Analysis
-
max time kernel
146s -
max time network
151s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
01-05-2024 19:35
Static task
static1
Behavioral task
behavioral1
Sample
0ca9803a8e28928f09833ad6ecbe833b_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0ca9803a8e28928f09833ad6ecbe833b_JaffaCakes118.html
Resource
win10v2004-20240419-en
General
-
Target
0ca9803a8e28928f09833ad6ecbe833b_JaffaCakes118.html
-
Size
13KB
-
MD5
0ca9803a8e28928f09833ad6ecbe833b
-
SHA1
00e6c89181c77d2e3249166747cdf956c418d63e
-
SHA256
482cc6bc24ee7548effa68982b83a1cfa4c7db5310d3ba24ab6da35fbfb33706
-
SHA512
24a41bf6e53abcfc86d67761c7805f726b3d0cd24a5017aaf24057e4a7d71a420670f7783b8b5ff4f35c4ea05dc17337f21756d1a2a3c3620893d1262f8992b8
-
SSDEEP
192:CyiZ/jVC1u96zudrTmvknwQFCVCf7f2uvK4Mj22GzYKxm28Vc5VLjFSF:CyiZbVWdkaTQFAi7uuvK4Mj2fYHxwj4F
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b000000000200000000001066000000010000200000008ec7b4913b2ebba2d2d9aeb0d41c480c9330c400f66aa00636acce35c3dd2035000000000e800000000200002000000067d89422d6a8453d52cd37df2ef7b401719b9344737c47d1cf629f5f9e152b87200000006a711329e3d716c0dc926bbbcea3e7fb6fd6b02a7ca17ebba1715fde8c54213e40000000ed477547b53947dd39404e722eafd5247bc03abf814b9ced5d6509d5b6b2356b10be7163b1b4c31370031c0a699473f392a2f1afcaf6cc286a461f45b2bc5c76 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420753978" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EA82B4D1-07F1-11EF-BF06-56D57A935C49} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40e50cc0fe9bda01 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b00000000020000000000106600000001000020000000bc53e407ecfabae99df838612dd60412d5e9ef98bd569bca78202b56ac5fa21b000000000e80000000020000200000009ae84a166b0b27b9fb8a1c592c97567179f58b9059fce0c8537f89456aa1459b9000000093fe68b136ae6b9fac7889a713973ada15e89df16628f5dbedceeb5afe12989a66734d85ce8def43ec18e2c3028927d98e9cba9f69dcdd32d630dfbce0c509435d431f07c2735640eacb6c8fe2b6ff8017185e0959adcc10df2e9f916897ba5d3a5ed816e36497bfab22a351a83e0283fba7cba3e2591ac98f88db53fae38e4857e5937b24189ca75a989005492acbe440000000da3001aac1d516fb3ee107984491850608fd3b18d002f512b407bcbc73ad32cf9a70f03501d00f60e85c0a9f2fc98979d4f9cd29093034fe5ef707d38cb9cd51 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2032 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2032 iexplore.exe 2032 iexplore.exe 1904 IEXPLORE.EXE 1904 IEXPLORE.EXE 1904 IEXPLORE.EXE 1904 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2032 wrote to memory of 1904 2032 iexplore.exe 28 PID 2032 wrote to memory of 1904 2032 iexplore.exe 28 PID 2032 wrote to memory of 1904 2032 iexplore.exe 28 PID 2032 wrote to memory of 1904 2032 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0ca9803a8e28928f09833ad6ecbe833b_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2032 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2032 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1904
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57192a9657ff6c32977b34f3af9af95b2
SHA1861cf155bf0c462a346aaaddd0146ee584d2d387
SHA2564ed292bf8e2b3d20db50186d269e7e85b4ca138772f21b9242b379291fef298a
SHA512f9b05c0844232235516026f5a886efe2fa1a77c6e8db28ca60ec008b642dc0c2fd055adbe9b56db652f9077cfb04faecaabbcfc3107e0d552ac108cc6068a29d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50f852c681f3ce19de367725c214439e0
SHA11c742d12213d7291b48a58ff44cb737f99628cdd
SHA256ef432ffc528346bd58428c7ed093eae148f7b04b61ca0a7ffd2ac9a6c6014713
SHA512bde79d2b76a6cc986a24dcda74323ecb82668d3b5e63bfebff94933e98e185baea84ffeb893eb38e46cdf7d89b742e99280b13e56bbacf3d26fd4565c1793df0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58e52c69226135a12764b7213f675d07e
SHA18dbd7b06599bdf47856dcc7522b1d49d47072234
SHA25602bb846bf9883eab31975b93e447010466d8a2c10340786083e0aea03439a095
SHA512b68a360b53cb46e1f11ee4b79334533dc106a5b5195a5c54846af5aec241343e7d0b4064e7e705c049ff9e8700c97dd887fd0ba3b34f321c04fb055667c3fb60
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b6b2a5d99a5d0d2cf1683944d0646dc1
SHA1180a7e76c5f5945b184c7e7edff4ac8c2a97fd85
SHA2565ff689799e13f98e18aac67f6a31dd75adcc91caa2ac9ee6a3f6b5783539e1ec
SHA5126cb4cb1cdd856e450a0e365e87ce42296a9696d219373f4075ce05c31d6f1fd08a6e65356580820a8b210f89e515c6ca1d1fc575895d83613d62935ae257e178
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56d7fa6802a9c3844ee527cd691f8067c
SHA1286e765b6a6612c08df193dbb6723b02948e54e3
SHA256cdac03a010ded7c378ea72b293fc004347c25fda47bafe36a1b5ec2326645ae1
SHA5124a1abbb8666fd6c80001a6467cf3762f143e9009d5bf31c69f09d11d3925d97ba3d123f5f38a0a5344e528664355c02583ecd197f5521c8af4b1e62befc16665
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57571c27d5a9bb93d7620a4b4e8cd1abe
SHA18f385664d6a7c6741b90be27ff1aa6a0ce6d788d
SHA256586c7329f2395fb44e5774e2978c074b0a19616a4ee51a48ad27c39bfdebdd96
SHA5126c99ffbf0270f49fc4d58ee367fcb70a306e951050bd37109e08ac24e5669847f3073dc45d529b2b43d1d5a5c64c4af22bfcfe5dcefbfe257cb20c961ff5963f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59022634018b1803ab85b1b1e044d5857
SHA1e84b3770f3f0e248e874b7a3bfa8dbcf2c815be7
SHA256e1265ac30affb831c32681619a8cda3770337845158562d5f2418b72df8dd0d6
SHA512048ce7d3a1c231626a2f1f0da48cf2cc2a685d56b48b6d4e3f528620e689c9916f302d6a5dd42018a9522167eea13e51fe958d441924b96f7fe34df3765c0a25
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c239dc720461d554a99097bbf9b4f1ef
SHA1b31b3556e56b89538acba3b546cd1d9d62945ef8
SHA2568ed2fb605690d81b3e54ec0dcc217c2b1cba77d97848b3de8628dd45d70b12d7
SHA512cd5464afab7a6c022ede734883e8957cbd265464e0f432ad30995884193e902223a2786d585f60ac3a02d3c08cda092b3201cdaf938c653833fd5e540f8dcfe2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b80eb5f421a84ff9aec19a3ac0756cce
SHA10c3698a394e675659b239707d215cfb9cfa19c15
SHA256534e032d0d8b3d62df4472d86fee4522b866b00ef5fe04f30dea4052498ec1bd
SHA5124b3b0b99a8f7227567d8963029c4ded17ef037395cd3a51807fa94e3ce284b57bee5f551f31af6fcb42e184e916f7a6e3a9d173c7a7d172cbf34e93c3d9cde01
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD570b47cc1adcbb7fb34ed05307fe537fc
SHA15dddad956ac10827182af91dfd134dd9c3e06ba5
SHA256cc70c35d08a96f97eeec4e0558cc997ada6c68daecdea942a37410c3c5f0c9ef
SHA512994798b01e6feb9543f3a341ab574c078444f4f397d6d556354c2f444fd9ed75f762743c676b3aee245bf222db4a69b1f51f8ee80f2a47c6dd98adc8c6396865
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a5acdc022d1118a40c5069f9b1719feb
SHA1dd10b08656c19c2caa2defcfb1d2decfb6e9e77f
SHA25607fdd518bdafe151cfc042b2c04c55463737767d9d3737eea4042723608e8c9b
SHA5123c00a41df229c5372748c168c66d16a442607c27939dd8444bf08712c2e5e2868e84c6c118e69cd89a6c9c27d91cbf149ecd5f6bbbe3b8a12ed98bedde837e70
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51c0ff70ce284e6fe152d5894e27b0225
SHA1e53d491e48b07c1ad8b092442b4f04cf9c800861
SHA2568c67806371d59c272d55ae28db45c7c9fb44340aec0de87b925e569477e9d391
SHA5120b39a23fcada4cdef8eec1c37c054df49070a47591b09952a7b6421e4fd3aeb080873ecea518368dbe2463bf3461ce92414cd15d2cd806c49b2b7ccb23732854
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50e4546b89e5940e42d06c098721081cc
SHA16596da17f25efd41eb30c8999290d00366d7e5cc
SHA256bace56d57f5801a4b2c191bb881f1eecc8a151cefd6ef7eb1864fce9702538de
SHA5123bf86c7f69a1c7b9b88021039816a85122815a1f9719f3eb60ebfe55e13b8306ebb875b4139d2252407d03b46fc23c681e965dc6169ce2a6525bd90a2635f9f7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5be67f116eac37607cf30ec677f437b8c
SHA1a870ffbddc4f88917c604e7914c56ea009d729cb
SHA2561eb5ae1b33682518e3b203808de2354d7df324b398e5f5448c6dee994d2f1f3c
SHA5125183e6cfd4683e3a2443a84d663865e9a01d7bc9797d4df24db33d07a866b86256960c1e4383b3acc41ad4050977cd3c4a446796e6609340034df8c9b01d6439
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59242304a47144741926b1c5ec4de3252
SHA1f3c1922bc430c6417b1f9d1886aadac8f8bd5e59
SHA256ffc04fdc4ebe8574625e27cab3ae452b0214a36ace93cdddbfac262cc4327115
SHA512d7e2270309694a06d4491e6159e7061d253802f8e1cc83baf711af22a5d59c316b206378a71106a1c620859c4302f14951584744d36c5ac4358e5f4724aca8cb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51126eb6086c37312a05f8bbbceefe8c8
SHA1de720d094387994aa4e3fcb290429c242b45c8e1
SHA2565798d2dbebd539018872d0969f673da95f08653d7e178964529edd179a2a4531
SHA512c1f0a5c3677838690642acea3422dcd15450fa5d97148dd4df8203f91f3cfb8e51444a66c0a0b21c7501cdf5b43cc8134bfe045d2f1a4f3c776b3d5e6b282783
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD521ef1fea6483c81717a38e1f7ef69d2b
SHA1192c72ff5974f16c95976d7c3423a037fcb7f566
SHA25638bf30cb650ef985ab977a0fc94e70bfd516568600645a14a959e9c4f6ab244e
SHA512d311ae8b08416386d1283891330a81107701bfb76b536237184bb29560684bc75b75ced95cf6f3032c2068ae087971d3c9a57ce4d924deabf266ff1a6c29af9a
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a