Analysis
-
max time kernel
142s -
max time network
142s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
15-05-2024 07:18
Static task
static1
Behavioral task
behavioral1
Sample
4512dda763a0d969aa57c0fff12cf13d_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
4512dda763a0d969aa57c0fff12cf13d_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
4512dda763a0d969aa57c0fff12cf13d_JaffaCakes118.html
-
Size
23KB
-
MD5
4512dda763a0d969aa57c0fff12cf13d
-
SHA1
bd0ad983d0082982cad3f2e7b9f5c767f70aba2e
-
SHA256
fc99da3f64af2c8da62bf919ac3c8981130208dbfa7c3cf66e4f583afaf45de1
-
SHA512
d105e012630375c33cd0352979360052c1150e993e5db2a77cf0afbf96a6bbb83e7a5ac8356a238cb814b868f8dff685ed39c0c2c54aa912fcc1e6797c7507d9
-
SSDEEP
192:N+So2Vrb5nInQjLntQ/DnQieTnQnQOkrnt5qnQTbnSnQkanQt4MRnFnQ7XnlnQTC:USoQJQ/eX
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421919396" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5F833861-128B-11EF-BA8B-4EB079F7C2BA} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000eea5db88a11674d856a28ecc82e8d6c527eb22f12109e31cb945d9ef06ec2a42000000000e8000000002000020000000d593d7a3a3f83f10ef866a5a84bec5c662d3622dc7618799d9cb26a6d780f01520000000fc90f25e99c66c8ef69ef1277406cde63a193f582f2a0f80c5b02e01aa47f2cd400000007af6c5e8c9fb7b4d82dba23ac32d87446f51d42c40243c5c97341503b00606d00f4e631e808112addd7a87cb316a8c57b1b35d948ea66c93b552579ac7bab4ce iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 003d193498a6da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000e3cfb078a15627e87a933cb92dc256e372488c4928313124dc307b50069d14a5000000000e8000000002000020000000335ddeafb15c9da0421cc2de949b48f21f7bd92e9b174c1324bba66cd77ca8be900000001ee0f5d3dd70c6ea80b2bc2b4902e9170c03f92fe8d3d314c9829bc19ab0e054bfa629b8a43909d4e750c23eaa3237c0bdb054c11e87845b5058dcb3cb17518350f6c3edd845384d9d85061c8b46428c7e285f8232770a7d42984a277a95f17d5a4365931cc15192db0af45ddabceff593291c40167091b4e7eab470d8a00d4acdb8eb5fe8e157f5b997c4e0a71d93eb40000000abb487ffde5e68fd2a84225ed6b9667c4af28360bd27ed123edee7687a9cc57f39027a1b52fe02a1b16b80e24426fc75a1623fce74b2bf1aa5b25a1b868af600 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 848 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 848 iexplore.exe 848 iexplore.exe 1780 IEXPLORE.EXE 1780 IEXPLORE.EXE 1780 IEXPLORE.EXE 1780 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 848 wrote to memory of 1780 848 iexplore.exe 28 PID 848 wrote to memory of 1780 848 iexplore.exe 28 PID 848 wrote to memory of 1780 848 iexplore.exe 28 PID 848 wrote to memory of 1780 848 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4512dda763a0d969aa57c0fff12cf13d_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:848 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:848 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1780
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f87e1926c18ccd2c554f0eb6ef6eb35e
SHA141552cd028c8f486ebc603aef08bb980390bc3d8
SHA256950cf4636c7b48be8a61b09790fe4ab3cf99359c6eb6d89f653848e43ed55976
SHA512df69af9b8576ff62e09849182d3d039ca4bc24b8b05b2f3898210f8acadcc7d4d2183c92a13d442411a3ed362c78bb26664e102b907dc0c993fd58b51bf81f9b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51005a2391df17bb06bb9b7c6aae20759
SHA152d3965a498e9d078d497676c1a2d15d09415859
SHA256cadb8c366aa79bc55417e205dacf345c8fae32bac9aea9ebd3174512629d6038
SHA5128d3d5dd7b1e1ef0f978ca0f4926f1e90cbb75374967576128c159961066c591fceda6b8d30334a05f5882ff4957b868967d9b204c87b9a53901e78486211d6d1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD538693568b280603b057dd01bfb6df5da
SHA1d4f3f01766621f1e2a3f5bcc9774927319fea81e
SHA2569cffdcc417c20787e5d58b6c2d828faaacb9b81b1ab9b6999eada231cd3e59c9
SHA51242c4698532fc942ca60a49e9ea22341632c1c49eadb04ae6f128dea5b0f318fb30cb6cdf864e5e6f6bfbe53d5f4e763d67919de7e33d50af0be359044ab23e04
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54b7bc1b744258f23f4f3094664356a77
SHA180ded1c6a5b88397dea0b168daa3e3320969c683
SHA25624af0d809e7796c30b12bb8010e49b7f924db6929e5917cc4e9a65605632d09f
SHA51276274a3cc3d2ff94e02493f5f8d2aa0a641cec74292347c018d017e0f69532e65a2e195fe39ba9678e5d69f9ab6302f4568631c87330a5b32fbc4000862f8ed7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD520082630ffd9f260d016419ae44fe980
SHA199d88d600c80d341067be3198a5276c0d4ca7f88
SHA256ea88797ec298d41dc595d00ffbaca60716ddd91657575e7c7ef00461580fa719
SHA512a98f68f0e50895625ed3441f4e9b5fc1a9c6dbbca30742cdac5820de7cf19bcba6403d735d787051fa356a47b3de3cd7ae5ef858fef09cfe79ff700cee5e8dfd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d0993d7d2b1b15af790c9c5071b67584
SHA119268d32c19b0ac6b545c510b5ba3765247c11c4
SHA256eb0f686f37972088c306f9ff914b9e1c3bd91d728a8fd3ddea203dc19d535e1b
SHA51228e2ef00267eb6c72454b2466e41a3ca6763d8a596a37bcc339982e83d93513ffdf17f5c454505b7680aeedd0cebb274cb9d7127968e5e33c90cf7e59191d8a0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57ee2aa3068a022d024b7b2f9c417f9ff
SHA1ac9c60bd31dbf24ad3f396cacd1ca2ae4a9ae343
SHA2564419af3ea35c2c30c5bef0063b076471f41419a4aee4b4259a3c4db330ac3f33
SHA512de2dbb1c37c9c04578aaf5f07be5104879b94a710235159fea33db881255dfd3446864137feca7dbbd860c48e06c64ef6d8490cc79323b1d6096f4c6d25c10dc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD514eabb9a6685001e9859fbed545dffe9
SHA1d181080c11d3f30ae2988370099a9d6422cb86fe
SHA256806e4030124108f338600e142c9c62c6c138585adad1a0a7ef8da41c2b4e30cb
SHA51269bc56f631f7dfc2193db60cc0cefc803b8482fc0199bb4cb14248e0692cf8ca2f4bb8717dc232aa3794c52582c7d746f4e675739d02ae968e6b59a1fbcd787e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b0056c2ff6517e63ea3b4ea483918a76
SHA17ae746e863cdf6cabd84314a9914883314af5a7a
SHA256b31c3773dfe870ead2c1dcb8897fa972d9146d31afe73db9325630eb488ef48d
SHA5128a438c7f79cb19a39f2bc3df9bb2d37b42e99f10b4517ab50dfb08f0c8e152559a577be0b46f724ef91cdd347e6a6372724b23fe2258e5a8ace695d5dd85dd1b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5da77ef9236790dc7ed17f5d7a3323e2b
SHA1b2b0c465e3d61057dcd17eea0fb8966f80dc0580
SHA25627da14c5ef8a653a3c4ba49caaeea793956ae2c617a0a8e12d90829b013de771
SHA5128baa71d292c3c5bcc3aefbeaa211c6740413c000a14eb813dbe43ba433f1371c81b75a76810f7af4eafd2d2af7da3c7b1a1a5c03e6ad505137e6c15a5b2238cc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57c49687460581c97614e8724489b366e
SHA107872a4c2fdf49db300f4decdf2b455f6400ffd4
SHA25652d9aa203c66f1a1402338c7331fa5e07b5278440afc4e3a2e12d5f4d69bb68c
SHA5127f030e3be6e9380377aee365f0a5c86012a08363744c47502f4a954fe899e40e5820a47f88b8d23bb6e6140a6739713bf3d17f0fe6753b1d23a327979f773705
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c785f01d873f7b933130cc7a9cbfc36c
SHA18f04aa3215d9db4203f9b4e03eb81c341146a2c2
SHA25697967656b5a6f6cf1095f100339bc1185ef2f3d8437c7fe2fc69db972a702299
SHA5125445e93814e80c4fef984d14be42c96ddca88b5b01d2ea10bb7f6536bfb30cfb75b34d8c1514055db221c617e14e8cc4ea1289fe0d82a1915ee4e7b462f65e02
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD566852bea5efe3558688b8efef0e7ea1f
SHA16837888f54d2036df335a544b348bd156b93e130
SHA256d3f3a426c76c896b17dbb27df626a4c4f56f00bb106336b368fba9084243c0be
SHA512b7a9db4f5978422337040d560b3b64561c05d9470745b65bfd3a9b811e82fc3512d1297da1f84ad8268726041c585fd3971460758c62df74b4b0b58367e2c447
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53fc979e1844acbe253fe9e77ba637b12
SHA102c2efed05e2a0dc35abcf79358afc66ce82d102
SHA25674b337a720ecd041a653cd4d744af8f04bab95bef1a1b9fdc7f881858e69c6ea
SHA512252b58fe9b396d021b6eb9938d59da2a9266de7da395ee46ca14b01a2afc5df2420aec82ea6627fbb68e3d1560895bb27142882b3c4dcfc1046c3b90a3d7b673
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d2b3a032173b8873186c12ba68d4a8fd
SHA1954574d20b8f6a1a6115565346e78865078e7249
SHA2566faab59b83732de50a621b41a6869490a474542be808f6187891e87b0345f3ee
SHA5127c8b621eb2ebbf8487d685d04ae83003512dd84fcc8705f8860167d2800e885f55e1c8403e9f10bd4265c5b92b922cf6bb544d890b172c2b6407d6e00e1330aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5cb3459913fb32f9fdb98172dec4b7782
SHA1f32717ef08629f9bd888c6fc08d9386faabf094c
SHA256ed017bb282bf354c1234d3dd57b953aedae17d17e181ac76ef2bcd00c3d02f9f
SHA512cef33eb2d1882c208d437f58e105e3bf3aaf1e0c9cdc7c972237c81f41ab20a9d5894e16c19362a3f04e1883376956f6ed0c63256be81fa785e22f26e62da89d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57dafef034bacce90fadf1cef6a47de25
SHA1f9e09e13c1ca6c5bf1217f1ecd4207a6bc4ab401
SHA256c713b3a8cd955c220d090933666bf75e04df06bb43143c88e705846db1027bde
SHA51231bf81eeea4878450c69223b7ba7bac7323ed652ff77f310d8c90e01239b2b69e28d7eb75c0e28dd64b602c63ef2aea0db4f257572cc80bf5ec7dc0c86bc7ff8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ee08b37eeb35551071014953ca140824
SHA13fefa430e3556838facd4c435737605f37ccc493
SHA25622fc25ee3a64149cd806211bc8817affcd29db244ae8c48678fd71639a45934e
SHA5123664844612cf5ac2b4ccafc11f4b926ea666622b423c83d8710aad301b25c59da965e84c601e195bbda43a74876d25af3044559514b9dbdf85080052e95c25de
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a