13392b3bb5f07557d98b42391ae821556f3b84641d7e810a04215a7365ec381f

Analysis

max time kernel
133s
max time network
127s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
20/06/2024, 10:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0532a39705fc7fb718b58a9c89ce01dd_JaffaCakes118.exe
Size

9KB
MD5

0532a39705fc7fb718b58a9c89ce01dd
SHA1

297b2807bd837c95ad7272c351ebd5e65a1353ed
SHA256

13392b3bb5f07557d98b42391ae821556f3b84641d7e810a04215a7365ec381f
SHA512

bfeae4da300c61e6fcd97404d2241a3a47447634eadb84ba7f04fb7e729b28b0e89da2cd8f63548b45f238d4f50496708ba9d937b9aa66fe25a8290b3bb95138
SSDEEP

96:nPO7eQOcokmCFUt2QRFoYA209gR4CqA9VXFufjcWYpeEG:nptcrOJoYL0u4Cn9VVufjcWYvG

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425041671"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FCFC1B81-2EF0-11EF-B477-E6415F422194} = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2396	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2396	IEXPLORE.EXE
2396	IEXPLORE.EXE
2308	IEXPLORE.EXE
2308	IEXPLORE.EXE
2308	IEXPLORE.EXE
2308	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1244 wrote to memory of 2396	1244	0532a39705fc7fb718b58a9c89ce01dd_JaffaCakes118.exe	28
PID 1244 wrote to memory of 2396	1244	0532a39705fc7fb718b58a9c89ce01dd_JaffaCakes118.exe	28
PID 1244 wrote to memory of 2396	1244	0532a39705fc7fb718b58a9c89ce01dd_JaffaCakes118.exe	28
PID 1244 wrote to memory of 2396	1244	0532a39705fc7fb718b58a9c89ce01dd_JaffaCakes118.exe	28
PID 2396 wrote to memory of 2308	2396	IEXPLORE.EXE	29
PID 2396 wrote to memory of 2308	2396	IEXPLORE.EXE	29
PID 2396 wrote to memory of 2308	2396	IEXPLORE.EXE	29
PID 2396 wrote to memory of 2308	2396	IEXPLORE.EXE	29
PID 1244 wrote to memory of 2396	1244	0532a39705fc7fb718b58a9c89ce01dd_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\0532a39705fc7fb718b58a9c89ce01dd_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0532a39705fc7fb718b58a9c89ce01dd_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1244
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2396
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2396 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8cda69fdeb9e7e5efbd47b8a11582e5b

SHA1
8e52bae35143e6001626017245aff618404e6d00

SHA256
ba3890fd40d1a799422897bc9ab25799caf73de032ed033b83ca7e5cf6c4ffbc

SHA512
4f5bc20d3c77436d7845daa1e8b6f49fee75cbd879ed184608fbe8886d34fbbc9080d699fe475035ec9ef96c3191ac98fb46b3f70415ac378233382a7c918b66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9ca6faae49d82fe7c8879d252e64cc07

SHA1
b7083c3606f22cf39d660ca58d9f3c9a88699521

SHA256
8762d54a06921f55f22bd4db81c0420d51747c908dd5a90f42aba4b1a3ff1900

SHA512
28daf76a0420737813c8a105ff1a520092fe85defa00c487029a5dd2f9f7095db155998c5a703f13fc53cb2992b42996bcfefa169d7deab6b11e370f7172cbd6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ded2cebc11ff0ff3e2564ea0f8a8ad51

SHA1
30f5e12a1b98ed55063191c919bfd41a453907bc

SHA256
0b77173e805f7015a3cca31a0aa051aa890f7f937a2923830046bea4f4b65a89

SHA512
0ef4ee35b57dd05aab29fe5c9913df244de724227b11ad9576706a1fe7ae24eaec257eeef3a764ddffaeb832cb5566154c38515584e2043428f2e5f2ed6468d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
21a408b889e2e90f13ff151675adfcfd

SHA1
97f920af787c8b79ef2094c128f4cbbc2b999e32

SHA256
88004b054b8dad445928242cfe61e6c848e40317b97140a0b5b43ee8bd048d3c

SHA512
3d74abbd63065c113f8db4768c6c9d747f8dba5fbd0444c200bc89be6a798a13c050264afea18635c4189e9c1f5557cdc84f6940f86b67f1298273fb0c8e446f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
469e5b7cd6d824e20e19db49d5aa1e72

SHA1
e8a080bba3234d918a2c7d5fe16a778a468174dc

SHA256
5bceb35289a6b893c231b642a30e3f55de599fd9264e9a7e8445b2fdf7153302

SHA512
b1e3f248b19bba85a87c4adcdbaaaf9255cb54103072a8cfc80084e9dd728b21b4051d6a864bab1d811d2de195f8a3945177c9e56103c10538356bcf1a5c16a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
72cefeea246345e9471aefcf256d8939

SHA1
2b53d0aa6e1b20000f74d4b25e5785665855b2ec

SHA256
32a8fd44641c3317a293c0828949bf01e47efd5f1883b32cf48713914668d754

SHA512
c001ea986f2a3d4b21e85109184e940cf36142e33154f1a2ae4faa4b8e85204c35676848b19d9e76d83ef0b541feaeebfe04a0a9af35f2fa38b107d61e7fb5bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3b0ca3c040072b7dec94b8e49c62ff24

SHA1
a2a7be7d85fcc2283f63f2aaef8dc20b2e4129a1

SHA256
8f5a711e00fed37135539343523a7aa37524bf6d8b5431ddc780d8178b8e0d16

SHA512
d4c2d4e1f6e288878373c2e491ec7454a1624b41296b33f0b7d6d376625eda224cb261d8bb1bc3357691c7b51dc70e225feab1cbb5209aac800b96525878ef16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6db3755154010f0d1cee17ee9993554f

SHA1
66f94abf915761b4b7ca0359e3e3c3d6a954aa55

SHA256
f92ec4f4e0fff1de391a717a9dc95a0282644a9fe366fe89f365d31fcbcfe157

SHA512
5f3a40b0d0db14347a9247b8997da2c20a8457c67fe74284e24fdfbef1d837e3e2561c2675aa94494f7fb82e8aab618f48a519621611be2732fb7045b352ade2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
440b39c4eeed42d1638c53ebea709b1e

SHA1
2bd84be22a6cf7bb8695374548e37cb9ff9d8e7d

SHA256
7bc0f03f0e353283d5ab8d6f623ee1fa836f75f1c9a8b3913c1042f3fe3521ca

SHA512
300f67fe275014615e958374942f751b5211694c6d0086a78f4bd90e7d62d592811f4e33acad346f2c9e97beb4f829fff9a5e613e13e07711dc723505f74f70f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9f0f93736198cfa5ef1e89e3db189625

SHA1
a14ae82173eb64bcfdfc62b668963d896e84bb6a

SHA256
2160b25668290278c7e418eea51e015f6c925cbc91b094f5537d09a7b2d415a8

SHA512
74bac9cca7986abb1325a6151fbbaf9b3e38c1b91f01317d2bc2ad873cbaedd572817af8a339d7f673e8275d9bf868a1226b9536c90bf71230b89f1a9eda4c8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe421dcee5eb848ac10d8a4ddb098864

SHA1
0f16b4e76c4bb50fccba57c283e7ebefd3d23698

SHA256
9d8998662446cf58ac8806afee0c044e897ecc438e1bea4c6c0b0bf27dbe5a9e

SHA512
ebd63bf0f63a5dd339a94bc9f0d166dc5fc9192e37ea63ed9af5e3ac191b30b78252bd14aa09b1463d990e1075e9d34c85363ea369ef6133bc0356caec148ed5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
90c2aa4976d38f9b5c1113d0817f2eb9

SHA1
038f98799bce2f7904f045039528b3454083fe24

SHA256
f90faae84e668b75449069e38f8d86ddf03bba5e47eb556c7077dc6fb7095d88

SHA512
aae1067edab42ecb71367571462f6f54bcb2fd9a6ae53ff884ebc2b3477ad4316d1f2a49b38b58886487ebad0c1eaeb69a13101468888bde31d59a0b9aa9eb8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d95a248f98e7151544c3005ed2ca14d6

SHA1
cc6a1925e63dda21685ac38f53cca6ab9f9b411b

SHA256
de9819bc0f85c63e3ef0c6eca7180331b97fa75d246b0745997d4a3705ffe5d7

SHA512
3564c699c7a06d2aeeedb7c3d05a03dc0850af08fc8ecda9c9602627e0577f2ee444106deb9909a8a2743ca0debd932bbd9a899b784736f1668864b71e69615f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b3f36b61c03fbe3102fcb842b41507e

SHA1
26d38c929fdf5c4150a75f5a4e393f7c175c9566

SHA256
5a456c82ef18d78b2b1deb21b8fcc90bd758c4ce37db1c3805cbeedd8d7451be

SHA512
76a9b4d5e5e9f0d2088b01d1dd6d660e0b2b7dc068baac4f6cab42de037bffa50c400edb5cc543c91a114c911950d5352263049aefddd45f956689687a88c235

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4be2bdff9a1567fb1d52c9c008158df5

SHA1
ac9b3b6d67494360cc562d480c24f211a1938d83

SHA256
0cc2c28c30161e1e389bc2277354d87df96a7e396aaa20c10e8426f4c1345c75

SHA512
4378fae5033d7ca01f2296e8a992cc3faeb37b0b55747ea7a6a026f38d62f5efb7723159516ca99af45471fc7d9586ea9b603f67387325b446bffd72e1e322da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d8a985f2649f09d382656905ccb10c6b

SHA1
441290bd9d1100eb0b34f5488fd5c9aae75e1c9d

SHA256
877b8210586f3305d98e054c3f9abe92b693621a80801707b82aa3ef55d58f7c

SHA512
b90e780406289fed96e61a083e397772102bcae348dbe1a0d54f650a947643e675531ada960838da812b072da560ee28f4f66ec3a9efb0262d2a751beb9430d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a5209cb8195e95effcbe1891fcc495d9

SHA1
2154625e9110ef390f3112870345da8737536427

SHA256
69b768a929b2ea5952c6b494e8d4abacfff6957737ab806b07b7f13db71e26b0

SHA512
c69dd09eac9837c66b9db796579a58e2ee9384d0b1886f495cfcbe60eca9e0b23186ee3619eb31775a7c02abc8163cc1939bfb5eb9622fc39609ac93890bb650

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c7a61e81dd5ff21c70967344644726f6

SHA1
0302aab9f38d18aeb3a3b358199f055c16429d43

SHA256
ffd602b19736eb54cdcac0fdadc3e1fcd6766cc9dea49293d9d54fd4bf0e1827

SHA512
a751cb6ae7c7faac4d9c8f2db534f03658159ac8363547a9a5b5df396f528f6438bdeafa59d85b9728766b895713a81526f7a9972ac70c950690a946565676eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f84ec248e265626f560cc677b341bce3

SHA1
9aaad056e1392193f74c907e79ff36c3b32d04c3

SHA256
c05c1b6dd1b7135228d2bd93aaf801a316f85de7243731454e02055cf66b4d0e

SHA512
8bf8aa564ff754f760cdf2d075629cd0cd67c428ccf9df609d4036ebe9760f66f83a8b6fcbf8ab265f8486cd1de5d7d301d1526614af2199773fe4017ade2bf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab22CE.tmp

Filesize
67KB

MD5
2d3dcf90f6c99f47e7593ea250c9e749

SHA1
51be82be4a272669983313565b4940d4b1385237

SHA256
8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4

SHA512
9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2382.tmp

Filesize
160KB

MD5
7186ad693b8ad9444401bd9bcd2217c2

SHA1
5c28ca10a650f6026b0df4737078fa4197f3bac1

SHA256
9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed

SHA512
135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

Download Submit
memory/1244-0-0x0000000013140000-0x000000001314A200-memory.dmp

Filesize
40KB

Download