28728308fd217ce043c996e574dfcd8e51b0179a6a7d45a6bbf81ceb0aa4d979

Analysis

max time kernel
119s
max time network
132s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22/07/2024, 10:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

62f1706751c6b7b1f681095f367252fb_JaffaCakes118.dll
Size

66KB
MD5

62f1706751c6b7b1f681095f367252fb
SHA1

ef268a6947b4b3e4efb749feff64761009cd73ec
SHA256

28728308fd217ce043c996e574dfcd8e51b0179a6a7d45a6bbf81ceb0aa4d979
SHA512

b4811af6ebb0c38b905de4ddd5b90ddf43e32df7fa7f48eb923a2de8166f352528fdb707875129f9df584030344afcc42f4a3c665b93e1816536af30078e83d4
SSDEEP

1536:1KaouK0rof8925RMehGW4j6cHXP36WqshuqR8qLs4:1KaouK99MqB4jj33nf9

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1900 set thread context of 2172	1900	rundll32.exe	31

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1D37F721-4819-11EF-B913-D2C9064578DD} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427807689"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2172	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2172	IEXPLORE.EXE
2172	IEXPLORE.EXE
464	IEXPLORE.EXE
464	IEXPLORE.EXE
464	IEXPLORE.EXE
464	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 1900	2380	rundll32.exe	30
PID 2380 wrote to memory of 1900	2380	rundll32.exe	30
PID 2380 wrote to memory of 1900	2380	rundll32.exe	30
PID 2380 wrote to memory of 1900	2380	rundll32.exe	30
PID 2380 wrote to memory of 1900	2380	rundll32.exe	30
PID 2380 wrote to memory of 1900	2380	rundll32.exe	30
PID 2380 wrote to memory of 1900	2380	rundll32.exe	30
PID 1900 wrote to memory of 2172	1900	rundll32.exe	31
PID 1900 wrote to memory of 2172	1900	rundll32.exe	31
PID 1900 wrote to memory of 2172	1900	rundll32.exe	31
PID 1900 wrote to memory of 2172	1900	rundll32.exe	31
PID 1900 wrote to memory of 2172	1900	rundll32.exe	31
PID 2172 wrote to memory of 464	2172	IEXPLORE.EXE	32
PID 2172 wrote to memory of 464	2172	IEXPLORE.EXE	32
PID 2172 wrote to memory of 464	2172	IEXPLORE.EXE	32
PID 2172 wrote to memory of 464	2172	IEXPLORE.EXE	32

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\62f1706751c6b7b1f681095f367252fb_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\62f1706751c6b7b1f681095f367252fb_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:1900
- - C:\Program Files\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2172
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2172 CREDAT:275457 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
83ff5d1355c2b8cecc7c4a30f059af1b

SHA1
4d8312877040daa0a2de720c88a6d50721d2a361

SHA256
e593f1b88e22f2227bd1051d895378429a9dae93737d8c054823a9e6c96d4e7d

SHA512
0bb8690dd51d7fbe3dc51adc3cfddb0abdf1081b9c9de97e56bc250643f0557181fa94520db953fe5101bd24f782a81ef62917630a7c28d46123f0d9cec01b1b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e3f4c401a30d2e1e2c157603910ba6ed

SHA1
45661fec0afcdb15be0915c76341db6afe2f7ecc

SHA256
4c12d1d81d27d89510047ccd6043f7f2130eda8d01efd834f5dc6e090ed521ee

SHA512
a436d1127a470fc289bc0b55a73019a33e9acefe0b5840249c7ae397c65d995321ea59959ba4405ab0f0d9169c69d7b1b79ac21902be69e2e5081aeda27e8304

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1e14046b7863407f2ad7199929d4f119

SHA1
286e8c0209c959594b692cea8655687f834b949a

SHA256
03f51e471fe72d9e9c457abd2924378e9b4cf04e761f369b273f190788876a2b

SHA512
7a4b0308ecbdaafe0fd964bfc01266be340d315b8af5574c2269bbc9fcf6c346d8ef4bfd363f381bfef1b1628828e501748189345b0315686c60127a22161ef1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7e35db807ce7890fd258f5cdefc6c421

SHA1
346bdf9f7605a1cf8652ee9cc5220d72c6cf7a64

SHA256
2a45d335ccf767ffd4369a1d8f5d9cfb5e7719f3fdee38a97765ab49c502c7e9

SHA512
2e5ada16f4c1d08e136eb0bc5de465cc98dd6941168a22f86616fe5b8120a19b66d3afdc7394a0fa5fdbf160371198a8512b1c8a26ca817dcfcde2d4123f8e17

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d45bfdf39c8156e5835da02b8c192074

SHA1
5799b845423c8423d1e4d4eeae43f641cef3fb5b

SHA256
1285db65cbe21765a8ca8d91869aebfd473542819575dad4a1d6270c929876ef

SHA512
c2d8d4ef749812714698d1ade93ecd4ae32d7f4a5d76eacc1161316ed77392ef94f6d87a2434469354a4ea528e47ec221547419a1a247c61c57e674916ccc534

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce7dee0e92cd2e17a8178d645fab476a

SHA1
7b52652bf4aeff59303c917830745b28433eb77c

SHA256
cc6a400f682165fda8742fc8f65e24a9a8cc32e642692f622b3226429b5a6425

SHA512
a4058fe846660b4eab5c8a2242330f9e00792ee9c2b64eca6d94caba620985ff950ccaca47cde5535678fb5cf1e6a199bd95fc07488abcbcaca17471d3971a39

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c9bb1cd8f807f2ec870c4e1a967fdccb

SHA1
125488ef4cc7ab0e39a3b9c9cfe7f832a7426898

SHA256
7b33077f871024311dce201fd17da0c4cacb5a3e58bd1b8401034ac3dea47f91

SHA512
1185919fcbae3f2a7267ab56bef74f343694191cdff7b60b0abb6adf97069fb5efc18b7325a98b81b754d013e9c20fc16ffeb2a59da3e4e6cf2e004b3eac8aeb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
256cac9b6d6427491773c4c340de1d68

SHA1
ec0b690c97c4121154e9059ea22abea689460ecb

SHA256
4bfe1f64a5dea4c8b9cb4c620e566d1b199105cb5bb2045fd6a8ba057bc40511

SHA512
5d8386ba94cd0caafbc6c17621adc480cd072d744d2b0e9187a3ab06df7d8854904d4d8cac75fac9936eec69aa14756a4f336dd9d3d96cda1b0cb05cdaab9fb9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ccbde532a763b3d166314e48c899c5c9

SHA1
185d6fdb6ab34e35fd28ca3fd4aeca9f54a44558

SHA256
22a44f5829807998b9c5d929083e374049177638aeb876d17e3feb4a0012e873

SHA512
0702f77235428f08906a796e043ee31660ad9217e933102ca851137b954fb0ae0d067e659c53e64ffd2322b316d023072b9ca1d0f6014964f93b52217848521b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fab0bac972254322a1505ce14584e5bf

SHA1
348396caa097efccedfbc2e88463e26a3629a306

SHA256
0ce2ef018089d49ce651a6e374dc49a1f874237996e505285ba386eb2523ba85

SHA512
912daa2a0791fc3df6cb9056817ce613f9e9b519f35b170c34f2049dee56c119711c345ed54b78d85e7a55a246515c4ad80542831bfb4a16f0a56b71883097da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fa55e33f56c9bd55f540ad96c7643f41

SHA1
4c714e1936dc2073b098c6d5a72c48f6699bff05

SHA256
06872682246b7bfeab9d905d94cd58632572dd1e5f7ddbdb6bb28e83e50977df

SHA512
895ffe0ef811c12afce8cdf561793f529630c6a9be7c8e76ca327590fd348debe9743ddb7bd59bbae7a8635fbc1bb7bfb5222a5853dc37442c9543f4ffaa5c5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0b7960fc3373e4702f6ee53960b9967f

SHA1
2ab6430abeaa6984a8e13397658ef0a18d23bb83

SHA256
7b3232580fe598546e6d72f67e9ede45c04d01819113fb1039d9dab53eec6e72

SHA512
9c994d075355d18ff1a25d3ba56798f320ae87b3d656483050855227500e379672bdcda8efa5f4e67e4316b787cbd9c75c8cdd85ee31e2213e1bc059697933e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f734c234aa5834cc4f9de5fc1448b70b

SHA1
97ab6c09cc8556ff74a3152381f3900d1c082f05

SHA256
e4f93c5f1d30aea3777ce700fa6d9e1c64ff852d1e6d959f10c710bc2bf4fd6f

SHA512
0d77ffd69e8a3aa80be19252d67bb812aed5a00f15d7127fe8896a5b34fef0b3275b7705f79ed8763cbcd0a6ee3c49062450e01c33a66118868ca1b2915b722e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
edca97f96b424d544ffbfed12ad7379e

SHA1
e9f669a451c4f42940c6bb8ce61da29eca35e674

SHA256
1959633f8e8423bc57d76fb835e0c6c2355ba44fe6802e96311b40d0afdf984c

SHA512
b4fb86025134264dfa2b840679166a176c4138a88164fbe339c73a3d759b2c73ff50e844a0f8d9764a3ad3dbf2373daaa8df41ae56c644b691cc669b35e09968

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6860572da2f04a93f507cea111162d2b

SHA1
31fcde469a983384e79afe92fcfaa880f2d1a55a

SHA256
8eb177d7b8bdc98ee3281fe8d7243988874832c671ab249d0c79a0ac1016aa1b

SHA512
6e439132ea40fccf14d245a07a32f585a571c89d37299fc96b2435e33e7200fd5cd38800726fed914a9a67d269c7016b70756d92e73e47055f5544e320d0dd26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7fe6d31eb2d41aebe00323251aff74b4

SHA1
47e58e514e1bcc10c72f090b52e6fea42366a7e1

SHA256
89529918cc29055c8689c28f927ab12bae52218cf588866238ccbae8dae121cd

SHA512
af0dd530fdf91bf03160f0b8e1028f69fef7f779b7f36973f85665bb9d707a8a9f9c5e67fcf267a4b8fe96c520b676577ec714e6cc7ed59e5f98f33c5284f6da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
acf288db096ac2a4039adf5fdd2db5a3

SHA1
af157ba927c5a5c9f6216986ad660f07d1cbf561

SHA256
96f85f472859ec636d6255a76e3bf9ae709ac92f7b9f32fbb852af6dde35e9f5

SHA512
e9bb562609592eeca110089f2a7273a9e6d6745bbb759e59d7da7e89f79813209e29e9a59ce164fab9e3c198f5dd363740c9154f650a5866efcafe05fb9fad9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
558a25d974e169fd41aef12170bf221c

SHA1
fc799abc96385e4a1c9a1bb3859487599145ae88

SHA256
108987c0f7fb6e3ab0ab5f337260d2584291600784ac3ab745689b1d609ec999

SHA512
8d00d777699e85463ac175b4f1a07f0df76d33e39af5ae092247a58855572d6464f4ee5460a8ed681e903120b5fda66b598b247f2c3d6113f0f8c95b72845801

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
abba8602859a47937cd77cc44956a489

SHA1
2ce5bd653ea8f4f20cd0b585dc8e097b34b21cc4

SHA256
8d7b04cc652311bd88084aa33a74dac9a00c7dafd27f5e9668968393497ae764

SHA512
ad1de96d29862f33850512415f6a4bb95196a61230ff4e9b46d42a777462ddf4926df2687228f03166ef5b12b6bd4404ad79c48ea2207058d3280629fdb1ccdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD53B.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD7DE.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit