06c96f9784e16d12ef7ca18fd40e03124c47fa2f75d0f8ffc029a2b135a8272e

Analysis

max time kernel
135s
max time network
131s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
11/08/2024, 11:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8a404f6edbd8e7d3d79fbb7f72905685_JaffaCakes118.exe
Size

18KB
MD5

8a404f6edbd8e7d3d79fbb7f72905685
SHA1

391f7845c98095b33e58f4ca51ec01b2438bec2b
SHA256

06c96f9784e16d12ef7ca18fd40e03124c47fa2f75d0f8ffc029a2b135a8272e
SHA512

0016b77eb815b25ec895756a68ca92fad569b6944c5185a4118bd16344bec3988b6f4e782806c46aaf4759c77089620f63c0d0dbebf7d8513d4e0ec836a1e6fa
SSDEEP

384:jbSG+xpAzvq9PpQWgsMCf6Rj0eAVL9QbWpQL:jbSdAzvqvQTYS50eAVL9uH

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8a404f6edbd8e7d3d79fbb7f72905685_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "429538902"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EAACA981-57D7-11EF-944F-F6257521C448} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2464	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2464	IEXPLORE.EXE
2464	IEXPLORE.EXE
2328	IEXPLORE.EXE
2328	IEXPLORE.EXE
2328	IEXPLORE.EXE
2328	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2424 wrote to memory of 2464	2424	8a404f6edbd8e7d3d79fbb7f72905685_JaffaCakes118.exe	30
PID 2424 wrote to memory of 2464	2424	8a404f6edbd8e7d3d79fbb7f72905685_JaffaCakes118.exe	30
PID 2424 wrote to memory of 2464	2424	8a404f6edbd8e7d3d79fbb7f72905685_JaffaCakes118.exe	30
PID 2424 wrote to memory of 2464	2424	8a404f6edbd8e7d3d79fbb7f72905685_JaffaCakes118.exe	30
PID 2464 wrote to memory of 2328	2464	IEXPLORE.EXE	31
PID 2464 wrote to memory of 2328	2464	IEXPLORE.EXE	31
PID 2464 wrote to memory of 2328	2464	IEXPLORE.EXE	31
PID 2464 wrote to memory of 2328	2464	IEXPLORE.EXE	31
PID 2424 wrote to memory of 2464	2424	8a404f6edbd8e7d3d79fbb7f72905685_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\8a404f6edbd8e7d3d79fbb7f72905685_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8a404f6edbd8e7d3d79fbb7f72905685_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2424
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2464
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2464 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c094c9a6c06f93f0fcc913a7fd23d449

SHA1
563eb937334eb6baf51483a8947bb0cbdc8cf865

SHA256
0476f8df85978be015c8b1510e67fbcc39cea028f5a6b88fe4bb37592446fe1c

SHA512
8eae33f143193e0c94475980c9cc0ca39bf306d2ba82275e322856277ad9a0a0404d12ee568ab28c00bc7e087fde542e131ce50f183e8870dcc286d7ec243b01

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ecf63f54e1c2ceb47fdc186b78729644

SHA1
a72f1d7163f2b54f6c7f647f4d16f8285fd23387

SHA256
6233f4c054e61cfcf07992019c5b79e5b0f511d24c5565403eceec4dae4651d3

SHA512
66b45a9feab2b4fa1115a53fe2c020682942f8ab3c7f57e6658f0a1dc8bc2e325b4dfd1d44b5ac3d21f5e5b45d6fe00870728a5e392d431f9afe2d4ed6ec3e5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ff50bd02089ebde44ae88f454a8c40b7

SHA1
ad1355064204cd596e0a61d54865b5b85d34aa9c

SHA256
c8b777644477024bdf6468e6c56094af596cb1df7823be8484555e61663c1e4b

SHA512
752f05c0578bdc0129068188d191ec5a65d779de19ad917bebe6ded9eba5eeed519102a9ae7a22d59d568020316f0388d03ef0c765dc64f91a10858e13b615a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c2170f5d5b212de7ead3c53a45969f28

SHA1
f5aa6151680405e24e8b4b5bc1ad2b47571ec576

SHA256
98535c1095cdebee7e0d02008586309f57eb15b9c64ee3eb3ab23b03826cf267

SHA512
761e661abb620d2b6d008004cbf736d60f338ca88b52ab53cfba711d9591aedc4a7db3fcde7d10afc08c0d9832361c330c05f69d1db90e481db199d105308513

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7e883402915c81de54571b88b451d821

SHA1
17213ef1cd4434e0d9db7eed95c7d633e6f2e668

SHA256
66f5026cffcbfaa8819e1ce19bbd4ac5d6e21d92dbccab6d374ecbd97602a0f4

SHA512
3836f4302fcc2c4026a4a638a783f16c8006dbe204cbc0f807f07332de1405998659d1bf94ccd186471378193e11446a22dc3191a603d2ac5d2ba64333b9cfd5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
07511afd450ba983ac9cfb9c42c90228

SHA1
b498632b4f1f77f35f5c1a8bad1b0bf9c763b6c7

SHA256
9b964f9d4c6a9288868ff0d08f6c14c2d7358c1c769db965f4079de10b2cecf7

SHA512
ed7381ee12acd702bf8fb97231811c1fc9a72e98a0db79165f9703b6cd5dda015ef752b57f6c096304f65f2ef5c04e244b573adf190a8ae2d1661cb65e8cea2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cda973038fe4003371f3e48ce2d90aca

SHA1
a482bd5cfab1218cb4c89bdaf1e5b21657e7d0f8

SHA256
3bdc764e14ac9db0b41c32525e5f18f51b7a9c2476b046a2ad93eac8669b9df5

SHA512
3d7518db7ac63899bac38d9518d19c24821d1b7392893b5cd05cf91e9341df3091ea29efd4e30f5371612c1e8cdc1c832cfa2151d069b9e93562b7ad7f7351e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c1bf629b97c4403e120aaacb7bb8a94f

SHA1
3963680f049dcf1ac2e1fecc845bca2186bbacd4

SHA256
ba6845f571b755171158cabeb0cd29b6cc33d725e177ef8b07199507f9457caa

SHA512
8dac4da1a6a9d6b514c1ffb6590a1d7a890ecfa05defaeb9773b315e3a0a3a523c45ca19da6c4673f4089dba0d491719d620d458146cd6f0b36c4653a3b7feef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dd542f2267ad1f152aed2b4503637e38

SHA1
f02fe59f70bfe8212510707fb7965ff7ec1149a4

SHA256
e27060ef2035996e56c569e9649f0a26d1202a58286436f2db8d1c01b3b977d6

SHA512
f8e7e751f6b7d53fb3662717f3a7423a7cb6e51d74040f0f6079630989f67efbedb47ac7429747cb114f9a80c851f4b34140014056bd21dfe2f5143acf94a45b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f99091f42282056a8e6cc6202adecd21

SHA1
7e9b25e287ab520679aa5f9f27c55dfc806668ec

SHA256
24e4092594fffb5c077aa3fc36a70f2379ed46c3a34e9d390c2f4591e0b5eee0

SHA512
9cf2009af2f6662508c85d58d891590c876107068ade8095d8436980b329b39595da4fe9418c3ab4d43609d4558d2d98132e8f1af221e3c2858303824b17515f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b618102fee7b5f6ee7361e9fffd8abc7

SHA1
f3e5606b9931ed023b438d21db239feeb9efb034

SHA256
9d18565e964558f69d5cb99e831b1a2ca0330098058df4ba3a35a0e694825691

SHA512
7f5dfc51676b25307f44445c44257f0540434a84b4f16e8d5d339665a7efacca40bd769beee49bee0c5c661199e10dc62c21df69351a42bf129caf8e24c51eea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
37a01ee7697214537fd242a0d1e05802

SHA1
e675e4f3643e59f93a75b38a8ad2e14f3aaccd0d

SHA256
137fc32f0c3faa6904bf15b411e215d333cc2498648942d647014653134886d6

SHA512
492c63fb8c4427647744f6a96c8fc8f12c49d43dcf26b7ff106a89379a3f9b78d6f0428930f3a6938f29d1280ea2a125cce68b22a576a4e5aae627c3cc476aa3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
25f69802851154e75b29a15eefc4c1ad

SHA1
dd56515582122048cdcf93b0f4910aff265b41eb

SHA256
f138cbf7ed35f9185906faa5e37f0209eebab0cef8a5737c1f08fbb1f3211337

SHA512
d5b72a21e30e8d941bec162fd76631ef2450e02548242bedecd19793db4263c6c35a67b3f9dc669485b95cd49581d68846f2e75821f84ce39a79d7eae12425a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
66020acacf3a4ec146d27e732a072f92

SHA1
316c93c950236a6319e962b0e84e349a8e7516af

SHA256
6e16a4df46fe5124a6254cea813244c98e69f10910b1211f1928a7e55f549052

SHA512
e60f68e212573b217b328e6839a46ef14dbb61309df07ac7849e04ca41e5e1f126089d0edb1c21173f78af7f469caec9ddfb82839cb5a725918c0219181aa1c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
02a6ed7350caf4fbb9fbc905a1aaafa3

SHA1
55183f3384dbebd7e264fe73d2478d06e49bcd1c

SHA256
ae1e3a042945a5ea62ecfc16a76a403835308beae74e2c84415f04b6924edcf3

SHA512
7a720fad5297691082f0352247fb7e3bb5d0cd422beee7de3fc74796483eacde664c93d0650c11b1f1edf1cbf77971d26c3ed749d69b92d3abb1d32d261dc80a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ab360f7f6def1cd32f27f4c787dd28c

SHA1
477b2440687f92db56e3a4d2f204bfced5f2e17b

SHA256
4e3e03f4ae520d879d4e0450ce9fdc3670579478e37907c2374755f4c261e9df

SHA512
dee76ec3caab215e1bb375cc904a296e4f08af15e391ebbb16edd680aa44bc487ede4c15bf3501463c43a9c1f908b2688a547747a7203aebb791c53fcd0a9bac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0aaabbc44b5fe1a8217b6bccce8f24f6

SHA1
000e5c254e28783b14e27d788e3675a39226de18

SHA256
c4042b18575fa68c3fd7f9b8fdbda6c1292176b74355c0b556377ae1119949e3

SHA512
b3d5577c733a08139e87d716da5352f8e9cd9cef618778bf0ce894a4a8705ab3eecaad5b03008192c02815c1e32a615fbafe7a8ae4480454a70bc1a7fe4b8525

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8AD5.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8B45.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2424-0-0x0000000013140000-0x000000001314C000-memory.dmp

Filesize
48KB

Download