3a54832f6a8611b03ead5609d340d4e6272946b785b468bbf51e5f18178b1bed

Analysis

max time kernel
134s
max time network
128s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
25/06/2024, 16:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0ec0b2a61348e72d17d2ae28611f3d36_JaffaCakes118.exe
Size

18KB
MD5

0ec0b2a61348e72d17d2ae28611f3d36
SHA1

33e03e29fdcf638a7f6487081bc32e432325dc74
SHA256

3a54832f6a8611b03ead5609d340d4e6272946b785b468bbf51e5f18178b1bed
SHA512

8d32a72398ab69e8ecf5a1748f43588556d2b443492e42aa0216dabc8630a7d381062c20d13c160ee0be5dd7e0cbc3ed0034f485f6451d55bb0db94acca384db
SSDEEP

192:nLZV4gLjHZriBipoLzlkqfz5P+VUHvzTVCpiQ5SMasseci2rdZzFNFgxSqTVKSLI:LHV5xpAzWq9PjQoLsEfzK9VLIc4bTQL

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FF581781-330F-11EF-BCC0-5E4DB530A215} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425494795"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2956	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2956	IEXPLORE.EXE
2956	IEXPLORE.EXE
2960	IEXPLORE.EXE
2960	IEXPLORE.EXE
2960	IEXPLORE.EXE
2960	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2944 wrote to memory of 2956	2944	0ec0b2a61348e72d17d2ae28611f3d36_JaffaCakes118.exe	28
PID 2944 wrote to memory of 2956	2944	0ec0b2a61348e72d17d2ae28611f3d36_JaffaCakes118.exe	28
PID 2944 wrote to memory of 2956	2944	0ec0b2a61348e72d17d2ae28611f3d36_JaffaCakes118.exe	28
PID 2944 wrote to memory of 2956	2944	0ec0b2a61348e72d17d2ae28611f3d36_JaffaCakes118.exe	28
PID 2956 wrote to memory of 2960	2956	IEXPLORE.EXE	29
PID 2956 wrote to memory of 2960	2956	IEXPLORE.EXE	29
PID 2956 wrote to memory of 2960	2956	IEXPLORE.EXE	29
PID 2956 wrote to memory of 2960	2956	IEXPLORE.EXE	29
PID 2944 wrote to memory of 2956	2944	0ec0b2a61348e72d17d2ae28611f3d36_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\0ec0b2a61348e72d17d2ae28611f3d36_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0ec0b2a61348e72d17d2ae28611f3d36_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2944
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2956
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2956 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
65950feb021e5b9b0635c260c44bf1b5

SHA1
aace5e9f388e2c9faaf1e71ed9692c83ab1efc75

SHA256
03702031f126c31d0127729f878c15de0ea5f985ae157e39fee64b794451dee4

SHA512
ca36809b613a1249a7c51a38bf0a808eb482b99a6098ae77da8554355de036c27bb5186c2b0b7b0319efd2542accccdc9420f8b351288b38e6c7123b3aea62ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e1453db02673e97d2d565623acf34df3

SHA1
4c367531df234ffed1394cda417131ce58e3f59e

SHA256
5506a9368bf85488c24ac0ae83a867d4e70157824af4d3105ff5656cbe30a767

SHA512
468504cd156fb7c0b04a4a8e66c466c6a0069365169b3c9ce5dc022d26e66d75b1861d0e40b2745c9eeb247186e05d5ba68f41acde47adcbe17e406ea7b77f30

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0d14e3070fd92dddf051841dd96cf552

SHA1
85e4a6e3c223a63ed0076f19f147690959466a18

SHA256
820d8d038f8eebae7074034c52c9a33dbb0c1df2010fd460c4f198b9cfa68d4c

SHA512
ef1dd8bf30c291a45ac9262f1b9b2b0cf6d56acfcd4c220ffbaf571dd613761efd1347ad9a8eb5380240689df363c285cd64ce2845ce9b8184bac44a86dc8599

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a0a95a719b34bb9ceb50fd17529d40d

SHA1
f4e198469dbe9f916860547276ed55a8d4379dbb

SHA256
36af03740d60f576a1def10b5c1b6736e81b55761c63d765f2f2c2829ab8cb27

SHA512
a76b2d0c90840de2553ba0a404475b983fbfc6f45522e97f105136a5494b324906f706f06c4f98b6652b16bb4593d1e83ef950494fdc1dd220979b83fe97c430

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
96f315f396fee1ac576e05427096dfc2

SHA1
baf2fc4a1a7f7610d3b45f827cbca8038b160c26

SHA256
f7a103a451ed30ee4fb4b0bff903cb9994a43bbd15931f711904cd01a0625cc6

SHA512
2d42512210db03c420db7cf85c652e7374451c4e9445989aa1dbb56c3ffdf2ac7b4e0e01d4d7f245357498fd92921e3d36c07bea6572fd4fe80a22eb72beae70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c3f2a69d9132908b650b274608779777

SHA1
a5491f59d4dbc8c5110ab669c0ab562cb9a24214

SHA256
1f5beffdb1ce8d4fd0807d85aa603e971c682e4bbae38b638e078c8a9ac641b9

SHA512
2e82d232279d5995531fb737c00273c938cd7f5e46dfb18d788eed35e0b82bcb4de0e4ca1e9166f5b8215ae0d4665b8e3c0a71d336706d82e7ea121e92303913

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ba93725a63a1c0194ec7617906e06e0

SHA1
cf465ca8cdb7de3ff7def96978e448dd50dadab8

SHA256
b7044f1d7fa3093b4640e980f33bab37f982018b9093af96dbc92f24fc8f6ed8

SHA512
fc7828dc04f71835cc28c692501c1d5cf4b4f3e7c487cd7107dc99e12df825e2f42505431bbd6ab40603c6fd170a48fd3a4edad8a664a4d643a461c4aba4b719

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f91c2ccea5717ea8d5771cc2e160ae88

SHA1
16b017bf244aea89ca417226eda3463c05cd8e9b

SHA256
5b7b0a975f8eb9a33e6509e63f75cb6579e17f83094bec0185dc8e103abfcf68

SHA512
67ef543f448026cabf56fb87641be566df5f0a8f91ab17b1d0e90dbcfd50bf9712b904f27da414ddc09bf4c6c03a2310c016546ea7f17556aa01b3099713d07e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ac5491eac57b5b063a37ba7303063d9a

SHA1
c488be08e04cbe7b4b1eb8221243ef17e7d771e0

SHA256
99e8e3de580b4cd513c7016606db1c60a991543255f093a2c86cba6121243f25

SHA512
8687ff3cd204be1962c594ea64777063eab3dd4ac920d9db2bac1f44b8b4bdc1a6cd5522e30b8bfa2224ceb460d65e83f04fd3f2fd4f3b60609b1fb9c81570dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8e1647e57a7fd9f93d25ca2856ce0aa2

SHA1
95f266037abe11d55e44a58b788a81d4282bb2e0

SHA256
764c81937f3e7fa0d7137dd03da43bd5a1dd719a5543404e7c3c813abff51ccd

SHA512
eb9e20ef98ae3c0fddb460957a77deded7b429d905f71249fcc5689510126d7d4c83c9ce137ef9970282a3a1bc1d10cef7a38aca54b62664c05b6955ba6f7fb2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5d4038abe97abe87bbe9d397a1cca73f

SHA1
496bceb69f0637f9afd4221558f25e597fbb36f9

SHA256
d04497545aa74814a37b5ac0222c03a1e2d02e203472a820c324d519155af5b6

SHA512
0d4f69450d9129c770fc6aefe67683748ba248cbba6a382a6bc497c97cf1340e78d2fde9408783bb149dfc043594698370b7b0217f8339543153eb26692effef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b67d8575781f7402386dfaa5a6f4dcb

SHA1
aa70ec27a85708c26b6a844e0deef4a989faaaa9

SHA256
bb3cf43d41ae7535ad479196414f156ea5484ba891d5cd46d34ad21a6338f91f

SHA512
a4c11d7244aa6b067da1d5d268a8463fbb71daa4519c36ff92e2e24e90506c4769f962ee429a8ffb8115afbbb76a512d2d632772a7ab0ddc952e3ced4f76dd90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
18126745486dd6901d598a914f85b2b6

SHA1
6ad1c0c4646d21bb9ba05952a50b78d3cc923e8f

SHA256
81c613fe3b6b2d6b5ecb8c1383e75a7572634b77d409013e4967a6da090585c1

SHA512
cab290a297adfffc392f2b9bc58231bcc32da3b109ed3b09680097dd0fbfca2a373ca1b80e8c2f4afe9a1ef0845641641458368b1ecd5f6ba35d81db08a66d5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7f40e9da09c0aaf4077fd68033098127

SHA1
db36e20aa37a9979340cbcb27300524e6670dc34

SHA256
a258b950b192ed1cdd0707eaa944348ce4ecc3db306291fc113d27b9bcf69fe1

SHA512
01de1ce71b69e71f56573b0c19f37b74ce755f0e69db9d997fb32fcbcc1c7973a5fa7a77c19729274050677764f3a95e7a66bb9505ca5f588b963719d36689a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
57612b3794ebe14c144c521e4c8c2eb3

SHA1
bb2453705d1bfb3003bdbf9fab06d3a7e392f164

SHA256
584aefdca859d2cd6fb5e2bd190df5c2c75bf980b777f666572d21038193ab32

SHA512
380121af6ee3827e5d38499ca606d15ae3f20e975bdbc26899ab9ee8c462947637e1f7173d003297b6250253962e570fb0bbe720afceccecf92f40641d93a634

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f74e04dbdc69de72dbb69ef432157002

SHA1
65df8ca441eea871483eb8b939379f2bce3feafc

SHA256
49eb85a159a86b5e416b4a7aba64a19527fd36c71234adcdcb6a4add34c4ecb8

SHA512
3f839eeda8dc090da08b92828a2a3f37559220fc439a2d0aa2726d2fdca6901e9b0ffb1fd969a03cdca9aea9ea8c6d6e70eceb0b4c00918a6716b47474d6f09b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
667695c1040fc82f6ccfc83da8d0ca95

SHA1
5464c1b4a3bcc7e64900d011b5b266ef54e1dc8e

SHA256
31bb647d98d2f655bea3cf7c52be4caee88f559c6455d7b0f0399d7fef1e3799

SHA512
c016dbb3336ae00ee8598bbff4b9b4f822b201abd68ee302789601a3a3b7a6b29a57a0ba33d8eae185ca548d1ddece4ef98ef955301b56b7485a39f6246b6751

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
05f69732d7793f35d8a83c83ef03ec34

SHA1
d9d3c65da6486356482e103c17842d4e2f8fd33e

SHA256
7815c09c49fc0339be9290b7555354767604e4b280d8a26abc5d9b7ff6eb5550

SHA512
dc84a4e523a8c249f5236743dcd651a67533dff64ba7d1a9ff0b56f3f934748f63fdc9636ceafe635b20b1cf36715a4201163219b1910cdead1328417c6b7e8e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b561370f28447170d48978c9b9fd934

SHA1
818809eeb9b5cc94b6c97267e19901187c1a47e5

SHA256
0417e6306bd104ba1edcd0194ecdbeb1b1336092c3c1fec34b17b7ca5a7e448f

SHA512
b0f738e84eecbbf057bf8b9aa50027045435f4f997f4a7ea1ec885bd8243d96ec01afd35c3661a42c67d8956fb4e8aa394cfdba2e4f4c0478cc3c81091b2e496

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3620.tmp

Filesize
67KB

MD5
2d3dcf90f6c99f47e7593ea250c9e749

SHA1
51be82be4a272669983313565b4940d4b1385237

SHA256
8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4

SHA512
9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar36E3.tmp

Filesize
160KB

MD5
7186ad693b8ad9444401bd9bcd2217c2

SHA1
5c28ca10a650f6026b0df4737078fa4197f3bac1

SHA256
9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed

SHA512
135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

Download Submit
memory/2944-0-0x0000000013140000-0x000000001314C000-memory.dmp

Filesize
48KB

Download