Analysis
-
max time kernel
94s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
25-06-2024 19:31
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
0f420dea2f31bda390fde01504aae407_JaffaCakes118.exe
Resource
win7-20240419-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
0f420dea2f31bda390fde01504aae407_JaffaCakes118.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
0f420dea2f31bda390fde01504aae407_JaffaCakes118.exe
-
Size
224KB
-
MD5
0f420dea2f31bda390fde01504aae407
-
SHA1
d8b7392dd52efcabd98c37cb86844d0626fed7ce
-
SHA256
979bb6a35e4809c6ea9ba0528c75c8cfa4df314fce6acecea7cdab3e65b27543
-
SHA512
c70d680a26738ce7c140efdaec66c27745b956530b20dfda8bf99c6ef9427c8c97ccbf3b3c5b1a68c01f7e3e6616f9db9dfaf33573a54c0f4f063dfe42a112d5
-
SSDEEP
3072:WkwVCIKFAM8RVMle8TIyou96Q19/qgDb4+fax70DtQO6Cdkn:U05z8RVD8pvv/xc+f47OQO6Ca
Score
5/10
Malware Config
Signatures
-
Drops file in System32 directory 1 IoCs
description ioc Process File created C:\Windows\SysWOW64\msxmlfilta.dll 0f420dea2f31bda390fde01504aae407_JaffaCakes118.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\SearchScopes 0f420dea2f31bda390fde01504aae407_JaffaCakes118.exe Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3B} 0f420dea2f31bda390fde01504aae407_JaffaCakes118.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes 0f420dea2f31bda390fde01504aae407_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\SearchScopes 0f420dea2f31bda390fde01504aae407_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{0633EE93-D776-472f-A0FF-E1416B8B2E3B}" 0f420dea2f31bda390fde01504aae407_JaffaCakes118.exe Key deleted \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A} 0f420dea2f31bda390fde01504aae407_JaffaCakes118.exe Key deleted \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes 0f420dea2f31bda390fde01504aae407_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3B}\DisplayName = "°Ù¶È" 0f420dea2f31bda390fde01504aae407_JaffaCakes118.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A} 0f420dea2f31bda390fde01504aae407_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3B}\URL = "http://www.baidu.com/s?wd={searchTerms}&ie=utf-8&tn=s001_dg" 0f420dea2f31bda390fde01504aae407_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{0633EE93-D776-472f-A0FF-E1416B8B2E3B}" 0f420dea2f31bda390fde01504aae407_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3B} 0f420dea2f31bda390fde01504aae407_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3B}\DisplayName = "°Ù¶È" 0f420dea2f31bda390fde01504aae407_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3B}\URL = "http://www.baidu.com/s?wd={searchTerms}&ie=utf-8&tn=s001_dg" 0f420dea2f31bda390fde01504aae407_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Enable Browser Extensions = "No" 0f420dea2f31bda390fde01504aae407_JaffaCakes118.exe Key deleted \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS 0f420dea2f31bda390fde01504aae407_JaffaCakes118.exe -
Modifies registry class 20 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21C0F86B-4348-4C88-AF0C-9149DE70E132}\ProgID\ = "MsHttpApp.HttpFilter.1" 0f420dea2f31bda390fde01504aae407_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21C0F86B-4348-4C88-AF0C-9149DE70E132}\TypeLib 0f420dea2f31bda390fde01504aae407_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PROTOCOLS 0f420dea2f31bda390fde01504aae407_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\http 0f420dea2f31bda390fde01504aae407_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\http\{21C0F86B-4348-4C88-AF0C-9149DE70E132}\CLSID = "{21C0F86B-4348-4C88-AF0C-9149DE70E132}" 0f420dea2f31bda390fde01504aae407_JaffaCakes118.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\http\{21C0F86B-4348-4C88-AF0C-9149DE70E132}\Last = "1719343891" 0f420dea2f31bda390fde01504aae407_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21C0F86B-4348-4C88-AF0C-9149DE70E132}\AppID = "{73A7FFA7-AA3A-49E5-A777-713B7DB78E9C}" 0f420dea2f31bda390fde01504aae407_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21C0F86B-4348-4C88-AF0C-9149DE70E132}\InprocServer32 0f420dea2f31bda390fde01504aae407_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21C0F86B-4348-4C88-AF0C-9149DE70E132}\TypeLib\ = "{04F7BD61-E11D-4BB3-B6FE-B730BCA713D4}" 0f420dea2f31bda390fde01504aae407_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\http\{21C0F86B-4348-4C88-AF0C-9149DE70E132} 0f420dea2f31bda390fde01504aae407_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\http\{21C0F86B-4348-4C88-AF0C-9149DE70E132}\ = "ms http handle" 0f420dea2f31bda390fde01504aae407_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21C0F86B-4348-4C88-AF0C-9149DE70E132}\ = "Windows HttpFilter" 0f420dea2f31bda390fde01504aae407_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21C0F86B-4348-4C88-AF0C-9149DE70E132}\InprocServer32\ = "C:\\Windows\\SysWow64\\msxmlfilta.dll" 0f420dea2f31bda390fde01504aae407_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21C0F86B-4348-4C88-AF0C-9149DE70E132}\ProgID 0f420dea2f31bda390fde01504aae407_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21C0F86B-4348-4C88-AF0C-9149DE70E132}\Programmable 0f420dea2f31bda390fde01504aae407_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler 0f420dea2f31bda390fde01504aae407_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21C0F86B-4348-4C88-AF0C-9149DE70E132} 0f420dea2f31bda390fde01504aae407_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21C0F86B-4348-4C88-AF0C-9149DE70E132}\InprocServer32\ThreadingModel = "Apartment" 0f420dea2f31bda390fde01504aae407_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21C0F86B-4348-4C88-AF0C-9149DE70E132}\VersionIndependentProgID 0f420dea2f31bda390fde01504aae407_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21C0F86B-4348-4C88-AF0C-9149DE70E132}\VersionIndependentProgID\ = "MsHttpApp.HttpFilter" 0f420dea2f31bda390fde01504aae407_JaffaCakes118.exe