0ac2ee23ee05d3706db7a7c069e540c4deab1c81b88ea8317665e27e5471f2a7

Analysis

max time kernel
133s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-09-2024 11:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f5e07e084091c0e4a1882db1e49b5741_JaffaCakes118.exe
Size

56KB
MD5

f5e07e084091c0e4a1882db1e49b5741
SHA1

546dc17e0559cb014bd1aba77b4456d2c21e2627
SHA256

0ac2ee23ee05d3706db7a7c069e540c4deab1c81b88ea8317665e27e5471f2a7
SHA512

2f14c63b605eb33f8b68c4dfad266504d196357dc1a924ebbf159b9874a19167a4239158d69aeeca99b298b9717eae9c711b017f89401bd145c71f9e7dcfd065
SSDEEP

768:Gu88JmsOFMi3tYn5UQTz47x0oMIzpxfE0RXML7VceijZ:GuXmXW5VSvrS1ces

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f5e07e084091c0e4a1882db1e49b5741_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433424417"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{970935D1-7B2E-11EF-999E-E67A421F41DB} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2204	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2204	IEXPLORE.EXE
2204	IEXPLORE.EXE
2980	IEXPLORE.EXE
2980	IEXPLORE.EXE
2980	IEXPLORE.EXE
2980	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2280 wrote to memory of 1940	2280	f5e07e084091c0e4a1882db1e49b5741_JaffaCakes118.exe	31
PID 2280 wrote to memory of 1940	2280	f5e07e084091c0e4a1882db1e49b5741_JaffaCakes118.exe	31
PID 2280 wrote to memory of 1940	2280	f5e07e084091c0e4a1882db1e49b5741_JaffaCakes118.exe	31
PID 2280 wrote to memory of 1940	2280	f5e07e084091c0e4a1882db1e49b5741_JaffaCakes118.exe	31
PID 1940 wrote to memory of 2204	1940	iexplore.exe	32
PID 1940 wrote to memory of 2204	1940	iexplore.exe	32
PID 1940 wrote to memory of 2204	1940	iexplore.exe	32
PID 1940 wrote to memory of 2204	1940	iexplore.exe	32
PID 2204 wrote to memory of 2980	2204	IEXPLORE.EXE	33
PID 2204 wrote to memory of 2980	2204	IEXPLORE.EXE	33
PID 2204 wrote to memory of 2980	2204	IEXPLORE.EXE	33
PID 2204 wrote to memory of 2980	2204	IEXPLORE.EXE	33

C:\Users\Admin\AppData\Local\Temp\f5e07e084091c0e4a1882db1e49b5741_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f5e07e084091c0e4a1882db1e49b5741_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2280
- C:\Program Files (x86)\Internet Explorer\iexplore.exe
  "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1940
- - C:\Program Files\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2204
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2204 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
29006bb9b77894fdd6a1cd502b3bb759

SHA1
a774d0e7306dea6222517e1eb86a718861f2e9cc

SHA256
a1f2148d25e2687f41045153c7ab12e4fe643343d4cd0f81635ecfdc23df41eb

SHA512
2053d3a6d373ee79b7a1b4f8ba53f0b8c287c9b555ec6031df101ef8f8d730ded4ce0b9dfb2879e5e234e9ed0f488f8b9290d116e0a47ef0258ca9c19a7f58e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
820cfb9a61e6f88513c68816d94c57e4

SHA1
10dd2c63fc319848e6e6228874fb7693bb376e0a

SHA256
81d72749a9bd700533a929ab8f2a13da014cdabecb8ecd408e1a990397bdfb01

SHA512
7c17126f1a98029539da67b64a67938f7f315121b2bcc7c77dae9a9722911b242c27a242f331631f2aab66bb8ebc90cc02f2a36b39323e11835686a9cf061bdf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
62650dc11d99bd5c05d6521406684cd5

SHA1
7a6618fdcc13917f2564b83d1f4ca53d198750b7

SHA256
6823c2d98d293e52460fe2b419d9415d976fddedd11a8bcfb7745e0b0dc126dd

SHA512
b8e1edaec8910b5d08544dee93a218f39679bb1d1ef67ba3eda0eae17636cfb7b680787c589fed038dfbf77f5684bbf1200e05afd43988a594f1a11fd04e7908

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
641f9085e1cbc5f82d854ee287d83ed7

SHA1
aaefac412e6273256bf317ed7d0e7f31d590e883

SHA256
b048c4f70bc8ef41489c1a6e14a354c0e560729f38929ab1514976b6bf9492ee

SHA512
b305280070da7db4540eb687a0c693074984b06c90f573b34a5fcaa83f66851e266789f05fc94079eca4f652f329fae1535a4a851e32158de1485c4cdc57c749

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea0b9faf6f51227f76c644e293879b0b

SHA1
d8316b4a1d4119d1c8780c36a9a5d2bd977e8101

SHA256
e58f9440748aaed53848c8abc2dd31954bd7ed588ab6297a2c1c035ed923e1d9

SHA512
3065c7cbf5de0e3f7ac5b64bd4330e21ea84913f73b5ed914193afa0deba2a1bc596f1d2570dc506d8e829bd09f35ff5460bc4f3ba67ffc020ac635f69700690

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7af39602eed7e34338c0537220880575

SHA1
db56cfb6211c93f7e0a6295f56222aaf82aba269

SHA256
64583e7417ab3b1c4ca7f9e56c3fff1383ed7231c9f0d7e7c51b8065baa7d4eb

SHA512
fa0c0450b837c75879225e728fd0e7ee417e38f9e2dfd0f7d24f612b61f9856f04d01060fe0e50deb1ad8865e0d138e21e67211e313c5fecd7f20a801a0e327c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c8246c823dfaec6fcd1e62cea284763a

SHA1
12f92cc268e0ed8500f8e983a76535712a9ca46f

SHA256
a478202541f9f49aead242cb8df18cd36fd6eadefd11b465b6adf7e4ca0fa928

SHA512
0b3f06f38db7010258b6970bfc52588d47d80ad16e31de8793341014749647264d945fd09dbc58be50463a786c52eb4d1be08741e1dbf24d68803f3f98889933

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
262c8682e82bb074672febd5df1fb894

SHA1
7203a81728944befc1f1eb2278a9bbe345ccce9d

SHA256
41d9694f13f879093e7c1f8e4d55aa3a5036f4b90083da9421bd995aade9bb29

SHA512
430230f6099f98f445093e96fa2fb7190707c20bf6eae0cf31b42769f1dedea9f8fb71513b292443f57bdc8a213a67651f72298cfd60ce2e3f970ecf375b592a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6a3c322f81170275237d940d6d56ca91

SHA1
047ff4e48d7649a1e3e82110e06d4c812f19b716

SHA256
5a1dfa8393fc64f7af8fd57ca7e19752fc7bbbe3edf08d6e17176cc2142204c2

SHA512
905d0ece886eba2c12e61df106520aac3095e4968f306336d8c1e64dba71251c2f86336e4bc878dff533a922915338978cac41ac9338fc53374341a689c2edd1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
613748320ba2d525d7b78c4e7fe56b1c

SHA1
a1debecf394e7f3e1fb4313de08d77dfbd352ecc

SHA256
71184311f484a06a46659a64a0f6ebe5a8291509fb1a19411e00af1ab816c8d2

SHA512
006a6b2974c8840659b21740641a4ea9a0b6016e371b495562bf8af5af03062c8d564c5b80b817c2ea9eadd62d7b81a67651fdd819f1384e1f2f6b310fe50c6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
76d0f7caec346770f7d35f0e87698d1c

SHA1
39e644323d2d2074e7b8ed61c3addd3df75f416d

SHA256
6ab080b83d000539e9f2cc05eb53d762bc3c542e553d6db326bb86c33ac105a5

SHA512
a0ff8509c62ddae779fcbe543df12a25ad4c58dc6a4fe088edde29ed8d7c47295b51d7752ee4e99cd7185918260914e83d33b36d8a2071c4c851ccf4e3409a14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c781a29cf6857d7e78936e1457228484

SHA1
ce796ee2beeaedbb38bb24ad0999e4fc1497d510

SHA256
151196569d5a95624f76e75787e8fddcd41fee8cdb8b722d897e0d2252142a8c

SHA512
c560b59863332f10935b2171b5716cfdb5ab71914a4225704b5b99d0e208f8cbb5ef92323c6301c6957e1d143c719d7fae71dadbfc878719ab2dd3438e0557e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7e3c444d6dab788e1aba853d18b9ce64

SHA1
091f77eff69f313227a4f298b31b00ba9fad45ad

SHA256
a08d0a872e4c86400a2348088e33e0a1dc8a3649475f57a14b3282c79cc0d83c

SHA512
e343b01f29d1a898a6c78d5af760466e6dffe2b8345b00684971bb973632fa7f847787b9a5d1ef6f4961603516057755fe3ceec7df0800d5081c2ff717d5cb60

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
783a07f8408414183126359b2855d2e2

SHA1
25599399b532377f361368ff9ee635a66114bfce

SHA256
3b8dc87c8d28108e27134a882fd3b852c8f22ec7ad01c11b8519874a21a4128d

SHA512
f5a8e9ee50a56fde3bd6cdb8cabcadd0b87b5d0dbaa5de3425c0dc3c09e406cd2fbbd4f8982409ad814ad3938b56a93f36321e05d409428597c5542d532b126d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
37fe2d3fedf5ca2180b20937c4ebe755

SHA1
30366db9097b10751359b0817ebd5387fde2c38a

SHA256
c8ca1fc1474a7f08c8305886fc648b13d8180726f9ed0b7015328380eab7348e

SHA512
6384278101b6950d218a92f728f4180df7a7ff4c50811c4642af30967840b6784ebb347e8b4f19079b5e0fad72d373cffa660e35b7b59ab944613a9dbfca6adf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ecaa85635e4e152d924e7004663c8738

SHA1
b85ad6265b213e1d360a5c96f7808c6db16d243b

SHA256
aa6d513620771d54b4ff87290bcce400023a3e2c34c22087191c03412eda2ca0

SHA512
68a714d26a6037cf8ba1b28059f3f0691cb785b4929d73085be0b6cd52897e6421eefe03c9cfd718f3343204e191b9cc875a739672523b828b6369ff81af9b85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ac89f73648f95d40392a1b69418e49e7

SHA1
ccd539e6759089d51e395d2ff309161d77e1320b

SHA256
2e0cf95a0ff6a713145b7234edbefcdc86e0ae01bf35da3cd5e9621c59496edb

SHA512
abe633c5986f10ad65d4fc67985d3f939c362c0bb5895872302ec244eb0087129a7d013d885e3160eaa0b46e363bc4d45f3bc2b7875909c6658948d289663e4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b74419397abf8c1136415372ea4cfb86

SHA1
abc40ed3d56e1e9e86f4bb2626dde06ab6877531

SHA256
636d083e5ac4e61d00ef7b2378995bfaa4d8c3ffb70a257f4a1e034c60b0a3f0

SHA512
315396551892e8ac1001b32399a16bfafeab92cf813e8612129805ec4b76c01c72aeaf5d2c44a6fd655cad69b2c6c567094cd831df94745f1fd6fbf7796f869f

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF644.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF695.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2280-0-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download