c0a6db0700e462f70e8cfb09e526217b6aca2c865e52d86189d08d6be97a049a

Analysis

max time kernel
121s
max time network
128s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19/08/2024, 22:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

acd90ad2f4d8ffa70c7789a35ed3e26c_JaffaCakes118.dll
Size

68KB
MD5

acd90ad2f4d8ffa70c7789a35ed3e26c
SHA1

140a1aaf004812742897486d283bd7f2a26d19a2
SHA256

c0a6db0700e462f70e8cfb09e526217b6aca2c865e52d86189d08d6be97a049a
SHA512

b1c3e2fc6f6ba14ff438e6417ea6ce2e4884cd5e982f01e4b2891069d0497cbcd75709ee617149de438b796f46a8d6907d87dc5dcb5af05c258f60cffa5d3e5c
SSDEEP

1536:eKaouK0rof8925RMehGW426cH3P3JqshuqRxzq:eKaouK99MqB42r3bnNq

Score

5^/10

discovery

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2028 set thread context of 1956	2028	rundll32.exe	32

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0BC9BEB1-5E7B-11EF-BAC8-6205450442D7} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430268672"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1956	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1956	IEXPLORE.EXE
1956	IEXPLORE.EXE
2500	IEXPLORE.EXE
2500	IEXPLORE.EXE
2500	IEXPLORE.EXE
2500	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 2028	2052	rundll32.exe	31
PID 2052 wrote to memory of 2028	2052	rundll32.exe	31
PID 2052 wrote to memory of 2028	2052	rundll32.exe	31
PID 2052 wrote to memory of 2028	2052	rundll32.exe	31
PID 2052 wrote to memory of 2028	2052	rundll32.exe	31
PID 2052 wrote to memory of 2028	2052	rundll32.exe	31
PID 2052 wrote to memory of 2028	2052	rundll32.exe	31
PID 2028 wrote to memory of 1956	2028	rundll32.exe	32
PID 2028 wrote to memory of 1956	2028	rundll32.exe	32
PID 2028 wrote to memory of 1956	2028	rundll32.exe	32
PID 2028 wrote to memory of 1956	2028	rundll32.exe	32
PID 2028 wrote to memory of 1956	2028	rundll32.exe	32
PID 1956 wrote to memory of 2500	1956	IEXPLORE.EXE	33
PID 1956 wrote to memory of 2500	1956	IEXPLORE.EXE	33
PID 1956 wrote to memory of 2500	1956	IEXPLORE.EXE	33
PID 1956 wrote to memory of 2500	1956	IEXPLORE.EXE	33

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\acd90ad2f4d8ffa70c7789a35ed3e26c_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\acd90ad2f4d8ffa70c7789a35ed3e26c_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2028
- - C:\Program Files\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1956
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1956 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f14fd6a85df60381c23953dff12f8705

SHA1
6ea6a995adae7a7ecb12fd59a55fd321ed94c43a

SHA256
e7c271e04eecf17457042e5dc680d5948550e7c1013b425f687219e7bafd3cb3

SHA512
5de4d831dae58723a75c1e1c61506a86d1781a25d5c0cfd9013a780fa257d721c514305afd9e35a529e2faeeb3c0ff20118f5553033d0138d15feb0b50d6e82c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aeb3ad2d83e585ffe229b70eda7e15a7

SHA1
4264251eb44a7e0783a167c308cc39087a8c3ef4

SHA256
76395bb4bd42df2d280d7189e20f8c90d3eb51ce7a8997c4ff730bd2b2b14ad7

SHA512
8d2b567d1b0381ece871e1e3c0d26df7a465a65d407674c234cf8de278d2614ef38dfa02e4eb5654a1dfc0a95440dab5a7e182ccc71246b0b7e193a2e4911338

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
12b289f300c404e3192447e89c1cac96

SHA1
b59e42baf785cf1ce0b45cc3eeebf0725267d1d1

SHA256
f838cc79c218a7fed9022438d7fe1bbce3e6da5a4de32862e4bc192ed8cfefc3

SHA512
360cc6b4ff08d37e207b9aae0a7974af20353a1fc947f23c3ef87a29fe66ef5dcce94dbcca2aa3a9c2f441984ec243b5082c25a51b6f342c17e264b8678e64cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b4da833a7df5ea7ac4e78ebe3cf0af01

SHA1
f69283f20f3d1d3ca4d98c205464bc1629cc8017

SHA256
73bea7bbe41f611afe0ca28ea1ab03f9cc99501122c3abeb2f00ab0e3751b484

SHA512
0b4a71daff0b561e80249c09d6a479ee81fadc7b2bf71efd836d065ae1506064f36841e53376493b918efa4207eb878f2371cccd90892e097cdf844f37247de7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
efa80f92c4df5c46b4d746cb5a4e0323

SHA1
1426903b4db7f0d5325b1764ea028cc9e4d49da4

SHA256
ca0f1a72f9e831795e0cba20dad2c262f2335b4d27b5be9a9815c427e10d5c17

SHA512
81352b77e687ee7715d663d0432695c7402ac1844a835ef281196e3fbf9d838ba2751cb68cb44810698d3768e436da6014978edabb2bb49bc022e2b98853300b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2cf74c1055c802da264000d3148c694d

SHA1
865d7e608c576ff2373249ae12678085de4646cb

SHA256
5eaa845f9eab68edc8d1d5f859d5f6aa57306fc9e9a4ab9285d73a3c97fc31b7

SHA512
e5ee4c9c17678ddeeeb6039692ac6ea04d59f1dcd9326f22d36bcf6fe63e213e1f73fcc984420e23e11c8d4246104836e24ffaee0bd42078b8c7abe2d92ac255

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d84808a0697fc4314e9b28a6c338b3ad

SHA1
459d97fba34d13b88c32f58c0345a0ec76fce40f

SHA256
a7e49cfb9917e794e668d1c7161e2534714f14615bbfc290b54cef0773faaba3

SHA512
7075fd1b116a1da9ab929eabce31c90f2e5a7ede264af8be57c8184095d3f75849a60dfc5f1666b2ef8b9b02b16d8fb2557fb0f34843a51736349a92b663971a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e229e8723431badc6b7e4d33b8101e13

SHA1
22dd85fdfd2e6c607bff5e1e31bd516c0b090ac6

SHA256
304d036f8328eccc69dd29ed00855d8830e23ef2dc01cc92d8ac356436aeb0e8

SHA512
4bd4ad0675d52873ab60a9364b147e1809063b795059bfb62378f01e91145139a749018a6e562900f30f3180da37ea42d2be4ea9c22139329f520af7a150dc4a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
888ea0d317c05723a7b4e11af84ab354

SHA1
101854da87e8ef1f4ba77c88a5d51be064a83ba9

SHA256
327fed88f5ee6b62bd2e3ca52d46f5e9eb667bb6f351b399b579afeb33673782

SHA512
90dfbc15aa93ea4b5e6ed6a645837899fa6fd4f0173db23e9dec34b4f70af71dd73aa356916d00907769b1450e6096bc1e27380da22453c4d9f6b3643a61a1ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f9d829dd53fe2a4725475b23239b8c3a

SHA1
21438431d03d406ae40c32052475bde0a1458c10

SHA256
cb923d41214cfa8f2fd064f17f1dbeb36dbeca17f6b07b467e41b6703c6b3f3b

SHA512
ad971a482988e9c91ff912e26502d54b742dc4f4d08696db07698f0f87b211876567a3afd11c5692e9425726556c210304a6c8a6f86497fa389ff71bf920b165

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c204ba5bbcb13f9861160a721b66366c

SHA1
c7c2b77bb4f02797bb3a31b8721844de47efa8a4

SHA256
3b16b05fce9db21b792565cb46798047e6038dbf752dfe160338ea4b33fb857a

SHA512
bcf3a029e9573d7c92e76621e06ae686778b585ad9a92789acf065a239fac2a07fec6f81c50847e3414c9c951bae788266a60e68b911aa9c1132b2d500e32373

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3553976080b5c87c4c1a8cbeba67b862

SHA1
c81a807c2d05c177c9e0daf74f814ec0996eb63b

SHA256
b9f309e04d8e1fbaf85886354d71e704133e1c72417a4da3afe7dc515026507a

SHA512
29cdc2dfd4b40ece7968aaf8855e8be17f45ba54b7dd98c9ed4b25cb4cb0f906c0de845cd22ee8e397fb19cded75668cfaaa771299237b175c624ff7389638da

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF04B.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF0FA.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit