Analysis
-
max time kernel
148s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
01-07-2024 17:33
Static task
static1
Behavioral task
behavioral1
Sample
1be479a4903a03ee7bc3bc12796c7cdd_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1be479a4903a03ee7bc3bc12796c7cdd_JaffaCakes118.exe
Resource
win10v2004-20240226-en
General
-
Target
1be479a4903a03ee7bc3bc12796c7cdd_JaffaCakes118.exe
-
Size
64KB
-
MD5
1be479a4903a03ee7bc3bc12796c7cdd
-
SHA1
9c1b453e69d8a64ad790306e6424fbc4bf80a6ed
-
SHA256
a7e43adb100e95600ee2eb98757728cb9fb2cf2e4107c3ec4b0a1cba9b5636a4
-
SHA512
7ce57e504feadc0860156830df0c035bd49a9ae261fa8fbe17126dd09ed07257277eff476cb0a5d03429dade873522b6ba8c6e19203800e3ab1a8dca8b748733
-
SSDEEP
768:ECpqFQuwuL+9WiMOfP6gR0z96A0716ezPTt24jtVjhzJDGbFF8E0yyLvwvuXs8x:TpqFQqHJOfPZTAATnV1DIgyyLYvulx
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 602172ebdccbda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7773acb7de76847a9d8e254bed9902000000000020000000000106600000001000020000000206b8b7ef05a3ff42ffaf591fb8877e2c9737c5cdd052c5e296505039e17a9d1000000000e8000000002000020000000d96317eb60fee527177d42fb1365e216ed00ea7a5698829889b19da690c4c4e22000000076d85cdff895e44bfdc96b945ba91365b7f3cc32d1e9be7251b4d207f0b372da40000000ce880b9e98c378d77db1ff26774ee99b7af040925d7aa366a031e0672d9f58640a98d59e67da6434755348955adcac35e53740fcd0d7ed68d3958ea8bea88ffa iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7773acb7de76847a9d8e254bed99020000000000200000000001066000000010000200000002ace772613954d5923c40c7d14edad1c6db4c4363d2c1ae8d70f800df6952c30000000000e80000000020000200000001072440f9e15db5e5aadf8604f669d9b870d2bc10d5729826013b0772d5e231a90000000f868b38f1c216052f50c8ec2a9e5ba091458e7735dab8cc93b8859a7e5b6c9cc0d0ec229b63be1b1df787241bc801ff83a3cee4b1d2755de607b57b8279adf53e11d9bc7ac3c3b6da0ae5fff97012c2f180bc13993e357a06fca4554e68d89255f485d8dd2ecde627cf141738388fb2177a496442e17f39a1dffb2f6dd4c51996a68747d470d3c2e4766db002e1f5f2540000000b403f50bd6658d69fd3d366d584a949932e7f921ad6bb20097b4ce78ca80516673c7652dc4070622095021a1ac0451ab0962af0acbd368178fd5c4f7c43cfeda iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426017103" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{16A89941-37D0-11EF-B85E-52C7B7C5B073} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1732 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1732 iexplore.exe 1732 iexplore.exe 2488 IEXPLORE.EXE 2488 IEXPLORE.EXE 2488 IEXPLORE.EXE 2488 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 2012 wrote to memory of 1732 2012 1be479a4903a03ee7bc3bc12796c7cdd_JaffaCakes118.exe 28 PID 2012 wrote to memory of 1732 2012 1be479a4903a03ee7bc3bc12796c7cdd_JaffaCakes118.exe 28 PID 2012 wrote to memory of 1732 2012 1be479a4903a03ee7bc3bc12796c7cdd_JaffaCakes118.exe 28 PID 2012 wrote to memory of 1732 2012 1be479a4903a03ee7bc3bc12796c7cdd_JaffaCakes118.exe 28 PID 1732 wrote to memory of 2488 1732 iexplore.exe 29 PID 1732 wrote to memory of 2488 1732 iexplore.exe 29 PID 1732 wrote to memory of 2488 1732 iexplore.exe 29 PID 1732 wrote to memory of 2488 1732 iexplore.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\1be479a4903a03ee7bc3bc12796c7cdd_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\1be479a4903a03ee7bc3bc12796c7cdd_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2012 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.marsegseguros.com.br/2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1732 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1732 CREDAT:275457 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2488
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5891d2a50dbe9440a21eea919afb638c5
SHA1be74c4cd120161b44f8a053ca435fa5d3bb31d36
SHA2564d755e1a6fd2513c3909c1a08532703c22ab1b3cf46c82f0d789a3033c4d4939
SHA51281794cbfd3c257066289e20d14ef107e16c4a47cf6b06c2c0f24387c021570972866540fc0967fa9e58042bbee1853e0436d954e2ecdc86b06a24bc3da2ad6e7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b10e73c5f5a85e4783287e479c3f4426
SHA198dcfda659c71462026659074a34f815a8cfa8ce
SHA256ed8ba6657dfaeff932979286ce3bf466d46f9f7774e0a744db57c9a94aeb30a0
SHA512cb9371ebf9d7a465abc362216b62206a45152494066be75f226c90fc60e946d213d26e3976135ae46b29e0148bae31e18a2e23bb37a371783f679a3fa615f597
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50d0ca77eb2a73c6a590409fa0dd93a38
SHA17d2768d7b8445ed039a9cd87e4004f7cfae36f41
SHA2566e7c81814180266ae0ac2a7b5cfcf0ff677c8bf47aa29c1272b9a3c57ce651b4
SHA512559eef7854f36d1a15bd6933f612f147a7655cc8fb0fe77ca05e3fbcb77cc39347da40176f0810b3d1a7478279e013e9d4be2bd383db61239ec4babb04a92aac
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c5f439e249d43ccd7b279200aee39b77
SHA1e78668bebbd25b8b9a715762ef5f6d3773389496
SHA2565e4f263787babeb736b48d30c737e725d1dfd3b22e0e5c7149666b80b78dca97
SHA512a60eae1e132382acf084cdd13885f5d7d26b5cbacf75dccf86eab28b87f56e5b99aa0cbca68618ae30aae4f74ac5031d07b00824b10aa71502309c2a71a8a074
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD572d35bdc888a09cfa58822ff3184d324
SHA1f02a5f611247cf0ad0dd96d910fba46a099c88f0
SHA25681dc510047da4b469e891915e2926480b6afc9e51a79037db57475227ce7811b
SHA5126c4aac61535a719a0da6eef3f4eac0171148c33a6e5211439a985dcb74b4bd4488be69265c538686090a83ebaf22e3efabdc1ebf9a3ad7cf3ca5d2b387771705
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e20380f7641a2ada3173579596e6d3fc
SHA1cb195420c7f0bffa991e6a00f0fbe8c429285959
SHA256c779ec9d6bb846cc559f55343ea38678393beb411f157f253320a86b10ab37b7
SHA5127de45154a6e291431df139eea989756ff5a41573870dda63390d68cc06bff449aba0116a9d5243b058d6dae8082ae3e2ac006e8ddb62917051ed2c08848d8e50
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b07fbb0364a4089f2d43134e960e738d
SHA1cec2c4a4cb988190d5784e7a10c39dd401f07ee7
SHA2563df233926a07b5f15a6845b58880bd9bcb15fb827f5e1b3a0f58744a374730ba
SHA51282e61eb409fb3c97ab6befca96e9a775819476936313bd8d812bea353949bd14b204b1a19d590c23fc5737e0d6a13e0ba000de248a9b54bfa0db99295bcd8d02
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d0b6dd0ed91751885c539ead3e7dcfad
SHA178462cb13517d64548ef463bfabba160a0165f38
SHA256f4ba55e34d436b2522367f560c39709a741e16c19afb29f0fb715bf6b9250223
SHA51286a90e6bb4c3aecad856a92175eb440433f9115b85bdb9a791373d9065e75185e8848ebbe9dd985c7decae88e74062031abc064a4f647d80238afd63e65685d0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dd054c5bfcc3990feb38e376247c890b
SHA116ad4bc75e5970460ed5e636cc996978da7e4a5c
SHA256cfc2ff8b645fb4d0bed341fd0723dc36f1957ce2a87c668539ed59e061f1b4e8
SHA51280b5a1813921b551c6c990861eeafbafc37dfae475ee1afc2e2c7f90515701439d6b99d676c98671e91647c9b24493e9e7e2c049355ac50dbbd79cc222829a25
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57bec9db7e322e0513a705a4a05dca954
SHA1e1b351f781f56eccb7a30ce1561bdd106110aa37
SHA256848171a3c97f5f5d388018d09c73213be4cccbc82da70a041b24219d45405333
SHA5123e5fe94c6e67bbae575da9a3c494fc60d3dac905b965d5feeccb3fec53d12cd463aa6ac0f7cc3a8c18391d292c75703015f0294e4b77791da83ab7bba5507215
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5790c5c1457609874d1c1c342e0a5e981
SHA1c423112d01e495edaee4a02b00e7aff91465e3a8
SHA256290b67a49aed1c3b50abc8327600318ac27c7a38ca95e2f04b857606c4feb167
SHA51263f5ee0b1d996120bcb4b32e06ee2fe356066326dd981be35379774829d91155612c164ca56348339504d7fceafa5fc747ea52a656b827e4954347b4f5d22a2b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d39e81ecb0a2585c81e3ed90b97883b5
SHA1e7184c80329e93f0cf0253f8cda3b477f106ee1e
SHA25638a41e728680b8e12d7fa5e91e1869eb0a6192304ab37201ed7ed6d0ecffc491
SHA5121e36a818d4b7a3b60bd5195503afa0cbf7f115fe41ba2915daa26fe6f0b71915812933255cf4ba1e7b87653267647288c4eafaa4dd5ecc6612d6c19c86ca73af
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD543a2f053cd9fa00e78f342fcf04abe27
SHA1a94a43ef61e11c4c80c6d8a016a9fc2d2b806190
SHA256cdbd9e0507f2ea3cf831ee34a5091971b4bc4b5bd5e137b3eb4e7e30252cd0c6
SHA512d1669374abfbc6baf0bbf93643a304341db809483c57b537f053d73a9374ef03f06b034e66d8756ba7d001bba5fd007d6135069e6b4d059838f6782d363f110c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD573e5c2b5fdfb65dee7966a966816d65b
SHA1c892bfbb3748728e67906a3233613d1e9a949212
SHA25617f6dd3688d2a1bfe75bbe295c821f56b5183aeba6e5c7967b3d99a17e8af7e2
SHA512ef78196e438731d075a572e6423b65fd188bd87f18028e5417633957e91e16f084b786e4b8e17c47137c111e088341014f57e2bce86775ea29952f1410941df5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD534892ebbcd72d495a321311fe38c27e0
SHA12e47e4819c512503a44081838c135ffecd37a546
SHA25653ff61f5e7a22560f4fabc6ddec749620fd18e9ae88e500c44d24822535b33d8
SHA51255bd1c90a00e6e40739f1efb665830fe0c043bc8b33232babd422afa1bb232bbc3891db012c9a17b295a5b598e8363c7a03af0bbaf1067f6d9887537e8d576a9
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b