999509b401f64cacee1723cdb375e221566285daeeac8e83ed8720b763c16431

Analysis

max time kernel
7s
max time network
142s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 20:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1c7109e10a8beb6d6e42a24497f3358b_JaffaCakes118.exe
Size

3.7MB
MD5

1c7109e10a8beb6d6e42a24497f3358b
SHA1

c2c16823163ceb065dbcab824baf133122c48269
SHA256

999509b401f64cacee1723cdb375e221566285daeeac8e83ed8720b763c16431
SHA512

7f4e472b84c6f6e223041386a61217b677c4076bc0533fafbf6a5765dfce553b0a90290318eabfc1d4fc02c3929710fe0532c778a2133431ca474094d1b9843c
SSDEEP

98304:1YsazUchZCQH+7maqN9hnC49PyRvOQeKq5gVvArwooTUkwsnR:1YO4B+K7N9hCh3qsBTUDsnR

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 4 IoCs

pid	Process
1704	1c7109e10a8beb6d6e42a24497f3358b_JaffaCakes118.exe
1704	1c7109e10a8beb6d6e42a24497f3358b_JaffaCakes118.exe
1704	1c7109e10a8beb6d6e42a24497f3358b_JaffaCakes118.exe
1704	1c7109e10a8beb6d6e42a24497f3358b_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CF105E61-37ED-11EF-9E46-6ACBDECABE1A} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2616	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2616	iexplore.exe
2616	iexplore.exe
2716	IEXPLORE.EXE
2716	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 2616	1704	1c7109e10a8beb6d6e42a24497f3358b_JaffaCakes118.exe	28
PID 1704 wrote to memory of 2616	1704	1c7109e10a8beb6d6e42a24497f3358b_JaffaCakes118.exe	28
PID 1704 wrote to memory of 2616	1704	1c7109e10a8beb6d6e42a24497f3358b_JaffaCakes118.exe	28
PID 1704 wrote to memory of 2616	1704	1c7109e10a8beb6d6e42a24497f3358b_JaffaCakes118.exe	28
PID 2616 wrote to memory of 2716	2616	iexplore.exe	30
PID 2616 wrote to memory of 2716	2616	iexplore.exe	30
PID 2616 wrote to memory of 2716	2616	iexplore.exe	30
PID 2616 wrote to memory of 2716	2616	iexplore.exe	30
PID 2616 wrote to memory of 2716	2616	iexplore.exe	30
PID 2616 wrote to memory of 2716	2616	iexplore.exe	30
PID 2616 wrote to memory of 2716	2616	iexplore.exe	30

C:\Users\Admin\AppData\Local\Temp\1c7109e10a8beb6d6e42a24497f3358b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1c7109e10a8beb6d6e42a24497f3358b_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://macromedia.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2616
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2616 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
abb95c3ab6c43189a07d658933f24e9f

SHA1
dba92e90434c61b58af9369255686a17ec12c873

SHA256
5a3f8e17a06a55bee585e5b8c3e2e8ae097fb2289b085cecd4aa8f68d3444b26

SHA512
2daf29896ea1db1d34693e4c614d2295d663f0d988019a2fe2c790589adbf25178bf09b2588492770e7b13c52a9009c21daae04ad371c4da4dcd0cbbe90a3c4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5114bbe55d08b8d673637e1c0c1c1204

SHA1
1b69a35dc9ff15c2fad43933508e8052c172e9fb

SHA256
2de5dd5186a4891f94dc573210e111a65b2050a75384addabefe912a42241c59

SHA512
06cced5fca15b10c084b1d0f503f3b3f7a80bbfae03973fe9d32d7873164afa217857072cd196790a176cdc1c9be62b6ee3763dafb03888514bf8eb9b5fc3d58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
147b2f1bd66c69758e88ccea8850ee56

SHA1
b71981d3e7a754571fd44aed12383f744359e301

SHA256
4fdb202b62f8f784dd866796fc06515a7ec1b7e346fd9ed0e75441e1dca67503

SHA512
23535094c01dd4d6f3c5b8ca921dbe10f080d8e9b46149d0af7ff423db445821e914635467407854df367fb81f44e5232ea1474343b12ee1d839b72d5f0973c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fd19e504f8949521232885edbcba7e0a

SHA1
09d0a3ca297c5896fc84f1a6f861baaeea8b661f

SHA256
4cbb5e3ec4796b77a181ade3d35f478af7221d1d29fdb6b4d2fdeb7471f0da03

SHA512
081c6a91c13d1413ca0ce4c1964265ff59408a7aa981578566a7690a4bb3a197666ea15a9d0289e27398a53d2bffecbb478e07df67578215c3655ff4e27594e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
491aba66a20772c4aae3873125853a03

SHA1
cebf1bc84c67b8c700121fdc6627fb8d3fda86ab

SHA256
8bcf2c8d7d47325b779ae2dac1b2288e7d4ed6175441751751128c32aafcdfbb

SHA512
68105af5b2a5a4b7928d15385e147d1081ffabd6b75127c6712958146ad5129ba6d608792df317069af6e2c92485a83d912c57e57faaab0b6fc57c45d444cc98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d58bcebd275a798e7e527c2f6bbfacd3

SHA1
038a1378f62b23d5af5a07c91d9183d8c29811e1

SHA256
f4ccfd86d5573c923934a0109bf24fabf7bd70364d3afbe8c469cd3549412ba8

SHA512
1fa4e1a154c8d761618effdb0e66e023d43041109aaff72f74b55d379928b1c3a0295a83b9165b197ec29a3453ed42c31880664117531115ce10fac409e64ab3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
98c1032e9a3200afa885525bfd8f296e

SHA1
ce518455fae2d9c3cc363c47bb48143cec8525dc

SHA256
5da72b78fe0c801c91c4725ddaf7b631ce2683702519c6bb1b43684eb71ad922

SHA512
3d724e310808e3d20df3ff8e45a6675a576f12f8a54bb7de5692e17b4a4c6664245f3b3992e136c13a69526753385afb1e26334a1745daa936978df32f9985d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
803c1b096376e2a68a58804e69e60bfd

SHA1
6d1aa174be122617543639eab0d750fed0cda78d

SHA256
d7dfae88715d9ca6d60ae0eceba5c906cdba468294a5fe398b469fb0f26ba920

SHA512
251602857e4c1118c08adcc674fdff0c9de18203b295fb8634bbb100410b4db283c0cda25f31cefd33e394becf841ebf981a2b7371256dd05a4b07a936dde3ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5da394270e472d703f0c43780c148f43

SHA1
bd331d29df4411374800df127b171cc6ffc4cc48

SHA256
da83f061fcd9e39ec4254f6ad20f3cf5013c2cfb6a62d266a2d6d26c936639b1

SHA512
1ee831e6224f9a5685335ae9dbd84677ab5922f834417b924674d02b4b5c46bbce0cc9986a192a1f4df27d2d0623b1f340a691ff2ef5fc4732c4ba971455306f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ab6696246b2a6f2bae6816c2a770fe66

SHA1
3f24f838d537afb604c1a4374baa21a958710286

SHA256
80b6b20d7d3b9c1a5a24545d4c115f4dde9aee2f69411877a1d3dc177594b832

SHA512
9b93e052765fda6d55b45fc924433a67e73cc3adf95ab538322f298c72a22a080f8a2c969fd99fd3de5e6d2ef15b27badb3a290b3f14d0e99ce07424bfd611a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
12ea1ab1c4100f3c5aa2cb484f7001f4

SHA1
5083cf1223584c33afe36ea6b583451a0ceca69f

SHA256
ef4e64a366022448b903b70aff2c8b3bc166cda6c1cc9897e558e37a2eb49aa7

SHA512
c758f95257ae3cbf642d5ac982e9f39159d7971a54efe2468f3311e9acf4ceaec7402274d1d8f1bc87b6a456ea9af86e3eca98bec6cfcb299c8e4af7c8e6b63b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4c96421ccd66b375e68b22443ced055b

SHA1
c6c8cbfafe1e7a33a7f3fb6d03d0ffb3ef2c4044

SHA256
caf100c2acf99c7865e6fd7c6d5c847ce84f9cf40aec9b617df8350fbe0673c6

SHA512
b3158ab78cef48bdd40f7b5f96011464d83a037f895711bc2743fa76f56e7c5c1df5179df8d614a6ccc6387b220773b84b54fb5f5dce5ec61e567f7da3c9dd80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a092ef28a1189ab502daf73728c6c136

SHA1
561bdf3fb6535f4c6e2d5079dae45c3265779635

SHA256
f9446f6509ee8d06be85c5b9e96a2bb4a837f56935a72cd73d8d8a4d2eeb6e84

SHA512
ef6aaea79c3549e23908ed499dbd0e3a5a77972a65f934e84691e733dbbe29203e927e832998dc3effd6ad4cf7e985c253192508f8af5da477c19089cf6e0aa4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9f4e6cd2d2e742fb430ee579531b06aa

SHA1
f66f4bc158e2424ff0f985fe4692479e682c05f1

SHA256
0c68c435a17b3b3c34aadef58281e6c61ec4bbb15304404c5efe775c71a8a228

SHA512
b1e51f15cd3c33b2059f88cdf177925eff9b0ef866ffad9f9dae8ed223965fe4eb17094e917b81f3fa9c78d3e6f2af1abc4653189cfe9a675ef0192c1eb8a948

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
45233fb6a974a13892d8b2c9e075469f

SHA1
11419acda7f4ea66103ef7ab5fb961d894cd953d

SHA256
fa4880b6e60c8e6fac1507b8e86dea295530b5b89250ac001dc6e122aee159a9

SHA512
730c33bba21007dda05adc89ae0010c375f53d48123b7054c1f6e0bb2ecc1cb7f626a8bbbce18d150cb3a62039e2ac4c7669520c5d126adfe45e0d8eebab5172

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4d1ced3285e6fbdb5250ab82ceeb6599

SHA1
c9f197e9ff439e9b3ccc6f7ceecab06f1cff10ae

SHA256
a50ed3c6c1fa48ebb86155d6fc7c2955e63c424e5d56cf5d6e8bbe343b63a21e

SHA512
078d9202c63d8627bba2cd61449323fbcd2ef8643db37362d83c1d2052124d62ab5b1a5185e56c8fa219feedd0e12b4e787fcd74f3127fb2beee1e7c936b912c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
09c3ce188c9f7ce96c9e5c05f739bbbc

SHA1
45b80061d276866c54083351aab60e09e45e52a6

SHA256
c8389123902dbee35eb46168bd9847134a6a5aac740885d071a21e38efc128c8

SHA512
a9ae10cff1e681d48e066d7b1909c716f7bd5905258bce86c8e162d45a12b7ea132e8cf19e6bdacb6c8485007e1b212ea6c10060c1bf047a1c1f6121db93101d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
317ebe0cd2b2c1a75c65d6e9db5a2ed2

SHA1
cd695ba39943dae12cbf456ef2d3a6fa45a72cf0

SHA256
7aa573c842c1a4aa66bf956d20f6c9060928f224e0d6a21dfbafec5ae42fa3e2

SHA512
41970fcaee7cea1d680f47ebed708606e5cd78e8ba68a4104f97455de1c17a97b4fa63e892f3dc85e1ee6cf8b56a8a5e60fc6649d0671b62b9357c85988e2536

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e9fc6fbef116f4a69dff47c5da380056

SHA1
c7063f4644dc99725d59092ef08b9c4475261640

SHA256
476cd4a555fd64cf7d143f66f53ba11a444b7d3f257193867259bd8d2b935410

SHA512
ce65e66923a9596311bd8b0f798b5816a4503156243134205bfc03694cd6f85d52873884989858a600e7ca9c4e9f67810f74e7681342f45d6096e9d2d4412eb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3DFC.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3E7D.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Users\Admin\AppData\Local\Temp\nsd673C.tmp\UserInfo.dll

Filesize
4KB

MD5
419d642fe3436fda8bb22eea9c37a6ca

SHA1
c1644131b880c6e03f14de3c79efd27093a77908

SHA256
25c4f65b02eca4ad897d7a623b3ca1290bac836e98ab5ee5f6c527dfb6a41dd7

SHA512
29df088e3b5189efd6fbeebc2f23c5850303d40fe5331cd336bb852d986f9ab66f7bcd963ebf8c4e4eea7d49a6590027490d651a3e4781024c7983a2c456a337

Download Submit
\Users\Admin\AppData\Local\Temp\nsd673C.tmp\spd.dll

Filesize
4KB

MD5
8bb77ed61759966728b7cb065e0081ee

SHA1
b2f1407daf21b301abea7a20cdb7fd181e3ff042

SHA256
ab5496eef3b68e865ef79bca1a88813876589d7d63bc76808d6df38a88eaeb80

SHA512
419541ad425373dab928f00e60bf83b19d53268e6d151d467a13dfabdb7a6a179b93c3f51c7fce394b062d619fdfcac587e3c7110ce1582c9d5e7ef85ec4cdf3

Download Submit