0e0d0d55a815dea7c87fc94264789754c8f9c97e3a98169b71244b6b5cde4676

Analysis

max time kernel
119s
max time network
128s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 02:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

47d746bfab66dbfc7a2c5af1c7329d03_JaffaCakes118.dll
Size

67KB
MD5

47d746bfab66dbfc7a2c5af1c7329d03
SHA1

7a073f30b1153d4e20067007830d95d8c1f30435
SHA256

0e0d0d55a815dea7c87fc94264789754c8f9c97e3a98169b71244b6b5cde4676
SHA512

cba3d2486742b8c67160707b4f28612e33b341a76d35aaa3584f323f5f7d6423c60e7193643e0b8a2a3746b265e0022a2f288b929ca3651e3348165bb9aa99fc
SSDEEP

1536:YKaouK0rof8925RMehGW416cHYP3AgqshuqRYTa:YKaouK99MqB41e3A8n2a

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2104 set thread context of 2008	2104	rundll32.exe	31

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427172520"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{41607A41-4252-11EF-AF9A-46D787DB8171} = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2008	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2008	IEXPLORE.EXE
2008	IEXPLORE.EXE
1716	IEXPLORE.EXE
1716	IEXPLORE.EXE
1716	IEXPLORE.EXE
1716	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 1820 wrote to memory of 2104	1820	rundll32.exe	30
PID 1820 wrote to memory of 2104	1820	rundll32.exe	30
PID 1820 wrote to memory of 2104	1820	rundll32.exe	30
PID 1820 wrote to memory of 2104	1820	rundll32.exe	30
PID 1820 wrote to memory of 2104	1820	rundll32.exe	30
PID 1820 wrote to memory of 2104	1820	rundll32.exe	30
PID 1820 wrote to memory of 2104	1820	rundll32.exe	30
PID 2104 wrote to memory of 2008	2104	rundll32.exe	31
PID 2104 wrote to memory of 2008	2104	rundll32.exe	31
PID 2104 wrote to memory of 2008	2104	rundll32.exe	31
PID 2104 wrote to memory of 2008	2104	rundll32.exe	31
PID 2104 wrote to memory of 2008	2104	rundll32.exe	31
PID 2008 wrote to memory of 1716	2008	IEXPLORE.EXE	32
PID 2008 wrote to memory of 1716	2008	IEXPLORE.EXE	32
PID 2008 wrote to memory of 1716	2008	IEXPLORE.EXE	32
PID 2008 wrote to memory of 1716	2008	IEXPLORE.EXE	32

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\47d746bfab66dbfc7a2c5af1c7329d03_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1820
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\47d746bfab66dbfc7a2c5af1c7329d03_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:2104
- - C:\Program Files\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2008
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2008 CREDAT:275457 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:1716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6f3d04cc8100b225beffdbf865938519

SHA1
cc768ef617a80649a683b29cc0ceb1c462f48a79

SHA256
d52b3b228a207b2db1fdc4702a86ab395ce5dc065a0cc7153980e2b696725161

SHA512
ca94b23bca0b13202b12d7e5f58dd82622b4a0fd9c7f97827c39c2eeee68e8d90a7fb8af1ca4ffdd5ab312b4fe83de8069ec4e220e47140cf628271eefa644c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6621c7a5291fc7cd09a2342891b61333

SHA1
4b40d368c6d7511adcd16c2d76673839004b8a9e

SHA256
5fa88c1c2c07f9dcb6d048c3feb5fae2530193d7e4d47885474b9c445d155fba

SHA512
022d72d633a017afaba3565c09dd6ca5da24a5d6efc560486c41c4fada1c982aff369cca81994ffa71eac5a513b975b6c54eed00d6512713b16830309432d922

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
813705cbd63c5dcbb85d41c8c2378eee

SHA1
98e3719d9c2ea046a963e5b5ff708f3da51d34e3

SHA256
7ed2b0e81fb10ef755f060c81bc92afcd223098b23749aa2d22ae9c9b3cc89ab

SHA512
83c9b3dc983f76409f707be0a8dda9310e3be77381e8b739d13cd76bad7d428cf94174ec297ce8e8e51cee5074915b0808d9a7ec3ebae3eb4c05bd761baae8a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
549cd43cfe148d984f2160fceb0e03f1

SHA1
0355a66340f947595e3ce23e87755d7718abbaa3

SHA256
fbdeb2008f17962f44e05bb26d02335da941a70e62a17647074df085dbe83bde

SHA512
b0db5dc623891cbcf6bf39f62cb225e476bd4124a6edf11257a488b52898c9d5d2b041ed728dbf850c16751868eee85f08479a69851139e2d7358c919a53cd0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f1f72a9f3b586dd0cfded0bcf226d064

SHA1
600af51ec97a97fec0d6009c3d839e042ba47d47

SHA256
01a6272d582616dac9bc9aafd67e49f97fe5cdfd824421b0851a0a9d390f955c

SHA512
0a7115e48380e734720d76cd0a350a275276a5e26c9b9b878ea6c4cb5d7cf01aa33f5ee9d55d1ea1b88ebd9e4394f3402b062a2102552e49431b0170ade956e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
64f44ccc971c3883eee8ca998af68664

SHA1
3dd3492b9cb48a471c0fce8681a2a1f508226c91

SHA256
df7caff0ba78d7aeb439a5a697e16894808cedeeaf5123cf9a2e392b30494519

SHA512
fae87fd18f983e04fe58e96780c81d00e02840b2d23d7e30a3084e0055cfbfe923dd9d48a869a9302028c6864e864a913bb93e434591aec8993778bf3a41b213

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
afb071dace15804ac3d00e8804c66815

SHA1
c5607115c043392849f534f3481ae6c4f14e2b90

SHA256
d827eb1be55b24ab304797769057e37d5f27417d204d580960d80c63d04a7dfb

SHA512
5b9081deb8a446bbb7bc92099fa58b9841a0a3da2942b1456708f95851d89a118e94be24af7aec0a126d7cf68425ebdb702e3048d6475d331786ebff06fca771

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9227280a1aa23c50416b26b1b5b75f62

SHA1
0b580ecfd3c2119ed55d4bfe4440bc844f2dc10e

SHA256
1e372e56f47c1c75f413b42a9adda1d49d687fcfbbeecc04c7eaf1ee12f730d4

SHA512
e5d9b22f407bbdd1bf0f852fc29b7628c86a5af220e5cc82c8ae61be13162799dab532b86074772aa7088275a4b83f74f30a5f44dad5a33fdd895f4d2da7f42d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
45143d26ac9d19c6dd43c5f6dc2b3025

SHA1
dbac48289b98f42120cc0910203a0bb55b38b218

SHA256
ccecddb6168d3432bf38ae17e88ad1d5eb19e7ea44a71de39b17e1582ae86e80

SHA512
a7709ecaaead6e5ffe3144d605ee14ac6baca9cbd6cd574b5472fc80a66c6eb7d27afc47e5e3de3dc33dbdc6b7bee9fccc0c8df81410ac7535fa1a3b7c71778b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
570a7066ff9bcf23568cd2860143091f

SHA1
a73c5d645b00a5614030cc8458306301b91940ee

SHA256
f07b969181dbc3d683fb14459ebe0800dec0983b79cb1242e925baee5125941c

SHA512
a049594f9fc1782e28064ccc0b97c45b70e831ace8f3dcbe0da8946ca40d0dd6a7f31c60c0f990bee0204d408ec18921d8ec90f579cdbf61f03849ee7c49dc2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
55d73362583faaca83b295bb1c0f7f39

SHA1
8b3f693d0904017075b1f91494877a2b3872d897

SHA256
0b8ac636d395b2bfea8cf01541d62ee72b79ba4ea2b8e1032a0a06a0f0de0362

SHA512
20c7981cc2773dedc7d62b5f1e17876570ec2c7e000b49870fc17d35ed1b3120cd421d840a5699c400858491c6bdb43c2aabc5fae4a433227591fb2023c81ec9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ffa896cf761f4373fed07ba3dd801aaf

SHA1
4409f21e95d061f7d4a282bb95455a8c86d00761

SHA256
2a13850906d10ac0b9b593762fb00eedc0d0787e0549ab097b7244a693165a43

SHA512
b90647c8f4b2f76262e86912612c40c433080f5d7e08a30c7c64641131fffc008c3f608a85aac52b9372772d2440c37ac3233ff01ef442f9e581a969e6bacafc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0bd5ddedc3d251a6c5dbaf49a5ed33d8

SHA1
0d035b3a73d9761a8febe709af183480e18adcc7

SHA256
8d8cf6197950eb3963158877ec65d080268f186af59ca26a97713c12c145065c

SHA512
e18da482b2e18139396b37d428cec090ebdd2d742e43dd3ad0fbd6c6b19697265413b3e64d85fb3c2bfbc5531188787e17f314aafb251f352708de78533ebb5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e444a4d56b3bb284fb8191de52caf62b

SHA1
19b803ea59a12f7b61fc80650bd0ae47cf2b0898

SHA256
c58ebaf5a9665467d51b0310b27ccc010d395910734fa7a77c690d812aafdc88

SHA512
5bb5ba0b6d9d99505de82f7029764d0bb6643005ea783f22806300809e21f8509a53b8acabf56cf11f7fb1272203cf34cc5d2b85e30bb3921b4ff878e26d95d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7311c031e20feee6339e9a00fe3779ed

SHA1
0510206cd0b01cd8ed317ab5554f088913b20d4b

SHA256
ad43459f7b4fca9b65a22b2d18bd35e1dc880e9c9353ce35aaac2de79b11c82e

SHA512
4fce5f6ca1fb179bb499d9ddb97e5953ce07078902cf197ece80398b44fbf3a2c0e4630337e99d827b48c3a1bc693fa778ff06abf884afb61a8c12e4efc84e55

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
99a0d5f8424ef9550640d19cbef83bd4

SHA1
a32aff3e1cee612a0ced95b2ee62725d8f121444

SHA256
ce19510ce6a10f2bbd57af7ac4e2dc12417cb01925ce98e2d24cf54a8fb02bdd

SHA512
ea757b814e918a74c8af6d09b55d323c830945e844aa3aa6b60b0ee09ef21b77d22a8e4030c67a54932f1bd33139d304697988789e90d46be8cb488719667fb2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8d84169526ded742d57142c35cb4af83

SHA1
03e5e05629c66c321d52b1669ac76f5026605193

SHA256
4b24d829475eb408ba9c27426466ca1dd241dc080f6e686a74049c18e9c17c7a

SHA512
18778f75d83ebce7e239df568cd06beab0fe381d4e3d841bf2a0d91e08fc09fb3e0c7f4ed56110b570324b0d6a06c5c3e4a4000cfaf8372744b80ad823128de0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
362e87db2a182cf16e4ce494ef2c9528

SHA1
1da1c6b8c93c77cdfce082a5a5cee905dfe91ca6

SHA256
94aaeeca501f4c362cedc79c1aad39571c9241cfe879bf6aee5c46ad7e3f870e

SHA512
db9df0a4c6a707a8b51cc1260f5d4f1116a9e5ddb9b0a0d26e9fa23d03f23cfeb3fb429e0fce82966a0ef85404308a49ca82e15504c77810d9a23573dec4b4fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4453860b3518edff935c7b68e7fbb621

SHA1
dd3eed7390ece65a3e0555f2ef1a7289d42001a3

SHA256
ef8c19d80476a392ada33a61086b4350243cb6254b57b659846b5368251f40f9

SHA512
af6695daa19a7263a33cf7fef69433822fc23cc4820812c75dca538089fef1a75e99c42c3b7049f8afafa8f6323b4ec32b30fe8762182fc316aab1962628a8ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabCD31.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCDD0.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit