443c184cbeb7572955f73febde12270e171d587441649fb74de175b7f80e4589

Analysis

max time kernel
148s
max time network
148s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
18/08/2024, 23:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a8acbce81d19a32fbc1c91a9c3109d14_JaffaCakes118.exe
Size

7KB
MD5

a8acbce81d19a32fbc1c91a9c3109d14
SHA1

50514500a3953691ceb0197ff281f8f8fef57518
SHA256

443c184cbeb7572955f73febde12270e171d587441649fb74de175b7f80e4589
SHA512

f0041529d7a0aba21c15834ed0416bb7fde4cc59076d69b4970ba8fc956e5d078aafc2fd955763501805c19718ccb845e3c4c992e79ed6ebad2d1730e07ec68a
SSDEEP

96:EhvHmvfTWejDLcyUVmK8SI37m+wAOXtLashHmi+3HMp+hGy:qvHmnPLcy0mW00XZR3+3HCWz

Score

3^/10

discovery

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a8acbce81d19a32fbc1c91a9c3109d14_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430185821"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d990900000000020000000000106600000001000020000000c2f2a2befed8681aa35d346b3d1eb457f232e9570ae6ca5bfe1d0adaae4cab0c000000000e80000000020000200000009c273238bd31ff2e961e5d6971aa4b0333ce13d97f0fdf8557e8b44284aa3e722000000003b7fcbded66d87038f5b160d3c94df0443d02943d70d850f33ef664a3d65be140000000bbbf32d1365115ebaa72991ff9b131cefde570832d1449b14120f4aaae29129b0af74c706a57b4a401f1a2f964b999b25c751becc848de9ed32969ae715357a5	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{24C51251-5DBA-11EF-BDFF-5E6560CBCC6E} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d9909000000000200000000001066000000010000200000005da64d6df4e098be7844170b8c1ab9bef1f1677f639eef75fbf4b51497f9c2bf000000000e8000000002000020000000d8ab8a3baa331e3d4bbc66a7dfccffa572a0aafda69ebbf064c534e134f77f3c9000000044ca1b568b073fa1084a9c28df702bc2adafdfb84ff00eafd7963ba08a00ba99277a76f2e30853bd09eb76118271b93fb3eb03d8d47e8c6e73cda654c0d982dc2571bfb2bb52aa1ea25fa57a38b949802fc044d4033eb838f8ce0d227347696b6d4631857bb21ad68ac6ce6a1d625c844ec34946f3ad9c2f559e057c997839172896f324a0f13e50f0d1c09f64ae27a340000000063bc68523c94313089429cdba1c9d05a04862bb84681e32bd721f9cdee7d73cdcd64ddf698a806ecba08ad5ea6b9bbf89c370825d46571f4425cc809de68451	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 204f6efbc6f1da01	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2084	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2084	iexplore.exe
2084	iexplore.exe
2652	IEXPLORE.EXE
2652	IEXPLORE.EXE
2652	IEXPLORE.EXE
2652	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1292 wrote to memory of 2084	1292	a8acbce81d19a32fbc1c91a9c3109d14_JaffaCakes118.exe	31
PID 1292 wrote to memory of 2084	1292	a8acbce81d19a32fbc1c91a9c3109d14_JaffaCakes118.exe	31
PID 1292 wrote to memory of 2084	1292	a8acbce81d19a32fbc1c91a9c3109d14_JaffaCakes118.exe	31
PID 1292 wrote to memory of 2084	1292	a8acbce81d19a32fbc1c91a9c3109d14_JaffaCakes118.exe	31
PID 2084 wrote to memory of 2652	2084	iexplore.exe	32
PID 2084 wrote to memory of 2652	2084	iexplore.exe	32
PID 2084 wrote to memory of 2652	2084	iexplore.exe	32
PID 2084 wrote to memory of 2652	2084	iexplore.exe	32

C:\Users\Admin\AppData\Local\Temp\a8acbce81d19a32fbc1c91a9c3109d14_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a8acbce81d19a32fbc1c91a9c3109d14_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1292
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.videolog.tv/video.php?id=409372
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2084
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2084 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9f5e8d90944b79f31c4752a9cfe00758

SHA1
474106be4730df995fc9f9a0407452fd9a77cb97

SHA256
6949987a1ed34a84c556ee3d0ee709715bfe8c12d5fbfd178737718b59cdb55d

SHA512
be9d3bb2b7b84e939c322c959c64cb211f080e50ab75db1f15fdaed1e5e8f1fbe722ea7f79a6b78771e047201663dce354c6bedc135c21b03aa359531aa3a17d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3c231dd08a86579f940aaf09995c74d6

SHA1
f8cdbdeb8e22af00045e9ff29c7a936a9ead748a

SHA256
f7502261406cfe8d15245fb2b6880fb65cc9d742dab0aa99ce441cb69ceb57e8

SHA512
77dc981fad50dc3596ac0b079f1faef64b5220d0b194e037687aef5ee509e91bf5f959241df1f62cac7643d3beaee73ecb3738bfb1bcefa40b0f686be5403b65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fc023aeb6c1b56ae12aecd0c5efa97ff

SHA1
61ce6ec4e160ca98a0a51672f31e16ad56356098

SHA256
817f698d171f0e5565ba7a56807d1e007a6a1a2ca54b6f558bf9c72f2827d880

SHA512
686ff68b866c23401161512183d91fa993b9850d756d881ceeee82835fd2bb11ba79fb29601554eb5d4c13b4b8d8dcdc627105b03e6377a8ed44d5109e03166e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fd3ca1ab6cf96ba65d8e920d3119cb7f

SHA1
c3d95f347550f4ccf647df8fe6346a94089f33a8

SHA256
36a06e0fc648cd4c8112a75d2209abac028f419196f2e43748e83e3fa4731b23

SHA512
55dea8a0653a9b85666600148266e0030979c0655e60c43bf86e2d8321f8c13531e968d51a6cd4926b8d0b34435aefe66c216583f28f0cc2da82c5f70a052022

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
98bd71176a0d2eca6cb9ea9aef0c7cdb

SHA1
671af7fc7e219ee617ff51ba6364ad27ebaeda1e

SHA256
1ae73eae50cb558dedc7fccfc3363728aad8219f82ede38e3e84b4f761a0493c

SHA512
a160eb5307ba01f92515484cdb65c1811062225e2008c03fe0784940fe83378077640cecdccfa5e15fca41ad6341d4afc81c84ac4ddcc52ce141354d8cf0fff6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
948268c0749d470174bf1a94444b5854

SHA1
294f53b3effee0e9b55fb59f5913bc9a7f4a977a

SHA256
7b279848e77c37bfe12c45094cf7814544c3467854aea49daae619c4131e04d9

SHA512
8a026544634d1397cbfaa58f32e88878a9b5b547e3e469fa5b68764e018910b5fbde1eb288402b3767ec3d13429075e85cd8c14dd2cacc67a63c573440346d52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
432acf5eb84db71665fac6b91c1b7e8a

SHA1
a9aaf0b019efbb4e7bb571ca36cdac3a311c691b

SHA256
668d067f452b522c82f0f342f15d938f4f008e21e353d131337d8b1d1eee2e23

SHA512
e931f16c24c991e87a82c95a798e5b38dd021cfee74b558a6900b04acce4b45257aa686b59b2dc88594233b7f5d3021f9a0c0ad61b061e7ac2ce63da3f2dc2e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ca37abdc90d0ef66b11f9745d313fc32

SHA1
053f5f1fe2e8981c46d7d3395676239e6ad44403

SHA256
66618298fc44775f7c6ba868d372d7400b2a5745cf3986be808eab6bf2f4c67d

SHA512
dffd640acbe722e77ede0a3b69afe26d0cb2be50b7011723a1b1d3327809315baf89c49fd4064f6367ef9c470962f3e8a7304b30a36a5ab8fec3cdd1ff14a454

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2bc8dccaf08f7bf77e8fef96246d3762

SHA1
d67432ee4c729398ad532fb95bcb405fa13bbe77

SHA256
ca1712bcf0ab1480c677f35b2f12b8eec8d4e20d9e24461c945835f38d1680c0

SHA512
274e07ec4452da757abc7ab280069ba0bbb9580e96b73cc2b964d05ec17d3e064fa09b9cb524e0877429c59e6dffc6fbf22ab62d3a54845920d7bdc7d3952897

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
50cb98efe760a595463b98244cfa93f1

SHA1
e54b77e1b47a5b5cdcfd0c69133efd7e1e466a35

SHA256
cc9817c5e6776340a09efae404fd855d11daec134c2477c321353e6c8723b53f

SHA512
fb77f7b0483bd9b6a532fe99e55664846366bfa2a9ddd306a2ab5c42ef3c794174a5be204ffd4715c68f3ce100148a0aaf78296e83a08c7edcd20c331b84a1a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
15bdf8bac8aa46cb64ba0a6495bbe7a6

SHA1
f845fd624787d06d228c96c22cb3f15d62821290

SHA256
e15323d7211ca42af741c5da90c4c38a49b50a63900833fb312865cb71b50105

SHA512
3fabf0fe3c210607f3283e28dc10c9169854f5a2493653e85d790cee3436d4bc009f7bc12aa445bf65a8f96523157169369133331340bebc1b96935e876d0204

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
72cf280482eebe31cf3b3c9a205aed81

SHA1
1122cceaa9dd6443615c3fd267b28c3f9ebfe69d

SHA256
2577acf0347249787593935305593edf121341d1c8aee489d511686866cdddac

SHA512
33dc4ebd9ffa58eff11e396c5a5a5e09f1a8b304d68243ec13b2b612a4a1a6a3a93114964cc3e7b941163ca3ad2509d5ba8c0167d1b10fb2937ebb520aa298b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4e5774505970f2c1fb7d558636b026c7

SHA1
2c1c4146ea6166ecc512d504bcab5a8c676993c2

SHA256
3887e577c6840403a8a0fe1c92e406d678cf9c4aa4bdf00b6f3ec856b04a679d

SHA512
3ac9b52c9bf619af42b84de86cb3e45fd9a18a147c085663e4146f9711283597bc0899139ca8ed3b9b1e483c2fe1f3db24170871c624704697789b9de48f1fb7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5846a2b73c2bb982a5a443057c345fd0

SHA1
edccf531b7843144c583714ce985dff84456e324

SHA256
da6e2742cddddb748470253a1c32e1716071ef3d6babe1ee72dca1920ee2e75e

SHA512
374760a6a8db74f74f97ae69b051ba451a5fc8f111c1dfbe0be9a65e191429e15e3e14753410cd31ceefd0677b02da5bc4c727c06677e6e785a768402504b2a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8AB.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar91B.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/1292-1-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download