2f1b43e5e78000b839682caecd28b2ac5d3e8c2a97095db4b7914f887ffe0749

Analysis

max time kernel
133s
max time network
129s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
01/07/2024, 13:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1b7ea86edf7bdb595607505b8da831c0_JaffaCakes118.dll
Size

68KB
MD5

1b7ea86edf7bdb595607505b8da831c0
SHA1

5efef91c1ad46b0488ec18ad0ecf6086efb05edc
SHA256

2f1b43e5e78000b839682caecd28b2ac5d3e8c2a97095db4b7914f887ffe0749
SHA512

767c1fba072b1f1206b46d46a7774241aeb0a5cd58d3bde084cf7aa3645c1d4ec44e87d0a0c23909b7dab495f573b842b8619ad2031260b6fe17eeb2da33aa72
SSDEEP

768:BTSrPSeI+n8b1tQ1ztABihk0RGC791frUSzk0eJg5yCpgwDoQqmP3TeagOtLHBoq:BbZgxAQhwIfeMpgsbP3hqsXuqBbW

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2632 set thread context of 2912	2632	rundll32.exe	29

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426002842"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E31CFE21-37AE-11EF-B477-E6415F422194} = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2912	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2912	IEXPLORE.EXE
2912	IEXPLORE.EXE
2656	IEXPLORE.EXE
2656	IEXPLORE.EXE
2656	IEXPLORE.EXE
2656	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2108 wrote to memory of 2632	2108	rundll32.exe	28
PID 2108 wrote to memory of 2632	2108	rundll32.exe	28
PID 2108 wrote to memory of 2632	2108	rundll32.exe	28
PID 2108 wrote to memory of 2632	2108	rundll32.exe	28
PID 2108 wrote to memory of 2632	2108	rundll32.exe	28
PID 2108 wrote to memory of 2632	2108	rundll32.exe	28
PID 2108 wrote to memory of 2632	2108	rundll32.exe	28
PID 2632 wrote to memory of 2912	2632	rundll32.exe	29
PID 2632 wrote to memory of 2912	2632	rundll32.exe	29
PID 2632 wrote to memory of 2912	2632	rundll32.exe	29
PID 2632 wrote to memory of 2912	2632	rundll32.exe	29
PID 2632 wrote to memory of 2912	2632	rundll32.exe	29
PID 2912 wrote to memory of 2656	2912	IEXPLORE.EXE	30
PID 2912 wrote to memory of 2656	2912	IEXPLORE.EXE	30
PID 2912 wrote to memory of 2656	2912	IEXPLORE.EXE	30
PID 2912 wrote to memory of 2656	2912	IEXPLORE.EXE	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1b7ea86edf7bdb595607505b8da831c0_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2108
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1b7ea86edf7bdb595607505b8da831c0_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:2632
- - C:\Program Files\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2912
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2912 CREDAT:275457 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2e4f3cd089085dbeadd53cc380650c27

SHA1
c3aac3aa5fa6be56225d470a928dde06bfa27d45

SHA256
4ecee81248f59d8d77d671a2310da5b4ce75e490d3ba44e2cac7aaa302243dde

SHA512
b060e4d1baf3edd60c8cdde6da8f13459627b419f51a5df12fca3b97fd248207cb49fd61c84f1e83570b88a520269f8d39e6baa36fddb1a4f5715c5ce65137aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
152f6fad2dce7717e8fa8ca70aca553d

SHA1
034678a1509382aebb4a4f04f6a55e3bb874d27b

SHA256
edf29666efe7553b5d040e64c83d2e9f0ccae19d31883df85abd8d69bdb016a6

SHA512
cd6065a6f0c6eb1903482c3073161b0535592b53e1ac313240fc62a19c81fe0ecf2e75bc96d3bdb1bc0cef0f48ae988219b6b59883ad0e79cb5981efe6319673

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
033f76754bfb2f82efc0a1f6e86cd48d

SHA1
3972dfc041c86c55cc5ce02a3f53c2c3d9b8f65d

SHA256
32fa6ccdca52d2ab1d2c3e27144dbf833134f1cf7d746f33fd0b6ae7b983013c

SHA512
7013c7112fb31f7e5a24386e74aa6642237bea57afa6c8d56a80339783de822ff161c41218d7104e544f39dfcbfad407a63157ccc897d912b12c77b5b789438d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8f43ec113d59014e77b33cc78f1506b9

SHA1
7f5108a4b0eefce43f996e18213d457c1a174472

SHA256
1ba22092e8fd101af3aecffa7734a25371db17bb506c1283610ee4e89e977432

SHA512
73186193e43ed9d880ad4fcf75894cb81e053788b166c0acf131d2f7cd3a55f52a2fc246cae9b4ba7778f8fd918894616d92755e606ef67a0f575853dc2bdd34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6f55f8f0d186ff5cf4f0d3f82bd4a161

SHA1
a81e7e4d9f802d2942c429943c9a13aa5aed6a58

SHA256
28f1838a84fc555a63f1bddf2484a5f9f7459cd4ef81770f5cc8962a2f3eba37

SHA512
0c346f9ebd55d39afdf6f0a95f89db10b52705be739c398e72df3af8dcd9016cfc4811fbcf80b83f9927292e8b49500b4d93a0744f7aed2397a0735ac7e16f6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
375b114dfc1ce20e3ddbedb3d5c29f25

SHA1
e41c256d99bc7a6cd925a30dd6e13016de06670a

SHA256
9de7d05b297de44c8ac89c82fc4b0a68cd838c5bf2bd6f59dad602750e43e2b3

SHA512
5f482ef9676c07f9fb2589e6023b397bdfab94203947b9539b10a6972ac1e73e0351833fe9d38e0a6e59722b7adfec7e936184932cd6efa65415cd4be4f803c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a28f32105b1ad3792f82cb53fad2bf57

SHA1
4c83380f7a7689f50247c6335d09487275f2b753

SHA256
f4472d2eaee379864a2a9c0eaa4e8a388e3bfc95e61600f9f273b1591755ec81

SHA512
184ed59fa83e5ffd4690f0dcceb84171cb12690d3f280c749a6ac3495014a157aca57d2a57fc5048699dd83fe08bc76b7b68d80fdf88bbb66ceb72e45e1d43ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
70f66f8ec2313e2ff628a0cb6c593a76

SHA1
1fc753026d13b89a903c97f87ca6b897ca9d62f1

SHA256
0792995055743555f9b9b00ff7015187a5d8d80d09c8c681d74f8c7a03b77bb4

SHA512
af884db28b5d81b3e0d7a49eaf55b9c330d06eae6fb3371357d6bffc1b3fe77ffa0c22a2ce9242bb838b41e199f35e99db1920169f2ec34f731f9f60bc06185f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2d1ad035cf1b2cd4826a53496da52641

SHA1
74e65d9eea11de6d1689164ced83ba0db5b781e1

SHA256
000c454329b2f9def687a9c7eff98036b32dd9b52b0bb05331c3407eef32b481

SHA512
b90612023f63d580e6d202abc060f58ca8a77999bc7cdcd3f8cefaf06599ee54cb910ec13f7e0e437098d87dfed71ac0dcac9ebc5099e4d65cc6b56c38272bdc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
834aacad880bdff1e4bc196c4f6cd5da

SHA1
3590ff6cc600a6bf3a9d1202555b6330abaea26b

SHA256
5ad80079060a2f8d230a0c4d0c9df51ad451785aecf2c82b5a73edbcd4f4f9d1

SHA512
792a4314e3fab2738a39531a4ebfe347a8d37008f03d9d6877e0c967fccc555c36beb6847db160f78ba03160098681c49f1dab3a1d71d24fcecb38758eddeeee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b41604b618d94357fb0d24fa36ffecda

SHA1
b9df594193d6bb51d63ba09516a2b4f2904dc73c

SHA256
eec46eec6b34a825df1afaede94fe4ddc77bca93f431c3821133451b26a81947

SHA512
c37553e4bc5473d89957f139170c580ff20ef5448124631dd62562af9bfbda9c98bf52be22d7269244d19d2e79d2334e9e41a5e37f74dc859d36c0ab24d42170

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8c056d3ac5cde24cfec036c9c5696ad8

SHA1
5a0f9630d5157bf66223d66e0e0529ee31d37cb3

SHA256
9fd32d5285ee14ea6e192749b4f95abf67dc633afedc5a6e741c5d9024bd35d0

SHA512
c0b8ab9a32b78eb5fd1a46ef1b18a6392f8aaacb22a34d5ad8d39f39d9b71722fe7dc98278cd1649a7c37a9fea2d23e104ddde31a9dceb024909f53eb44fde00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0be3c8d17e219e853a80b0c9dc60bb79

SHA1
2280ceb8a8d0d217a3d5a01d3f823ec447772d99

SHA256
bc8c70b957e7dc38c8f7906155bffdefbccdbe494f0ae0e08dce8044c473c59b

SHA512
1e05cc6add702d2f8a57ccf530e0db73a5a2c9ecbf3e1f49a8be1d9c5261e659000c1e1206d7a667fc726d9a512ba2a1e4d4b2931e21869271b70bc814945150

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0b9c3413794da68ecfa5d5968a00ca41

SHA1
785e49acc8feec4ed01bdb7e6298e97ece8b36df

SHA256
fedcc11af874a37ec6f4ce5281375828fb9227a6a6ee24170cb5c27d3d2e89ba

SHA512
3d984ba8e52194772a072513ce0613983500e90643a4e3b356e9e74c4d21f01fea301a824ba2047281add53d1b0fc2f125ede0c7b617d81434580f59934f2a8e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
61cd09c220f267546e92ae325cc5b49a

SHA1
0b07722309830962dab457be4a584d84fd4c0d38

SHA256
384197acf62efabfc651898010a97eb2dafc4b6e68c1b363db36cc3e02be8e8e

SHA512
f300b9a56f0c55ed9304fa12448596d6b9a23c02acd6b6a050c68f2256a82cde8a9aff01219aba0450124ee6ed62f1097f22304cd5c135886639b096bbe09e81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
29fedc8513503a5e4167fdc4fadae3dd

SHA1
51989620c9551f62c2eed546f879bd0a1cc5dd0e

SHA256
ef0db6820097a1a0c56c11f5f620311719c1fa0d0938dd8405ddfabe4885cc69

SHA512
4e54aefd3435b52999e90efe20a59c37dfe53cb8e562fff7ccacc4cd2734e11079fe49e42359e61af83f25eaec4fc228cc887cd7aae03ab68e17266b728a9ec6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2fa56d9e7c5dfca40668345cc945f369

SHA1
4718ca1d2fefcc8c91024ac4a3482ca1bfb9afeb

SHA256
e08e7c919c322b089ac48696a3d7f5da56abc9cca2a0595edcf5fce87ce35835

SHA512
b5c701c531c26f30459c77e4984c44ce4a8a562b54119bc5e7153700c08403fd4309a85299918f023f6dd584f67015820000007a56f8fa76514456777b270ae4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab25AD.tmp

Filesize
67KB

MD5
2d3dcf90f6c99f47e7593ea250c9e749

SHA1
51be82be4a272669983313565b4940d4b1385237

SHA256
8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4

SHA512
9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar26AD.tmp

Filesize
160KB

MD5
7186ad693b8ad9444401bd9bcd2217c2

SHA1
5c28ca10a650f6026b0df4737078fa4197f3bac1

SHA256
9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed

SHA512
135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

Download Submit