926d525a0bc98fe4175eb0d0a70a54ef1dcad41d0bdf03cff975d6e41f5d5cd3

Analysis

max time kernel
133s
max time network
134s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
09/07/2024, 09:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2fdbe693322c28a320c8a6a87cb59289_JaffaCakes118.exe
Size

57KB
MD5

2fdbe693322c28a320c8a6a87cb59289
SHA1

0ad650b62c0da6a5ecbdabfa5eff1f98b5e2bb58
SHA256

926d525a0bc98fe4175eb0d0a70a54ef1dcad41d0bdf03cff975d6e41f5d5cd3
SHA512

08c650e683071f38fa1d4f2e2b83662b74cc2cf24cae22ee8222ae06ff6c41663cb4b8f12ed1bad7d1a5b17c8ce0d55cdf11fc8f3dfcb9f5ad44338addaca5ce
SSDEEP

768:9u88JmsOFMi3tYncdlDkQQa17xNnzvbEZ4LWv/RWjebG5KgKBTh8j:9uXmXWc/4fatDzMfHsp5Kfh

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426690058"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{ECB78681-3DEE-11EF-A1BB-725FF0DF1EEB} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2020	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2020	IEXPLORE.EXE
2020	IEXPLORE.EXE
2764	IEXPLORE.EXE
2764	IEXPLORE.EXE
2764	IEXPLORE.EXE
2764	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 2368	2364	2fdbe693322c28a320c8a6a87cb59289_JaffaCakes118.exe	30
PID 2364 wrote to memory of 2368	2364	2fdbe693322c28a320c8a6a87cb59289_JaffaCakes118.exe	30
PID 2364 wrote to memory of 2368	2364	2fdbe693322c28a320c8a6a87cb59289_JaffaCakes118.exe	30
PID 2364 wrote to memory of 2368	2364	2fdbe693322c28a320c8a6a87cb59289_JaffaCakes118.exe	30
PID 2368 wrote to memory of 2020	2368	iexplore.exe	31
PID 2368 wrote to memory of 2020	2368	iexplore.exe	31
PID 2368 wrote to memory of 2020	2368	iexplore.exe	31
PID 2368 wrote to memory of 2020	2368	iexplore.exe	31
PID 2020 wrote to memory of 2764	2020	IEXPLORE.EXE	32
PID 2020 wrote to memory of 2764	2020	IEXPLORE.EXE	32
PID 2020 wrote to memory of 2764	2020	IEXPLORE.EXE	32
PID 2020 wrote to memory of 2764	2020	IEXPLORE.EXE	32

C:\Users\Admin\AppData\Local\Temp\2fdbe693322c28a320c8a6a87cb59289_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2fdbe693322c28a320c8a6a87cb59289_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Program Files (x86)\Internet Explorer\iexplore.exe
  "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2368
- - C:\Program Files\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2020
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2020 CREDAT:275457 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8848fa960fc01532aabfac87d71f000c

SHA1
15ebe1b6acbad73dc5a0a02cbc83ec0562593249

SHA256
179d53d79c4ebe53de256958dae7e2d879bd244eaccbf1dfdced4909a349b261

SHA512
04ff9ad2fab559ac3a5a97422e6e0fdaae1f8bc0287b76f53390ad5268b9d83ff67260b81e61c5608e778dfc55c655c242ecf56d885aa8679fd392d37a8a7bc8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ff975064d932ef2e93bc2de4caf5c1e3

SHA1
9d3242cf70a5f0c229c289289467355d6ae8846f

SHA256
ccab98ab61cb03ceba9b3276dc02ca91ad1576d141c164456b5875a27a45c67c

SHA512
262e209f12d630bce3b8d7da40407fb4a648937b3d3e13dfb1fb427d4c7539529dc5a74f626b81a45cd3e38eee127e132d729c356a9fc28f5c9927513bbef13d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e765727e1411d588607c33551747edff

SHA1
9224326c2d391ab6568042c6970f76da2a2a5291

SHA256
a2b1c3a2bcdeb096de942f292ee7bdd28ea069af5c4cc8e33b3b1e1faaf1aa46

SHA512
c4b0c706ad536447822f6aa514fe58a0b371c85a3ea116840f6919aca5f0437a77c29e5418110d0af37e15f420e41a244de9bc892976d030639e6ca058259ec2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a27a16a365f12d3c76671edaafbd52ff

SHA1
cf5312a1c4c3974b15fea601421cb8c02bd4873c

SHA256
f84e3dc9199ef12118e1e6f8b49db98f4190c2fda905d4e44de83889d31f4b86

SHA512
f15038e560f6b60d1212a9952c060265ae6622f17f9eb3e12a790d9eda18f9d9d48a05538fe8195bd19d0c8e51a4a12a5189c87e7749f4a2e4b071187f8bcbe1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
089f0e5fc07d647837678e9c17b95f83

SHA1
55acf31f9a17b4399b84672d40f35209904a22e6

SHA256
83f299250f067f265ba6a55baed0324a9fc580f534244ee50201b4b3a2451a78

SHA512
5eab3561b5ab39f667cc85e9df197699cc8f4afbd762c0f07517beabfe41b6acfd2a7a5c6e7fe3556de576d9bcf414f452bd6b2e8cf6ce2155598409a5c23c6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c21c7893b2dc47ef6d4a157ecf0e8c78

SHA1
7acdcdf76247582f15d877f4048c0b6a4fe7c5d3

SHA256
74af21b8ed1d923c803c2ea4a1c13ba2d36b7f1256902ff0d6c197f4ebef6129

SHA512
37ee79c05e8f06e7f9713b1aabcb88d6dc3b3d4ca5b14e63460e002d72ede19d745d410b5b71f451ca97132a9226b190446402670998a14f9ffdbbb9c58b733f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
07fc04cbeb3fd755fe7c4d2555757fa0

SHA1
819c90afa1e902b1b2b7403a8358b7d4db04398c

SHA256
cdd37f36084eec4fafeffa5a39925e845998fd34e305e7c696a2118d97a02597

SHA512
856ff0ac566670c86c8e3d33aef39d2e65e3ce627d6fc723e5e296d3e67c3db81823a602784bada6ab59ae46dd9d7e518a01019d02160e7956e5a717fe5dcdb9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1cc259455a3f72bfbeea85d1048c56c2

SHA1
aec4942d5e2bd5e96cc021d6c81230ac5aa4c2cd

SHA256
62fc10dc577237c05eb9083d0e2e16578f4863f13aeab71b8099040d2b42f0c1

SHA512
c45f4f1999b3c59c68603accde489736c55e8ed6e55b483921d61455ffe5bd70c31612b3d70080a56098e784933f88cf66201a1f91d139eae9782f28837b026a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bbdda9bfa63ebf475feb3ee23074507a

SHA1
f7ae28da79cf666c4b344da9b584fcd44805d46a

SHA256
18546fe537d6196cdd33e985c5fd31c57c403a0be3aaafa44087f0b5f662bdcd

SHA512
e5a2c41161a4b446c96733d9e2918e86dd52fa49df74d9ad716807c550b589b42a47b43683839d6c0d1af7a2157f50e96aacff1f9fc97f5ffff8c3723585f565

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a6dc7187a8f56ae4b86c9df4fa27f71d

SHA1
3873ff6f2ad5b159427afc432900e9c65675a70a

SHA256
d1dcc24ffc0a7c8c00abc7fc6c37110ad1c4975018c5fc43c7971b630e54fd61

SHA512
22be1349287f9ca7f81636be6498d82cfb6801e0eaa653c836833a0d73cb6a450d8fc2e49782c543bf0d82680b92f55092ac30f1a1c93628446f2bc72e9bb39f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
04d058a16cd31a22372b7a50571476c0

SHA1
8acf49c9c0b8feb2cb3c04bb30c581d88f0cf79c

SHA256
fe9d88536ed1ff1025b8a7def6f689a3cc87e664ea53c4832fc4beebcb351ef0

SHA512
47400f13d3d3b604b506b209de5d870ab17d20f9a08b8a68b8905c9297a6a7c2736c9424f352ac4bf14175a9cca45755b2ed965f6839016a4f6589f8b4b17580

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
70e1a40838c1b37e5a53d6a8683cb667

SHA1
81198af668dafd6c35f3cc10f19ec227e5f219d4

SHA256
52f205cdb77f5eaace5d1b331ae482170951aed67dab986b02759e503d93a702

SHA512
b80ec668ee66c6adaf3897864286174b2eed7d90ad01ac222e489cd8439baccbf046e37473d8dc5a42b3445484aa5e6b0907dd8da4181950aa133b00f3638445

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c039e98ff3bcb287fefd83c83b9e88a1

SHA1
75f1cae47d3446345d9504d592523dbd6460a8cd

SHA256
449a708fe2d08a094128295ef0dc80d21b82e53dc17e3241bd8634541cc2127f

SHA512
c0cda0d4988b255572c85f9b1a1e8d84bdefd6e2070e669769587ac18d48f3fbe59d408643cdfec4e747fd39ff6a5c9c44cdb72a3c33481fd50725dedf3d1b22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
edab622320b63f310924f8024775c86a

SHA1
0a3d32e3c74642ca9b93a6cd90db02551bc030e1

SHA256
356e394f902a3411d5a0d14523e04e121c77be900af4ef71949195415fa9ab8f

SHA512
0e069ea8815c9c99273a4d8dcfefea958d7493f13dafc865feef13e7af2b007637f28245740ef58bbca7b7933d8af342daebb2df110244a07085866286965c69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cca1f7f276ebd9f0002741f36a0f8438

SHA1
83a88a437c538cceb3c603e2e546e55858e766f6

SHA256
8e0ed4e9f7fa861a68df0ce6296727234d87844b622998ddc3ce1b5c0ce81e08

SHA512
ed601d83197bf261899915e4dd7b745002f46063a8ee2e749bc543aa1db37b34cfb26247f12e83b9d00f66d53fdea80900663720f0b14a4aeb9d01ca4c688e27

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
975f47db7474f04b632997dd3cd88211

SHA1
59c2b7abf66e20529de9b4c9c30e9d1d46ceeeae

SHA256
141eb1b7f6b8684db7b550657a58d2333fa2a0bf15e0f2c6210677f53b16dbd0

SHA512
e2b22a1cdd9fc0c4a1071789ea27e030cdf8a9eecd26cbf554aafaffcf5498404a444484b85930299094b4e46b8c7bb8e5959966d7dee68591c258bbc968b393

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8b43468ba37f3f59b5a5a20540955222

SHA1
bcb60ffec649cb8a7d4721309d691ee70f42991a

SHA256
c04e97f9235507af3ae213df6c5d32b9f7d495ff07e2a6c2030fa237514e86e0

SHA512
802cfdcda70ca95b878b663d2b706d87128923a8932dca58567db94dfa90cb56aecfd7e2420c3c8765682d296c58100801361b9088b8399175d31fe1591162bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1ebe8be292aef440f37698cfeae6f4ca

SHA1
4976cb775fee1bdc959ade06d21ce19866b85f22

SHA256
06165a41d49ab276ece92e63f2cade0ab8ae25e23afb4eddbcd900c3e47b7037

SHA512
db4b2cb06a1dd67d887e959203cd52150823e2f9cb99eb4ecc87400adf28c548d246057969f78ce32cc6016cccb11a9f2bfc6942a52760330c6b271b818c6a03

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2E61.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2EE3.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2364-0-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download