Analysis
-
max time kernel
141s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
27/01/2025, 20:52
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_4394101d29bd57686b458ce2b4cbffff.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_4394101d29bd57686b458ce2b4cbffff.exe
Resource
win10v2004-20241007-en
General
-
Target
JaffaCakes118_4394101d29bd57686b458ce2b4cbffff.exe
-
Size
13KB
-
MD5
4394101d29bd57686b458ce2b4cbffff
-
SHA1
e5e39839d64316bc953ec65834fbd6ada0fd7218
-
SHA256
ed3e3dbaae5139050b8cd1cb61ecbe18a911900275692eadc384544639c6db9d
-
SHA512
092f78b4998ee56f13c5316f7af5c630926ab8723e5c854c96df8b640e190155ad0418bb941afbf3725fc32fa8a4567ccf0d1a2287a1d415ae698c96233f0ab8
-
SSDEEP
192:DmGwWlwFtGnHpAcZPJJhc2l7NPnEZQuPPp0+:DKWotQpDZPJfFt5EXPPp0+
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language JaffaCakes118_4394101d29bd57686b458ce2b4cbffff.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007c39b886350cb64d9d915c298dc7fe1f000000000200000000001066000000010000200000008c41db6ae5b8facec926ebc97ce4902b87fcf1c60327119476566af363d7d964000000000e8000000002000020000000219bbc0141e5bd882141b9ce51673492783ebbfb5504a35236b5c07f5f1a7024900000007ddfcc9fe8ab7c8b327736492d688c070acf254ff06c97b5567639a931d4554e1d07eab264a7172b3b73455bb0a04e68339863d14da3c7e4d1f1f32de8d8c480573e713f2b118ee38470741f2526ce763c1bf583a98549e568a3dbfd4983d13ed9146fae6ac10dc4dabfb5000f9949ca1bdff87811e617410976710a4a293325a6acdba17932162459e2dcd312c9418740000000c7489cb159ddf2a7e548209914d11c2df3b4ce3e246cc6da733bd08800f3fffdc8a4338a5bc88bac22108f59fa12076ac2d3f0a01b338c0fce5e8820bbef5fb5 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "444173016" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007c39b886350cb64d9d915c298dc7fe1f00000000020000000000106600000001000020000000e6edd9e281109a110414135017049b3ae39691be84a85675a90474fbc1876444000000000e8000000002000020000000155bb96aa0147269c0b8044f857f134f73afd549a9756f419d2594add88639a7200000009c1943202c532cda94944c7f95c58fa0399757c18873c5b6eba40df35381436b4000000075e2f1110907dffe1089ba3b5e6f2fd2f1a7dbdf9ce3b26c17da7b11ab245c246f0e48c825ccdc35cbe2262fa63e2efddeb73d96ae247efa06c897984e7918ce iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0b1de74fd70db01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9EA7BEF1-DCF0-11EF-9C44-E61828AB23DD} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2116 iexplore.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2116 iexplore.exe 2116 iexplore.exe 2880 IEXPLORE.EXE 2880 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 2396 wrote to memory of 2524 2396 JaffaCakes118_4394101d29bd57686b458ce2b4cbffff.exe 30 PID 2396 wrote to memory of 2524 2396 JaffaCakes118_4394101d29bd57686b458ce2b4cbffff.exe 30 PID 2396 wrote to memory of 2524 2396 JaffaCakes118_4394101d29bd57686b458ce2b4cbffff.exe 30 PID 2396 wrote to memory of 2524 2396 JaffaCakes118_4394101d29bd57686b458ce2b4cbffff.exe 30 PID 2116 wrote to memory of 2880 2116 iexplore.exe 32 PID 2116 wrote to memory of 2880 2116 iexplore.exe 32 PID 2116 wrote to memory of 2880 2116 iexplore.exe 32 PID 2116 wrote to memory of 2880 2116 iexplore.exe 32
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4394101d29bd57686b458ce2b4cbffff.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4394101d29bd57686b458ce2b4cbffff.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2396 -
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4394101d29bd57686b458ce2b4cbffff.exeC:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4394101d29bd57686b458ce2b4cbffff.exe2⤵PID:2524
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2116 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2116 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2880
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5520ed0bfae9e7e4ed426c48042b1fb85
SHA16335a75638980870a0fa97c41dcf043b2ea95c05
SHA256859f6c8b4ffee921ceb2f0533f0b2cd4045f466ef6e2510d4748e1b165d14acb
SHA512f82496b4ef703ee82f853af41ab20f54af1674f42087d9a2eee4ae2cf4c956cc28a1dfadbca7c72b9780c488f1344946af3e33c2b01536836ab0dd84176f9880
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58a17bb185307e6d57ecb4e493a5cf957
SHA193b600671dfb05af1492e3d6929d3c91b8466404
SHA2566eb40f2c5f0963974841b51266c4c47da17e3db41efd24c1674c07b43406984f
SHA51204246e80295e4bc96212bbb336e55ebd1d5b354f2356b6a623e9d9c428bffba8fb9ded1c331ab5142731963e561f79b651646fe46eeed6f54c0b5db056bfe1ec
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bf7ea3bb5f9301abca94b42727be56d9
SHA15bc53463d27d100307c86ca24918044888f775fa
SHA256ebc41642e5c78048a2ac44af53a6bd2cfa2f8155b1d98aeac077ffad78da8cc3
SHA5127755f574e33385562a09b81c07661ea1cb58cd09c7bc674c0f1487837ab933b3c2ae2635e309fb6d641c42d4af7aea877166cc16c45e954b55770bf94670e1e8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD538906017fb6bb600b619697303eb9132
SHA1f9a5b59cdaf3c5cb1b4bce425a3fcb2e3174e5b9
SHA256fd8b39d7a87bac2b88165ea6a709022770bb9ba02c2cd64cfe3111a8b09c7067
SHA512546e378da48ef303a35a4d641d23235961a3657c21ea2e768f7f52d72710e5db40d7599bb043c3aa01d0ba5bb92772430eb7ee09d3eff0d53e57990c5a77803e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54e3b9409fb5c1598d70acfb6663df43b
SHA19fecb9e8e75b412bac60108943474e0460e9db1a
SHA256b93cbf750f9420ff0ece2b9efba52f50adaf98ed743fd689d5af8c085b31ce10
SHA512e5811233338ff6833b4a5f9477ff0add88e73eaebe6283c2cce4db71d7618f9543d98fac9f4fadbed61a7c99fb4685812dfff6d4d96eed832607a7ace264e8e4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50953c0189079f53f72561f30f4a96f8c
SHA1cfdd04f38b9ede53c906f5ae5d8358f5a75c3cc7
SHA256500ab4efe3be24a78cd422cc03b6ffff2f980d0925b62ebf8246eb67c8520766
SHA512874be29b13283b2f426fed966f782f06187cd57d6ffacbf48a84b369c8fdd1d116157cef014fa771446611961e16a082668b22f6f2bdd78e65c1b2cbe8155723
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57a6383c3544651a4df6c462f721e2cc0
SHA1073a77d242feda73d8de6bdf2e36e2c8570927b4
SHA2568e05ab779871f5aa5080d36831202ddb208365d5dca1b0512a5775afff45aa80
SHA512529d0d8c5f88563e1976f011349dcabccfe46d91efca1f7cc627360ca8755ab383a7a6031317ed2478b820545c48cfa96ec092d08cce147205dedfa29a4862f9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD566e946b409200130819889f7983f8edb
SHA1d7660a08028a3ba058e833a0db66de24f5bcd8fd
SHA256b489921e03181aa0c70e7ddfed926c30c54b3c8016ed132de5d7f5afc2cd853c
SHA5123b015d15d1b35541f7b8b9b4930e339159280961352f7cedb9fc6d86f59619f15bf9cb218888aa340708fd56d7a9d6764262eed9f4cce2286848cb0bbd64670f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD547398dcb7922c38d8a5f8b826e2c29cf
SHA1c8bd40584e970da2b6fd5d019bdab7950c25b21c
SHA2560f3e2e699d99975e2c2e21ccdf9f1ed75ccaf4e3e3adebba852e077f2336c4e8
SHA5122054ffd4b92a13789d2428537a066f27ea144336add22c20c746fbc39718f688861ff3647536df01267b4422424ff7f2222274d3c72b5d11ae1ae71a337ba244
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD523fdb839a507ec772686714103bc1bab
SHA1ec058590d7f81f8698818867462271c27b243b01
SHA2563f594f02948467f72dc2269f569db055ca7cb3c693ff4c39ea862cf4c68a3197
SHA512b985d3269bd395901eb3495adbc451e108ef32db6989051f2bc5fb97b78434c83a207902580e2da0b8f332e99d74e376e2b58686f98481007b10f9495778a4a9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53ade838ab1f0111e2054e74d0229a530
SHA1cca2353d399cc3f0e0dc1fcb43b1b8eb19536fb5
SHA256b77ddeb7899a46ebfd039a170878feac7b6687d0693df6156127fb2e324df663
SHA51275e4daf0dac77cb2a75988f31a4f4a8b1bfcbd0e64d324ecc04b91e1915d69f2a179fad44922265c6dd9afc7b42327edb818c68ac1a37ae4a4de079f64cc7a81
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50cddc15250b411e1eba484d11e8908d8
SHA145aeea2641c81ede595ccac922e4828a3f93428f
SHA2562ccde73b6e323b1f166c7577aa1989619205209894a29838c3c148107e4b6c8a
SHA5125cae5e58b46966560dfbaaa0549cff01572a31b5c64abd51fc0ecf7cf2e22ab543f60320c938e3cfeeb9e3135b6303747309a226420e4b9feec51cd3a1fc1f8f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD531d09184ddc743e63102ff70645b6fcf
SHA16462a620265b89869f214ba5f0fa4ceb8fcb3ce1
SHA25615c867f3c521444a3901b80bb206ad580f9f7c51c383419217dab389709b6857
SHA5124d0fb60869e33f85b5a269ae248967f08155719200fe6396025280c8d8b5c288ad3b09610fb5bdd6d9c30fb1d3cd5c10c2c10a76dae3989b8686b68d300c07d7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b7f31fc8b9b24e1047ead63275d5b851
SHA1b4e06d8a96993dfe9a5337d1193d21ec0de71be5
SHA25664d7733f9a3bc795ebf70a06581d652c148424d44c98f3a63201d838e065ef2b
SHA512582aba93a53081b5272549c23d20ff52e7df7e38468f92b31544bf4d0a4e51b2c5425856880a52dffe9ea2a3811aa956bad1dfac28ec37fb9fb27f425234c130
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58fab4ec959536d1622058b35570f7473
SHA18ec1af8a1fe642e544aa3e25e88609776a38b9e4
SHA256d1d859e33eeb2450be0f69cd6a7383d4dfc22d9120d690ca98f000aeae547ed1
SHA51210380de8eb8599d4207ba5ae2a0a4c896866c08ddd5ec28868a7bd324833363b946e2fccf2a0b0cb0863845077524d177a683ee3c5077f9e1dc592e43b357b35
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD534bef99fb7d32fdc27aa0b91f850d594
SHA1a6749ad6f914ec193893e7d858aba039b5b82dd4
SHA256f641b8211a8358f0b1e06fa57cd39daa5e48ad9766560c5129a1bcf5543b7b35
SHA512a899ab24aae4b8310d38ef998b382f1034f745f641d24ffedfe2b78759cb47bd69ece56a184c7efc97c57e82ce1da44c4d5cd445f08619b8b5734ecb3d4bcb91
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59d4ed21219a00a4bc39c52cc850d6cfb
SHA1d54a309feef1f94928489e2038a162182f06e422
SHA2561b625c3be6368df1d9ea1fd1cd7fd51ee73b97881148c3968ffcee230d6f968e
SHA5127ec5f46cc7d3ecf8be166a60296bd7ae6c09d32e03308c2021f23989634c987d7cb0eb562ada7e7d55e7e905f1ebb8737fc57091271d07e1329c2ca8c98c4102
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b