Analysis
-
max time kernel
144s -
max time network
151s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
13-05-2024 09:26
Static task
static1
Behavioral task
behavioral1
Sample
3ecd7d3a15dffe9c48834ebfcf9cb5a6_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
3ecd7d3a15dffe9c48834ebfcf9cb5a6_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
3ecd7d3a15dffe9c48834ebfcf9cb5a6_JaffaCakes118.html
-
Size
21KB
-
MD5
3ecd7d3a15dffe9c48834ebfcf9cb5a6
-
SHA1
59147c932a58294e8ad038aab0fd35df42d5ea4b
-
SHA256
3b8b10ba8fa8e961e2fca67c1a452592e5cd97167b1b6385cdd85525813cb344
-
SHA512
32d9e22abc14f88b960f70ff1dc5ac7e84b91e7d29d30ba734cfaa9a66ebdce55586a51c8ba9c00fcbcffff629568e818c1ff54c46a03f820c3bc62ea6dc44db
-
SSDEEP
384:HFdUVqvBK0EuA/BMU+QNng3Dslq4TCLV2Qazi/SrkqBrD:cUvBK0E//CKNweCCfkqBrD
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F0EA0361-110A-11EF-9667-569FD5A164C1} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b00000000020000000000106600000001000020000000ee6e728e1bbfdaa37f41ca189b01348c07fe3800825dceb89b74dbd79379866c000000000e80000000020000200000001b2b8589bd1d0c5ee0119f61b29e6c3ebd90013337561f5680805175d2468c68200000000cb4b195ea21fa725d6e52926567b1018f1b578652975d85f3bda79b184d544440000000566b5473fad812740d25b86ed25b518b025421c807d8153e865634d80adbd463be53264376da7c62b9f66eef863257411d43d2e2136c40348ca7f4d3d1049bcc iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20b052df17a5da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421754285" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b00000000020000000000106600000001000020000000ba31ed464ffce33d4126ef0ded668be2b386fdb0da601b9cb3d668f5313dec90000000000e8000000002000020000000899d7b305c05d24cbf2509456293ecd93635a6e89fdb1016312253cb23549bef900000008b5aa9b6118ea779e303a43fcf4b2a416f2e5f28769c194c2d9f65441b1124e06a023028104e5a7a24705728ceb43ef4ec20f4d547c3f56e863b10adaec2c5755004d5e8da831bbed6f8f9b94b4488d331e57cdb6df7a8001abfde8aea7bbb3b73a0ac0244f45725d995f39e3a7f95e02e03dba93a0dfabdca5e039294a39b2b49cfa1fe4d098589b59344e8801fbbe3400000002d394c2f4fb9e2242c1714363f99789d59ac85f29dc39669a8addca9f72ac0fe04b2525e5f5f9230a2f57c78cfe05401be8826a9e9e029607f97e5e81d996347 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1624 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1624 iexplore.exe 1624 iexplore.exe 2932 IEXPLORE.EXE 2932 IEXPLORE.EXE 2932 IEXPLORE.EXE 2932 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1624 wrote to memory of 2932 1624 iexplore.exe 28 PID 1624 wrote to memory of 2932 1624 iexplore.exe 28 PID 1624 wrote to memory of 2932 1624 iexplore.exe 28 PID 1624 wrote to memory of 2932 1624 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3ecd7d3a15dffe9c48834ebfcf9cb5a6_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1624 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1624 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2932
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59e337ef941cadcfdd38b9af5c39f94fc
SHA1dd2824093b959d45a0fd7f955294acbf5b9bc1b4
SHA256936ed3144598e004ee28841c577b26fe2893f666841406ae9b71b0e4d05e987e
SHA512e0b1c27779ccb6fdb87591f53ad50d9e56b1fa525c4d5c85956642c5bd16b3f4f89fbddb2cc4b369615de1b1ac33114f7eeb6bcb2df108fec886e7a37b132b92
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56700b58727c3b2f4d85d60519c1c5ecf
SHA18ed1f5a02c5511d9886095d37231a076fa4781c3
SHA25633694bc2af05903c4a0c7b785a337b6339322b322a7820789bddc3e00aeb459a
SHA5127d2856bce923aabc733683f53f143a2a8a1cf557a926881ec2e0ec4ad2fd9dfce9ea024da970bec872894e0c71873c93a532c022889e57b8c6780c28e58db735
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54bf33e95e13ccf00ffad2e4c0ad28af0
SHA1e9754a817ed98dd6c070acceace5dac7b9fc3f42
SHA256cdf1feb3e4e1623ed2cb597e5a85bbaca0c95fe211c33a15da15b832bfeafe3c
SHA512cc9b8ec217068315054e1ad8c48a626e8888726f774451ba67ddb58c714cf326b1d0abbb320eb9cce8654889349018cfb2d8071e37421fbe4f9deeb646815c94
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50a3ca39fb9f6eb81fe746282e11cd99f
SHA171e96d51a2b625f73449599f8e3c795c21975f81
SHA25686700046948f756ec945f6fc110fd7b3222a087e879cf177c554cb4a94ff9423
SHA5121e06894fbf50eb7293ca3b4e2cd567a270bc8cb0004c7c4cef89ae3cd65c59e337ac20fa47710b410cfe0b415c89a0e2ae657f868f87d771535bb1612a9fd0ab
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a87ab94733f48a8802690ba3abe3b254
SHA141670e7835d175e3b68aee15fdd41c40460c8f54
SHA2566e099fde5cf21cb40019f35b3de430f44be06b6d77def2b60b570e3523c7f0d4
SHA512bd02ec80aa5dcc381951aacec3b5a0b15fe7a02beb08c8218baf27f8beb26632d66b7fc4c5f67cf62397f8ee0c098a83ea6a9a1baf6a34f8378a460b01347f1d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53f86946ec713a101180610c04ea9563c
SHA16fd111843e7fa6793951eda1dc7f7aae431c3dd1
SHA256f59e85bb10f8d3a5c94f64929e42fc758148bb4b3075b8a04e5148d509b984da
SHA5129105ec5dca56c72dbab0904e68e3aa03762182b073450f4e6538fb1678369130d7de18764be45d47522c43a70a686145a2dd207e71e4cab36b21d2bc4b201d1b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b91967db8ce65f6ba79315bfe4981539
SHA142c005767637e17ca5c227161ed6f89ef49f3e8e
SHA256de95cb1435e31fedb9dd4ac08919c6bd82ce3f36862bd38c5ecba1bc302ef92a
SHA512abe209f6f285a440175b1766d48aff85b692cad0cf6f7c1cf7f5bb990b264ffaf797a624b568ce946d1fb9d9c2e9589bb62051ae65084240b865fa66136b9b5f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5449e8fe8e2184bdd009da81caa00c098
SHA1227d3989542e4bfd7ba07d225fae04baee1a9d86
SHA2564904f9a0c1cfe6e3bf1cd1d49ff56d6268c03827ecee5b890edc161e018018a0
SHA512264cbb7ec033a78445a1e7b2f788e6e17bccc91ecba9f7bff7372b5895ac765165a4ab76f97c6b62cced88e40a269474c0cd6506702f5cc9c9ef011770128888
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b44a156e7604d958ff10e2d438ee29d9
SHA1bb972589d915041154e2cf549933c6b0fc2ac1d2
SHA2563714eaf4b8e7b72f15c1cb257b800378b647f57fb20b2e35df91509d32dec899
SHA5129031ff6a136ea44c4ecd802efd3e13458943865162bb5c7720eae63e534a09ce14517cf83b25897da52493b15bbb75071cbc83032ea910f5b52cf635a33b9cad
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54c98a427489514c1b95a325e3a297246
SHA19e944350ecd896fc029175cd7af46067ea100060
SHA25608ca2d23183c4e988db0227ade788aac32291a291c12ea4feb9974aa744964f7
SHA512eeeac6b507ef1291338263aadc4196c0c266212de23e9c646af0ac8c0cd27ddeb4c199e32349e8a3f51cd4f662bf19b5a1b3463b3fddfe08b1465033ce42216b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5cc845ef6f19e8f93c6993346943b4870
SHA1d2caeba2dfeb8f1b9b75a50f300c09b33d3f9803
SHA256b54af28242b32f90e80448826567427ed936bc05c576afe0a034a09d6a31ed45
SHA5120246ad85413b775018c731c11e1d4aba3f4de28aecff62dc2802070254bc2a09c8aaf1ceb0c5f04acc462a54974b69e5a5c1c94e57b526fb11debf7952b1d691
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5fc52d9683c6899508c017229192e56aa
SHA121fdf3883c5286b96de96bc24001bf052b9bcea3
SHA256e36b52d42da9ddb84f67d2a5c9189eb77385aa955509ca84f370d213a676fb8b
SHA51200f8e1db32073f526fb2c1ea6b296bf11fcfc7c4ec14f080990b86907e17f044bfc9b408495a0626b67e51358cc9ba6d25fdeb89879fabc2d221c336c02d6cc9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD534522ac26caf53af48b4999b8369d93a
SHA1cd85f049a48a35dc1f2966855f066c2d00d4ee89
SHA25624ec3c4dffa189f55d382e999618e375bc03919cc7dcfd4c6909942e3133511f
SHA512abd79070ec87c0c85422e9e74be5bfff80e837a3ec9c4cf043febac40a7d2dc4fbe1180586c4ffe514ff153c7e78474b5f3c9eaac264308802bba1876b51617c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5590767dafb1244a7f2e6faaaef349bb5
SHA1ef9b9a8c0dce681e45f3ba3ae379ce3002dae448
SHA2563ffdaa0fd6ee4ae4243ffff33cfb10fbfd414b364d3b6baa1663afd435184a32
SHA512449b4822e74c22f18d95c8e90715b05b15d6ff8bb071d906f6e942f9a7c78db293c0f5b149b5d83b9c65b69c079ab055044f9bbdf03cd52e622954af8561d539
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53fe91fef41985c185d3b4c62f956f2e5
SHA198d1ffa85ca7f1ec9dd71d554208426784217822
SHA256d521297ba6578d87f3a35b5ee01c15139c5d151745383717ea10a94afb54a5b2
SHA512094e6034ba9d27c43e0482ce03f3c64452a07a17bd8320ce961fbb26d089190d6c546b33ca76d5d0ef3555b4c7826a513a35180b954c7aadf2a63e80cb2b5313
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f75cd29946f2764ac6c137003c86505c
SHA126b46f0a5bebff2c529bce6f4566b520450980ce
SHA25679bbf5b54bc5e1cfdd36fd77a8009ba4f0e755d468902793f1c271b105deff1f
SHA51222d2cecdcda179a51897f78fb48ee3f85fbfc3ed0aa421368409e8d85314e8e53024ca254293692e64027f1915545377a383b52a96db558e8cc5cd333a0956b0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5dc8e0326dec80cf0ebd04932cdd8a16b
SHA1e04cabd0f29b085c0cb1366705a606a082d88f08
SHA256626649f2236948e6014867429a3a4b5332f7b8ec1a0539b3f2d0196063cfb64c
SHA512ca14883804f17a5c07ef3cc483013fab8868bd657e8723a4a7243c641408c73a15f17c0967a073b2b3200793bebf7e0b52e230506447891930073f569a829325
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD594705d6ae71fe7e4c31c0e9892a3bb0c
SHA1d2d71213df364c5562389dabcd4838b8b021a32d
SHA25670feaf158d9efbf16651407a63e10bd6e53dbdf8cdfdcb21812f4b03f8bd8e66
SHA512b6b555aa03b67dc9f1bd23cd2203866668ec541711b7bc4153fd0e64f3deb990ca294ebd5a4dd07369a1da45cc3887342c78bd96671d2bd4f5192f407989a441
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a