Analysis
-
max time kernel
117s -
max time network
132s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
13-05-2024 15:59
Static task
static1
Behavioral task
behavioral1
Sample
4045bc65ce10be86fe60ecfc330850cb_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
4045bc65ce10be86fe60ecfc330850cb_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
4045bc65ce10be86fe60ecfc330850cb_JaffaCakes118.html
-
Size
460KB
-
MD5
4045bc65ce10be86fe60ecfc330850cb
-
SHA1
c160480b49cb8173829a7dbcb7a3e3ebb10f2c8c
-
SHA256
289050a778b807c49db0f20eb3bbf34b27bd2492e6fbf6001a8c3a54765a33d6
-
SHA512
33d059e5b85ed8617bb010dd4d63ed943069c63710972417620d346a380d6c68e9b76467815d4dd220e58963ec27aaf8db1d17bca1ce89c5377268c7b2ddcf55
-
SSDEEP
6144:SYsMYod+X3oI+YbsMYod+X3oI+YTsMYod+X3oI+YLsMYod+X3oI+YQ:55d+X3B5d+X3d5d+X315d+X3+
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000007a505df846fbf2458eceb2af50766f0f415d890b1972c584b63767ca0ee5865f000000000e800000000200002000000084b4336229344cda59b7d39286e7fa8dc3234ab6b16dd3cb1613eccc3e96c303900000009e300d1918379ed44541bb158fb2139d493f41d9a3c7eb44db4ac503156a40776738ac02d7f5f10bf75e6c578dbb64027fe823e1f0753cae5012cbbcc4422f91dcffc4b57c1654b56fb740b0e9995dc85ecc306eb3f66a77cd8b3815c5536bb66e5af6ee76c71d7961d56e812a91533355d929566c545e2af0ab43dcfd923a56ee9db5e248a01c8f1b96ecdb2c6e8ff7400000005fdf5149bc1a72b99282323ce75fc9260c372d4412c5c42558fd69d41517be5b9743f80cc746e7628bf70e75b6f997e86522d847581a0efb3a798368c48dc986 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421777844" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C8E51EE1-1141-11EF-BE4D-CE57F181EBEB} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0ce74a14ea5da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000b2a381a63def4abc7abd161d489adc8e74a4c259ad7e8716484aa578fbcaa374000000000e8000000002000020000000458f0958c049ee529fe5e99b46aa197aea63af2ace4ec29c3354bd7d7a092a1420000000c1ef93e3ccc236c8eb539b9c19146646e26752aa87823ca6126d4fbbc6cc8a2740000000848e9e57056a8005a79e4e23afb37afb7e7a8f2680f60bebaaeca6cbd7f7eb6e36c828e09007edd8a389c86432be36cd02665268fd66d6d9478980dd5785c2da iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2036 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2036 iexplore.exe 2036 iexplore.exe 2788 IEXPLORE.EXE 2788 IEXPLORE.EXE 2788 IEXPLORE.EXE 2788 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2036 wrote to memory of 2788 2036 iexplore.exe 28 PID 2036 wrote to memory of 2788 2036 iexplore.exe 28 PID 2036 wrote to memory of 2788 2036 iexplore.exe 28 PID 2036 wrote to memory of 2788 2036 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4045bc65ce10be86fe60ecfc330850cb_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2036 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2036 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2788
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c696a0407eb3196775058b01e65f6577
SHA14905edddd7fe9e846b085030d3d4caf2a3d0d1b3
SHA256c7a02e735f42ce123bb646a5bbae7fd90da8230f9d831ee68fae3267d44cb424
SHA51232ef183070ce8561df7e99b366800b1f755c1ae9aba1fbb8780e8af1cb21aa2ba3efd789a9c161f616d141241d4214cfee8a34bc61d9985b6352880c5da9c06a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD540d4175e4444930ae9ec74df80c8736a
SHA19a367dbfa1da72c6a20b94bd5bd8be7bba6536af
SHA256804b491e750641f2b5042806ef47c415acd128dc20ef069571745a410676d418
SHA512cb524cb0f94ed003bacb098ee843904537e8710b003277414664e23a0bd18ca4dde20760b1ec2c914f1124f0ee7f0963b2bc8cac3cfa95b5cf839b7b7f5916f9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f69da77805c14fec7c84b73e07e0ca10
SHA1473529bcffe2399689a9bf9207ff688edfdced9c
SHA25635fb25186bbc4c6dba8dd6b530c1c4d14d8cba196f8be332fa3ecd0dad356f9c
SHA512fdd232505b230d4adec2d2dfbf6f212223444229037c6c18aa49f63305df690b6418ac69a2c0d9b93c2fd274ae7e4e69c9053cf9a50c41d1d6333874ddd5f45a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58328ad08feb915e04d150f8b5c26a06e
SHA107538350208bd782b947c5496e637a624bbb9feb
SHA256b0669f75d113b1e4a1040b8241393bda35a733c06d6077e8b33d3e49833ede4d
SHA51234487b326304a22c4bb2312cae70ddd163b6979db18b3d0efd476c7122ad484183865072df99b33df6f8f51c2f909762900127dd97079b650e87d8ffc2da9417
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50acd00d68b822ea7da67357ccc120c55
SHA15c690e660c81fb5fe2cb5b607df1843ef56f0c7d
SHA2566647e8aa2a0cb536223aacc336165276c1c3475d054895d34c90060996a60c52
SHA512f4cd4f2367ada5cda4078773a3022e922c0e3d9dfbd0e4b60e9310856d14e1c3d458879eca96e724cd37fab813e80b65a3e2bd4737b12d0fa93b2e2cf93dc379
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD580b5751da0430bed765f634f7ea0741f
SHA1533660e1bb2e6d97bd1fbb50f33b31d93dee486f
SHA2568d757a215dd9c5a85303d187e8dabac262b9e7ec7efe0f87b4b7072d549b84c8
SHA51216cf17daea2bff82ed71911e314c438d641fb37348e2ea09d54d7c3b6b811d78a26c7ec53b62d98a06c4c791bea59661219be9696c10fe7affd6dd2ce56ac9ad
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5802f121433b8e357eae4466d57b70e4e
SHA1fb35ffc0022ecda3e1bfc1a6f39cf09071bc7610
SHA256ecccb0c495325224ab609645c0f2aee72fa8b16890fa0a016787646fa737dfbd
SHA5127664ac0f277f147d5a19bd085862860bd2276611302ff4412ee4d486c981089281b4270ead95cad3c4a0955c1dd202515467b0a341b4af8e6202ce1445f36b87
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55fac0bd9d0b17c8626460ce13e22d4d9
SHA1d6f0c0e10a8e9ddeb01a803960c75414a7eec598
SHA256d6211581bf17c9704e2eac26ac1921e6a4071e15c3019537a3f5ebfc8dba6530
SHA512c62b63ab0483c8ca207e73519977cbd5ecd792a96411037b0ec08f1968149359ee011327bbe0237144f1b4dea37976d36f22d29ba1b3e42524e0af07361e2c63
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD537884caec3b3aa43780756fd392972fd
SHA1d917323dce01ea29da328758a4f1750b90b2ba66
SHA25604722ca1f962b239f4fe7fac0cc08f9f70aba6131660e17135d6030ecaca90bd
SHA51292dbbb61272fbff8b1ff1a7740016cf0a5d27fd7cfe2084c108bd48e0c318b0f278c71fc1fc2ab15354da10569a2c5f15d957983bdf3ce4db99b1b475565984c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5364c44c924a6394c73f7df4c6c704c28
SHA133233d85f7220bdeca7c39e382fb5f99750ac5c7
SHA2562f087b8d8c99c317ffd5e6f83a2b4f5e4baeaa9f83ac2c59e322cceacc4a629a
SHA5127089f76cb41d7f74748e4eb6aaa3d8c797350f38839c29d83ab0ba020c86e5ecc7ca82ec9d0e9dce628a002bd18c755c7435a734f0ac1d1d4ec874878370e272
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56240204eca48b9ca2348358b8841adc4
SHA1798d1d9f15cd2590a8d156d3c04e99436b14352a
SHA2568fb626c6089e49723f9b0dd1362b674d4a8cd9c71aba27bd3a5f334f42100b27
SHA512126ca400f73be60f32fd6cb1624f053372960b044e9f24bf27bff1dc1330328472a80ce88e8dc7dc9552f5b20fa4797de685e8f5aa02fcec15381ae23e1ddb3d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD502b61910d0481a16b5e16d3027d29e13
SHA11a01622e0b89ff3cec900293e31baf6d3d3897ed
SHA256d4e068467022c4c993848161179e3d963ab7be5577fd4d57547f66bb9fa5fff6
SHA5123a84665d396ed605f9ab412e991cd42b90e517e60a86f75659f9ddc56d3384ea0c9bac50f333eabb277d2d9d6ccbb245179a2d2436e00d892b40790662900e83
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f2423ada5dd4f025536ccbdb42d287f5
SHA19b99a7a3ddfea51275cb338272f669abbfd89ab1
SHA25648638f00d8829d3c1d43d84c509116efa4765d562e5e239a97ac9b12d2926160
SHA512250a47919e5327a0b5f805d6417d499fdac849460b3efc074c934473d69fa6afcdbed355f9012d639519a0f5f3db1a770b9ee62d785c819167e851c9b2979df1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52833abdb7eac1c256428ffe639a4ac88
SHA19c1798e7becf7f26df8a69cc5c1bcbe35381e82d
SHA256793b26b5f2b0ba9d0bb49dc5dcea62696fc0ff16e77ee8ee88554f45b0e52ef4
SHA5122b55796e801689899baf706a8e2f6fe4dd6873e13f999ca0505ac11d5fd692221bc79a07eb378e1d481dadbcef51f2a217bd712c400b4995e17e2b4623bf85be
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51ccca2993b65192e1b62a242a72f5453
SHA15ee90b79f771ceb6769f293387b890b2030943e1
SHA256065c712ed0e99b575525cfbf2e50beb4fbf54fe1565a25d714e08c30e9145029
SHA512a5653824886c34a9eff2d6f3830031c484672d5261f90737189435a6c332687eaa378fea1ce2ef7f82c8550059ed5e6ffe9513b655a98e44c9457cd2b6979627
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a