Analysis
-
max time kernel
134s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
20-04-2024 17:41
Static task
static1
Behavioral task
behavioral1
Sample
fd467a7768092e36f36ba957289b23c6_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fd467a7768092e36f36ba957289b23c6_JaffaCakes118.html
Resource
win10v2004-20240226-en
General
-
Target
fd467a7768092e36f36ba957289b23c6_JaffaCakes118.html
-
Size
56KB
-
MD5
fd467a7768092e36f36ba957289b23c6
-
SHA1
25fb307f103e30f0a244a2233dbde3cd4156546a
-
SHA256
b26a2389521541e0635d22be5c544d92288cd5f558d90404aa7478960a989aa2
-
SHA512
806f5c5b091c9818f744e39a9b4809370b698df5c25d8a543027845f826d70fbd4960a7324be1279d53822ebcd63180dc9ae462aa6784fa315fde118ff6e76b0
-
SSDEEP
1536:WhALBbwcgRrFAMSLVd5/Y6eBz1aPP3q+z833NI+NCskdfWyfYSs3Aj5apVIl23lr:yrFAMSLVdZY6F+Npk5WyQSsSapVIl23l
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60686e194a93da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{35C12391-FF3D-11EE-8698-5E73522EB9B5} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b0000000002000000000010660000000100002000000032807bd51efaff2ea3f65c22dcfe6305d374d3228c4a8e8f233b1b6945f39931000000000e8000000002000020000000b7f137fafad2e52aac54023dcf4b6e61564edc71f1b83b8b86a2bd000dc7f4722000000037cb305d2e4ba103ac246cf83b944b9e970adee54b1f8bb6d619adda8804dffe400000000e06afda912dab10642a0cdd26b6fa124dba1596c40f795ae465b414f0aaa0ab02b9d30b1bbd39a8cbf6c8ef3b07bb2e705980861f5cfb8f0f49f54ebb7cd4a7 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b000000000200000000001066000000010000200000000ba650c0478dc834dbd64eafe7f7054786f6952608f6f78ce3be85cb59c237aa000000000e80000000020000200000006e14874bb4a53a8db834ce496e926df5f6a9d567155aba2c4a1b67e094eba8269000000059d1bc606a1bf76b5a30cf57eb1d1f78fa607264f38ef5307b5ac7e22ebae424b6cfe1058e1ab9ceee4fb162361648db3ea1eb68c114955bc7c379d7efba7e3d9a4902faf9b51cb85f5ed0f90956472d4ddc2aeff79ad9422fad8432819a7314ce8dd2eea769646e58bc4370586e8bfe6f593c639d74624d5f2ebb5f9b57c4cab3abbaa7c5e8e6e7c73be493d653f21740000000c7438640ed8b9e5ce7c1111a7309e37f6bfb37ea0d4fa9fdd2dc8c7e717d531af8315849cda7b649eb6721b2c02bb9c6337844b7668173061475cb7a6ff8e69b iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "419796760" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2804 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2804 iexplore.exe 2804 iexplore.exe 2816 IEXPLORE.EXE 2816 IEXPLORE.EXE 2816 IEXPLORE.EXE 2816 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2804 wrote to memory of 2816 2804 iexplore.exe 28 PID 2804 wrote to memory of 2816 2804 iexplore.exe 28 PID 2804 wrote to memory of 2816 2804 iexplore.exe 28 PID 2804 wrote to memory of 2816 2804 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fd467a7768092e36f36ba957289b23c6_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2804 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2804 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2816
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
717B
MD5822467b728b7a66b081c91795373789a
SHA1d8f2f02e1eef62485a9feffd59ce837511749865
SHA256af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9
SHA512bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD57cab92d5e96755dba98f7c610f81dcf0
SHA10125eb8825224f84596734cbddc38291f4639bd3
SHA256e526cfecd09d2a0577b49ee568d7356d4c4fb1f9003333cfc4c33773f52632e3
SHA5122ba7bc3aa3fb99735f1803127177f650b05dc6532b7fec755ff280d12ffd623a39f9449cae1ee438752166ad098f7169fcc94d81e23b8cd066a05df7d86b44a1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5cd0907d8151df35833b4669b67fa84cb
SHA1f6bcd229f4915cf15d4695192666a6ef94bbf988
SHA256bd1907fe7be9ccd41e40baf4c857407741fafe73025975ccc63f639699c1f760
SHA512c0bf6e7b697c6634010581fbe3cf4cf75217b9680ce7c593ab13fd7935085e21924747709d74c1cb362cc4e069d6c15b75fe140f5d76565aca83c3012c8683e3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD525e7521ff7ced05b8fdb2f1f7956475a
SHA1faeb8378ec75bad330f5ee2e9198c2008b9e3986
SHA25657ad36a50093285a2ea67497e8cfba47981973683d86a65791bd9bb8e04ff94b
SHA51241b81fcde954a241c3a35d16b5015c28356904aab72e7347edda3da29b663e24aaaf73d8aa58e789321729670fce594180233ec34a8e39dc95f214ade262a587
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53f504a36ef45dca9dbbdd31a9f3d4b90
SHA16c9674cede6ee197997be133fdddfe01d6cb5595
SHA2561ccfeab6a35102117e8de11e8a220d8120a8a3966e37c9a617cdbd7bf1c51775
SHA512a69be5fcdbe931fdeb8b2a5e99f7c1e202099a0d40c78b511cf1a78da1e0a5cbb94e60b462dde6169cc631f3b7fc65f5d277424d2598d6001fecff5c1cd4f4e5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD529e34e841cc22e7c29b571103d2580f3
SHA1042383e2b813cf7151def5b254ca409030a132ce
SHA2560c950bc202befe143300c5611007a2000af460c35a32ebd636b6423ecb32a8d0
SHA512cb922bebe4a7952005ed900b5e3cf74766c984e06b4db7ffe7d14df9190941ff6709b9113bc4dd9314f77a693db7cf8ff99e44396ab1f5b1422a517dc3f427ba
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5fcab3aee16f56b53943cc8938ad7b5fe
SHA101bb409b6241cf58c6e5182162fa775ab6c180cb
SHA25619b5dc21d239214fcb5bee5d93299569ca7e443a7c7f4f652007224d473feb2d
SHA51224e12b98625fe139ba09afbe57a8c51ede525c19f209f798e738dd9f434da305ba969ef665120dfd399dc50c218fec037ba45ccd1b644f6871dde3089dd4afed
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e0fbdd1e9fe45fa39f64af818b24a68c
SHA181ace17faa600d8bd1b995b2ec0b5c098ed00142
SHA2567317b04d8b6be5ed1ff8bd8d95723795d3224ade2006968e1f725c0234053454
SHA512dc3d9226f0510dd21c9fee5981f0619af006c4c98a253db82e6f79fe6efe8b127545cf7f2d0bbf11bbb96a4cc47fe69926902544494a44957ba4c377a9db708b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53bf9ad4461c88eb8fe774a09c4848d68
SHA1fd10b7f2548eb48f65bfc8a228eaa3353ab9319b
SHA25647e7bb5dc411f0f90f5a04b397155a604ea6fd9edf69762f3e882b2e931624ab
SHA512a4f744ce0a49f93d9d9f30da6a8cd0439dd3549755d10391ab3fd882aa1e6b276a51e3ff38ded2ce0a11defd22bc1e176b5d4f4e17c218097c217bba79691470
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51ee46dd525e9c043b4ee8d84277e5506
SHA1aa8be4b8a2a29d848ced286273d4a15c8ba9c88f
SHA256dece613773e977e825ed19ae221d7a6a323fdc06228011e36f3ca3a1859a28de
SHA512c5d32d3459341d8e5f5b822330f9907e6d53e685604243776e0505d1e0c7cb2f8c4837a2e9121466d5139906c32180852cc8bf1a74f39e1d9cbe01319a14abe9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52702474900f489f125fbb409074f9a75
SHA122028c6bb7cc891bd7e735d38c8703a169f1c556
SHA256a7b71993d6df0c9d94a9944470638d033635fafb1f3a152b3efff77045e14dea
SHA512a1461b97ea85c6f46e876ad8c3ed9c7de458bf1c5c0e4f72bdf2d0efe0b3d09dde8ca734bbda2ccf25a2b5b5a3a657be51da396e12a61efab3174367f243bdb2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55df03590d79768968406a06d1df67faf
SHA1e0e500dfda0a02788343e787940e2ed30188ad35
SHA2566a258585775f5ed6bcab3a82be98b968b1ced551b3d4ef0d536a46fc5caac6a4
SHA512aa400c1de58b692281f8356e9163c76f37d15b54701516176d4c015217ac71a2d441df84d0cde0d0af91552eca73ce5814179885729d2084222007b037083cbc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53744737c92946b08e94ff6ad1398dada
SHA1efcdc145110fa6adb267aad68703c7a7261ddbba
SHA2563a01e83ef72b89011310faa5ea03d6ca07eb868209ca869043c847dc93093f6d
SHA5125465a16070e257725bb0c2573a1ebc17400d5cdc4c5716a3f53be306c744bca22a642269296cc6a2caab098836301559a26f7487c05aab0d02aa7a27cf765dbc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD5a37370cd446e6715f8eabfbf6709cd07
SHA13abad56897916590fb9ea09daccc7a0ca03c4831
SHA256a0d5026f0613b6c503510e1b83391dd6e028ac6db221a4551099b2d6dbe04edb
SHA512bf417310a4192539ce1a8dbe09a185576e3057d70a545486480f72cacc4485e00f4b08a781b52c29439a9b6a0dc51a1ce6432dffb3ae356edccc9df0da4bad6d
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8A9A2DI\datetimepicker[1].htm
Filesize795B
MD55d8d79c3cb9af023240b1be6f5057aaa
SHA1df22980677b134e83d878893f7c7984e0d78a240
SHA256e8b101a7c7f64aad528cc734513cbeb02243c0af37930dc0f3239749cff184b6
SHA51266f432b622cee0bcc06cbc0f833de1471ea36c295b4cd93eb848d97e69c2252acd2fc8972db51ea35475a424f4d6cb5001325525fb04f71b8704eb24de1c4008
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06