98da0fdf4517f676a579b1a636aec705f75e846dccc3ddde1ec809e10f6a3bd2

Analysis

max time kernel
118s
max time network
127s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
04/07/2024, 09:31

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

257421a6a899311ed8cb9973b3b1c04c_JaffaCakes118.exe
Size

39KB
MD5

257421a6a899311ed8cb9973b3b1c04c
SHA1

d20569b22986a6461c28cd1910060848bc761ad1
SHA256

98da0fdf4517f676a579b1a636aec705f75e846dccc3ddde1ec809e10f6a3bd2
SHA512

c6f8ef703057d90ea565bcdc41edeac76e178f5dd779cf28c22750819f06bf48118afc12966760734d647ae52305efc4b645a373471c3cdfe9e3269db99ca7df
SSDEEP

768:Rup3U0EV3EovCW/9wVWZQjzjs39Zs+0v+HtAlsv/vj:kpsEovCW/CV63n0WHtdnj

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2932-0-0x0000000010000000-0x000000001001D000-memory.dmp	upx
behavioral1/memory/2932-3-0x0000000010000000-0x000000001001D000-memory.dmp	upx
behavioral1/memory/2396-1-0x0000000010000000-0x000000001001D000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2932 set thread context of 2396	2932	257421a6a899311ed8cb9973b3b1c04c_JaffaCakes118.exe	28

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426247336"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2563FB41-39E8-11EF-91AA-4EB079F7C2BA} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2396	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2396	iexplore.exe
2396	iexplore.exe
2116	IEXPLORE.EXE
2116	IEXPLORE.EXE
2116	IEXPLORE.EXE
2116	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 2396	2932	257421a6a899311ed8cb9973b3b1c04c_JaffaCakes118.exe	28
PID 2932 wrote to memory of 2396	2932	257421a6a899311ed8cb9973b3b1c04c_JaffaCakes118.exe	28
PID 2932 wrote to memory of 2396	2932	257421a6a899311ed8cb9973b3b1c04c_JaffaCakes118.exe	28
PID 2932 wrote to memory of 2396	2932	257421a6a899311ed8cb9973b3b1c04c_JaffaCakes118.exe	28
PID 2932 wrote to memory of 2396	2932	257421a6a899311ed8cb9973b3b1c04c_JaffaCakes118.exe	28
PID 2396 wrote to memory of 2116	2396	iexplore.exe	29
PID 2396 wrote to memory of 2116	2396	iexplore.exe	29
PID 2396 wrote to memory of 2116	2396	iexplore.exe	29
PID 2396 wrote to memory of 2116	2396	iexplore.exe	29

C:\Users\Admin\AppData\Local\Temp\257421a6a899311ed8cb9973b3b1c04c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\257421a6a899311ed8cb9973b3b1c04c_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Program Files\Internet Explorer\iexplore.exe
  C:\Users\Admin\AppData\Local\Temp\257421a6a899311ed8cb9973b3b1c04c_JaffaCakes118.exe
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2396
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2396 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
362430118f7cff79e11f7b3c149796e1

SHA1
f2b063dcbc99475fd7ab9d03503d6db61ad6ba1a

SHA256
1df45ef0c46b45c2a8e0d80381a00c01bc5ebfd52e6ed76ed62bafebe1b25d2b

SHA512
830d9dfb347bf87808b5cdaad2e24a4079cbe3c81b5655e0d6650a619fffd77cacc662879305fabf3037083b98f16cf82fb38a223f7496f0cf347f6a2a08d3d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
707d0f6134de218588030087e965739d

SHA1
3cc3a33f699c7138201f7e78c48a9a2f205f435d

SHA256
befcadd8375ac06029357794efb21dd83337a20fdfaaa18b0ff1a3d14c441b38

SHA512
dc543db3086a2f1dec45d07fcfc39c2218554dd13ccbde7cd2ea9f4aaed61c2060f0132bb9ce23fa9221423ec56c68d27e3199beda4abb1f3bb22975167c7afa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a73aacf8a691f1d067ec42a4afa3c615

SHA1
284bbca5645ecfa3ab2b711eea787e03f7787b80

SHA256
a918f914ecd88c6ceb8540933013485e674f977f77611999bcfc3257d9ec73a7

SHA512
a51165949d691d6c78aa33b2d8977ff385c5addfdbf94c30360bb4c0209889ae1511034e3d1ad126ab3513605d55cb41d07147387a020d9d84eb0cbabadd95c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a6f2fc24cb21d654274a0880e1db96a5

SHA1
e783cb446c74625bd106ba00937251f849dc10a3

SHA256
bedf635cb65723c83d70c65b75506b3e76d2aae380db8a8a1639371752571f96

SHA512
a592a4e5962076efeaa30d452493ea4898a4e57acf171a7a1e2586153a4842998d9d7245064ade28d203a4a516f8ccf9b03a9807347f794d0a9ed67270979bff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cd090679310f71f735a19ed40eee6bfe

SHA1
1ceeef651f11f3bfa0397d921bc312b83aad46ad

SHA256
43bb5b2ca08bc868b7ae6e02b2cf617c80564dc7f0c2004cecca321fbc01a103

SHA512
8b56ba82565aa58cd22e7f2e48fc2ba22c404bee679daec41ed0164ff13267c6851cceeb4d1017b6d73dd776e208d112e53c65a6e18a313d2f0dd0ff104db343

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
487b7405c258dd91f9149b7f34ad65cf

SHA1
e845fd5d21cec8eae6b904c706d74bb947e860e7

SHA256
a19b6d4c934cba9b2bb5eb040b8395076c61dc9de2338503819f53c837e8e628

SHA512
143c80c4b19e4917ebd818711dd1b8496bca33be57c7fd54072f0bd969c79a1a790d6daf7e4267399e377f471e10a02ecca06fe6b673f3ac1cb0d60f08f44b93

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7d87be511c843b22775249c58ebcffb7

SHA1
d302ebb9f836059198a440a7043d6d472c0bceca

SHA256
50876084cb0439eaa19a3e1e87aa670ab86824cfd3cb316f984ddda3d7673c0f

SHA512
da3f59e73df3f04e86bcc820497d146328e00dee52cb0296976abd7fa5ca83cd6ab2d08ef05ca784f117340e59ef56e44f799bee7a1ac5e2c978f704e45304c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
042a89704270fa5fbaf123aa166fa0e6

SHA1
9c1faa1ecbe3e7c9b1dc61d6105ad00ebdd30526

SHA256
44de21dc978f63ef39e6471fb5bf78f59afa43e09ef450e204c2981bf77911d5

SHA512
8d26f8db17bcf7f6892bfa36b02b29863b666b172f3edd532530cbd972c045f9db44abed4205ad224706b8afc24221c32c2b3358f01c64a44022951fd90542e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
186a579d9a02c8f44dc836fae1522008

SHA1
cd6a1f7d52d0e91f8b0f0df36bff7250c717b489

SHA256
2cc9a1c9865fbec65ec9c4f270debd6e15cf2d90ccdf0cc9c942fa42ffe75af7

SHA512
583842683f69692bab6a940917ce0febe5504d5f78f17e5e1fb601a419bb900c276f539e2c979a3f8a50a98a0dc07ba538753ceaef5fc1999a44b45c74c13d7f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
696607e7fae7de29e4b3466c568c0736

SHA1
355c3b2ed25fb45e1db0ded5e955553d5be9d60b

SHA256
bf1c196daa7bf7d28203cb5d985b3628d44a4c4a71a785d813a7a1d1b1a4c064

SHA512
7742c9f6d6f511f1affaaee3bf41ba422abc17efe12174b7166c18b864678080b9c763f0583cd36225d1259cf46ba20c1ba56ad5d366d82b57c1db2d06cd3d9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d254328fbe92bff74931c21981402d60

SHA1
0cf5806caf8e1f0d4285e90eea54bb9c98ad9e8e

SHA256
aae71df2acff9fa8d7da51b1e20de8b4954fa6c2bf782dd63d7b0c9e54525b49

SHA512
523c3649ca2fc0faaf7d86ff712664e650c4d1617082f961eee72d958f67822cf474c58ab97fd93750fa7ff0983f97d2caa4caaa567af90d0a1f7bf9afd4c0cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ab5b30f512afbd90830b6a35e20deef3

SHA1
cb4fe7068214fe2cf4a33b02c88593b2285787a4

SHA256
86f636a689aa9931bcb2d076f7ef6c4fc9e7f661ab9f662f4f06dca74754e618

SHA512
14104200b397830d0aaa392d3e4bec1ec6a39bb34b0416230a94e95f9b355b4852457ff1d31dbf6e5c11b86f191b7891fb26a9fbac642a2912c8c57339cab19f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0a021f028e3332908304c9fe2969e385

SHA1
a1b4e9b8f9a2df7d81d768e33c9a7125755d87f7

SHA256
7cf6e1a7fda68dd80437240dd526f707642a16489ed568742b80966dddc65a17

SHA512
d7b3c7e0318ea4f78414b554261923f96d93f92612cbf6e0f5b517c6f7311804759b0c645d95b9b7afbf2f0068acc7df22d9f8e19a7c8c25aa6db02531ff9456

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fbc147e755261a742f9178c81a915a07

SHA1
786ae5a744044d47825c148f0e4af45f4f3bb822

SHA256
4c394f4cd69daabd8f03a3ce9aa57de9c4018623f608dce3d473fff3ac6c99f1

SHA512
fa7c2c7d742091315f73364ff69d878af776759b7570f76e65268391a5608cd817ff97239523d32c52f02679699c234ca62bc5f0d04a099e838202cba207620d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bac84e061d4b656d12c95574b42f1563

SHA1
22bbe10d453f52e5c6d0fde60a2177ad69cee87b

SHA256
056a69a3362d23ecc2109e10f0126dc474522b2a0102d8a05b30addffbcba86c

SHA512
87c4a829c3b9ddc49d5da5ac0b2bebcf80bbd6c8b08a180eb377f6a69cfda98175859a23bc36125ea84438e17c73ef41419fa38381e1beeac4e49feb59427cdc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
39c0cd7c29393be160784d7c867fcacb

SHA1
573e92c74da946194ff111b8cdc2ba0447c8e130

SHA256
2741717b406db6b775796e5482ed64e2ea65e212a87b2ae0bd6312d620c62353

SHA512
c0e14aa68d61d33f137a5af19948cd1de2fc1e1963973250b10f1c372288329ebfbe4d9723d1f8dc2fe5baddaf33c5f02bb740834463c4b03c13b345e8f9749b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bbb6dd8a5da9586de46d20d7be875171

SHA1
407c61727af2a9675cd6cb59dc7cdb0a472867ab

SHA256
d3d350d8a63d322e67122cd07a1b37099669f3edffac3914159c2b723f59aff9

SHA512
1e4e20d4f228d335b683c9dbcfa1185cdbcde9d7b7d61f3b4639e6d1bb29ead5cd095183ffc6fc6626ade7aae44ede6dc764430ae192a880054f80caf28aa110

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe0da8312ae2a30e216514c23c258acb

SHA1
bbbca6e6289e2dc4d427abfcb538e501bbbeb1c7

SHA256
3ddf1799c268ef50ae56763410146b633d7bd3b127428d53a8aebd13f087dc64

SHA512
1a5e129791e758bff3bdcb1648e49ee7c2f99d0e5d48683919f6c369ea37b3fc592818042a77f1ee8cdf8b22e2021b526dd6ee28af472b522c1c37ac593447e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3563.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab35F4.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3608.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2396-1-0x0000000010000000-0x000000001001D000-memory.dmp

Filesize
116KB

Download
memory/2932-3-0x0000000010000000-0x000000001001D000-memory.dmp

Filesize
116KB

Download
memory/2932-0-0x0000000010000000-0x000000001001D000-memory.dmp

Filesize
116KB

Download