2b82717ac4387aacae1beec9c04e818321d0d64924d1e601a7d0f572bedc4988

Analysis

max time kernel
117s
max time network
139s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19/07/2024, 16:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5cd14f447931b971c2eb0ce9a8351778_JaffaCakes118.exe
Size

1.4MB
MD5

5cd14f447931b971c2eb0ce9a8351778
SHA1

63ab6dc3a0c2be220c7ab7ae3d3c9adfa81eb412
SHA256

2b82717ac4387aacae1beec9c04e818321d0d64924d1e601a7d0f572bedc4988
SHA512

1517a086b7b5d21611ce2d77c4ec24f7af4c2328342ce6c745ac8b5dad7ad5e9ca4d1c94b852d4e6828ec831b2e4f0e89b611fc2796182dd167d3fe5616872ae
SSDEEP

24576:s80mHIXsK4yUen3LTte4dy0C7Q1TCixi7jN9S6KONkB7:sLsK4yvTtZi7Qy7/S67O

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4729E921-45EF-11EF-AB3C-C2666C5B6023} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427569813"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2732	iexplore.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
2368	5cd14f447931b971c2eb0ce9a8351778_JaffaCakes118.exe
2368	5cd14f447931b971c2eb0ce9a8351778_JaffaCakes118.exe
2368	5cd14f447931b971c2eb0ce9a8351778_JaffaCakes118.exe
2368	5cd14f447931b971c2eb0ce9a8351778_JaffaCakes118.exe
2732	iexplore.exe
2732	iexplore.exe
2712	IEXPLORE.EXE
2712	IEXPLORE.EXE
2712	IEXPLORE.EXE
2712	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 2732	2368	5cd14f447931b971c2eb0ce9a8351778_JaffaCakes118.exe	31
PID 2368 wrote to memory of 2732	2368	5cd14f447931b971c2eb0ce9a8351778_JaffaCakes118.exe	31
PID 2368 wrote to memory of 2732	2368	5cd14f447931b971c2eb0ce9a8351778_JaffaCakes118.exe	31
PID 2368 wrote to memory of 2732	2368	5cd14f447931b971c2eb0ce9a8351778_JaffaCakes118.exe	31
PID 2732 wrote to memory of 2712	2732	iexplore.exe	32
PID 2732 wrote to memory of 2712	2732	iexplore.exe	32
PID 2732 wrote to memory of 2712	2732	iexplore.exe	32
PID 2732 wrote to memory of 2712	2732	iexplore.exe	32

C:\Users\Admin\AppData\Local\Temp\5cd14f447931b971c2eb0ce9a8351778_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5cd14f447931b971c2eb0ce9a8351778_JaffaCakes118.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe"
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2732
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2732 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
137a9961c0edc85777c05a7f676aa59e

SHA1
dace4e3e486c7cea76a9cf783baecf65e4d5e34f

SHA256
15491395043a1fa097462ec12bc7cdbcfb602b2e98e0a66e52adee82f9e08001

SHA512
4290fecf505879848d04b541876debb9a899c8aea10ebdd51cccb1503ad35975c5c2b841f299c2f8885701f322a4697992da9f8bdd029723a797331e83739ad2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4194c5e860f08d07e524a72cb141782e

SHA1
45611921c4733c9d69e5894e6160fb64722f6189

SHA256
abc62dfff5bfaac51c10dcb4c816168c70caacbce96771f0ee67661ca76e90da

SHA512
79ed8c5fb3fbc787226598943b509e655a8e2e02f06c16a2b2cc6e8aba1edf2027bd59ee196aacbf5b711c05ef17f1f2182271c63ce6fb778e571911d7695549

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f0e7e2255032a802a3d1231480c4f680

SHA1
aa52c1715478c069b6868cff866cfc1676652487

SHA256
617ad2c1f1e5c16f3c96561f2a3d10e6d40559c9b2c7f791f99cfc8bec586b52

SHA512
7be89653762c19f3de67ac277fc4d190320ece271ec96152e385a915e9b7da8b645a829d6044e6b6504cd0fa178c270eb70f370dd7a7d8b89364916376f69580

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
58378889518ec4376a0a5fa4d284fd1f

SHA1
14a43b6940b1a410ef77621065f438d222d7ec82

SHA256
8624cd5fb3f53582e4837520b313b03dbe060d169fd13d7944440afaaddd4d87

SHA512
babdf518b0e3b653127eacead80bf79248ab0d6d695b63fc048394337740cf7e62ffe6cbb751a4f96000386f7733d7ad1ce3c2eeadc378fb1d95a896f9702ae8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0307be7d88625efedc2189599838e140

SHA1
e321cbdc951cec15fe9fb03445546165a358133d

SHA256
9993d646fea1478c71954f763cb876ac68e7c3389ea551278df7aacbe34723b9

SHA512
c0e3c56a80bc0847ad9d395264216de9c2dec4d11416bd00e2138e68316b11a8556e4798f7b53f7e716b0acbfd99d3cafc554be91ae7c7ae5bda90ebb9c635c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2e4516552c490d22ce9e60469c92b9c0

SHA1
5a4a8d678438a06781dbe81bb6191665e1a5a864

SHA256
e59ace6eb789fc75678b3023bf9b032f553ed7add024b9a37f84c209aeb981d8

SHA512
723213d3c806b3320939a3b0c4601a6251c16eed32042da0da4ab8af5d6df1d62a4961b0e223111a1c8946f30ffdd092e3d25566172f232d9fca6f92d5f3bfb4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1bed12ec5470a0d83f3357df2f34944c

SHA1
46423fdc8718c0f20a595cb3451cccc8386f8d79

SHA256
5fab7ca7566265d11f7a593a982dcd2beeb731901c0db4f92ad82aab6e31bda1

SHA512
00ffca7d3df3e467c54ff4ce5931967d4308c138c1b4fd0d44a94552cc4c68d6dcb2a685bdff9104a659316b425d0f17efe143634f99eda013c5003c855fcb55

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c456316bcbdd64498e28167da3377438

SHA1
d9cd8b84b97ca44a64daa41b3a40515a45561c23

SHA256
4259414a064ddb004d70de35e7ae3df97191ec84a8c84cdc5c267e69514650db

SHA512
350c16f4faabc17e1693800220dad4727cd884c09df242c6007e300bd74c41fd9dc60f21044c5916fb369a27fee1689e8b814eacb07ce84df9527e068084413b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a1a0709d795797e0de589c412e0e47f8

SHA1
4294f32a30fb6cc9094bcf5e066a696505f2e221

SHA256
720461fdaa42f96831f92440d2791b8483a165a841ca160b8a6b10031cc13f85

SHA512
70e347163fa7ad07cffc2918d24bae16e9bbe8be8bf13dcc6d49950e3435f42054786764d7be8e88c929f3dc45a7481c327a17f294cda9d8ab37a162a619c1dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
020a10442431b23a3491599273e6ec66

SHA1
73c7816925b84190aaafbcbd56834e54281b6696

SHA256
06bc093ec2bbd4279aaf136cce8886faf450d6afe168bb9e0e9aaa3224f5187b

SHA512
ce247d3aae116a2422acadd8437314715cdac5977c8efad7119f47d01c20d9df11336bde02d720f7a60f2ecea5b8df33f88360cd3ad419da9677b6a2b0ddaf71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
905331420221a5f2e57ef128ac4a8020

SHA1
5f32ffcc35660357438e1876e79d672306cbe80c

SHA256
a51a3f299d7ecd5e7494534b567dccb075734b591d959270a89c09a1335ea20f

SHA512
424afa3f6ebe9caa566634c9941fc208f3d87f86460e7b42d42c67ea2f8627cfb17983ae895ac7d1de7c6aa9cd404608db41b87cb79d47b5cf608842187d9954

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
59d40cbb8175e51f85234c84701e2932

SHA1
37772bd062e0d7093b5f4aa03ddb4ca4359f60a8

SHA256
27a22a0c423a526a8a10a2a1ff2f0b4a2f5afce8a5a2b5480393cf3447d8e260

SHA512
eb87e3e708c4ce80e283ab64e3a483b4a0b7d32260dbbb810b87807d2f71a88585661e92898c4ebae61244b843c21751260f2eac3f87bfccb55c34ab5297ffa2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e0174899626f7aebf5f61c974d554916

SHA1
c4f91b7ed1910bbff04bdfb57173d3c100e4f897

SHA256
65a7f6cb5bef0353993cad403672ddd5dcba078136b5e16898bb52352ab3ef7d

SHA512
e3422dce6dc4910e195531503209a38baf1fa226cc149008c08cb0c2c7c91fee5856d9cccd86ba873178e0c7e7e0bba06ad87014f5f3e7101d7dbbc5be5627b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8f91ef4ee1bee036bc1a9bc8f9f18f90

SHA1
dcca8dba0527c7c3627eb4143dcbcfbbc5a95370

SHA256
965e2c734c64cd131614318ac94f3c2378e7b3dd02cbe96b31f6d03587dc2cf7

SHA512
1954bcd2094c884d4de3bb57fd97601d6a815285666dfc725aa46e9d9a31e76686a7e648cdefdee505999208f754fd6105fc5cee1e692f27e018c4ae65f5cbdc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d62fd94a4e19a7a04a149f76df8b1689

SHA1
6f4e3c9363f39dc75704558815cb7c9408666562

SHA256
37fecd0fb2ecfb9a6921e8a163d1c517f7709760c3463f9510963eda4e19c75d

SHA512
763fd0fa070cfb22b16c684a9b174360a73a4b8c61d67d652ece59e3c580f092a4bdfcb915179dc56d855b0987c1fe765378d88cb1384827b634d4a9ce1d0cd5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6fd0d7c37eb23dbe8cb516e71982eb4e

SHA1
c951c6be54825360a60fe21554a71e733351d97c

SHA256
6044a423ad181eded8cb72a2c3165f2be1529b023ab3573903321884fce3c060

SHA512
cf952bc73dd345d3f3fa91c7e2f51ea1ddad24cbde8e10dae3b850a3e1674902f013e8486fa9536fa36a778469ccfaeda1784575db4d55b4923033a545600e5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a5e30d1f3c0df1dd00fea2cf4bd2d520

SHA1
dca4157fc30c4c0ad9248a19e9dbbb4c9796f577

SHA256
a48482922009f3d3eb65160275e096577c2960700d8b7f92725ef54796f12b2b

SHA512
cd6fa06fc6c598ad69c48ac36ea33402df22aef0d675a539751b21ec302052a839536e27ebda9640721165282ff8b8b4d39d408c9eb9074fd989df913e51364d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
293c8425b7dd34141f91a9ef5746a59b

SHA1
03ee326270b24350578e19d2f86fb5d5d2252b9d

SHA256
c9b6932d0d617a1131f1c06d23caa17485d9eee06c67152b913b6b9993664c9f

SHA512
370ce76651da32a57c4a48fc4e842bdd2e7fd5d07c776052da7ba89e4825da7ee22cf1e9f3187944350e560611afe6909190fbb2bbc1fd2cd04d2b462c93c2f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5544.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5557.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2368-1-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2368-0-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download