Analysis
-
max time kernel
118s -
max time network
132s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
10-05-2024 21:18
Static task
static1
Behavioral task
behavioral1
Sample
311655405157c4a4ae14d7aa338ed8e8_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
311655405157c4a4ae14d7aa338ed8e8_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
311655405157c4a4ae14d7aa338ed8e8_JaffaCakes118.html
-
Size
3KB
-
MD5
311655405157c4a4ae14d7aa338ed8e8
-
SHA1
171d6214310024b09fb6282e0b2c2797389e569d
-
SHA256
54117b3468c5e6b3f46463d67fd063271e3931bba2ebe13ae21ff57a95f34fe6
-
SHA512
bb0ceefdb7ce349cc338f4abc807a8136d0e8eb90780cd977c0876f934107fa82ea51e7652a1de8b78d9024a3b8bdcced6adc6133b799076a0ac7b83a1a7c57a
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 200acba21fa3da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a23000000000200000000001066000000010000200000002653ede09e26aa54a0858c17bf999193d067186d9ccbf8a6a9b2dfdacde2839b000000000e80000000020000200000008a9cfe50e201115a6dbda67df12c3b5d64d12c909f8089909c67dfcc0c2781f090000000c2183b3ae07ad30d0a2de93661cc98670ed919a2d1f8d404126a63244a51fac43b07aeacf35f315b89a74d4fff2f39cd5f498ed71f066eb945ea534fb33d87b5f3a72f74c1b43749a6602a1992e6088df034010dff697e62ac20aa84a32b727dece66ec613e684f631f35f7d3910c52aa0b0cdaf42c2ee59be8946b3587b7b028cde49bf1a44e06ea7b86f92cd3d9827400000007ad8c49230f633cd6c9d3006cafcd7f4045bfb770393db0ce11f1ac19ac21722947738ec4ae54692a3f91d79aa57055254a1f31e4dc741e809e1cb6e4e2372ed iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421537759" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000458e40c8985b403334970726ef31da1606698c96f2237ce405c0295207783555000000000e800000000200002000000054eca864fd192225c338264e3e7179d4b2ec6f81f13eb4310fcdc57fd9efb8a12000000002a50c19be8649f6245336c13dc6c60f1bcbd26f96d51d3b287296e9aec3051340000000855a4fd8cfb8b0885c0cd740c1e89e998ccad17a3d78ee9f0c14a287ae8e3227937a6d6d2bdfddb08b4a86e4907926ee8c6473800c5b6178e93828e3a915f3c3 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CE1DDBD1-0F12-11EF-A7E9-D684AC6A5058} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2220 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2220 iexplore.exe 2220 iexplore.exe 2824 IEXPLORE.EXE 2824 IEXPLORE.EXE 2824 IEXPLORE.EXE 2824 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2220 wrote to memory of 2824 2220 iexplore.exe 28 PID 2220 wrote to memory of 2824 2220 iexplore.exe 28 PID 2220 wrote to memory of 2824 2220 iexplore.exe 28 PID 2220 wrote to memory of 2824 2220 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\311655405157c4a4ae14d7aa338ed8e8_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2220 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2220 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2824
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59242d0e101736ba1def8b8896ecf6f15
SHA13af842033b9a08f4e7e7c0be8ea50445984bb66b
SHA256be762f5a2152fe542dba4293cbc9746d87daf3e96388eea866829241a47d7488
SHA51294123ddee6b5041feab6bc9615f01ec7add496fe135b828af24b790120678f7870fbf595000a5ac0aba7150a95ab358e9441601e164b5f3133ae5534f418ef66
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50984c360bf5f5ad0b3d162eafca92cf1
SHA1e8e436ee78eb8426ccee06e6cb73fd450e51393d
SHA256c0203a3f15fe5e4142dd18678740d4236fd1ab65cf5886c1dcc66935f764facd
SHA51208e050b160e7ca61642477b1ebee6219bc906456d0997e1138e4ad671f7488616e14871c3ab0582e969657c4a5b47ce50210a9dde6c19786af21cb8826411757
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59d99465501ff47c744e6941fa084a718
SHA1d2784558de6f03accb39674101d7cc1c80121fb7
SHA256b720ff4da1d27005e7816e55ad2fe96be66624e457e8bc9b52682f67b38d5647
SHA512040a2d5e867081559bab910eec29939004dfe4e2f59863ee759d863b477c621d869cd9f9b15cd17928d0e95c734bc5a4b6e7df8f1e3936e6aab8a547676330a5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a937a6d48b2692cf616da798a9056cb1
SHA10a354efeb555b95390036c37cab437c43f94580b
SHA256fce448d6fb3a0975afae114469e0688cdc8a5365d9950553da3065717ad438f7
SHA5123d4f05e59ed3efc2bf313829f37121c405f2cce984102458a6ced2f2d037037172e632b43b8a938f2d18957340c5628138b495025cef6109ce687a4df8553c7f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b4fe8390562bb33353900e3712913c9d
SHA1c9348b29fe26a87b035f821435790e4f3e71ea72
SHA25671726b3e540ac838ea690fbcd3ee21340cad108693bdc5cd20357d1b9527175e
SHA512e44d982464a7cfde0ff0b1063623d0d86c443f941fa4eb33690e99d39d5a2fd0efbbc07bd721d6ef320a453e7f945ba7421f12931547d6550ff34a0701772685
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5bc3b25cb49fab693a56d0000318a2612
SHA1e8cb71eab75f9b148b8c52799a1312b5e48f0fd5
SHA2564f7e7e749d78f7815722bc4fda50e06a99a6318d18b1af8f920e44baefdab22d
SHA512a5dca6d730231ab69dc868d91954c8810c3e44bb674e0482f438164954ea6cbd6afdd86b1368b2b92840fc07ab9ee08462283c2405bc3c96c38357d00f290652
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD590d6ad3d9986a84ba35c815842b1a632
SHA17c3ce6d890349ec606f228f78e676a1ce090098d
SHA25685e90b80c75c79fb97ccaed48109056b2b73decc6d5fdfe0931577bfaaac21b1
SHA512b6e248e74be183a786f11ee994c61e1d85dab9efd6363249a48cb6a57b7f12a5cca08f6de901c48a92de9db47d346c6ebb1040cf910ff3fb55ca79c133ec2820
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56883817c52b41a7cdf9bce12f7993327
SHA152af22d3a15c7aa0d35cbe4ec1487923ab8b381e
SHA256abbbf54de3d133d0cec8182b798150415c119a9dd6d491fd22cb3e8eb044684d
SHA512e43f516a2c30497c6c62da11b1d80f540c96b429f443b1c1c441d5ce502d80decb1e612ba7cb9e08efd1b7ca15450feb817f8c69099e031e8a36730b2c3a4a7b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55b0d5ae61c02aea8cf943fdce2725ad8
SHA192c32acd7504e4ac6610591bc2b8326d0662f167
SHA2565cfdf96a9928c616d0984dca4efa6395e4c49f085ea920b14659181d50756bb0
SHA5121fe3ff1cf179e0e847a86dd4bf70a91916438688120fa956765f646af66ef824a1373e89a4d3c7961c8ab3ac51e8808063e5594005c2a4e99d02d9092045dd8b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD582e8d61bf80171b63bb96f102a1b5c63
SHA19f0008093478f293a16e1087b469d77fcc0ab8d8
SHA2560aaea8b061fccabcdd51840ae63805dea97ef89e3939eec6ccac08215ff59618
SHA512e6164b8d2c9f0c573927dcba478501103e8eefcae39c7cd7a7ca358ef1672852c2e2b253f2ee97fd6756f63c8230113ca8d8004a5143dd64dc2031e9ba78d865
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5fdfa8fc79adec27747ab293ee86a92f9
SHA126be2dda14a78f48401b21567f6671483b8700fb
SHA256061a8987d65600f01ca974fcdca2c9c7b2c4cd38e92edd237d415714483fdff4
SHA512a1c18212b9c16a76721820a8e5a0770e0fa632188ebb33479c7f033000878a85a2ed9b16944b5ba3c0169061d48f9fa7fd23184a5b07552c2cf6cf9cb1ecfe55
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56de2b0aeed74ac00af9eb575f7ee1cfb
SHA1657ba0205a80ceb95085c0fca8716ac7a7f1281d
SHA2564ec37dfbe7618d2a9bb8193d520aeaf52d18256810f8007ce52af727325acfe4
SHA51292b04518db7ff621da4dc8667a8ae8477e1354ceada3a01a83fcede1b017482283039bf1762b88cb43e0d460cb911a9e626b7ff4fc5669bcc36160fde02118f7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52e74b0b7e4a32fa43ce933be055d9c2e
SHA1a85ffe021d67b6b7a51da641c18b6e7eea808c72
SHA256378ec4cf547afeae70571c480c374a57309c5db43c3f881d2b4e861ae5e9aa3a
SHA5126320448a8db40096472ba1de71fe5fb3c0a07d7b2ce36e7245ed69e48936ad1f2fdf551b9f2359e61859621b2b15d4540c62554f1a6634b2278a590dd4f38566
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52b5e77bb28da79b1f6d63b096bd016a6
SHA1c897b52becaf9f84e84fcb6a65ba20966f60fc4b
SHA256166f2599cdb01898ed430e4f6bfefa2a0f741dec3beb3e4c9871ef624df4c388
SHA512409c6357a3acb6cb814bf212416bfc8bd4867f01f8a330ca05962479229423fa1d6238491fb44e526737e990f0d020f40f3ee7307116c771af28b80b3fe54053
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5bc00130d231bfc45ae8fbb0a2a69c894
SHA1c9ba6088d32bb488670ec63df1e3f3125b6fa608
SHA25608603cbd9707336f8d2b45b8836defe5a0bdf03b2a43dfbe9151171f5178eb51
SHA512806755f9c73dd4ac1c5a96ed77b114d52b8d087bc9d36815a869a9fcaa97538b529a2ddd5990b98980725e2518b2ca4c5a561aa460b9da2e621325ee34f1e3e2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5441b2493f5611ce1a638a4a2790b111a
SHA1e4eaf85e2f33f6a471199cf8dcc005bbe93fd980
SHA256a9445645180d283f8b4cf340d8fb83b9c1bd8bbfbd6de21851746d371cc911b7
SHA51254554356837dc00d37cf6911f450f36e9f879f1d9c89b81933cef56ff9c2cc7f363c290c28986d200738de184154abbdafa5a8acb05a04320b3430d0595367ec
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD592a44f73c6d737745e8808883f2d11e5
SHA1d4e364fc7c84e12fc5d4d18c09c5d740093c3103
SHA2564c01dc9e68045a07be7ae81a742c9b4beaf8931e3723b9a89fb2565e1ea0ae85
SHA512682de4fe9b42abff4a7d42efb226637947fcc1e82ce0bfad951c83e08d86967480e60420408198e8bb3328d2335980d151cd67616630254c8013882f851c4355
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56be3b3317b2a0b33c8bdad644f1660cf
SHA1598b27ed49b9e707a4a4080c660bc7275e70a707
SHA256ec9be6264503ec237ed0adae563c2a9be3c2b925ba4f495883d95e1c0ac363b4
SHA5124e033b135b940470c78943eed479404ae571fdeedaec488fbfb9b800f4fe3022638d81b67092b489b8dc72b90ec0b6903d553988362ba401b2201fba78509718
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ca26f2c1fe8617a255720b728aa58a29
SHA1cfa2756596325a0cc62795a95ad514a33bdd2205
SHA256690a20bb135e03a212ae9836609463d0afed54eaa960221dd89dde8ccf4799af
SHA512f8f84cf50ec8d40ca5711e0e93566486685631d9fabc7fb8da2c350d430460d30a6a82b158cfea161622358a02e5586569f83776191d5e25e84396f4e1475a06
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a