57e3821ad5804c3547bd92afd38084ed64da007e8d205fa6a7f7aeaafa156862

Analysis

max time kernel
0s
max time network
133s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
01/07/2024, 19:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1c353ba1bf7ec7594e57873c264fbdb2_JaffaCakes118.exe
Size

150KB
MD5

1c353ba1bf7ec7594e57873c264fbdb2
SHA1

d0c175286cca03add25071d5d64b50ab8b5a7e1e
SHA256

57e3821ad5804c3547bd92afd38084ed64da007e8d205fa6a7f7aeaafa156862
SHA512

8129260bea7759623651eeec00ee361cfec18b8aff3968ef9f5cb24480353b3e3aec8db221e8b0a7416d954a68d13df0f63b03b4cbe323ea40ea9618e24d6a98
SSDEEP

3072:JZMJnTeM4cJJmLzeRfx6qlhs9uH4xfTMAiCAMH4i8G39kq4FtbzOtXuQXMmwIP4y:3eTeM/8zepx6qfh4xfYbCAE4i8G39g/s

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1586F1F1-37E0-11EF-917C-6A2211F10352} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2812	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2812	iexplore.exe
2812	iexplore.exe
3048	IEXPLORE.EXE
3048	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2144 wrote to memory of 2812	2144	1c353ba1bf7ec7594e57873c264fbdb2_JaffaCakes118.exe	28
PID 2144 wrote to memory of 2812	2144	1c353ba1bf7ec7594e57873c264fbdb2_JaffaCakes118.exe	28
PID 2144 wrote to memory of 2812	2144	1c353ba1bf7ec7594e57873c264fbdb2_JaffaCakes118.exe	28
PID 2144 wrote to memory of 2812	2144	1c353ba1bf7ec7594e57873c264fbdb2_JaffaCakes118.exe	28
PID 2812 wrote to memory of 3048	2812	iexplore.exe	29
PID 2812 wrote to memory of 3048	2812	iexplore.exe	29
PID 2812 wrote to memory of 3048	2812	iexplore.exe	29
PID 2812 wrote to memory of 3048	2812	iexplore.exe	29
PID 2812 wrote to memory of 3048	2812	iexplore.exe	29
PID 2812 wrote to memory of 3048	2812	iexplore.exe	29
PID 2812 wrote to memory of 3048	2812	iexplore.exe	29

C:\Users\Admin\AppData\Local\Temp\1c353ba1bf7ec7594e57873c264fbdb2_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1c353ba1bf7ec7594e57873c264fbdb2_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2144
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.819ic.com/?e
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2812
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2812 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:3048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
de2b7c1c5a156b4bf865c7f97fc513d6

SHA1
2b7b37103a12b4f519c65bf36f5565b3ab7286ff

SHA256
27f09e6f0fda58736a082f0d7552de0d2cc45de5aae0bf280b33667fdb8a4dbc

SHA512
24f098d7cc2785dbcf72647d2c5a84a1df63baccfb84663e5aaa5184b8165f087082b34212bab4b10f6637260baf1069c4953749e7488cc2eb8ea4f140383bad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
be24b97c107a1741b027a35644eaa8e2

SHA1
552528c11cf44d0befbb197d67a46752abff3b52

SHA256
f18df99e420d6ec1488aeee4f97fe851bc91a0dc523c490e4c3db30db473c95d

SHA512
818dcc926939cb1ba2724c151e576a694a9fa1dffc383693b0050f132ad743e46713165c5d2ac4dd1276a03451d247168db67dfde71b62815a1ecb35abf51115

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d88882318532e59299f6f2c5569cee5c

SHA1
702b7311d81b7a105a263294fed937712419f752

SHA256
64f6ea9aacb7749eeda920e7e47b68e41dab2247e751644d1a049f1954668b5d

SHA512
f0d7894004180b69252d17c6822e84faefacf5d6b5e07bf9117cc9901baa96cc9986b0fe2e57307c048112af3637c293afc23c42d9db71e98d6ffe770e2c0b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ab0cf4a946a97d059eb31a06f3aeda28

SHA1
2e729623ed43a8c698c872ce1e45559ee79c8305

SHA256
c1b8088f93767d9f28868d9dee4e2fe9b24b50592c73abba59f6bb08c83d5941

SHA512
ac5aa429b7f498f9513f1071a74fce229b0805dbf137d0bb98f88de2ff58a5f22a68e9d2c9f9afb300e293a9768d5f333278574c9f07f57236f34904fd6181f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ee8e71510b6d62ced1a9b678ff61492e

SHA1
b8acafaf57d2929cb2215cff2a4133b40d107b25

SHA256
7613345d9257dd628e5eeddad81e440fd5856ac9a18ef73ea4eac66f4779aea3

SHA512
05982a42fa456f6519d7db24b6f49a4a571467a82fc71d607604c50bef3285cacb3e41a4ce24e4a4cc98e40b972912bfcf15706d2a24885c922404bf6bf6921d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
168119cd4428bc5b44f20937a0304d9a

SHA1
a87207d8d1ac85bc1b26c9cc603413fe77d74c50

SHA256
c7e31a3cbe5dbc27234ac0a96c754fa4aa883a70d0ed429100b5611840d23d76

SHA512
28fb0d4cd586c6451f564f94ec68c2663b645b079c576fc9cf45d550914b75e8b53a01f860846e2acf4c7302f24b40eb58275464cc7b6ab34c71234649728d0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b62919b6475325010136c6db9bd8b7b9

SHA1
e76fdbb841268c9f6fd94323b8c8e1df85ebeba1

SHA256
2f66452e2fce253e37fd82275f3fcf9ee6b14fd3d0d951a84b49ca18445243af

SHA512
e15dfc28ecbdc35ea8f37998887a6f8a97cfb2d528f4d12ebb3ecb304f0ddd25db6ab3cd4f2f7f1a16eb9dc25e1d74760a002184eb2e67e12b7b413fa07ab0c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
91aed21a56b537e7322049fa515eb77e

SHA1
30cdd7506083b8e21e98265ea382dd9a4f2ba6cf

SHA256
ecb905b6fdec6758c1ef068c1a26c748d7c2cd1fd80fb73686bb9650d8e515b5

SHA512
1757b225779310e0b324ccfb95b9c1d18b678894bf755243e2e635054e289f2567b50efb49c19a569cba1f86499276fc82d15d7e3a843634253011b76edd26ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8af276f8cf5d01f6c48ab93b5e0a05d2

SHA1
f9d3feda6a6f0e638e3f81647220cb3bff06116b

SHA256
084661a80eb45f93856f106f16ba6c66839bacf904bf65e8a8e03050290ad6c9

SHA512
8981f9f663777e1c20d3c9778f7a088c31f59841948713fcc72ce5b2ec8cc41dce21d64291e203c9608e45908cff7ceee1ff744aa84f1b19492b98ef3fdeabc4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8e0e8c222da829dd52e5b3283e16cbed

SHA1
bc3a4cc569b628b099a5d65c4f360bf42b009830

SHA256
8944775781a57de4bb36f0e3de1b4bfa223ff375fe013340e338545fd6337ecd

SHA512
8e1af33b488b51703411266ba4387e29f574a89b84cf8ab4cb9d6e786d3b4905780d1a5047de08a00befa6c81a3e9ca7a8f1d3672b7ed97f3af3588e46cec7b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
500ee4162629469663c98176f8da4e1c

SHA1
214d70ff143c056f0d5aa49f4798cb23c96e161d

SHA256
5ecaa247dd401f3d03ace7fb40c7870a7ff63e71058e82646bdee3da5fa1ec34

SHA512
b863a272f67cfdf048b6a514d38516f53b5db12dea4c71d57a4bec37fb783571bc7e7f21b03688d637f5d2ce6202532d6278b2dcc6ca7365cb5c172a7ef05e97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4f83341acdf5c19a38e7a2082ad8f60f

SHA1
536f04ec78619e417948419ec20833f4ddfb0323

SHA256
c40e99f8d0a5acf5d4e4c9ad26049673c0da9e3b576f9d611a4ffbb67bae7f96

SHA512
34c36a8836ca565d9ba03ec5c1f9ab029fa3562545d11c3e3d5e525ac368d6c948a113c7c31c2c2633c19ebd98d0e16cad5ecd07cda168e5d22f74a0e8474d01

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5e7976debf6e09daee92a36ac0347811

SHA1
ae681366e915db3602729629dfbe7969834fefeb

SHA256
6f5763b54929f59a8e1d0436355857331072e5b2f4a1725bd3d98ac3092e08ce

SHA512
e9cefce8fafb0efd7ca011039b31b85c86af9587f71d5708627a6c2ecc47e1c973da1fbf48084fda204c543a37e51bfa09eb77809c736754f6767a4c11b716e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
30aadf264d17d61e074f8403787896a0

SHA1
8294665335b53f2dabffa2bd932e2bc91f918793

SHA256
fd2c52ea8019cbe4d76d9fb2e65d0e9033a24b57639869606c551b668e1154fa

SHA512
8ea17b147c033cd518791cbcac090b76cec8e0b6abd20f73cfc53059bb19f06b7be342f98964dd2ad93e5189611044eb09c9b23d86a523e2708a8f8c8c7737c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
64928f187a8e5d5dc6912dce5b0f186b

SHA1
f7d07ed02fcc94c548db97a32be3103b341aa95d

SHA256
48b0ca3a58fe509f51c521f349adb3e3cb2759a1a396733c612482cf9869bd78

SHA512
2120ec66488510c69adc61a3d34c44148146d342829b71f1a57d14ef902ea33c13844b0c2d1a0f43ff7a9028f8b2bcf082974764a7beb224149284b8281d5aa7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1d668a7e5976513e784aaa2914b9a15a

SHA1
3785bbdae08d37b4179a9869eb147d1e8bf38f48

SHA256
7da1e97d903bd927dc529b725f78d6658c5d6a6b325b95e6209e851e72ddf1fa

SHA512
22de33d48484660bd6194a422943da3b540a6c7d2fd21c27321932d8aa5a7e6572e445bd2a2b762f34ed39b12ed6d34271b9c03845722fc53f24ec69e8c07f8c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0e5d610cdb4e6cd4c0ab6b3cb0db0957

SHA1
197d9ba513f6895649ac5e4f38f31626ed989a2f

SHA256
c72ce17e071a828c2d9fcfddb32133e2df950e9e82788420f5a112af1f8fe55b

SHA512
aa5febd3022e4e1790578f83d8b5e6f562c78306d08db0c509ae1d24a611e646a61bd8555c9515b78cf37145363e7874824ed2fa4d6960435c8af34521e024ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4A5B.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4AEF.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit