91ac828b725248f113f1d804b00c17d8a4ef7e6248e7437014d8da305c50d5ea

Analysis

max time kernel
117s
max time network
136s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
04/07/2024, 01:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

242f54a8706edd4633e0dd88a72afd69_JaffaCakes118.exe
Size

57KB
MD5

242f54a8706edd4633e0dd88a72afd69
SHA1

14a1f2917a66859dd7e4b2de0c6708368d2d7d2b
SHA256

91ac828b725248f113f1d804b00c17d8a4ef7e6248e7437014d8da305c50d5ea
SHA512

3c880854d61ffa744e956f01ff380638f7bdbd071dbd9ae1d8c0947dd5b8c8bdfdfc31d42fafc284c785c534bf8f645aac3c40e23b15a12addfdb7ca9978f1e7
SSDEEP

768:1u88JmsOFMi3tYnYdlDzF9ER7xzAakMIPJTBw5qdHCGHRj:1uXmXWY//7cRGHviGH

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F01B8081-39A5-11EF-B98D-FE0070C7CB2B} = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426218903"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1888	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1888	IEXPLORE.EXE
1888	IEXPLORE.EXE
1964	IEXPLORE.EXE
1964	IEXPLORE.EXE
1964	IEXPLORE.EXE
1964	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 2172	1672	242f54a8706edd4633e0dd88a72afd69_JaffaCakes118.exe	28
PID 1672 wrote to memory of 2172	1672	242f54a8706edd4633e0dd88a72afd69_JaffaCakes118.exe	28
PID 1672 wrote to memory of 2172	1672	242f54a8706edd4633e0dd88a72afd69_JaffaCakes118.exe	28
PID 1672 wrote to memory of 2172	1672	242f54a8706edd4633e0dd88a72afd69_JaffaCakes118.exe	28
PID 2172 wrote to memory of 1888	2172	iexplore.exe	29
PID 2172 wrote to memory of 1888	2172	iexplore.exe	29
PID 2172 wrote to memory of 1888	2172	iexplore.exe	29
PID 2172 wrote to memory of 1888	2172	iexplore.exe	29
PID 1888 wrote to memory of 1964	1888	IEXPLORE.EXE	30
PID 1888 wrote to memory of 1964	1888	IEXPLORE.EXE	30
PID 1888 wrote to memory of 1964	1888	IEXPLORE.EXE	30
PID 1888 wrote to memory of 1964	1888	IEXPLORE.EXE	30

C:\Users\Admin\AppData\Local\Temp\242f54a8706edd4633e0dd88a72afd69_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\242f54a8706edd4633e0dd88a72afd69_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Program Files (x86)\Internet Explorer\iexplore.exe
  "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2172
- - C:\Program Files\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1888
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1888 CREDAT:275457 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:1964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6403c384f8240c186093439fd05c4ef9

SHA1
f16f70e53738cd7f4b2fee6f3c079fe741a8ea25

SHA256
cef767ba14ffa812e0e268aab50fc4693a9f2290e66b57cbb7f1e280b4969c05

SHA512
4fe340d689f7516a5f7861833952b5957ea2eed7858383936fdc62cbe190556fa22da43745871fbd8b3859815923e65aa60f7e696bc49ec8759a7fb326ed4df5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f93033792d97529f73915244b615a000

SHA1
c6c0da2988f22588f605574c16f82734388410af

SHA256
da3cb3a9edfa16aae3c8feb77c3e8ec1a2ac30dcc6479a4b249facace8a7a1e9

SHA512
249d45244c5b54c70a551edde94315cae69bf3556484bce7861ec70b7abc76a8911fe9ea786f89e184f2c11ff1923aa3b86a1e02daa6e54076eec409ae0746fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f5ebd8e9813b53c64a0adcfdf078549a

SHA1
0bfd3ff25b3e5aefb437d430da152c20ab428a47

SHA256
93052b020b0f1956e01d117b8fbd94049d75ba08f769263908af6716cb95c93b

SHA512
e83470b622ab30aa5f6b1784063b9dd9f6548dc564e96585b5c46ae711cdea137142d13c15b94d3ade735dadcc2b9304ed44e5f617c29978e5deeb9d1d31820d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d9a4c0d4f330a15939eb5b9d4086f5e8

SHA1
1b78f93169664c8e4e16a87b59d2743f6a115f4a

SHA256
73f41c0edb4124a7de09e81df10e64dfec8c869b395c6f50f4d78c3f20f1d1e2

SHA512
ec1ad4d87cf9835e86628039e1c3943ff758ab815ac38996e7d2409e745b9dd617e395b84d991b0cba909d2f8d49ed47be1bc02e6c7675f73f1cfcb4f9c1d302

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
665c6ba36ca8da75952762f79c741f7d

SHA1
44014219ca97166fa680fb6fe8831833fabe0bf1

SHA256
f0c680d279f52f810e96848b542edde4b8d78f2fd007aae4199bd48affca8316

SHA512
76469fe04d96e3f3522a672cec72af2427fdf149df5f0dc535510999578f1d1b79468de9adb92ebceef12ff793bf4b2dfd6e368e115212fa26b1b869e4b9419d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8da37a9649ef354af8fcbe20c9a352c9

SHA1
72feda32aa09aefc912c3a910fa8c2976554045b

SHA256
393339a84bbed0531a459f891896f4070e512994db818d8b9079c6e19d94d862

SHA512
99d377fb5557075b44bd6f0c9b8f35df2e75f8339352b721319f3845d2dc4b0fc2e39b6ae4e51d21d55a103d097aa462b5a6ed83d06e89da28002a1483137d7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b062f9f3521060a5d644489aef39ea8a

SHA1
ecc256a63ebc915f4250d589c95281e49cff4548

SHA256
f1cbb805cddb2a5bbefd7153a4ddbb395c2172e066ad4d2689e13ed5b1a177f7

SHA512
3703703d7f74004fd748afc3736c4db072cdf6743589470fb5bc2d846366a383d53e783583d9b2eefa930757258b2c8c86632a8878256dedebde9927a330d917

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
508cf15f67d7d2110ae4620b984bc6cf

SHA1
39def3bf52255f3cec0a3b08f6e7ac40eb74ae2f

SHA256
176262ed25d562508725abd04c3d631efe9c0c449a4703eebc0233f47aabb390

SHA512
9b9363bfa4cefed23a8e28bb8942b63701a214bd13a2d3bbd635acec71f27b2a995ba03e1be64569b9f6deb044d0e592a4bbe824f5f6c8055b38eafa90566d8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2e7105298698fbc3a2ab0e8139da6d26

SHA1
14ace95962696c6637e47085b9fa6df5fc02a36e

SHA256
8596e9065bbe198805a238fbf601dc4383a83000a67b87340360b7cdf745bcd6

SHA512
3c0fc86b733fec4d776fe85e2b3be321ffa26b4cf59affb76538f9af1a8ae9ae2b731451c98e2aab24b3490ad2c32634ec19f0d7b6cc17a95f12b0f9e8986755

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a14b2bf4d4b2285362a1bcefea5979c3

SHA1
dfb4f9706908caee372cc26ecb3c86b4d744f7b2

SHA256
868a72edf5c6b2b1587ee83651d0c3e37a1cdc77b8b718f21aee7bd6eabcab5f

SHA512
8458ae657c860809f30a392a3d675f59219cada070ddc1f2deca8c6104a5ff09bf68758b49581d75af14930a7b116f250e79140f9dfa0fc182b318d0f9fed0a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
52a5ded88197ce4bc1bb2a0ebde4333e

SHA1
1f66d79987a2e4843367c12c38b93ff84c4d899f

SHA256
1ac58b9946fbf9ab3e0236b706c194dd4145bd2e828b8a9d634e4a7341a3b643

SHA512
7a810532241cc33b2b14f8c7b847930e265d930850e156838857d83c229f7e798b130bbe2cf29c7d743ab0fa75383d96baa15113b0df61c6aee89fb058ca77f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3179cbc34bc73dd78f1e1e02d8744987

SHA1
bd4e2060f4b1773bf0a056ff0104b85ce24b5900

SHA256
416cfd4c21d968458274664b2e9d674cdb933fce7ef288192c55ae15098117c2

SHA512
1167a8c3d0d7183bc9d465ce30c2784a17a955c858cc64cdf44734258fd131c1b734179e50d5353d2931ff10ea04a6e2e5974297ce332d90d653497b6c197dd7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7eac2ac896c89a61bcfc9ce15308c2d8

SHA1
c5fa96937a17b20ccfb9bda5d4a9d97ccfeb6d72

SHA256
09ee50c6a36d7bbbb12f4a1dc3a1d504d45f6bb267fc3f9b336cf90fcade400b

SHA512
eea25cdfc69faaba495464f186a34809e5c95a8ca3cad9f1de4ecf118d53a05f184396dd8e48ef8be5051f69484ce5e83bf83def3ae799da6966d5d157777bcd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c3b57c560c8744f61df6444e696b448b

SHA1
a1096245ad24ed33fca8216b7b4e2069e21cf2e4

SHA256
f15a4b2de45a34404d987917ca5d2a89cfc84709e88dd8a9118a9dcb1aaad874

SHA512
206248a779d49b12f61d950745ff7cbe589ecd57b7aba44f3ece58fe82e6d7195b567554542459d245debdab88484792e5a023b4c7111b3d67f4d9373570fcb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7919.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar79B8.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/1672-0-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download