5ab5516d0529ea956ac7d5389b1aa1621fef777778258ff70957ab15efcd8e0d

Analysis

max time kernel
138s
max time network
135s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/09/2024, 15:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d69901ae6de0fe91252f0087bdc10b1b_JaffaCakes118.dll
Size

68KB
MD5

d69901ae6de0fe91252f0087bdc10b1b
SHA1

d64677d5ed219215282404de279591fea95695cb
SHA256

5ab5516d0529ea956ac7d5389b1aa1621fef777778258ff70957ab15efcd8e0d
SHA512

394d459347d07e884bbeb6cf6db3453d9ae9d657c68a241b832081e37e3e2d4fa4ad3f056907f8d8ff707f9d917ad7e0b7a3b703830b06984daa1e51062db884
SSDEEP

768:fTSrPSeI+n8b1tQ1ztABihk0RGC791frUSzk0eJg5yCpg9DoQemP3TeagOtLiBoy:fbZgxAQhwIfeMpgxDP3gqsXuqBbW

Score

5^/10

discovery

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2324 set thread context of 2288	2324	rundll32.exe	30

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432057565"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{20A047F1-6EC0-11EF-B956-4E0B11BE40FD} = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2288	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2288	IEXPLORE.EXE
2288	IEXPLORE.EXE
2900	IEXPLORE.EXE
2900	IEXPLORE.EXE
2900	IEXPLORE.EXE
2900	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2952 wrote to memory of 2324	2952	rundll32.exe	29
PID 2952 wrote to memory of 2324	2952	rundll32.exe	29
PID 2952 wrote to memory of 2324	2952	rundll32.exe	29
PID 2952 wrote to memory of 2324	2952	rundll32.exe	29
PID 2952 wrote to memory of 2324	2952	rundll32.exe	29
PID 2952 wrote to memory of 2324	2952	rundll32.exe	29
PID 2952 wrote to memory of 2324	2952	rundll32.exe	29
PID 2324 wrote to memory of 2288	2324	rundll32.exe	30
PID 2324 wrote to memory of 2288	2324	rundll32.exe	30
PID 2324 wrote to memory of 2288	2324	rundll32.exe	30
PID 2324 wrote to memory of 2288	2324	rundll32.exe	30
PID 2324 wrote to memory of 2288	2324	rundll32.exe	30
PID 2288 wrote to memory of 2900	2288	IEXPLORE.EXE	31
PID 2288 wrote to memory of 2900	2288	IEXPLORE.EXE	31
PID 2288 wrote to memory of 2900	2288	IEXPLORE.EXE	31
PID 2288 wrote to memory of 2900	2288	IEXPLORE.EXE	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d69901ae6de0fe91252f0087bdc10b1b_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2952
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d69901ae6de0fe91252f0087bdc10b1b_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2324
- - C:\Program Files\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2288
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2288 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
43a7486e39193646751e0d858821c4f9

SHA1
a6110d395f31ec06c14147e0a81eda6ed9703e45

SHA256
8d5a374126c1b60ea296e1396256c98318c0014f5c455561c031bf70cec0b2b5

SHA512
2f91ed997b20d154f55f6ab36e934c8c5d37f591134d58e55a5d2b55dbe9d08b983f321efaeb3b9bada5a8fa749c3a76105179ef51f82200524f2d827e3be732

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea867fb3c6fb29207a60303051933793

SHA1
65f54fdaef56e502548279b5030ebe5966609c81

SHA256
9b25ebcf93a4fb4d5203f60fc35604091055fec7650e8972c45694cf50ca95ef

SHA512
4e15f49909af2a19b3f1fea43c44956ff4710b8161e1ed2580f4751f6f6902369f241a0438de67714cb7ce85358127070092652c6b9c82302df288393d75ca0d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
01ebb08a5e00197c93238acbfebae718

SHA1
72fe8403e0e7ab93583942b633750ebedc0856d0

SHA256
fb2a9ec34db6ed1cb65fbe528b1159e69a6f9cc1934d218b23a060ab57af7ea1

SHA512
005614f43d3b69addc87c3a96e648b8666b53c3f3aa7999eb90655769001c0d3ded6c1eb7dd23c94a56a944a153bf207b1f942aee96560432a2323506f66a68b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe80b2896df7fcd2bfd1e670d03f0dde

SHA1
6246a6942eb6f4b950e8513a9c7ac98b186e76d4

SHA256
befec4760a342207551ec788a6ccab0accb484135c1444e986dc88a3e8393a47

SHA512
39894c2f36f5170c6573275feb9d72093a7f1c5cec15d162eb87940743ee0e42fe71c48f5973f1884e14b45f7914d01100ca15d7d88daacef2520a420cc6fb33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c03ec0236851cd8cab5f1ea740f61486

SHA1
05caff2eef9baca5ed383df098020d4a4e8bb08d

SHA256
28e6b2feb5f4424cc95ada18dd7a567fba3f9ceb04cb1eafd67267a9c656e3ee

SHA512
72e4483d6110d6ea925741b370a19bc92e895b3405bcf1c61b1ea0c428b4e9bca51d002db177d24e44e1e8764ef461571d1ddfd1229e1abc40e4dfa4126d605e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
566abeb6adfd5ab449f4de20d179901f

SHA1
d462befe6371cf07e959bc1dd58799e82c88e205

SHA256
d6fada20988506e7f25a336b4afbf5d35fbfa9f60de70fa652ba5bc184d5eb46

SHA512
cfe559b1605b38226200c1780cc12bb7546f6a8b6817bf28f1112d7c257836376ec8e1ed34869309f19f3ebb21f2a891e552f026b8afb819c82a930cdcc29f50

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
57cd9226f4914d2e05b8202e77705336

SHA1
ca6e2496d28689a4d64e8dbc058318ea3a177d07

SHA256
297424e059ada0f6f8bf7b02882ef5ebad087e082f5ceefa2c934db028de5dcf

SHA512
6550bca3b073c41fe4c04d4ea1ab5d2a50015e6a690f6778f6a6975ccf8934e6b89d091de57d9af90804215c469635a229b0e997e40c27799c501a9f71212412

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8c10ae57b3b84aa62a364d9b6f267035

SHA1
dfeddb8b9272b565eb5ab324807da6dc1a8c34d0

SHA256
6fc6428317b6861c482a5000a044aba67da272571d60b302dcb53159430bb02b

SHA512
fa1a869700c43aaf1c70ca47122f3e9d16ffd4225da8431a2f8bcc1a43cddd3d858dfb1b485ac9b1db738fe7e64eabb9a0526005ae8ca07f6d86ad3156282cce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fb4bfba54e5f77d85e3458174977bb8e

SHA1
db4a22a7cfc299bcf057f86410b95f193cedd14c

SHA256
708791b428244112d2bd8401e59429c51bc3265a9a2c494781424924a3983ed0

SHA512
fc159d3913a1117315aa86749593c7af96ddf1d75a42023b7cbc9c61aa940ff3cbe22b62c67af2e79e88355ecd17701109f7562bd700450d9fd3188948dbf3e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a316a2ac1b617b05df7d5c4d4500201f

SHA1
5a3bf35a83da08e723077404133395079f3c3ef0

SHA256
32a8a0e50113c55456e9cefa18b4296363c223945d5a89443a64990454e97ebe

SHA512
9208f18d8f5ae9891caf0524bf7fa29e8820f44b7839de53beece3b279a39d103b94c8d4c3697d5ad4c96dab2e76f04f51e77f11e064346c83a3813849a0f91a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2336f0a7ad944672ec0a2b037c366242

SHA1
811e3ceba72e97bfc6870773d641e87b634e6771

SHA256
9241feb008750011646805faf602d3d2430c6789f1d1d481eb9860b01e842ddc

SHA512
b1f164f895fa486b3570ad41002475cfc01c34ef85eb70e21a48eecbb4614bc7be9464553ee8f5784c9fc5c1cc7c11e50a949aeb723af99e2b14da542cdd80bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
32c5462d0db646882b499396c46d5046

SHA1
96408b878492740005da17b2d0bfe3da11acbe72

SHA256
1882328d2c366cff87e65baead6e3552caaf9a6f756b17bbc26f44b9bd4170cd

SHA512
69d2157f2cb57b6ab8c0fbe3a3a06c1bf20262bf8327e919c82f9fec1c45f90795d4b068f6ade5586a8bf94fd4bdf4b115631311ff436c055216efc015d02936

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4ccb2c13a293d0410de1f1e5062536e9

SHA1
2f073ddf5e3b5c0f794e72934df862c484fde64b

SHA256
4eb2f2379dfc6a613a96757972c20c064621a4446081310f1f01817871d2f5dc

SHA512
7c60d3fd03dc700e5728a6b90aba404e19fbddad7fab414776ce42946c7b2828d96d62d9aa8a426358106bd5fc0749c10dbbd968b39021ff375a037825dee2f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0c7f6b9f7be239cbc4b710d8189846b8

SHA1
16de829ed7a2a894a2484c5c01fe5d0646f1e865

SHA256
cd5a2b0fd30e7f9a69475f3557ddaf5ecb965f47c4dbabce61e35595a64a25bd

SHA512
93e02929dcc3820d4c9b0486d901e564794a1099e5faa3ab2df8156cdb1a9d6226f1c7d55c56047cfe91ea98a2aa6720cc232f714b3689ef710d224d1bd4ccf7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
52a0f61fc0d8a3372afa742856908b73

SHA1
60a8aea25452b745f7f2f05c83101c1f2475be0a

SHA256
9a4df27dc09b16ac00459d64fc4f80fa7cf881116e0e147b6c17f21d2cd089a7

SHA512
6301bcf86cd60d9fcf831c7f13b2c043c675281f234917fb48296469c8045464506a52b4b832418022e4ebd95f79769f6bfa7b2591a5676789d00cba97d30edc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4b152cc540f3cb35f44c790b84a56069

SHA1
3c8032d2486dd3d7fae29c7dcbcbc80255f544f7

SHA256
cd47325dc7eb41a4475366565473f96a2ae4d4caf98afa38b4fefd1ee835ecee

SHA512
89f521583f548c00e704bad51031c6111abe8df1bda979295af3ee58f97b92b6529a5c02fe1bdcd95ac7879330eb35fa8a3d7e1ae531caa756a1636ee3a6d8ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3e84053174fb2ac874e275941e37fc3f

SHA1
66e0e3d0a5277d6e77ca3541a58c52611df92832

SHA256
5529c2947e503d40fe72382a171c23a5c60e53193c0a94f141213284cd07dab5

SHA512
e422f36460a85840dd4dac12fa5d24b6aaa2b25a797b41611ec104fc128ff3149b1885873fcc486b4f2a648e4b25e8eda72ef3af14b69863b4e872d36e7d19e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabDBA.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar128D.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit