a863c8094319647d5e33cff6bb1c759f8dbc97c91cc6c3a0a5ad5c32c14e61ea

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
11/10/2024, 21:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

36cde3948f44733721e0a2fe0abeaddc_JaffaCakes118.dll
Size

66KB
MD5

36cde3948f44733721e0a2fe0abeaddc
SHA1

c64bc70fce34bb858d6979daf8518eb2635104ac
SHA256

a863c8094319647d5e33cff6bb1c759f8dbc97c91cc6c3a0a5ad5c32c14e61ea
SHA512

5cbc89ba78964ab736deeaa35a9287a1166872d59e8e3167afa495802e899144cee4da59a61a856a5d5224273b0ab78f3c124527422cdc674bedd879380f6bea
SSDEEP

1536:1KaouK0rof8925RMehGW446cHfP3iqshuqRR7L:1KaouK99MqB44L3unpL

Score

5^/10

discovery

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2244 set thread context of 2120	2244	rundll32.exe	31

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434842618"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9807E381-8814-11EF-BCE0-DECC44E0FF92} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2120	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2120	IEXPLORE.EXE
2120	IEXPLORE.EXE
2404	IEXPLORE.EXE
2404	IEXPLORE.EXE
2404	IEXPLORE.EXE
2404	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 1560 wrote to memory of 2244	1560	rundll32.exe	30
PID 1560 wrote to memory of 2244	1560	rundll32.exe	30
PID 1560 wrote to memory of 2244	1560	rundll32.exe	30
PID 1560 wrote to memory of 2244	1560	rundll32.exe	30
PID 1560 wrote to memory of 2244	1560	rundll32.exe	30
PID 1560 wrote to memory of 2244	1560	rundll32.exe	30
PID 1560 wrote to memory of 2244	1560	rundll32.exe	30
PID 2244 wrote to memory of 2120	2244	rundll32.exe	31
PID 2244 wrote to memory of 2120	2244	rundll32.exe	31
PID 2244 wrote to memory of 2120	2244	rundll32.exe	31
PID 2244 wrote to memory of 2120	2244	rundll32.exe	31
PID 2244 wrote to memory of 2120	2244	rundll32.exe	31
PID 2120 wrote to memory of 2404	2120	IEXPLORE.EXE	32
PID 2120 wrote to memory of 2404	2120	IEXPLORE.EXE	32
PID 2120 wrote to memory of 2404	2120	IEXPLORE.EXE	32
PID 2120 wrote to memory of 2404	2120	IEXPLORE.EXE	32

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\36cde3948f44733721e0a2fe0abeaddc_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1560
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\36cde3948f44733721e0a2fe0abeaddc_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2244
- - C:\Program Files\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2120
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2120 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
895157c37a0142b71e1e2236df91c7be

SHA1
3dea215864a238ee418ef391c4bf52188ce70c01

SHA256
36887a09f3ffa394d6e7f18c17b0c334691766642acbd8f6c22fc5622862e0bb

SHA512
ccb00e669ded809bc488e0095a20be3ca575927131b344e52d20e4620cfb431f05e9c47f1e8f3519ae40bfc72178d706120baf2378b5462a43090461d005d29f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
10340b6d51bf2ddb99f1a90a681cd547

SHA1
7952b00ded75f18247d95b4cb15e2e2404375236

SHA256
d0318b2b49476e1f61530975ee056ef2ade6c777e711366008457bbb75036e34

SHA512
c6ea30315828813ce38319d9cb39d00ce27a398a4521fdff696eced0b047563ddf242aa8887b7521d981f5b19f651541aeba11f5f24abd9572b86063d6e9a300

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1716dc931bcbfa0970362bbbe12af2ef

SHA1
2f6829ed5434eb13f07504fa8c90064be0c84cf2

SHA256
2205bd539c8758bbbc4291f8163a3d069d5dcb59cb2f0cf0f54d63d917f8c7b6

SHA512
5f9630ce4bdb1e5a1f4019f80651b27bf980cbebf5f378b63bd714849195de4161de11f7b9cf15428b269829ccf3ef6a03492a9887fab85b7eb001101da7ad76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ae9dcd5a4e0006581949ca839d65f831

SHA1
41b90f42d943942f972f5a5b3264c7c417399f26

SHA256
f6b25815e71cf8ac4e448e1cd10a45d45b09a21cc92211bf6ccbf861e2f6cbe6

SHA512
c590fc7063abb8963f7f20b6575c8b7bab3801268f559b705132df91fcc3b7b3e597d909eb4f68756081e8656f5f3035d6a72b3d5711ff9633b0ffe378b396e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ffb727dd09f0ad0d3904923dbc5a814d

SHA1
20978862fcbba4aadd9e00c86784cc1598930330

SHA256
a04eefa18bd2beda018c53b8bf90dce59cb22055081e614beb7eefff9c17f63d

SHA512
daef4c7a8c8f4c3d6b16c399fcb23c73d5c719d8c08ad28e4050f40d335881e7eb447ac30eda65f303edbafcc27395da6ab29d6b43a798bbda02055043f5779f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
15a673daa283aac2ead8cb958a56147d

SHA1
a79fb5d5a8d916c23b92a135fd65f6c15be84600

SHA256
63d38b8cbcf7e08f7587fa434bfccca26fe8269912f8ac11a7eac2f357ad564a

SHA512
c7187719ff728cd905339170f72238826d16ceed571b40f22ccb7306a058867e6ee89b922547425ea3a22c1fb623c28531e39b3dcfbb251082faca6d57f90a0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
449f389e24937907254db3337bc1ca35

SHA1
d18b93211f971666256667d74c847c94a7e5b62c

SHA256
fcd9d86df17392f71f56fd96bc060c639bdc732e7e0cc3cf7ad94159b004d915

SHA512
4967f794b41bf0bb33a41eb082c4a8a2ee516949b1ad7ca3453a59f776cd8033cac5b3c42554d4214176845c662898c0eeee57b1f66548c21e14c2063050bec0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce7d4dd5222def810c6791266f76c589

SHA1
dc14b9527850aa484ccd0dfd1b344e28a40d0291

SHA256
f39b306617652cc3649d950b9f148588bc4e0434fcdcf22908637e4d7f49e693

SHA512
5491795a3f751dd8c185c7bea2aae5330701292d7dbc34bc1fa6e44cbc24786d8e99beae77464467e19bedbc0e0249b0e99e713da6038ddd2a28234a39261f59

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
de355335d715b3361e986581b1461f21

SHA1
418c39b095d4c69851d3d643cbbb102db58ae50e

SHA256
8ca4dbbe43647edd0cb65ef289fda020946bb48386abc85913472d61b6d8ebcf

SHA512
8deef5a990a32428ddfda80a2c794f75ba45627ade9f1388e039485d481fd0398b537796b44a51f7c302966c9149e50060656a3f5362382c9c5eb6c842c7dc0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5a2c1ae349991a7b54bd29861b5195e1

SHA1
1cbd15712043489f3b2da34fc486648d3985cd01

SHA256
f5bde73684b3d83c3bd490dd75ce808e981841835e3ff1b3a2e10781ac9e4b3a

SHA512
bfdca4c4851269fc3734fcd33ab1aabb656714108c35398261c4886c3c356f379f482513f977d85d4b1738233f27fbcc05e6c3771e6c65fb8e4fd0cfd93dda90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3c317a002e76b9bd448809d579acf740

SHA1
be352381f476032ecf5275771def965a71afe356

SHA256
d21dd4f64d2c598ac71c225d03cf3a81a6a8577bd70d70c502dacb35f19fc9d9

SHA512
f8c4551d0d79827562f5b89b6f03b8b3097f51b0624842ac8eb47a727ede910c405f8e03e5647b2063b2501f25a7faae81d4e63686716eec3abc94260b70de7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
237e6b02ea471ce2d7a6f68760592034

SHA1
d5e4bb32445cdfc4c626e3524679aab13f393f02

SHA256
1f2c1acbdaa266826eacd5953954ea7af6309daf19ec2caea2d9ceec4365acd5

SHA512
a42fa5b3735105ea0a3a8a9857e0dd1f1bb65a31c1855db83ba9d408b008edfe8ef34c0539e015e5ce40d5dc7d250dda851c2ae72d63a2181343335cab9e2a78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c03b3975ad118deca2250ab2a034b484

SHA1
e139ee54be5ef19e923bc6d589b6dde7fc967182

SHA256
2a942f134662526cc11bdc469f7634c23cce12ec2893066da0c02c57d9f3b840

SHA512
b0f52b07b84b9cf616dec17d9263b08a751d331428c7c4c28451000aff1a1d3cda096cabc2e4621e0da966d22e5f1cdfe2093a9bcfe90bf09c902824d6bcd9de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f71481135a51014ae04e444c59427af6

SHA1
a50f9cf06a97e026aaebb5ce8822c7f411cdbbf7

SHA256
b54492ce1f3148ec64b2a74b13a7dd1be6a27397bb74ff3b877839f9a44eb977

SHA512
3faff6aff4d61919fc0bbd8cb3a7f12a3f39a802d37d188ac6dc2fdf512bc787052094dd86692c91ede4ceffa114f3163769eabcf2eb425824d48e238b39cb96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0aee8ea849c3f0850923c725217f63e0

SHA1
abf52e9cec2af68987984847d02396fca8ce7bbe

SHA256
172bf8d257e1afa1d0296dde472fa282e8941e1bde8c366f8d7c0691bda25383

SHA512
256dae095ecfd8d25f1d36a0f2f99a819422e963d14f962f854c759f9bc2e0c27e7ef6177a789603ccd88114c892cf8450d5509e149481e1e17c985327eb6148

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f7469a055cacd7171021075d75d02305

SHA1
97da144f9cb2cfe72e5039da9cb220eb0fb34157

SHA256
334fc5ffe629c49b5d652ed0e2527ef39abeef413a5f5c405b1c2b68a1b5f1ec

SHA512
762cb5042afd20c2a569ad75315239f68605d8b6cff757444ce36bb555a6c0feccafb8325f8ffcd40bfc3122f1e8b02140be4059d69049f6d02c325900f7ab99

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2096af45f19e61e5965a0459ee484e5d

SHA1
1e2aceb46c00c5a5068376733b4e9df9a5b09541

SHA256
af9d077aa219ab44215e3495bfe9c2c8ff3b9e8585c93f9e690d8d0246bfce80

SHA512
cf41a2dd4b60fdd1ba2568a2c42da898ccac0e8872f517c8562edb6ad87a51dfaa29f26e9cc77a8e905905fe8c6b1ec92074c53bfded66bff3e83d4caa69b0ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aea9a133dcf8599fd59cabab4dd90936

SHA1
fb72d32e85636e9da01413a4bf91393e9e2d175b

SHA256
56fb442a897ec514e194cded94899885238a24b4f11ca78621f974113d7724cb

SHA512
00a766b4b70de1c15e98bcbbd7e760295fa70f6d499603e1afd2e557a386a4695b5da28ba17caa0374e45088d1e31d5e3614fde0403cf8da2caafc6952fda1b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6eecc454cb0c1e715f1a4309f2b2d080

SHA1
34aa08fa86105397400430bff3843c00eb6a1493

SHA256
ed48f2efceefc7baef71d53359eff122f188e066c7ecb600a76e391656ede3dd

SHA512
404e17c3f643c2318538110d47885e9a4222715584a2b1df86b162beb583316308f120416563ecb024167fa9aab8d66278a0c776f0f70920f53384639db80361

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabDD09.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarDDA8.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit