39c3d0109581d97cc8296691434aa2a129227203e88bb46d94b5dc14bbbaed47

Analysis

max time kernel
120s
max time network
127s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
20-06-2024 15:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

072a14e14c7b7d405ac76f5f3873b31c_JaffaCakes118.dll
Size

21KB
MD5

072a14e14c7b7d405ac76f5f3873b31c
SHA1

062338e16cc09c3fdbc8f3da256233f55f09d31b
SHA256

39c3d0109581d97cc8296691434aa2a129227203e88bb46d94b5dc14bbbaed47
SHA512

39d07fa068e7240337312e553ac3c0cb590196844a0cf8d903f28e763aa517d8fea8d356f5bad457d215433c0a7f92f76a7dde073249d8f24abc8bb6ceebe85f
SSDEEP

384:jqVmnG7eBAqSGGtghp/z8WebiX3r1FUtjjjjjjjjjjjjjXjjYj6qj6j+jjjjjUVm:jBnGKBAqDIiX3Pd

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425058311"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BAA02751-2F17-11EF-ADBE-DEB4B2C1951C} = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
956	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
956	IEXPLORE.EXE
956	IEXPLORE.EXE
2700	IEXPLORE.EXE
2700	IEXPLORE.EXE
2112	rundll32.exe
2700	IEXPLORE.EXE
2700	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 2112	1708	rundll32.exe	28
PID 1708 wrote to memory of 2112	1708	rundll32.exe	28
PID 1708 wrote to memory of 2112	1708	rundll32.exe	28
PID 1708 wrote to memory of 2112	1708	rundll32.exe	28
PID 1708 wrote to memory of 2112	1708	rundll32.exe	28
PID 1708 wrote to memory of 2112	1708	rundll32.exe	28
PID 1708 wrote to memory of 2112	1708	rundll32.exe	28
PID 2112 wrote to memory of 956	2112	rundll32.exe	29
PID 2112 wrote to memory of 956	2112	rundll32.exe	29
PID 2112 wrote to memory of 956	2112	rundll32.exe	29
PID 2112 wrote to memory of 956	2112	rundll32.exe	29
PID 956 wrote to memory of 2700	956	IEXPLORE.EXE	30
PID 956 wrote to memory of 2700	956	IEXPLORE.EXE	30
PID 956 wrote to memory of 2700	956	IEXPLORE.EXE	30
PID 956 wrote to memory of 2700	956	IEXPLORE.EXE	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\072a14e14c7b7d405ac76f5f3873b31c_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\072a14e14c7b7d405ac76f5f3873b31c_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2112
- - C:\Program Files\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:956
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:956 CREDAT:275457 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c0f9cb3a8784fc7c3ffb33c4b6986c42

SHA1
091d330781aa9002d2fd03ae76dd836011521fca

SHA256
2780b0ae43724fe5701c4a71b090118f6f944f99e2f799d2de329fd678785d65

SHA512
c8e727f0252016dfa6da00efdd7e25e1b797b9a2aba0d48157d6e46c537577ed930bc4ecae0713f2f306652e9b41af707c403e688fd81ffa0785ad4480c759ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f5bb4b315dd15e74e0e11ab242b72959

SHA1
f9f5492b5094403b7fb3554cbb618d7062edde3e

SHA256
4e3e294f535783e0f62cee4ed3f8b66d99248b197b60fd62ccc57de7fe5d3bc6

SHA512
62d22ed06b06dc2a03ebdf773104a6cb24a268a90d3d667737c0c47d2c375180ecd148846c0eb9524cd9c2d47db0c979867ad9955cb9d8072ea71e1c65e8ba81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0692a7aad1280b65f416b3aa3406c455

SHA1
be07d6bdfa10bdad01e14bb0b852ff90335f7cd9

SHA256
b8432c0db394fc084cc4fe8a320d94d6d9a2224227ba91ae7de4b43c28fede65

SHA512
b17391414337b0502f0845fc50b92ba45de7c42929507340c60359087015348fd6f12ecb6be8e9158a2469ad06b5df5ca5be9ae0b203e32ae494d48ef1f4556a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ed85e687eea82db256faeeba9f0a9889

SHA1
5b58ab263e9d109fc0d233437993219f788ca50b

SHA256
12fdfca034da8b8f54f8df3142c8eb33d9b3f865c8398d97390623dcd4aa000d

SHA512
2a548e5c6f2883a8f8f4afc361c1a0a89c74db3563d0f00f69693e9f2e6c41137e9c44f4c7e9a2a229587caffc7508da00b3dc4df3c9f3ae468ecfa9c4223515

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8769901c1f9eea97b73f40aad11902d6

SHA1
121cdb5f91597ebe6c87db9c048ca285d4db1d16

SHA256
8a5e941e1a26db40c39111f445103cd1b28493c059986c356476625b9462a948

SHA512
ae4c876d782841826ce39ee6d2ba41302fd512a09baac8ac5d599bfb5878c8a5021ae0b1966353862c1101cf1f2eb534b6b13d1fda29698cae56350bbee4fa0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2961985259f07d3d1450e57ed2f8ef46

SHA1
7027d6eb6a4e6259817631015c809a65287cab47

SHA256
d75b591c150dd0bb2323837675e1b015aa8077ec1c7763822173e106758b039a

SHA512
27222562ba7b7dbe69295de99509be3405fb0e4716c2bf0f9a6c62c434aef5eb8a8b6bcf7038c3ff4db1040198fc968a0bb3f950fcc6b7c15bfc5ac4d56d7dd2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a6631f72635b77ea65ad69c026a1abde

SHA1
793c5ab913b10dc74e5e334a9483678a87f4d02c

SHA256
f8041ec4e37a0afc05dfc571a1b8fafa9c6ff0b4b0c380a3a7fcf600c6a28c4f

SHA512
8f2fc077c987f535fcea7a647d4027326ae143c81069561fecbfc99a4503b09c6de3df996978f814be8b14be07a5a9595c050e85ff1082fb790936f062345fba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5a553f7c9aacbc995bd9153ed0e321d5

SHA1
d69ccd7a00803cc2cc15b81a53e8d8defd739b3e

SHA256
2d654973b13827d13bea794acc18009afe65cc7e7615afbdcadff1dd52cfa3f7

SHA512
09d7ade46969bc01345755e6cd1f37b18805e0cd80f74ecd5626f18f0fb6600efadc1fe74e6fcc4a8835ffd979d4557f6746c16607cadf0b39878bd814e2f32c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3e8027d766529e3f941dad159afc0dc4

SHA1
5d8ed39497806ad178dd30ebd3779216f0ba6493

SHA256
80e2459fffc5c331f73e0b89e845603436c99f62d68fff808a1e4d5f0cd7c236

SHA512
f943bc4b0d3c176633770f53902b8b2510f13154a9dd73e9f2a3621fb3a390c7afe686910739ad04b094d529a2db1fb2c557669ce4cca85676a0b2a0c7b2a94e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
14b769776809c65918adc28effad1710

SHA1
669df94f2bbfa5c2201e7fb686a4e38dc275f0ac

SHA256
fbae8e8c208c72658cdf6dbc2877780464513346d4efa9df95f4f6d0f1b5d84d

SHA512
9df17b81051da4e9150087aec14fbcfe8e490e2030402fd46cd256d63fdc47889508ea82b9d7539e55fab2d24e62bf03056db1559c1c3f53dd579470328104ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
636c35d0c05562a87facc9a45bc0bf91

SHA1
1461bbff69da199bc30031e91161ed540588ece5

SHA256
b4ccaa379909755f4414e4a05695a4c4b362e9ed412ed117ec02b9c5b583d47a

SHA512
556aee7a7604311614849caf8c6bd1adb944039649f8f537f85506a9cf79549b52739b5594f82312e25d1d6af02e3a07a6302ea8acf27c50a3271c8e0d7764c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fce724dc7a3c342ad380f4d326d8b0e3

SHA1
f42ca35114752433620b919fd742fc31a73a3759

SHA256
4151cd1ab361e2c6d9ed31e230a0d3dae574386f71397b66f5e249aded17169b

SHA512
7207dda89e474263971a4a8f1a395b33827d791e473aa7c76adde473119fbb86184bc07bc2b921aada56e808bd32020553aa5d4933bb2b0921b38c602f674260

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a298e4ec9d27bc669599d11a4ff8e355

SHA1
712348c4026afa2dd4c9d01750d1032c9d150036

SHA256
889475563d7c54b3c1e17915315d76b9c1ebab326d1887dfa75370725bf809c8

SHA512
0a532cfed4deb8ad4f115aa6666027b641949ecffa9cbd403dadfe6ae2260c3ef846bcfd571a0ed4bd56e87d48812c6bb446dc7b7fef96d1f11e8bfda218a389

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
acbff6a25b769703961271fa261c0bb3

SHA1
b7ecd6efc997d653cd721a509f2e51a949427fdc

SHA256
d29b58ce9275069b7e7c5d37a61a81d3361115a45f810a14cb1443971e19e405

SHA512
ebcccccea924783a18b8710428bd6d3e966bf8b448a46a7db3e2b090726d31d0cfc38bac735ec4f0b3ae7748b0d172a6831716d80c16d257d8ca38d05330c6d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0c07341cdf9acf28c62b7e1c068bf515

SHA1
0a0385e61e3249645880f84ea4d42f5fc9a3ec3d

SHA256
ba00941e4561faefb7d2c71b4a16b5d72a241f6cef8bfba814ca2142f8ab2b22

SHA512
904bd9a1a55d360303007ae5e11e67886a0a47d65dfe3b65d75bfee5b27d9eb9e0b482a65452df59bffd371fb54e60ff6420c46fe7ee11e3779da03310df20fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5af8c41497a04ee7aa412c2bce11fa90

SHA1
c13a4feed8a612b233b3b3a71b43171404948afb

SHA256
4e1d6d7a061d830e41d454cbdbcc091da94cc85862468e56857e1ac293ae017a

SHA512
1a4357c891971b415f39d9785822795af2d88fbe7aa238f024280d7effa75d81874f43a44ca99ddd0db8b7234a0955a577dbd854a6b774eb81949671994dcad6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
842b06096cef36bbb97a2435654ea51c

SHA1
427b0790b28a5d52a20f1ca7056704bd14b424fe

SHA256
b1f360d7693a9bc2318019f1c797db1d2ee6cad72a6ca59eee63ff3f37c65f32

SHA512
123f299222d895ef91a4daa29a7f5b01278dfe57e2d14dfe496374654f23330dd2a43fc261772178ec7992d79ac40b60fe2977af7de32ed509d8ff2b0d9b4a7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a05f035c14269aff564dcd56145ffd49

SHA1
a3bf183bc17fd12b5d4e1316f03aabfe0bf792c2

SHA256
e0357a5a9ea9b3dc14a312e9123d8617412aab99d05612681cbe7483adaec7c8

SHA512
435434d7e46b66836dcebaf8ba0e46854542a5b5ddf1d2e42b8349068e2685b2873a798f066b810a241ce38223562b1740b5ad96ffc38daac46d5415cda9159e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f1532d30fffb821ec19b46033a8ba271

SHA1
e815cc70c9df5c42d5a27892b05a008947b0ce4b

SHA256
e41e860052dab25916eb31f7ee8f85be2b11ee635c21d7916429aef656d40af0

SHA512
4852c1c28376cae418174119012fc48f1dc54a09830be35629cfc19a128dd4a56f0c53b9cd0aaa17926020c4441efba4e39f9395fb482a867f8dad34ce888db6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1DD0.tmp

Filesize
67KB

MD5
2d3dcf90f6c99f47e7593ea250c9e749

SHA1
51be82be4a272669983313565b4940d4b1385237

SHA256
8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4

SHA512
9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1E92.tmp

Filesize
160KB

MD5
7186ad693b8ad9444401bd9bcd2217c2

SHA1
5c28ca10a650f6026b0df4737078fa4197f3bac1

SHA256
9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed

SHA512
135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

Download Submit
memory/2112-0-0x0000000010000000-0x0000000010008000-memory.dmp

Filesize
32KB

Download