Analysis
-
max time kernel
120s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
10-05-2024 14:05
Static task
static1
Behavioral task
behavioral1
Sample
2f7b8557452431766ef6319958d4b08c_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2f7b8557452431766ef6319958d4b08c_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
2f7b8557452431766ef6319958d4b08c_JaffaCakes118.html
-
Size
13KB
-
MD5
2f7b8557452431766ef6319958d4b08c
-
SHA1
1f14e29f93dc77c82bdc732bc7b831ae33b12699
-
SHA256
08b7a04b7666819769cf15e32182000488c2d68ded46b04fa30e3961e26dfc21
-
SHA512
6a2b7dd9f1c0fb7e7f891c2b2dab8f210ce85260deefa6aee66d2ef296ba4bef33c281be171be31b5bb30f6d5e7fde3b4a7d6195f0c3c8bd47a9e6bcb8a510ae
-
SSDEEP
192:UdJFKaRa2av0W4swDtSnNhLaOwu6bWwPO6NXiIgxiAkHxiAKll:UdJFKalpD0nNQbWIO6NSIgsAkHsAEl
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000ce05fcbd103e033e8dd03e2676775f332c1ec27ffdad81c2cb6fde2b956da4e5000000000e800000000200002000000092126a97c773a9996323ac67327cbc450e38f5b9888f643676663d3db87951c7900000000c0f09697f9cf372169544e883159de27542dc45136186bc8d4a8e7b8a12f2f2531ec02c7c8e27ca6f2035e11481c1e0a5ce272190ab7de820106b93e9ad6d6b25d6009c8dda8c6b979e2c0be727cb2dc6a0acaa1d352b90bc7f8b80fe6283451206489e96c4b34e198a854fcec3bba351547bec61409e15eec881f2519ecde6c25b1a946b1ad0ac8bb99eafd967c8bb40000000c508db305d62fb53176a4815fbbea4582672f0c368744aff548a1f1534e6e22f0e8aca44ecbac472ce46b1782d5b346f36e82307b5e3b428de170720460852fd iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5DE95651-0ED6-11EF-8FA5-CE57F181EBEB} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421511800" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000cf5d784dd01037fc7919f68518860ff0fe08f9bdb1acf714ddff82ae0609034a000000000e80000000020000200000004550ca558fc33d155ca1c8c2d0e4dcdfd912e4a2f958957fe4bda1d8c15650ec20000000c28b467ac0b946c595252fbe94daf89bb122fd3e0b247b9804aee5241320010240000000e14322b96cc0cb9fad5c1459edf90f3bf20fcccc2e67fbe6f1b56140b217191d42585fc473660c8d86cb15fa7542a77f24a8f5e30ddafcffc3c6e87ac57011cd iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d048c74ee3a2da01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1676 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1676 iexplore.exe 1676 iexplore.exe 2940 IEXPLORE.EXE 2940 IEXPLORE.EXE 2940 IEXPLORE.EXE 2940 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1676 wrote to memory of 2940 1676 iexplore.exe 28 PID 1676 wrote to memory of 2940 1676 iexplore.exe 28 PID 1676 wrote to memory of 2940 1676 iexplore.exe 28 PID 1676 wrote to memory of 2940 1676 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2f7b8557452431766ef6319958d4b08c_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1676 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1676 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2940
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5531c922f9aed2212464b0282833e8991
SHA1dc5af0bc86225a3e2e51b4ccc609f6e518bd49c9
SHA256813e10207755994e44928c306623a23845ff36f87ac58e0e172fc42bbe1f385c
SHA512643373f97a8e1d1c2444987f587bedbc9fb1d2ca248b270b830b4b09aff94232ccbff0c95a6ee78528bb6541bdd83693d830f3f379b870cc9fd10273540a4e2c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d9dcf8e19f498456ade84030daefaf5f
SHA17c2bbf57e3b309677c8cbbaf83f3edac2cb4101d
SHA2565d759c8df80cf05f228811e0239d223deac38612463b65e3f0bbaf3da2b8d3ca
SHA512d28daaf6d1e44a5a020983d95e209eb4a5c852d613169023709f6430a8205540b8760114c7e5d0bf7984744df210d510c3bbc00d5126454bf1117f28c067ee65
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD555c23616a5393bb09611c9faa3d8d1f8
SHA147d7a67c7911efd89856c63560c971d3f9b89327
SHA2562c0277f8317531096e59d8771f3ab1edf5cc3688e608f9fbd0c9912919efa349
SHA51225c89b7c79799efb9c6412d6607c272ea491b748de2a9b5590d4e7d2d2f7a7b7f4f5e2900dd668f1017aedd5c3db7a27a6a3838ebad7798c509be5bfdb1b061c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5034c736cf8716d6b6df395057dc33b3f
SHA101f212c08ed477c11a38056733eabbd606dc886e
SHA256765f898a7a18528f27eebc157bc58cf0dd3a03816004056698cabfa0cbddb981
SHA512bc368ba18c4852b00c0a3cd1116fdc2b4d5e62ce510da3fe27bee954d1ec87c154bc48348670f9d11cf811146c80bebda331f08ca31b80606a88b37b38dc0db8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD566f90fa3e70fa9227697bbd2eacdfba3
SHA1d7a94d8e720779d7c72ab1b503077813d9635e30
SHA256cff0400c91e6c652d3d8ddac16ae78fab9b0a1f0502d5727f381a1df0ee2c65b
SHA512ceb3a29533114d730f3dfa18e192af1650d2aaddcce4a38340702a78a1b8246917b1ea1c101cc402dfafc924ff981070f8367c07b19175f19a92075a6bee4288
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57e2f24c252b13b18ddb41659a644fa41
SHA1d5821887cd0802fad7bb645ec9f42b2ffe667217
SHA2568f5d43b93d7e32fbe746f1db45a8632c8a594aa31b648843dffa0e09b22ef9c1
SHA51281f9cbe29b53da4fef775b02ede339ddf86bbc860451b8015a3eee2452cc6bf5da25c95fab8f48048e25e780d22ab38c7ce6b612a6fc13205d5771edec567c9b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a8f67bd7e52fcb150ee5929c0246c87f
SHA125e61c5af95e130beb01b6489bc464d28034177f
SHA256908a5f90ccf9274d0f6883523d25663c41b1139dbdef0de89f3c82694bc0cf86
SHA512d7b5226dfeb04aa71b4390a65bc20200fb9e7810b4867769777955c9c691d6b578631899fc6f51ab5775b42bd234b0c6265b1a876f2526ab98cd0000203238ea
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52ce39c65a58e111a231a98a5d6f79944
SHA1ed993647a3fdbb8e20fcd2dbf6ca34ca78aea732
SHA25657c24c787154509a34201a0ce1d33f21eb359e862f44febc5a6800fd264c5be1
SHA5123bae4f291449ef57f00cf796aaed7f24375002d55d5723719cfb483056cfd9a99b138c35263d98a6dd18ffdfedff867a78e76a124d2b2c6177be996c360d3655
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b7762f1ce89864c35cbe537fb73d7b1f
SHA178caf5513ab92371c649d6bb3db35bd17ab20469
SHA256af440d41bec2627abbf6685c0b4e996d6d646ba94215852f8859e7f776f0747e
SHA512b75ef8f5fd87b40831e6ce11d08e52ffad2abe959526083544597d04aa8e63d6f8484737e64e26bf3ddb512ef5668cdf5302de149f2be78732b01b0d01d6f622
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5441c1356bbabb801d176667103a757d6
SHA17d23fd570ea9ff77779354725a9dce1e8f033fbe
SHA2566333480f7183f0dcfd6ed9a0916dfa0cee4f22507782bf23932e2f984b57497a
SHA512bda1e2f6068ac3693bff3f5b4d94c4d73ee535108709f6def3e02e209791f750a81d654ceeca382af80362745d4c26ba236db40b5c82707370a965ac0742b9f5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD550769376dc953fbc5823b046d567f8ef
SHA1dd7801805e224dc7c0d9945b24cdc1980673b4db
SHA25685840c2e142ecd9cad9f94ecb1620df398c62d820c0f3fe8e265f2b75df5ef9f
SHA512fe735d5ac8a24f5ef25cc2d2f98db5cfbe7770aa97384449210afb7b01b5434ad0ea35b61beeacba973ec2dbede947922604d65ba891667ca6688207978a5d5d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5aab32d1ba2ab2d7c2eea60d966ee3aeb
SHA1ac8de214d402c5551c5b58c9124abca71d01d550
SHA256ee384bdf015fb53f6f56b243d065eb3716ffaceb44e452113b05535c71cadb96
SHA512a7d77bd0dad85a151a9acaec3b8986175568757d6b0488506cd1c4c159bae32bf530cf73aed5b6a29055c978c36670a515cfa97dbf27b5f717ba551db5bcdbfd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e6bab380dcdd65071b6f776e9ac49e5c
SHA18a422e926364a8618c1c7bda4eb873fc624d2a48
SHA256a1a52ca2ace87bea8c1a595d67dc00d7f514590de9376de215e1f5649915785c
SHA512a33ff1609b5de3688f3421b6fe3989b37180d9a58124631bcc7823cc173c904b41bc13b94a7e15e45104788a831e020afa6c18548cfac61836b365ca7b425741
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f33381613e2b2d79bef8ebbcb09e61b7
SHA13c6c0457beb29717eaa578ece272f03053098098
SHA256169127a709b3f076c9de1b0985ba2a0046827fc2536f3acd89b7a36f3d82c897
SHA51246fbf7de14929154f825e1ac331f1fd6934021fdb965b6815b25ddd408166a542ce48d491d52470e5d42740fe6ad5c2a1311f94ea7f1b6ed1c5c351759650856
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c2b9e378535f8a0ce7494e5b465e060e
SHA1f5551b4100bf7715c0f3f1653d0cb0034ff5cad5
SHA256eb53fcd3130006b36d830520caacefb1e24ca6bcd6ef806ffb2a21d021b63923
SHA512eab813a1eed5a7f7daad338a6481006390ea2b77a22f6e9fb2473f79c78c4f9e7af5d23d66fcf5403553f3f5fba1ecab22e116e64377ceafc10c7e4eb7a6db93
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD598b6aa27408b9977b1621fe0f4510f43
SHA17e51bf2f3973fb3a1da56adaebef334d6594927d
SHA256d15c9e245515938a5ac3c83713e7df0405ccb136239d1e5b3668683f59be60a7
SHA51269a2c4056f5224f7f94fb172a77824ca20e78704391587f0714d237828d25940992ede86f663cc6ead8d1ce9329f3c554fd45092a2f2a24f8bd4c7a5aa058dd9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5717ecac9310f4a1a98fb725f1388e047
SHA17f1bfc47cb4147fe6dafbf58a5a087337fdaf377
SHA256dc7e96446a847a7fc4a98f2b3e692b7226e0d4b2071c0faad8a236979d513ce1
SHA51261134f1c546771ce8354760b2ad2d0efe7ac6eb6cfecd8631ef402a1819b95a27470aac9e2da5bd9ad2d3b5e61ad1ae559ebf109b66c4bd18753a555eeaa9609
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57c21a001087d304752facdcedd23bd24
SHA1a20572948249848c49dd793dd2631bc49d350748
SHA2562b88a51f824c158795f9c65b148321957853c1442ea1cf7baa10c7be6bf7a035
SHA51211d4e682046101d49351a5254f91c45d0ff718506b670ff3a74c68be22687696676480ad7603eff9b81423ca66f992feb640b256b97d7ad8a221c0731caf1da9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5907e58071b0993155d6ab06975f68a5d
SHA1e0e7d8e9c0619afeb613a3c02636693291a3c6a7
SHA25633fc02064342a9a245b81ea9e25433202e9d524f3a38bc50993eb6480801ae65
SHA512234dc108b41979e3ba7d6f60432d88b5572833fdda24d0573e858f70fa467aac7ecdee23c14d75f3909667fe15b1cfe3dc0618ca4452721a45d95500402ab5b0
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a