983f2c30d62b5a14d56c9b51f15f99a86ae405d9e7b3a1fc6e77455729cacb8b

Analysis

max time kernel
132s
max time network
154s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-09-2024 12:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
Size

956KB
MD5

efd4ed301aa451b1210773989e5959ea
SHA1

01089faa7f4b1d49c70dde2d4cae34aeb0a583cd
SHA256

983f2c30d62b5a14d56c9b51f15f99a86ae405d9e7b3a1fc6e77455729cacb8b
SHA512

1bfa73476c4da91bdb68a33adf7e67e90fc1a79e04258fa71c5bb4f98e663b0efd6e35181b4b9854dc7aef8c13b3a16c07651294f5bd71f935d95a19dd343c04
SSDEEP

12288:IYlshvRpphRcEvW7VIW3LzqDfKm5+t6HkZKmIlO0E7hW:IY+hvDphRcQCp3LmWOkAVlOvc

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 45 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.baidu.com	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.baidu.com\ = "97"	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "100"	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.baidu.com\ = "11672"	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.baidu.com\ = "12270"	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\baidu.com\Total = "45"	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\baidu.com\Total = "11659"	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "12270"	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\baidu.com\Total = "12270"	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\baidu.com	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "75"	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\baidu.com\Total = "11672"	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "40"	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\baidu.com\Total = "100"	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "11659"	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.baidu.com\ = "11659"	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\baidu.com\Total = "48"	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "43"	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.baidu.com\ = "45"	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\baidu.com\Total = "89"	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.baidu.com\ = "111"	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.baidu.com\ = "100"	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.baidu.com\ = "414"	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\baidu.com\NumberOfSubdomains = "1"	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "45"	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\baidu.com\Total = "75"	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "97"	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\baidu.com\Total = "97"	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "11672"	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.baidu.com\ = "40"	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "48"	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.baidu.com\ = "48"	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.baidu.com\ = "43"	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\baidu.com\Total = "43"	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.baidu.com\ = "75"	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "89"	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\baidu.com\Total = "111"	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\baidu.com\Total = "414"	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\baidu.com\Total = "40"	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.baidu.com\ = "89"	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "111"	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "414"	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
2276	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
2276	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
2276	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
2276	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
2276	efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\efd4ed301aa451b1210773989e5959ea_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KGY6RCCX\www.baidu[1].xml

Filesize
271B

MD5
e6826b44502e5df811de7b6a444aff00

SHA1
877b01175d906bf96b74e02e85f3377b736de846

SHA256
71aea5e9e373972feea1d540543918fcede42771d3843a0048c0519235fe2000

SHA512
9497f1dcd7eb3c2686a5095247571ebcf2a4e48b29e7c5f8c45251a667a846d08f95a0ed43698145997388641b6823c53b4394ea8acf20487183864c9fb66e05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KGY6RCCX\www.baidu[1].xml

Filesize
346B

MD5
df16653dee797eff3127621ce6d722fc

SHA1
b854cc71c856d0e559edf5638d9de18fa2645623

SHA256
a6858ac208c97567a3ee868ae03d24496c6645584f7ca029900cfbdc8817dda3

SHA512
c0a33158bbf156042846a79f02f7e66e163cae1d69c72d6412ae1c944f7393ddce25a2e25c1ad3be28a764c45a2348e6ab3ba8b0a378041e01af3624fbbd2d9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KGY6RCCX\www.baidu[1].xml

Filesize
16KB

MD5
962aedb57d95490c346530cefea87b54

SHA1
5b7c5f8f30f84ac39cb412a3427295f5dae4b6ec

SHA256
3cf3a079cdbbcb4a27eae13100f1e2ede78ce175cef64de1c12091258a785c68

SHA512
ef2b220f259b5f273c74cd1318851fc89f3a5171111fc72895db082674ecbdd86cbf36faa2f2481d65733497d0e08366c10586afa8022cf9ac225a2b362f88ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KGY6RCCX\www.baidu[1].xml

Filesize
114B

MD5
8d06949af1dd27b71baf790433607301

SHA1
037da40fb71bd770e2c2915028aad9780ef9cf00

SHA256
c1b0972cf073380400f7f116c76d843890cd5003275a7ce07fa4895a92ab8775

SHA512
b541813d9f6c5b4bc972e39c3d08e17790d724c72dd5e23e906f1acbd5029e980d8685a7c61a28a257869878e23cf8c3136f22ac0307f59581ffefe57da3cfb2

Download Submit
memory/2276-0-0x0000000000400000-0x000000000050F000-memory.dmp

Filesize
1.1MB

Download
memory/2276-171-0x0000000000400000-0x000000000050F000-memory.dmp

Filesize
1.1MB

Download