Analysis
-
max time kernel
121s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
10-05-2024 00:13
Static task
static1
Behavioral task
behavioral1
Sample
2c62c0af5d15d4517151fc4e1ed9470b_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2c62c0af5d15d4517151fc4e1ed9470b_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
2c62c0af5d15d4517151fc4e1ed9470b_JaffaCakes118.html
-
Size
13KB
-
MD5
2c62c0af5d15d4517151fc4e1ed9470b
-
SHA1
a8000a644f621ffce5a87cce1cbdebcaf601e703
-
SHA256
a7c7ba200777ecd984283a4148db4666b9ff3209e8e3c0609f49a35334227335
-
SHA512
581ea6d3c66a075bb36b2d1e6fc384a5773bbdc3a27511cefe1b9dc1a352f6bb0451c9bab9841ea6388bc99177435e56e4b91e16e389c1a23aa5b6972c3e8c07
-
SSDEEP
384:Cyiv3Yh1U/1zOPQFAi7ny1whavMZg23AAQEEoYmGyxH:Cyiv3Yhe1SPQFAi7nI0avMZBfEoY9IH
Malware Config
Signatures
-
description ioc Process Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a230000000002000000000010660000000100002000000071aef49b90544460a8a1627af03dfc1eca68222693ee11cbfb43a4bd089b1456000000000e8000000002000020000000e77c68d6fcf664c89ed601a894b06fcaf96590718b99af478ba7443a0b810f1c2000000072c4abef23d80a89e816800420886ba96460a698e21fa4cf6c58a62fe9542ced40000000ef62cea9337c465d6eeefaed8f910a9f7ee04bc8e4c8d15e500754a06a996ecfe05faf82da6bf88ddc6246d906d89ecb79c271329d6a61447ec4798023db6d13 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a230000000002000000000010660000000100002000000074fc6009583ddc9058d89af1da2d5970d10f5aaef099e7d4b12f2fd0957a1b70000000000e80000000020000200000001ca3fffe35b9749487480422b3f6d8e7ecdecc001607c8e2a3b118055f9957009000000020e6f58c890479a3308868e4fdac8696ca249ddb8553cf742a6a86be40cdb351f22383125e34acbec1a0576cd165351bfe34551fa85631dcd67f204926b92038de47e1207c844541a36a9a3a3c0ba2575630352d0c6bc2534151a2549318a9de43515dd64c78c6c0be00829fdce808af7b4a1bdf5abe60c9899d958901db387b36242fa09784410367c8fb457a52020c400000006daab5ae012dfa8f5b7c44119221f23ca0d2b31359dcd20e63c5ef4bd1470309bb5dbfa297b22073f17917e83238022c4de68c0aef69ff1d27924585ed87bf46 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{11FE8EF1-0E62-11EF-A1BA-6AD47596CE83} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421461851" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80fb91e66ea2da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2916 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2916 iexplore.exe 2916 iexplore.exe 2716 IEXPLORE.EXE 2716 IEXPLORE.EXE 2716 IEXPLORE.EXE 2716 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2916 wrote to memory of 2716 2916 iexplore.exe 28 PID 2916 wrote to memory of 2716 2916 iexplore.exe 28 PID 2916 wrote to memory of 2716 2916 iexplore.exe 28 PID 2916 wrote to memory of 2716 2916 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2c62c0af5d15d4517151fc4e1ed9470b_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2916 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2916 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2716
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50e93f2820a0bd7306f40464c05b9462d
SHA195c3f5c9dc25636e549bd89a17b29bcb06d4a894
SHA256ee659ebfab4655fb993124582d3db93e8c7204a68888d7110ecd44081d599073
SHA5122bd23327af5d9542a2f9037c6da01fd8995bc25f09b774e900d292055ea6e41c7353b28e077080aceb5705b03c16d891d4696d21b4aeaaffe5221e5880f8740f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56ad181670a4ff258d2bcd2e95ffde269
SHA12338ba0f918223c8bf700bf729c77988096bd85d
SHA25626f12a346009b452d33b27c5976e24257e4a5166d8bb3c6bee895e066d6f160e
SHA5126c208ed6dc601514146aa550edc69acf0dd6f6412826689b701cb83c604070adb532e6a787bf95ff144e6eb55a265e1ab4e34975175705ce1252ff9a469576d3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ebb7d11b2200629082ad91af686de01f
SHA101e685449bb4f0091bb33b697d045bb073fbff8a
SHA256b64135fa8dba2e2b757ad6333124093173dc112364afe47c31f1cbf871f73864
SHA512f858afc08be77dee1bc12cb1fa096cb63f6717adf2abcacaae25a55716ac44438bd353d93c6b61960b9db46a9b477112f1abfc039d64ffa65e5b4ec31b754fb0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ec6aee84976aeea692607da473e7d1dc
SHA19d6f4217cfe0f720bd8c2ed7cc59bda39cbdc67d
SHA25696a8ee3f207192af42b1e30ba51214919e25cee37edd63f10b49c43b4e4a2f6d
SHA512340629406ffd78f1cbcc0b5720c5ab002e765aad04b3d4653c0626493dda93dfc190bd9c34296489e7ad1c2ec5e48e50fc78824727c8f386df9ca672188cc20c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5044fb3bfbbcd94a7f4918f4cff0e36bd
SHA15d3094e179bcbe7303c2c30dd216f1e2fa7e5b59
SHA25675cdfe0f9bc77f4d6a0711cb263e6d00c9024f797a70071d801c7d629bd6cc6b
SHA5127d73b29a6d7b802d8881694b279e75bfaeb8c4f5639e5bb53e8c2056796dc4c50f32ca1216780f4401581975a6bff2eaf8b09bef64f739e94a102d72e38869cd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f66fbb48bdd197b1f7598029097ba9d4
SHA13198b8e79d61fdb5d9ea9706808354c7cc1ce687
SHA2566944940bfa83e2d7e930b7b0687ac424c0736f16c26ee2d23bfd39c6e0e8b146
SHA5122a36be608c0266b096eae4812fcb5112416e5a3863a2e31d8eb6831b3a0fc40952c422bfc68bccbc29a044905867fad523a5d51d2cf008084dba9b4bc1082cab
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5326171a626a71b7029fd49b7d5eb5d83
SHA169d7fe3452fc97939f65db2a2fd20d74fb3ea95e
SHA256c9c35fe86e6ed309c839c718abfceefc3b5591309334714862d151cea5efca1b
SHA512fed28563da3bbad06139cf00ed82ad4123d988c677ca2b11a378c18c84b34306da26d5d87f7a73765e998ce47ebbef29af70e2a786e8f602a91b29a100f20932
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5cf0592aab22e90ac5a86f40ab8f545fc
SHA1dee7363a31968de6c3453d9802a641554ed3840c
SHA2568f9b733689181d816aeb77a47cde14d29bdf1f3de12fea3cf3482dae8e4e523b
SHA512064d3e40c6c3975eb2cf8723bb6e3b11ae083fa66c735d8284c48a8cae5ff7677a44e40093bca12498b8cac5ce0945b518484f6c0c70404fecf70dc1a1b06c38
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD525477d08779e1ba6bfba4170c599cc35
SHA16898b19095e9d17b35db13dc41205f11ee228377
SHA2569152ffcb7d3043c03f651f056112bd49f101cdc8d5326bcdc06578bf0914d866
SHA5125f003da6a7a96b1fa5559ac2481138506e7c7b30b30b87a860e4ba159adfa72ef42fb558dfdb54b05d2351b9c3d92dab13d45b77caae5f83180dfe4fd1f9d02a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ede7b8789f9bd47379e9502595299016
SHA1bd654319d260956d2a37dc2b373ce444de60e0ef
SHA25641b8db149355c5031a508a8492ce24d66bc9578a65c59f24c9dfcd2f3d075f63
SHA512fe900d8514f7218735bf8cdf8a45f2290c5753edbc9b2b03ee67809213ae60d48453d342ccb823521641bcddb195e85cff0f8406e56a80f7aee9402f0e023b1a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55ee112c9004dfd2f44d5873ad913c429
SHA1768c25939ac2625c27aa9df3f4a383181c293aad
SHA256319bf0099a0a989bab41d52b6824f0df341ec91b8138a78b11b84420b9717db1
SHA51257dbd824b80fe17e987f9f934d565496b051901a6276d86e1ec1bda34be68a0056fba2ee04757f63e0b12c14ce4160fa594e01c975427b538fbad3bd7925092d
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a