9bff7d2a393f755af4b8678fdbfb7543ee792871f3f7fd3543c42dfbf045798f

Analysis

max time kernel
133s
max time network
129s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
09/07/2024, 06:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2f4c482bdc8f068ce774ac7a069e3a63_JaffaCakes118.dll
Size

18KB
MD5

2f4c482bdc8f068ce774ac7a069e3a63
SHA1

bbeb0d217623e5396c758abf8eca444cba5401b7
SHA256

9bff7d2a393f755af4b8678fdbfb7543ee792871f3f7fd3543c42dfbf045798f
SHA512

5fd36cf3bc0a310d503b0eb3b1983104a798910039035207f25dae45748ffdb334b35a0e9753c4ea5f2984e94ee40d518e4d8d033b16d80afdf2aab1c4c687a5
SSDEEP

384:UowjWbkmuDATrAzup3r1FeqMIFwPMMzAG:UHEu83PhMIFeMMzAG

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426682428"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2C80CCC1-3DDD-11EF-BC39-5E6560CBCC6E} = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2668	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2668	IEXPLORE.EXE
2668	IEXPLORE.EXE
2996	IEXPLORE.EXE
2996	IEXPLORE.EXE
2164	rundll32.exe
2996	IEXPLORE.EXE
2996	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 2128 wrote to memory of 2164	2128	rundll32.exe	30
PID 2128 wrote to memory of 2164	2128	rundll32.exe	30
PID 2128 wrote to memory of 2164	2128	rundll32.exe	30
PID 2128 wrote to memory of 2164	2128	rundll32.exe	30
PID 2128 wrote to memory of 2164	2128	rundll32.exe	30
PID 2128 wrote to memory of 2164	2128	rundll32.exe	30
PID 2128 wrote to memory of 2164	2128	rundll32.exe	30
PID 2164 wrote to memory of 2668	2164	rundll32.exe	31
PID 2164 wrote to memory of 2668	2164	rundll32.exe	31
PID 2164 wrote to memory of 2668	2164	rundll32.exe	31
PID 2164 wrote to memory of 2668	2164	rundll32.exe	31
PID 2668 wrote to memory of 2996	2668	IEXPLORE.EXE	32
PID 2668 wrote to memory of 2996	2668	IEXPLORE.EXE	32
PID 2668 wrote to memory of 2996	2668	IEXPLORE.EXE	32
PID 2668 wrote to memory of 2996	2668	IEXPLORE.EXE	32

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f4c482bdc8f068ce774ac7a069e3a63_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2128
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f4c482bdc8f068ce774ac7a069e3a63_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2164
- - C:\Program Files\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2668
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2668 CREDAT:275457 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
af723de8e2d8b909593af82382307927

SHA1
fb680bd232b98c1fde3b0a16c193ffab9d55c49d

SHA256
d1e8c2c065720d803d23bfd139222c4968e2d5cdbe575a9e596e52cbee5822be

SHA512
411fd3cf5a7fb1f7d5a651d3fed10bdc9522ed942041583a50e139bd6598340fc5c3f35dd9f2b53f25e98af9675d48d0adb0f8cc027a6d4632100db4ba252502

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
544fd7ccb440c483a545a252c34ce32d

SHA1
a2cda562b3f37ae3dda005a04aa43d2cdf181b31

SHA256
997d49f78092b999bd8a16e62b1543d50e010b55aa4b80f4349176b7de5e9041

SHA512
d087869f6037b48a794fa7332e930b63dfc678e6b4df2f340462ff0b37f34fba901118ce43d0c65df197492f662fa46a18a7aa35de25ef501486c8fd54010ffa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
adf572cf2642fe9c6df874b36260df63

SHA1
61c6b870ea87916ca4f5b051b9ae7267432b5753

SHA256
302ff67d553e55a442ae120cefc6360008daa0202fc6acc9d6feb9a4e409a6cd

SHA512
610aebda89dcae8ba0f10d6e3c6876a4ef6913e440c704cb9a70071eaf1367a04ce4729776a9b3a6a01f987af717f15d9e6b772fc9b02a56896faab422917923

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dbc50d1ac460dfdbf69c1dde51e4ed30

SHA1
73bc85a13106223e1c48ff3171a27a56742fce6f

SHA256
29e53285740dc50d7bc9bb375bedc4e8b41445f8721dcf457daa5a8fcd9e123e

SHA512
c8684f853ec635d5c1be1abf204d61daba53c67447868d0e46b00872cf0f24d5486a6b131d97c24534e624a85f0a5c73eb7e2695ba94db60fd0ae5871592b47a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e09e55c7a12f64f304cfcd81f66e1fc4

SHA1
2d3434fce0d71a00d76d469d245ea3b6ad8be8a7

SHA256
bd4cf510d2ec7a0232f48814f024530297a970d1a9756473d42c2a876ebf1efc

SHA512
00666508c954d80d0637b4268b2d62c55f43113ce5fa90bcae22300639a42f0946f0a22f952c67231900bb99b8d02349aa98796907ae8ef75c84e21d40651936

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e1eb7124c1f826a53ed6d6b923a236cc

SHA1
cc497449e4619e2fa3ddc8dd3123c1318f6635ec

SHA256
6bb8312b83d8fcc80d6ab19c6bb13aa63fe41f29e4818baac2a3f408e33ac031

SHA512
6f989320f672483abeb61b799cc9c7b03852d99aabc15097f8ebfc30d42bb11cb3a7b5b7981b6226ae09a67a4a1135b4dc69007f10f1b992fd51b0e031666749

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2515423ac69e291a5565a7732661dd3a

SHA1
d2906be441cc24d834a87e41268fe3f8e1bd0f36

SHA256
5ac9d69ebc41ee31ea19ea9cf9bd9c99c48540d1d1b2c62d57ddbc83d5fd99aa

SHA512
9123443836b6266a3edbf094d1bf5de3837ecfbd9eac7cd25d57e19bf409e6cc84246c9840428f5fd763961eceecfa929ae724c18a62ebd59363aa7551cde2f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
74c7d06eccdce8fdd755afee7782a045

SHA1
1c65be16a15c1d89367072f9e0967ccc4ff40256

SHA256
8b04923c583de9fe0a479e99e06864e923af16cb086a057932faae6a55984cf5

SHA512
b7fc98d82f906ffc4b7bd8afbf6f14021ef367f35dbf5829ceca64e2b1bbd15cf6641dc1e04233fb01b955a686d86f92d8f4127e74ec3e20053312cfc4121311

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
faae1da3fbdd18977b4efd7f50418945

SHA1
d2c44fd5d2daed7bf73afc292ecc11418666a966

SHA256
fe37060edb92f96b9b5055a45c416c30a491d36aaae5a99517379e83219ecd0c

SHA512
6b29d49fd4fd65aa7e60e13290dfc2390d462b01fe9d16fa8579bb3f904f95fa1147832582e0ec8a291d0747f4c681323bec8c360c25c5dd42f77bd652648e7f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
06aca2e06363ae932037a064e82ece1f

SHA1
38d1c934046333c6e0b1ab615a8f0f75b95553bc

SHA256
54b18a0bd7fd759fabce5d1a60cde1141abc0f6a0294d661e55623f0632c4800

SHA512
42f0db852afd0960d37c947f4291d0c15648c51ff5421e5afa8b27289fe9bd9c90e569206c94f1e8d53df0e81d387c09e320c8ceb5a8f96df3c7a102599ef554

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
83ccba768919400726a48493124a33a7

SHA1
0d10eaa095a94a90b2f6a8922fccb2a955ccc600

SHA256
c74395562b9afecb461b2e9e5e31afbd75e2a57618445e4eeea1f3caeb0edb8b

SHA512
5cac6520a759fa2391484e98f42061d2aa63920aea6dcda31a04b38a603186d181773466008316def3c11daf5d5c242d15c6de5d9cab0733204c1bd081885800

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d189468b7e59352982a1c285d302e02f

SHA1
613706b6ec518205f3d0a35f3b887ac3ff521afa

SHA256
a245251f282e377b52d61945f704c9e378a9c1e5c4324324c635085c61090c22

SHA512
f0e4f66608007a758b7c7ddfbca0bbae2372823bbbf12e00f7f4b738919b99bcb2f5a5413bf1779083b0e14d32d29f99d227f7e10c4698df4da360faa4db5aee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ed0c6d39aed2ff36dc39db709c4d311a

SHA1
3e6e61116ab8b20f6509396638e8b1f8f5a7a196

SHA256
1dc08aea7810a9a08e8264129675c9372251dccdc60dbfb21466a57c7c5ffea2

SHA512
9e6261b3a3a472742006577ee7562d09275206c6a93b14f3d5248ae13d09b6cdac51af0a27435162cc92491cf5140d399c7e3ca99f250a889785449460c5beb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
64e99d58378fa31c886cee64690bef18

SHA1
a736aef489746202b8b06b2bcaaf70e969397ba1

SHA256
f7345db8088bc533db22a2ec351857ad452ffa02cb02134cdfcf0ef684c1c1d0

SHA512
a5090dccd8640db9da8bd9d8c0510a10a0d243b048d17cc84a518b23a900a8ea77f0a0382573e9ebb96dd380ad8836ce9a62f5d2fbdcd529bd9f750dc23694a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6ad7ebe32b61a6f037ed6cb03a7158fa

SHA1
6116a828ec44e36cb58ec98073a1da5e65036dae

SHA256
8f2cfc772e9074263f7238bd93c0341a9725d89e8b41ca5fdd5fc79876fad25c

SHA512
a7f1aadc0a052ff3953179c99eb41212e77b0260c4fda73d38ebb065a0b0b3117e35611419dec3054830ef21c335d807ad1370742c585327362766c1901e883b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
39b1396c590660409680c07d4aaef265

SHA1
6f6d505d2f88464854c5d60c83355d77c62d0520

SHA256
961e77c0c1ff59ba419eb32088722177a171fce68461a4433756446c9f468d7a

SHA512
63770d17774e8b18d8887c36e87ce0a912e6e6951cb2d585a7e093cc5edde40a1e99bd80734a05f32915b6406a935b97e553eff3ef1ab96c6a6a5b186c90a892

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0af8589f0809c4d2722212aac16aaaf8

SHA1
18b877c6209c66a5a970710ed24f3dc2782f6fb6

SHA256
321612f8744b9b560d9cd40f23e8f715471a2a685311de5db7e3ed449b83ae46

SHA512
67eb9612870cace3fe0c72fdf8afdd0882673ab0a9fb6a20ba975ad16ca44e8d334d16f53f447aa7b95bb4f1ebc34a091479519b978fc76c04eae8d72c11faa5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
817166c0dc77d9c3362d39ac7fdc1730

SHA1
123c71dfb36d2d5bd8b76dc559add869d83bbb56

SHA256
34168004cb7ed0e32ac7f3de48fefd25538b0f205af73909a45941613b4fd567

SHA512
818a328d64c5983dafdf7dfddeddec2f7119524d3b0416a2cfffde7365276b3e64d7b9e2d427af0824503943f620ec718210251f97c19834e85fca7968a5f8e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
150c10913d9f04ad49cf7541793a9505

SHA1
4327857333524494f99d906ce61730f4e0f056bf

SHA256
62e220273de6a78109d807b66ef3f9aca8fff8e1e9ee796a2af3850f96274401

SHA512
dd3b307ee8d8ab37ca435b812f1feb8fc53260c8b8a8d785ffcd7b9c6b51676708ef7562a47ffedeef447d12de4355dcbb47ef7c55309e89eff2f0f112d6c00a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab282C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar28AC.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2164-1-0x0000000010001000-0x0000000010002000-memory.dmp

Filesize
4KB

Download
memory/2164-0-0x0000000010000000-0x0000000010007000-memory.dmp

Filesize
28KB

Download