Analysis
-
max time kernel
138s -
max time network
142s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
15-05-2024 03:23
Static task
static1
Behavioral task
behavioral1
Sample
445990f282f550c208ee188133162b95_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
445990f282f550c208ee188133162b95_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
445990f282f550c208ee188133162b95_JaffaCakes118.html
-
Size
13KB
-
MD5
445990f282f550c208ee188133162b95
-
SHA1
6e5be5412c5dd2171196877c334f93f27c377320
-
SHA256
8c28c39fd77580157e5322e9eec8ceebcbaefc65860898bd8888765bedaccb32
-
SHA512
82bf0143f6c44583f932814cd1ee270275aac1ea261fe33998fcaa89453561684c0e831c13ebd7f50e353d95b7ab9460ba92ce0a48ad4be1be93af2483bc11ff
-
SSDEEP
192:CyiLPXO8o9IoMRCd65aSNvNw59CVCfgJTV/0PMx2VVhWl4n3/uDX:CyiL1+ToayuLAigb/0PMx2/hWlmPuD
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a230000000002000000000010660000000100002000000008a823af028240194cbb1c5d558b8883ac407148148d356e1f91d896f83439d5000000000e80000000020000200000006ff2ca1eff301899a8a330d7b306abc2bca6c7a02e05daedd51450b96f02d4eb20000000d3a0ce9215b691ffaadf1d08cc0b8e1482aef9efa67c4614fa9028cad24443b14000000078385fa7284588c4c6284418b71791ef55d6484952315f5d5a05eaad6e0aebd76058ff1b2a77a4aea2390544512828929dbf7b274e14790682ddfa9dd503149f iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421905297" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40b6356177a6da01 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a23000000000200000000001066000000010000200000001af9d38cd071bbfe5ccecb44c7af06d8f296a3022d13408b7999c4ecb12d3a32000000000e8000000002000020000000c4a6601ce04dc5f64bee3b825aba36a40334f3045d4ec6a34b0b9a21ab46727390000000a2edd3a630b7e3e172b3e3a200bf352f0e9bb67e131aa868ff2c56089efe9378866a72ee65c3e32da54f7fabd6b72cdf5f443f64f6863e22cd3ef08944ee18fdd4c0a2f86c7c31d117ebd720fb696687829cb40b820b948bc5ac5d1744fecfd77b6025cb579d8c57776b4164624a37d48344844841795877757a5e7b4baf8b47457e04c1c076d057b44cad239305776e40000000173b0c59230ab3c45383f180151ed6cca1616c6dce2e7ff8274e99676ddd80912c70fe53cd024b0f323737a5f433407fbb24049097a3efa1958a8e7bee430bef iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8C6AFD71-126A-11EF-A1BA-6AD47596CE83} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2908 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2908 iexplore.exe 2908 iexplore.exe 2716 IEXPLORE.EXE 2716 IEXPLORE.EXE 2716 IEXPLORE.EXE 2716 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2908 wrote to memory of 2716 2908 iexplore.exe 28 PID 2908 wrote to memory of 2716 2908 iexplore.exe 28 PID 2908 wrote to memory of 2716 2908 iexplore.exe 28 PID 2908 wrote to memory of 2716 2908 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\445990f282f550c208ee188133162b95_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2908 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2908 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2716
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5290452998084e6346a5cc9cb427fc498
SHA18e70c64bd76ba43c28fb5f909c2365e8cd704df8
SHA2562c3b46ee91b52e67b560922bec1e6f0c2fcc34775c2a8c003c3fe17869951702
SHA5127eccae363ede71f010656294058d301cfd4a67197f917448d0e047e1bcc18ee825e4b50d17beaab22ae1ceacf85e8ead68f4d1bbfe8cb1e6a6ebf21f00bbad14
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD598dc80516eb2a9465d49a835b338ecf3
SHA1205b6d7b0abb56d560f9622ea6f60c6b34d14057
SHA2565fb497564d65957c885bed478678f97d208abc57372dc2c86287c8e0818fbff9
SHA512be176ee4767a865c641b6a56df86931b53c72db6600c1ac2852544dccc2f12d622fddfe467d36f47349b3f443952abc448876924e0c23109e464e915a6d9637f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5001f3385ef91b624b4ebf094930fb947
SHA1e0b843de2baa961d4ab32e2fb04ad941cb01d433
SHA2561d401d1f2adc5bfe5084734ef08a049eaa1c22fdc5139f50efaa474065a7c0ab
SHA5124c0208785848fa522563eb52e6d9797c35be83fab6bbf82225c315e3a0fb9de9f36fabf0188b8dc5e52ede93a730e5f77c6820602eee9138af17caeb34e8dbf5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56416aa82476b19d6cf7c2f2f9206c4f1
SHA137a1e9fef59865dff65aeae76cdf75a1e62287f0
SHA256462bb4644fb181fe842c0e4def5b85c5c87de3b84e97d7d615d8c6c4cc2394bd
SHA512401ab3d5f95c669aa54e620c5405d84c62d3bc6b6d0f4468104d7c199c09365ba6a1ea94469e70a2295af9e410a8fb57f1f49ad536cc4927c1f249dbef3dd377
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD563d881907acd733f8d45aec202237224
SHA1ee1e820c0369c0cf829be9d74f7265479b47766d
SHA2560b32949f345e28a59eab9486816ef0c926c33f0eaeae9641d94f61fe29fd6efe
SHA5125b2e9cc493d4096a2c71692efc6c70c021b504a9f35b7885c240a31c03f6d56720fe033821f652a7d6605fa953554a9bd6fa22956f22d643efa33af3443e1f49
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51b9231438335499c6b934d8153728fa1
SHA10a27a320b3d32f4ba6577c614fe6ccd32ca0f7fb
SHA256ee854f9a6fc98721e1feb9e18526ad73e40d3af5e7dd35a56b91359054e1de7e
SHA51238a1b46cd776c5a854bd2d80d0f17d8b9dcf5274e80ca896bc9cdc722925635f80cb1e2240ad1e52432759e40d5a28a45cf2b391a0107077fc25a21796105f13
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53f5946933befba36c464e15994b0408a
SHA11e16206b9cdc1697bf6af481c08b954b5689b142
SHA25617b0499c22c07f556f58dd4d1a67c9b48837187366d78e458e44769bac3846e0
SHA5121ebf14a40b01d452b5b10158097325bc96b8241bcb16b3064469cfa2b9e29c9935fd2f851f8a77e7eb27faf0eaf35680b30c8e324ad0706c31e7ee624fb8d4ef
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59ecb73a27efcc81eeb5805489f3e2670
SHA15d3f99a064f62b3a7c88729b764142fe774f349c
SHA256f88c07fad5baf457b9e0b2e641e60e776905a8d2ae206bfe990d9f491e7c7713
SHA5123144a1e2bd0d6bbf5b58aff5a2ad7c1d2045fb22cbc7a2d1bad7443f9149941b467dace5dd9cdca4806f37675ae5067fd0fcaea8f18364557d5baf1a7a7e10b1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51677f38f64c7a0dd4fee13ed7e14c8a6
SHA1087c4b5147aba17523f1409a6a68b21744b2ba26
SHA25646865538f80d60a6d7f788ed3723aadaae00083559c10260db6583443d98f580
SHA512e28bf66e629bd48331efc7bf6fc8b70f81a4780a5f280f7a7970deec82300a1e0b71cf546130cd5760aeae9ec23264895be20b0f1e250a54d63c5c723e46b19d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52e485e1228ef1e64586d4d84c67294d1
SHA1ded2a913fbd97e81c8aaa38202f7d0c21d754d76
SHA256dbaa040cd1a1e77743569811cb04031e570d9f4b01be7a536f66a771bd5ef0f8
SHA5126bbb7c318c9c1432c2d9999bb1bf09fa7ac8626ada3d91afc1afe55806c23f03a3f6f56fde890b1b98da8e89fc5dc54e6d5cf753fcec0df3da5a3d60bde66e45
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d2d44055a14621a204710abd15634d82
SHA18eaafd56f936fb9051f427ce0a26b3b875afdee5
SHA2565648815cb41042de2aec7b3ad5f3efc3d0d8f22b68e5ad98892b057030f1215a
SHA5128624454e3d078bd7fc904a43ad6f27a634ce2035b668801d8a34e4d3d78d4989174fc6f3847bdbb43037bd17fcc312f2608fa21e6d309d6725ae69859e5ad170
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e42f53769e3e1130cf046a0da75ed6e5
SHA136f8b9056a07532c91051d749665a6e02ff001b3
SHA25668dc1541388952d1ba9ce6314b56dd9a4645767812fd12b93a2ef6f6dbac7056
SHA51257705373ebc0c9287d9e7003860c60c2ba9468ee5c0843fd8c95a870cc305ec1c57b66800fd3505afcd3be17696b9fe42ce17ce2e6fbbb794e94554c4e997f7f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD531ee9323a1579042a0818fed8f635cff
SHA16074c6f41b6dd3b28b9efed96eb280fb75e25b99
SHA256add27e5792402ca4e04455c0a5726e67e3ee435018018557311d1fca29a981a1
SHA5120f6cdf8e4e246312ebe98c5a4172aeaa11ee6b55667976b192d417d3734bb1a26913decf8f02df0595b645ab39cdbaf628f870ea51f268aa94fa2da2ecf0b789
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5060b14377e98d6cd8b67348a010af851
SHA15c5ec93b4dfe4384f7b2440f6777bfa3fe42054a
SHA2569dd248de8e7d00f77c84de1621baa02d2aa1b692f5155b183410a75c98c6137a
SHA5123dabee6a9b627aef7e65d168e120cb63e83fb1701c874b0f0acce39ffdc369a33d6f931e4088949d70e7f68485630dc968c553990cd74d24502bd5b38ac6439d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d2a56347c300f30aba88d49b68fe5a1d
SHA19b1ca071ddc6ee9c1cd1d998b796593ec7b39dd7
SHA2560c485082cf891bd055a7a0be18c999e091a9557ca38c5929540f9813a9a6619e
SHA51263cc8450d3453783f68f7709a3ff4e06ad1114d001320d604f940bcd7a5c43f31fd0c2b9dbc3c03ca012730065e81bc635dadedde2a08583de4aea010b172494
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5dcc70af8a7328325fc7d19765257b4a8
SHA1c0b8bb1c86b309a26cb371a5f8075e75a3784253
SHA2560356497592c47d3d029074a079a46e64342394e3c9cf4e9d6d6b2777774d97d7
SHA5124191e97f95539a608caf1505c38941dc5b7b0a9f55913dae6cfdb81112941df9cf49f280198dcdbca3d8b92857fdad1e1489ee82d979690fa372966314b2de61
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD598f2cb8650c5a4d411999d94c57dbde6
SHA15ad672bb19f493e0b23ab7dbc0413af7c0947675
SHA25695555ff05633163e89cfffb4e9cf6125dcb748e13a9caea4eda22a8e2f99232a
SHA512d5c4fa8ffc5ab86e180826e4252ced2037efdf9d285ce848bed5d55ae1a655e2395e27e96faba0865a7d7735e93da32b084a9736c31547eeaa1c764798454812
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51228a93dba416e0b95f2e749cd33f86b
SHA1c2408cda5ca05b2bf97d8a068bf0add832184702
SHA256cafcb04fecbd9ce642b39ed0475d0feb28256b12239b8245317d7e6ffd85df6b
SHA51242dbfbf59133745430abbf4bfb31aef4235a884c9554fc4b251611b87c240106a5ce72205b004a08099735721f89d04c171062b260e695a61420daecbf9491d4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e7d2030f18a72b228bbe66d528db5745
SHA1ff4cc1342c74dda9b12da02f601cfd64a5598f2a
SHA25657d2f4e2870c1a74a27f8a75860336454877d424a8e193d659c4bf9cea941252
SHA5121a12522ea58d3e48036cd32aac6338827da5658d1f3fe82b4519bdc9afa7b7d5489b7a8169a663c299f6cc2ac9dfa48b539adfe171c61b395fafca651e84c685
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a