4dc4d0ba8c88e26a62b1f15828ba425c59f650b167bb09cfc9894cabe002b4fc

Analysis

max time kernel
119s
max time network
140s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19/07/2024, 17:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5ce08d09e04c4101aa25855119ff33ba_JaffaCakes118.exe
Size

237KB
MD5

5ce08d09e04c4101aa25855119ff33ba
SHA1

398d4834740284759baddd3f58b0b2bef7c38533
SHA256

4dc4d0ba8c88e26a62b1f15828ba425c59f650b167bb09cfc9894cabe002b4fc
SHA512

d7bcb0ec720c66203560c3bac86ced9490e550160c5d364b485e9439300b71f231f702aa54ee07db2fb8191cb59cc6d8c5149ab670f4d5c9e1f8c3a4e787371f
SSDEEP

6144:zaSN2OphwyRl99pbHTE+8vd+6a7ljnXDFFcrBVm:zhZ3nEvQ6C7qBVm

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 007fedabfed9da01	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f00000000020000000000106600000001000020000000f58ba71ab3c717b473d73d704a9f7053e8e9677277d2ef2ebc407c9435100790000000000e800000000200002000000037b2c4a1aa6a3edde9629c7f64027bee7e01e25159e311590200a85c58b2e3d0200000000612eb1f503da8304157ba323df72b33d9e648de588e47c39b9855309d3de59640000000b4343e56bf494f2774f5e863b27c9b0f90d48a67dcf212beee3e28999057019b14cccc3089a7069a1c744502d412c80a8d2d98d7f7643dd4190c1595611cd865	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f00000000020000000000106600000001000020000000488d579bd387d539dc0006ee5b23128cf86ca70558b2046c8b31d5b06c7a23ba000000000e8000000002000020000000cf66446bd3f9d0ecfde3bed4fb9d42d23f5bdad98741ef729053570d820fd1dc9000000019831178efc8941b37ec059a497a6a4a1629492e0073b28502095465259be4ca25b59084d2304b3e57ffec0bbfb770ed5d431790837785810939351ebc7106e4bfcb2431482866b276914a35cb91b2239bc0049927eee44d9f307cdb310234abb03a6660f30032cf16c57f0e2781766e6e8a039ea2cca467d5fc6e5895e012f6e3ed68a7c37c18e2f69f36de806ddbaa400000006157c545dbd0a3cd6931d3dcb16c0e341fb49e0713f21b86dfe560ad355a1ac0ff6478f715bf1d63b777a73ab1b0335e1870f92a15de87267c29b96274727d40	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427570920"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D32580E1-45F1-11EF-99AF-7ED57E6FAC85} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1840	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2124	5ce08d09e04c4101aa25855119ff33ba_JaffaCakes118.exe
1840	IEXPLORE.EXE
1840	IEXPLORE.EXE
2976	IEXPLORE.EXE
2976	IEXPLORE.EXE
2976	IEXPLORE.EXE
2976	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 1840	2124	5ce08d09e04c4101aa25855119ff33ba_JaffaCakes118.exe	30
PID 2124 wrote to memory of 1840	2124	5ce08d09e04c4101aa25855119ff33ba_JaffaCakes118.exe	30
PID 2124 wrote to memory of 1840	2124	5ce08d09e04c4101aa25855119ff33ba_JaffaCakes118.exe	30
PID 2124 wrote to memory of 1840	2124	5ce08d09e04c4101aa25855119ff33ba_JaffaCakes118.exe	30
PID 1840 wrote to memory of 2976	1840	IEXPLORE.EXE	31
PID 1840 wrote to memory of 2976	1840	IEXPLORE.EXE	31
PID 1840 wrote to memory of 2976	1840	IEXPLORE.EXE	31
PID 1840 wrote to memory of 2976	1840	IEXPLORE.EXE	31

C:\Users\Admin\AppData\Local\Temp\5ce08d09e04c4101aa25855119ff33ba_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5ce08d09e04c4101aa25855119ff33ba_JaffaCakes118.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://6l.cn/s/tj.html
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1840
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1840 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3a868308bd8382b443bad48ffd123234

SHA1
e7eb8ee699dbabb9d4c579350f24ca9e1670721a

SHA256
dc6e92b3c9e95e7929172e6b109d57dad063c02051b563cda55ea82dc0e27d99

SHA512
9fc2b8bc9d44d826e0619d8323d12efccea6972108f03dcb00646866832d3619f087eba47a5f40ddebadd4c35af4d06cb5ecd866ff1c49468e0cff49acb11922

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
96c55718cf8fb65fbc61dbb15539bc0d

SHA1
5a1a5bd233d30ec7d163b8d9de7d938bdcaeb8ee

SHA256
296e73cb71630a530c771559f197897b5b8822c809997f68c5294e309994d466

SHA512
69aaca8a579a37edfef61928967f96dd2a2dde791bbc2a93453a398da932c9677ad5b51fbae65342222029add47767e9853fdf6fcfea610ae077b918acb8f9de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
06655d6fe2123459eab27fd35bd641a2

SHA1
36674e6fccbbf92ece10bd14dd43ceec6fa3e566

SHA256
0fff0b9e2a36682eb96b87ad13bda9b36b9c627829b96807fbbd460795b1ff6b

SHA512
5b03da62476463ea62de8dd5784895d61d7d57051318d49e50388f61b52b0e4387d4b61ae22cd6771f1d1a8f1443ea6bbd98a891917b6a0fc553421fa0843fd9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c13a5e3c295c82347b9a87a6087f1fb9

SHA1
a2bf2261c928236ad87ded0781c5032eae3285b0

SHA256
757dc713348e2a46079b0d6584d35685b6075ed84386d0db0e41425d0a7a9f9c

SHA512
c449c902a5ab302cbd8a693c4baeaa3a2f748b6576777e6013ac28202cecff0c04b5c8f888971057c2ab60fffad32aabc7a333d84728e056133cbb99298a3504

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cb690f33e0363d667f9f602f7087577c

SHA1
afa3976de517693f86b275bcd27ae767bff619df

SHA256
cee88ece24154f2c60e561a01bb497fc2bd21c031d4496dd3899cb9a99bf902b

SHA512
25cae54d7cc29768e3b84abd785cecf952d096cf526478a1462b0de1dfea677890c71cdace775cbf97256708f4ed05ce110d39d18ddcb7c4768b156369575fb1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6095b1aaa552c64407275bae74289b63

SHA1
ba190ea9b9c03c9cd61a47d3e45bf80e13bada06

SHA256
5922d2e6ce8abe60218f4705310a189f38ff8033b9b2631f72a28e06dd5092b3

SHA512
d99020095966bcc56c0771d4faaa5eccf9b7bc09f8d05d9d5f87576f5cda356a118a04f2976855370fe1ea1278122cb5b40c3c3086bb3bf00bd92170a822f595

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
77ef4008075f06e0889db6304867051f

SHA1
b7cbce9982c5e59ded8d6f5bbb402435a6c13a75

SHA256
f599071248ed2901a70d137a08cdf80c16e38c4a3da6d54a0412a153ac720537

SHA512
5ce11de836bde8dca3780963fb963f633e5a1f8463c389373397e452ee697e1defdb97107a36357ec1f2f7551a810a0bd368988507165239204cb54b93fcd380

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b2d61fe7638fb059f3ed175a5021cdc5

SHA1
7f2b4ad7216cdc0bd29557aa3a63299aa3b0db78

SHA256
516f21716a7ed1ba101cd715de02aed426ed38114c0955b6665b471dce8fe936

SHA512
857f4b50e5c9782391fe57957629afb200bacc7f6afa431aa476d33d8542eed7cb54316da141f98ce8e7d94b968ad44170d3c9b52d3794c0522eb9b69fee08ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c84a40fa91c56bd886d17247d38e3f86

SHA1
bf32b27161ef2cfa3bdb1bb6cdfb44a59958a0d7

SHA256
9e3ce9f640819926e0a3b4a6a0e49966fe8aa57258c273032dfdc2950b596ea1

SHA512
2792e64f1fb60a4c7a87e292ad5ab5a9213faa23aa66397ecc10aed47aa5d3a0b182b111f491a64621338e3a1be160c7ea847f91e46ba74fac0f441c887740be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b8716bcf78d92bb6d61e3a31c64546f9

SHA1
27da89c7f37eaee85d10f722295553f33a009313

SHA256
7c1667ffa61d206f82d4472b6a52d3d4db74cf278911e441a6c28f116ac4638d

SHA512
9c2a18953bc01b85207b6d3d2df40f3c28c0ee893fc157dcbcbd5a7dc2103fbe52a020d4389f80d2955b413c74ce4b9f46b58dde859607f71e95d7ffab14cd8c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6ee54363f62a00a02b3b4298c2a282c9

SHA1
40b3eb86b19a9f834005776647490c31bf902d59

SHA256
ee61cd397b5ddb1811cb88d073af66a4b547ab3426a4e216e46e58f79a61dc9e

SHA512
2946ea891b335d6a7254f323ac3c9ae5f9797d27565e635beff25ade525a4df34432455bff41139bba87dba15df0154e30abd3913353d4c9a3db6805b459dadc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d081cd3e91086918bc99041eb3369b7b

SHA1
60a4cdff8e520e8b77f864cde99344eb26591e17

SHA256
4dbf791c149a70f902dd6ac3e3893a6fb85a16118fefbdcf46105dda51811e0f

SHA512
ece1d9b7717fe5b843fe6ff458061f3b3a73c1c6e950dec4b65e62963e70c5ca9a588e8fd4e9343c09154e064ba6d3219599714f8fbea72722960fde2ee28f19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
05e272fdabfce8e7609c9c124de8131d

SHA1
023daad5d43198460e8a83c1cb42a68d0be47407

SHA256
cd40a9822e4d122f1fd06e59d164555001fc52d97bec3d1f6832d6579f145ea0

SHA512
f02fbfe07d30513025bf6b3718fa07bdd76c351f149c2b7365551648653463e72890ca733e6b062f675730f1f99c1d86546fe60754ed55c4440471a04aa5b7df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a282126595e0e027fd48948647804b66

SHA1
93a0dac7380ab41bf93f3a14ce587194c7a64f15

SHA256
974f0ea9be3e362b899311c7d14a9afafdab2710097cf4d2049e0a33df6a3895

SHA512
a2857dbf9cdf451d6649fb5bad3113947d2d6cb06782012e60be15b9da6c9ba852d0ca42fe98e423a36e5e02b444c5db674358d000023db15ece34b5df51b830

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cd0773a89a32b1ac6fa57fdceb6d1319

SHA1
7cb079b205b8371f9c247c0de9d1ce6108988b30

SHA256
b06ed2db2b75ccf6f56c098c973e116f5fc9c4b72301a4153f7ef98040d20308

SHA512
4b05b93fe9a5b89c854787534877c8390410a19d6f30136b8c9b9691581c2ebd304839271b91f636c8ac79d581b0ffe00fd2c5daf4fb7b13139818dabd10196c

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF4AE.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF57C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2124-0-0x0000000000400000-0x0000000000451000-memory.dmp

Filesize
324KB

Download
memory/2124-8-0x0000000000400000-0x0000000000451000-memory.dmp

Filesize
324KB

Download
memory/2124-129-0x0000000000400000-0x0000000000451000-memory.dmp

Filesize
324KB

Download
memory/2124-1-0x0000000000020000-0x0000000000022000-memory.dmp

Filesize
8KB

Download