c8c5e90b4c37e01933d9859d4fc51775e591d4cd656351bfb35a

SHA512
2da43490e243f9e6200e244c54df07903f19c9695b409bae4ef8fd51dc4da82368b1bd171c019b253a5c7a2891cc18b9f777308229c0cf2e2a13e3374ece9730

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab37E5.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3CE7.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit