55570bc88f5432fca1d936b7a087a6cab324f98a2b212ae16b3c4db6fddf78d8

Analysis

max time kernel
148s
max time network
149s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
12/07/2024, 09:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3ce7d677475711292dd89a265088ac08_JaffaCakes118.exe
Size

52KB
MD5

3ce7d677475711292dd89a265088ac08
SHA1

bf022d3270f379a0db5b9e56ffd98b6a6cef2016
SHA256

55570bc88f5432fca1d936b7a087a6cab324f98a2b212ae16b3c4db6fddf78d8
SHA512

f2b37269f15f454f0bf3b69ab7094883406d96281350e73d6ae87ab557cd0011244ffc9b77cb53f786c1e0e1db49b80b57ca6a9e758826be9f4dafc00a4d7047
SSDEEP

192:n0vOFHelcLXVSu47HeqffJucQY40YY+3W6ziszkCt8akKU+dA3/n/2rhf7Soq+w5:+lcXDqJsGPszf8v/urhf1Vj+zuq

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{122892E1-4035-11EF-B161-F296DB73ED53} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426940083"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2464	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2464	IEXPLORE.EXE
2464	IEXPLORE.EXE
2800	IEXPLORE.EXE
2800	IEXPLORE.EXE
2800	IEXPLORE.EXE
2800	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2092 wrote to memory of 2464	2092	3ce7d677475711292dd89a265088ac08_JaffaCakes118.exe	30
PID 2092 wrote to memory of 2464	2092	3ce7d677475711292dd89a265088ac08_JaffaCakes118.exe	30
PID 2092 wrote to memory of 2464	2092	3ce7d677475711292dd89a265088ac08_JaffaCakes118.exe	30
PID 2092 wrote to memory of 2464	2092	3ce7d677475711292dd89a265088ac08_JaffaCakes118.exe	30
PID 2464 wrote to memory of 2800	2464	IEXPLORE.EXE	31
PID 2464 wrote to memory of 2800	2464	IEXPLORE.EXE	31
PID 2464 wrote to memory of 2800	2464	IEXPLORE.EXE	31
PID 2464 wrote to memory of 2800	2464	IEXPLORE.EXE	31
PID 2092 wrote to memory of 2464	2092	3ce7d677475711292dd89a265088ac08_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\3ce7d677475711292dd89a265088ac08_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3ce7d677475711292dd89a265088ac08_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2092
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2464
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2464 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
5378b05a431de3c4525ce09f50b92e53

SHA1
631a5fcbc43bc6e133938888fc1d193170b3bb7d

SHA256
b68541df7fc609a7a9bf37d3f8a68d8d3d4719a8af36ff81ad1b9961e0f2682a

SHA512
17c2b0d890bb1ddf2ae3ba3fa731c2084db4b482e5a364973f546c59237aa34d2a242057cadba82d964fc721af1ca571d9b899b75b0afa1f2c090d6f94d8fb40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
63b13ada244ae51e613862c7b24d057f

SHA1
a847a06a2af6e6e90c354a1f73659498948ce2ea

SHA256
da91c8113ae0b1df3a6535ea9e13e03eeca1efb5dd632d5460ddf29bbf09fc7d

SHA512
7b00dcc379310cfa00261d1b2b5f50725a634ace8b0ed0070bf10720d0e0ac72e9e155e329c4efdda1f29ead3f38233a84bc739b7d926a8d5075b82a2e9569e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
1e8f301fbbd8f6c74338e253fc32fa79

SHA1
bf9826e519b4288a8f8879a012b28100aa3e2abe

SHA256
dc8653d895934e36cca4c9765750b46f5527d9e014afb6704ed6ae6b3c7bd36a

SHA512
1d09128116d2b6a7c81e86fe895df93297c7470d12706ab4e5791bc4ced38666c4e35d8de4cb808fc7145845df321b7f38b838c6d1eb933288bd740803a26f09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
75beec42e146492edcda79f7a4bc3676

SHA1
886d428cd2356c2f35c20d77c29726f704b4cee7

SHA256
a1dc787b7438b845dade24bf41edb089b67e0b510e96d85f7eec9c33fb0cbc2a

SHA512
21a5d17fa3710361dc7744711a3a548b2601fa3ccbbf7877e1f01edc4d43237515f59e867fb462d33139db891c5856cab628d37265da0072e578fd195714a68c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
c7e9c81358408a77d9c6c1c258c87692

SHA1
6159e30e76be4442f912c00f061625470ec5ca9b

SHA256
308d60d7639014c8c0d99fa10a337f9fe9edb87a875ce5fbcaf42f7984a4abc5

SHA512
8833b91bdb2f1da7fe77ba24c644eacb036815b046123de9a1ff7c7372ea64e57059e433d9b8744212db104931b1e81b4af782805e43f86c267121b1a6f8d268

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
53980574528f00f16cf7ab86fc8c793a

SHA1
a6be95c7daefde17d98a896cc8e747452a06362f

SHA256
323bcf4d0ed78fe010dd8163820b2325f67c9f67dd3584ef948fd94e62ed99af

SHA512
bf58c23430adc0d61bab4e1b1ea3d10b29dc44e6f53f21c35d66fe96d7806bf05464b5c7214357726ab65959c245d2cf60a93acd549c9b45ea9398c3e222e731

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
600eae0f221b4dc1e2826f847d699ef4

SHA1
1859f6ee93c507c35ecc518e640e1da6d29d18f6

SHA256
1809df17a7dd47b0c52c2d4d6bc340e79a38325ceea7c562e0a0b1f53630633e

SHA512
a75a0e0e45aadfc27757a1e305eff6febe6df247707fec9c686d45597713be093b17cd8e689a259b40aa75cfd04f7dd0f96acd3e04dcc0733a4af304e5156f49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
8413fd5732abc7567f2b1f499e93e198

SHA1
a14862a97bcde0fd35468c09df3eb768c82dcce6

SHA256
1e7d318f1d3e12b179612831a624c6c3300fbd26608aafaf6499ce820890a70c

SHA512
54c3f98c9e5d5769fc18c3f3226dea089c414d655325e540ad37cc2203930428eef1b8be7597b3a0159df22856616a4e3153dd1ff0321c916e423c5332cba4fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
20215410c853a3b48e27fd080706d12e

SHA1
3f3f0c45a738694ab72091f3c26aa6cd175222c4

SHA256
3b7a252944751c2163b3ed4523931b9a5f7e6e5009e832ceaf5101cc52ab7202

SHA512
27d125cff0e6cd7900137ec1681c1e2c349135a7bcd94c63f8993d2280f1102514f5f2e64d4d1f157634e1c8e0bc2af6e5ddfe893b4f1478c1c30453b0e27dea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
e108d7b6e2839c769fe1c9645e53ac24

SHA1
d8d2f7d4ef5518c8f20e689ad620c88568def276

SHA256
861d5049a0f99beeb620fea92cb0611a6804c061ed5b9a4ed1d11f5eda1e7371

SHA512
b73bdd2cb30059284dcb9f1c72c1a52a77ec57c92f2f4c3c6e1e0a7bb350d446a88acdb00ca38eb87bf10f2e826b333b1b328f05f880b2a237de557b71b9e853

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
d397e38d2ff2717b0ed687afb5d63b80

SHA1
1b005b9d1913e325c4ed8b346595058bdd748c92

SHA256
b3f1b107e1ad1787402666875463fecaeb6beb0b5fdedddfc23c50018892bb29

SHA512
5dcb533231789a90f44f4e91c184fada428753c427f2982af8c78be9e0bfd5054ca078e4c741018a266eb7d94470b0c2fc1cc86c8f2b2500a0238336321a5e8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
1962de2ed9984c6e2dbea03e76926a37

SHA1
1f5e5ea0cea657c660396209b85c82a95b7dffa1

SHA256
36f6d5d23d91a6fb95098df1578ce19157b74893e7393be3658e1755c16d2028

SHA512
417bf09e11e1c4bfaf70de2c0c11cabd56130a275fa5390b6ff6501aeb0fa0bbfa3fa7a2a83eef061d444db1a6dff8b221e389a61609fc8098fb2fac5f2367cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
c25c3d4360bff86cea6137f62c13aac3

SHA1
139fe3778cbcb5fe499e1fa9ceb790843d458ab6

SHA256
c0f83147e9e8e076a18922c0734844f8ac984f9040b964f235846441c38476e2

SHA512
57bc7f1577077a1be7ce9460dba65c90b4bf376223d26f1c08eb69a024ef24e37a5d8d9efaf6e65c186888b39d06387ba8c14110bb7b27235d56a7f80b5b744e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
18f294377980680979cdc5e8a714f81b

SHA1
4057e8119d0148e8bb9dc9c38ecf50929f3bf22c

SHA256
e520301d7bd250a2f3e94557cebea899a0cfbaaba7d2082f476099ea37d44f13

SHA512
4ac393c8be648a4812163351254b5bf82bd9c43373ff5a76289e7f7ae3687871b7af9891ecdfe198e527576512ae3f7315d2c60bf1276c98171589495eff525a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
c2a1a638a88beb9d4f8d0ffe9dd8d7cb

SHA1
07c2b00a11d4f671756ab3407985d1481de30531

SHA256
1e803e233b6918fe573aaf18a891b8361b3bbb2884a7294f432fcfdfb99e44d2

SHA512
7f12dbc5e851c8614c4596545b35334170c0eb76da37f40de3cbd7bc98320238c8fd3f7e1f825c771620920d7d8cb068feb914fd0dab1e66480ac53b5ad4d6f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
8a47ecf274af9781806037e257b4f30c

SHA1
6ff13a466618c495dc2912b66b7c09e025e7423a

SHA256
df755f9e021805c95875dd78d5aa44535610ad6f408626c254a287dcc0a75cac

SHA512
03153649b6917ba237fc64a25cd27bd3fbddc48396544dcff84806e63d72978c7b9352a27c34707d987e1d75404edf465a6d013ce10873b0ee7cf28f00027c41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
f1dfd780a2236d9eb341ca68c8274845

SHA1
df3003308b6198b0788250b4abbbef45d4227a61

SHA256
6f5586955d317200307a97a43cfce7b148715c6a7ebad37eaee511c6e7c6e15a

SHA512
3a8cebc60ce749994e1fb1b56f65065a5046b8d23cbf7076884acfe9470ef875a722bde5ed486609a3ecf85058b528e64bf7791a00ceac708b3bd6851b0d48cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
59edc0bf94ce9768eb3b695019f59b60

SHA1
40cabc75c6f40545a708ed7be7124abbdb6cc268

SHA256
580f7aa043b154d5e07ce428e0655363892fd6b8713500fb67c21fd706eb2dee

SHA512
3771045c41cacdd5332e8b91fd8a608c68602028c050e41cb523c00e254228a7844f3cbcaaadbe65f8aca8cb1f23de1896b55255b319f3a17809f5ef61af05cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
c1b5084eae724b08b38684de4459e268

SHA1
2962d938f47a064bff0071756efc1b301b9612df

SHA256
83393a5f9635a0a1746a0e488cc645c7601c93c217f013f4c48361690b3d0975

SHA512
9fcae50ce6635e55a54220a20b91248cc1983ee7f98abd270aa3c529e3f9d15db40198d943ba06a3c21b9835a0a85f81ca2a427e151c8c0cba1ecc159e592b3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8F37.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8FF6.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2092-429-0x0000000013140000-0x000000001314D000-memory.dmp

Filesize
52KB

Download
memory/2092-0-0x0000000013140000-0x000000001314D000-memory.dmp

Filesize
52KB

Download