5ba9fcc14b8beddafebe3499313aafdc8723cef6cc2f7c820e52974a52bed990

Analysis

max time kernel
120s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14/09/2024, 05:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

df90a371383ca790075a1f98de44ce79_JaffaCakes118.dll
Size

67KB
MD5

df90a371383ca790075a1f98de44ce79
SHA1

a4bf54fed68a5da47995e24ffb70d3c3accd3f50
SHA256

5ba9fcc14b8beddafebe3499313aafdc8723cef6cc2f7c820e52974a52bed990
SHA512

abffb1463a82eb1b229de1988254008734da70ea11e24daf3a513f87c6f746a597070cb6a29b15c1058927dc58b8d1c9320f6da27d285b018ac7f40cc99df966
SSDEEP

1536:7KaouK0rof8925RMehGW4j6cHeP39qshuqRxxzz:7KaouK99MqB4jM3/nTz

Score

5^/10

discovery

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2732 set thread context of 2700	2732	rundll32.exe	31

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0507CDA1-7259-11EF-BFE2-7E918DD97D05} = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432453080"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2700	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2700	IEXPLORE.EXE
2700	IEXPLORE.EXE
2864	IEXPLORE.EXE
2864	IEXPLORE.EXE
2864	IEXPLORE.EXE
2864	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2444 wrote to memory of 2732	2444	rundll32.exe	30
PID 2444 wrote to memory of 2732	2444	rundll32.exe	30
PID 2444 wrote to memory of 2732	2444	rundll32.exe	30
PID 2444 wrote to memory of 2732	2444	rundll32.exe	30
PID 2444 wrote to memory of 2732	2444	rundll32.exe	30
PID 2444 wrote to memory of 2732	2444	rundll32.exe	30
PID 2444 wrote to memory of 2732	2444	rundll32.exe	30
PID 2732 wrote to memory of 2700	2732	rundll32.exe	31
PID 2732 wrote to memory of 2700	2732	rundll32.exe	31
PID 2732 wrote to memory of 2700	2732	rundll32.exe	31
PID 2732 wrote to memory of 2700	2732	rundll32.exe	31
PID 2732 wrote to memory of 2700	2732	rundll32.exe	31
PID 2700 wrote to memory of 2864	2700	IEXPLORE.EXE	32
PID 2700 wrote to memory of 2864	2700	IEXPLORE.EXE	32
PID 2700 wrote to memory of 2864	2700	IEXPLORE.EXE	32
PID 2700 wrote to memory of 2864	2700	IEXPLORE.EXE	32

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\df90a371383ca790075a1f98de44ce79_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2444
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\df90a371383ca790075a1f98de44ce79_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2732
- - C:\Program Files\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2700
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2700 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
829549b608a3779ade33a3be51425a68

SHA1
4d95df975771460ffab733e0321ea431ef837492

SHA256
6f09bf3ef6f2e5ca9870faf035e34dcea88ba75e240a93df82c99133b944e0a7

SHA512
820fa0eaa9e21fd0fad230270acb84252f06e375a6eb208edfbdf54ba40741011ec35ed563bd6219cf890e5e131b745f063117465a61e14aa4b32ba8c9de600e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2ddd874730443c7ae6381a7a0d10c0b3

SHA1
523075674ed3e1b0172a0eac72d0fe46ef347228

SHA256
688ff466cecf549e99c69bf551d19de0ef412ddbacae8f8806703b17bd0302cc

SHA512
0a7d4c5f9b25d3dd992370ac5ed5a8195cccdff557c790d4fb596928719085e02485909c28225f52608f11d81b83afa05d24b051957b23a404c290d96f13dadb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
46739945503fabf19334845bcda3c9fc

SHA1
6c61c84572dbdaacda14b8b5d093252299b58046

SHA256
2ec2d6149be7e7bd1c45600d7e050e507ee4743e63181905b68185fb5a944115

SHA512
b506b1200646ce34f89b885ebd0e291cdad983b464d38c2c7bd2fa43b17a45a18e127b2cc0e6d118a7d1a157be9e8a620dade05a657fa8180c0af6c8162af530

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cd8bcd41c914abe4adbbb536cbe81478

SHA1
1ff46e6bf34a33655fc53233b5196db3adcc0029

SHA256
ac49f57a2caa85a406cd568bc73f3ba3289d04cb9a7635f8def2408eac1b0a9d

SHA512
ae7840294aeb0b1854381a42bf59c959e55414ecca84e24c404483406efc1c1785d7d724e89f2da84d608001dcd0a267ecebd5b35c7fdde0482fd513ed760d65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
26924f9130ee5a36e0a8b03405c42a12

SHA1
cba47f6d19fd6f310fc6193fca179bd7c35f245b

SHA256
54de563cdcef318b6b7a6132b13a963debcc424abc36bb6f94d42c7a19cd1ed4

SHA512
37ae45ae3d9ae4dff15e946848b15001cace53aade8d6a82e31665238e30167e0344283b693f228ef6b8e04e78805cbd3def23efc37fde8a8375a558836cd889

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b9c198e7727a185458477b83e1642229

SHA1
9a2e6de2c71191e212f432c441ea1ed40c5ea4bf

SHA256
f5c806f92a1239bacf1790f9cf402747a4ee31fe5d979031d22bf85f37c2e634

SHA512
3cb1ef82f75cfe74223f28d9fd46f7d01f2611b3e38d1cc95246ead55dbfeb4e2e20f7a4bedcf1e1afdbbf25d3a1d32e7d68a96a083783841d3b60401867a277

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5836b33ae05829c382c099215e41fc45

SHA1
e046cd0905fa3ded2086293fd2518531fa5dc362

SHA256
e40cbe176b1ea7a889b68ada616313688d891950e72b6006be48bc385e51f98e

SHA512
ea331392b159e9dbb8f923ea1ffe27dac2101253a2d3d4753daad74a46a8d15f97de29a994974a097c048e3b1c9fb3f98b605d334a9ed93244b8f2815173939e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c65145054d03cd3dd6990dc6fb47037e

SHA1
08f5cc273cca613cd7e4ce6e530346b3f905d425

SHA256
9c4509712686d2fbe1d659c23287728e77f407d5283d16c20619557d9beb4e0c

SHA512
6fc0585b86fda9c109c23a5c6bb154f553f41272a95df233bc51c8e50026ace0608dbd3fb53435318dea5688f80e10b9b98a002e9d56dc379b7fbe87d40bab6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8f44eba412c969bae9331b1d35f6e778

SHA1
01548271741b579cc92cb5a1672a25d1cfbc0a53

SHA256
0356dbfaf04ed9e1f2320fbe9123a5cb78596421d33501938e7b2f9aa07844d2

SHA512
18b95f2aa4c52b7414d80c1e6a277de24f51b054fcb1e26e32b153358dc8b0caa606ba0a658704791830775682f2f22a0f1bd9906a9494f4de1d982ce2150561

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8538d635e395a055565c23da14810c51

SHA1
a762da4d1c75a747c58992eae83ae14c6c082eaa

SHA256
a2b06918856c4a111223d38d1da97a6d09192259b4795590c9bd2d45f19804b4

SHA512
3e14a6f5baa40a672ae76086555f449e50a40c2e3847d99d1e5855dc51cae97f97076e794cd8d6accc7d151beb9d9bfead59f62b39127631b38ecbef50e84791

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5754cd4e0696a8816a6f0c00eec38fb0

SHA1
a0c49114db903b7d7990adad03e4bdacbccfc86d

SHA256
3f05a38c36899aac32a2f844966acc89d002b94e1575da33da8da8fabc1a1068

SHA512
6636ae8984f92ff4e3fdd5c2f2d6d9d7743d7752f0596dca7f484e180b7d86bce894a2f8dd65fb0dd106fc311300f8a58d159d207c3cbc491e7917bdf49fcc76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e4c1eb46a4274888bdd0cc47869aac2f

SHA1
e691ce14a0c5ba8efacafb9c3aa08d38c4af4e1f

SHA256
ac29dbb77466279dc9f911d8fea35de81d5ac41311f0f834da61c0c8ac796e30

SHA512
5f2de89f1b7421b8d44dce0a28bcc3c8f543c02d84eb3238b819c92403ded214b51146334bcc770a8b23c4554be528222fc8716c43da2d3e88111134a03dfd1c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a7a7c6716876c84cc1503c2790f146d7

SHA1
1d7413a7eb8f2db521ae4d3ad4bfa27201a8b3a1

SHA256
dbc0dfabad88d56df84e9824b10ce7951143bc9dc7e18a49a40fd65fd780d997

SHA512
0222319466bdee961dda564c375abcfa1a43b5a73fc3545daea57698b234c65e909afa3c95efb9ed7250209262a8ab90d1c056f21aaa10b6aeb15be89c03ab1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
142087b0bdf7fcc7829f2c83c34acd37

SHA1
5718d927b36db143c19412abe780e2ceced8fc98

SHA256
3f6e136e8ba76e76a12cd0c3f72a4ea2157732b230da3d0a86ab8ba8846186ed

SHA512
ef3ccfc45ec29a799d7522c582384e4f3c085e6732ade8b1cb058aad51225ee93122d26b6cdc4cf9acef5dc3858ae1cb710f5dd1aa1446f74b618092ea46436e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
599cc4ff20aefa66af03f8d6ca037bf5

SHA1
43f5adf4adf5cb29b7d8a930ed0bfc0af1e8a1f2

SHA256
20d106f12dbcc199130673a3d0510c14fca8d1578e2021a22639be79763a4076

SHA512
eec8b8f75c051740b07f5ad79d36e7a282ca36e933bc6800f74812a05cf7ce0da574a2bd2bcfeb312bf7ef32873531743ac832030719a2410840f856672d39c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
607febcd5cf94d84ad58153fbb95c89f

SHA1
3c33968bd541ca58a6c122f76f658e1b6c279f28

SHA256
11207b135e4a5fc2bbcf50e409aa0ae71b6146843b4ebb323e8876afb572dd86

SHA512
8c9d45797f813381e8d950704562d473878865cb93637651c501feaa656255cfdadcbccab09ba48461f758e1dc863d951f5977273618f0516b20c38a203410b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8ad0768d23d597cef10412cbcb314359

SHA1
6dfa01ad3a00b2f93e104caffa79695143895e41

SHA256
610ff5131f83a9ef1945c4f5fc854894ef44628c8c048c04f166ef02f083fea5

SHA512
1a14ea761c64ae73184a13ce7e6fea727cce57ab63c49ab1d89fabf7594867e0234bca370ccc652f77dc429f03cf2cb5c766046bcd45706409afc0ade8b87c43

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF40.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF52.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit