4344f3ff46a4538aa8638c8c0592881af8eb68118ed14c7c2b3d6cd7f0567cb2

Analysis

max time kernel
118s
max time network
129s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
20-08-2024 05:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

adfa0792e78bdd1ccdd81f2b009ccb55_JaffaCakes118.exe
Size

225KB
MD5

adfa0792e78bdd1ccdd81f2b009ccb55
SHA1

d4b37096ff514295be4b580baf2392a4651c75f3
SHA256

4344f3ff46a4538aa8638c8c0592881af8eb68118ed14c7c2b3d6cd7f0567cb2
SHA512

adeb9018bedf4aca494264a8a2ede5316900b806928ce07bb3c65f0bd8796122ebe6f184c36c1a0495a540bb70c0191a9644c78b72765843197214cca9feb03a
SSDEEP

6144:rLCW/XDD4NwJIjuAipesGzeQajlCDCnLpsbiT:rT/Tk2mcpSz4oOmbM

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Spy-Net\server.exe	adfa0792e78bdd1ccdd81f2b009ccb55_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Spy-Net\server.exe	adfa0792e78bdd1ccdd81f2b009ccb55_JaffaCakes118.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2340 set thread context of 2124	2340	adfa0792e78bdd1ccdd81f2b009ccb55_JaffaCakes118.exe	31

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	adfa0792e78bdd1ccdd81f2b009ccb55_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430292646"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DD7C3871-5EB2-11EF-8340-72D30ED4C808} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2124	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2124	iexplore.exe
2124	iexplore.exe
1864	IEXPLORE.EXE
1864	IEXPLORE.EXE
1864	IEXPLORE.EXE
1864	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2340 wrote to memory of 2124	2340	adfa0792e78bdd1ccdd81f2b009ccb55_JaffaCakes118.exe	31
PID 2340 wrote to memory of 2124	2340	adfa0792e78bdd1ccdd81f2b009ccb55_JaffaCakes118.exe	31
PID 2340 wrote to memory of 2124	2340	adfa0792e78bdd1ccdd81f2b009ccb55_JaffaCakes118.exe	31
PID 2340 wrote to memory of 2124	2340	adfa0792e78bdd1ccdd81f2b009ccb55_JaffaCakes118.exe	31
PID 2340 wrote to memory of 2124	2340	adfa0792e78bdd1ccdd81f2b009ccb55_JaffaCakes118.exe	31
PID 2124 wrote to memory of 1864	2124	iexplore.exe	32
PID 2124 wrote to memory of 1864	2124	iexplore.exe	32
PID 2124 wrote to memory of 1864	2124	iexplore.exe	32
PID 2124 wrote to memory of 1864	2124	iexplore.exe	32

C:\Users\Admin\AppData\Local\Temp\adfa0792e78bdd1ccdd81f2b009ccb55_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\adfa0792e78bdd1ccdd81f2b009ccb55_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2340
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe"
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2124
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2124 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:1864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d1273c39a3b25c256fafeedab2c6a9a4

SHA1
e281e2a741cadae2d39c1b32e94aadbfe5d1ee42

SHA256
504afcc675a6a19574d867850f12479807aa94a05cb811a3312c71e3d5202e7a

SHA512
9fbbd7c9f20e8959712e0cc92d9efe99be94c9f5888d004ba4e80b96857bc54c54f05e0f4236b3b527f2b6c6388fbf06d9cc80355883bf0025338d2671197316

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
faa612f72a298c0cffc754979f99d503

SHA1
49fc32f0946a62561697e37fe2850b3428d22faf

SHA256
b0ef2f7fa298f2eba21ea915d8e80c1a7c05803e0dd4f7b05929d844cd464f34

SHA512
3e3d45d7b2cfbf8f26d44a813fce7e3cb828a0845e8a3070dbf7ef81fbac91b03e9ef06a9dfd50e802c125f14ce4018eae8d6e27b28371e8aaa6311d61d473c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5d648ba860052c878c4ee8d329f50a03

SHA1
2a4870e9171542c1a7f74670f1a58232ac9434c8

SHA256
25026a372655b710d281ed1f9f8437710757d377fa7a6b8257b8b34b8616cfec

SHA512
034f427f7ece62ac5882c31ab58f7ed3af80705ea4cdf8e7fa09f2412ddd6c4b42fc208871efca8e692d493de9150cdc4b82090e5d1e4dfa00997b41fdedc07e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
34485d771b8272bd58a292aa43891367

SHA1
3762a9aedf0ced0bc72f8e9072eb38c3794d1810

SHA256
b700ed5036c641d3447bb512fa8eebf0911ec8e5ed581a8b7cf76938f4dc65d2

SHA512
9bf5d9d87a85d5c21d89c0f73bbd10ab5272bd27850f0826e2dd042f4d87c835f0893e3466327f5cadde624b343a0919fe61154ec70af4eb5425479fe17e7ddc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b0cab02fdf314ce3984bdb4f0cf219f0

SHA1
ac533ac3d1b5c17967e0bcc57e628ae5007c6c2b

SHA256
6341f511843b21e0980b46a8a9844dca90012b9e0f41c771c988225635177077

SHA512
aeb932445e586dcfdbc2f3bdce865044923326d3f19df5e86ad483f06ea8fa02cd526fac2657f8713dce12a94595f61af3ad4fe48a65f7ffa233f245973b5ddb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a3af921120f07a5079d622dcbb1995f

SHA1
6fc5f51c6059e07eadbf54a01462c359de06cacf

SHA256
c7b932e937e9918a4435bccee590a4cb78083b733a85dec06f2fd02775a23b35

SHA512
503f380a1d9e76bbbb66f05573becc6a0a4aaa3395d727b6d219a7cf75e2234d05c778c2b48ebddff2243b47d4d5c85aefc2a0a07bc525597a78162a2d085e49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b13e6801b707d2f5be20a59f96639f46

SHA1
8997a37d22ebdd7366a4c680480e4d2ecd5f7f17

SHA256
9964e5240caaad041437e8f7f013d27a42a16669c680464581b1bfb01cecb828

SHA512
2403f99b2a6fa19a4f9de88344d6106bdf80d29ab911fdadb00dfba4b9b145069fbac352b837988eb8a738a5ad8c3248e965dc112212c12f5e5eee3d77918d69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8ed6c349063c03a4622ddda451ee3a80

SHA1
ff2f1f38a97dadefd244d96aacf30b341db44819

SHA256
bb573cc2e7f998929d86ecdc61e8b9c49c4414837c35449e85e8c1298adc4bb6

SHA512
193be7183296373d27a4c23eb16740a7b6dff999dc691303ea73fa02ed43a2780c2f3d82c383ba54f97fabafb2b4aa0201f30c1d7f45fc21fb51f2488a0c6dc3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
42bc1d09613c6348a2df5c78dc30f8b1

SHA1
893bac0141fa912b26d3e5d65026d20370e8fac6

SHA256
86e54289c364deb2fb122669397f6fb8b769f911a07fc9217a26fd5d16f67b59

SHA512
8963f4271d6b1a65d177c878888ca67dda945b89617c2f34b33cddc14a5266b372d3c58ce313b048e75bf450ba584cef9758f584b496d2153d3bbbf65dafdf8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ee31d0de373bdee82c228289c3284d7c

SHA1
9a056309c94b1b3fbb59add440b714aee6375ace

SHA256
f719a2d989fde56cb487f0f122ce7c222f10edda4f9b04d70a3991d72c744c9b

SHA512
699b84c91173c2cf6e849f7f9cb2f306751159ecc701965ff53b7d9baef3eec4a765799ce657a84c4fa82064734f808fc7ec6cd83f25d6011c7504d02837d9f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
586551800c9572aad11f00b4b2eeb442

SHA1
4f8d64b973a148c46f1106f8799709fe3101c267

SHA256
97de6548b056be03d1c6c8366543854139c1370afda4af16855c9ef12718e6d9

SHA512
88e92befa3b5ba3facf10bf0f57df60916133b9e040c4ca683ddc58336872e1a5080386c01d98333de985891cd8216259d9f22cf996fc6118fadd6697a42228a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c896dc51fbd188220833cd94b541e522

SHA1
ab8a468371435dc04cd44f632ed76ffbb37e73d2

SHA256
7dc1c5df54533447cd0c60460342914d53b38df8170f4f1ed9aee70ff7eba301

SHA512
718a98cdd0fb4930612110c9d40fad552231c2f30c533dd9b9724f84c64b5d45d834ead40596e024c5f8ed466e7eb5fde74f624cdc44de7a7e7970eef715ca23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
768ecc33d3a6c8f642860d00cd8e35a1

SHA1
1faee98f9336a171ecb85240af3ccca55caece5a

SHA256
ec85d03355132ac9d383095ae911586391de6d92120f5cc33c498f96fc463b84

SHA512
b4623616cce670af43dc6e735547cad4850d7c8f8fa9b80df54626d4c11d6af28938030b17b1fa623ef667cf1932daa06d352b18c966b427e0158a671759ab4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
802ca5aca1f720507dd733b526ded966

SHA1
7a124c1987e57b8cf8f2ea1b9cf9d43c696dacab

SHA256
713b014d619848fcf957334c5c653dac9e7f24177aa462a5128df665ea9c3dbe

SHA512
d5ebcb4ecd5a2f0201e46f9b0b60035aaeadf54579108550eff8677ed1a8ab4d14bdd0e45bef341c56eef02e9f5321d101452bedace5bba57689ab414a6afb3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7f438f0cb9b104093ddbab8e8eeaf299

SHA1
8ace32c9f382e2f676dfbd417719117631627281

SHA256
4e1f2b072886b7a7c9a616426360a243fa1de68dfa4377f1a0b8daf4da91e8c8

SHA512
cd05b0a1a9fae1f6718a9965b2f5368c48ad4a96b8b8e6dc235ad595103b2eac5b2c4e426fef681f6ed92fc226b9cd7151cfc3bc425e752680fd18d6edd905e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8946cd37467e553fd1df33e5e592b305

SHA1
31f08194cf2c38f2492b5e53100057dd182af28c

SHA256
01f6b39254ccc24cdefbb18357fc4182dc59997019af5c77fff778c6af56b899

SHA512
845bfb435f691dca878ad205c4b5b58cd6ba8548b8e88edde6309b52beabfc588ce181cfb57f6b6e16c873126467483efa85aefdc52916e283a2d24b0c391827

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
839003df6f1071ad45e97d56e1796578

SHA1
202d12f720a7b00b05a0ec0d05704b5bac8370d6

SHA256
f93bca2f80be97ffab0e99d288ecaa303302801b2e6e6a776b6e09b215c704f7

SHA512
c334ab7e2326c064105d0c512a5e4056c1c42e114b02ab75789ae89a1249763df39235b77c21cb4b507e13382e6415d5e40ebf13a5e0581e2dc9f29d3ff4689e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
74e0960192c5c998ee01412a620e37db

SHA1
25d3d1a85ca6238dccd21a3f3f462e07302dd678

SHA256
39764f4e3d1b798ba2271fca460882488809b5b9441658b4519cc56639356c9a

SHA512
7c70f2042f06c7ebae7b75c47922ed058932da2a8bc5e011995eb5cdc2bbc460adf365ba57e45b885edfb646d923129511dc6a14b82847e46c3fae5d48bb84ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1A9.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar229.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2340-11-0x00000000002A0000-0x00000000002E0000-memory.dmp

Filesize
256KB

Download
memory/2340-0-0x0000000010000000-0x0000000010084000-memory.dmp

Filesize
528KB

Download
memory/2340-2-0x00000000002A0000-0x00000000002E0000-memory.dmp

Filesize
256KB

Download
memory/2340-3-0x0000000010000000-0x0000000010084000-memory.dmp

Filesize
528KB

Download
memory/2340-5-0x00000000003B0000-0x00000000003F1000-memory.dmp

Filesize
260KB

Download
memory/2340-4-0x0000000000240000-0x0000000000247000-memory.dmp

Filesize
28KB

Download
memory/2340-10-0x0000000010000000-0x0000000010084000-memory.dmp

Filesize
528KB

Download