Analysis
-
max time kernel
119s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
15-05-2024 12:15
Static task
static1
Behavioral task
behavioral1
Sample
4622ed8e94ecc48b8c736b2df6bce901_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
4622ed8e94ecc48b8c736b2df6bce901_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
4622ed8e94ecc48b8c736b2df6bce901_JaffaCakes118.html
-
Size
826B
-
MD5
4622ed8e94ecc48b8c736b2df6bce901
-
SHA1
0feebc5e9f012740e8ba4134d820d9fc35bb1873
-
SHA256
a6cc7c35dffae8f220c531bf8b034e19b6ea25b470badd7f3767a1c0e023a737
-
SHA512
034dde1322aa427317ecd71c0a3cb8d8748e9d65207b2e92a1f7287a2d7e7d58480a0a9d98ece2b6ccba8686ea33bc315f36d03fd70a61cf4011819f235e9d50
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000dd35de0b7b7fbd3891b5757c834944800f93aebbf6824a8eb5ace512de999c48000000000e8000000002000020000000cc96a246b5d7ab5e0936f513295f258faf1b39d97267a364d1eb0ae2030de3ec900000009d4ef2864b28ca5c2fa7f1220d912c2064fdf487f3670888cd9d85d45994fbbb39091ad68d19174104909d21cdec36e07fff1328271a624a6f4656fb842a8beb2731f03a318e0e68332d975ece83a32dbe2c9c986bee9da83e5764b9632ef9673265e2c940761fc705e3f9ebbdd03a82f281324009eda461a1cc9438332ed63c117150568f76b1b891a2772b10d7f3f840000000e045350ecf5734848b7e57e801b54e94614351b80e78ca1b9477ef937615619facb697e4adc42aee71fea3c5a4fed716414c86ed1e4bca674a94b4044d844ef0 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50de61a3c1a6da01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421937220" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DFF8B371-12B4-11EF-AD44-52AF0AAB4D51} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000b33f2849ca11fa126879107b160691cac224c8de6ec34f44a3e5671679ced586000000000e8000000002000020000000fe52155c09c1f95b13d135e216fd3b5f1e6ec970c26d35f29820f3474cebb365200000002f129923627ef93e7701739c752b93cffcc8a8b5b5ab9da70c780d526a0c2d64400000000e583ed46ad1f17a15a0a66f232d83e1dd2dcc9c92f93fd94f7a15eff162f495f1169007de410423a3feb3a58bf2df5421f9f2e8e5b449aef9dc66ce15bd984c iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2400 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2400 iexplore.exe 2400 iexplore.exe 2740 IEXPLORE.EXE 2740 IEXPLORE.EXE 2740 IEXPLORE.EXE 2740 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2400 wrote to memory of 2740 2400 iexplore.exe 28 PID 2400 wrote to memory of 2740 2400 iexplore.exe 28 PID 2400 wrote to memory of 2740 2400 iexplore.exe 28 PID 2400 wrote to memory of 2740 2400 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4622ed8e94ecc48b8c736b2df6bce901_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2400 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2400 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2740
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5158d93c7b45b23f6d61a35f79fb8f415
SHA12875be238ec14b55886aea473cf85b5a8ed81f16
SHA256dd640939527e7eb4f5573ef4d2c3612a04c99507958d3aa511acef15d98f6ded
SHA512f2cb3dad46b6dfcf28be764ef23a911c9d4fb77b1ee15fac7d019a6503abfb054776f1218df2e56c64831a8dd692016deb55ee02ae111292756ec90b4dbd4ea8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57470613e60fd149bc9a55a6b5d276035
SHA1914a822367032c1ac1c7ce25eb2a7766b544119a
SHA2561de73f75f0b3325f8263954e415ea0a87b2815a7618ab4de4135a7c6b8a2fc91
SHA5129ab7dbbe7943b5fe9390e0c61eed0f6c28121528fc616bbf009089fbc0ac58e6068438544b7986e7cc443087b6b5fec4082bd8ce3e953b6e126c6eb6e6d2e7ac
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD596f6f5c843ccaa604fff448a94009d86
SHA1aa693554d27d7dbb918c69cdd43012be36b62415
SHA256334e7224017f0b8fbf986130e14f1aefa1f5b0a054c00e2d7e40a211eab85299
SHA512c4f7972ca1b362e8362b051eecbb7968f526b039c671f52f0054e7bd6767bb886b26a6bb0c1e4fe55ead1ec0e7fa96663d86ebfa79de6a081789ed391feef983
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b051adb4225412e12431f9a44bd18f1e
SHA1ac565b766a7b2ada35ff2bd5c9e4847e41baff47
SHA25640934f510df56da1111d4985051a3fa06f1398a6874597a0d6df54e7a0f6534a
SHA512458ee4a7d50a40a30f47698b5aaabc4f64155a6142e0a5356b3d6b5a6396d3e184879ff45c4b01fdb57810194c2fd7f5e07712e7ff9e72d2465f1607cdb90e21
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5045ef37c9bf52214428e415bf9bccf2a
SHA163527832be20470ecbf1748270b6bd96bdb47a68
SHA2566255466fb9c86ce928dec442e24666f55334f0b4b0c30ea148aae2392a858a81
SHA512d7335ac7f24e3a52b1aef94795055fd3bce815d8c2f139a54355663f935fccb4243ff1c8125fe701ee2b1a85c0270d441796bd0e0381cefb2f5acba100c02e34
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d49e0a279e4825dcbef43dae7da2f102
SHA160fec26082f09ce8728521db59e1f9e2bdb4ffdc
SHA2566b2c10886d8ab0ca5c853ad139a59643a439afbd0218cf02b97a0acb50304d32
SHA512c316659b04f2957ea4d9ec8ba0f98cb96425ec5a10ea7ada0e5823d4b3e938353056e40473b087a8e89fa7f23c5825a7bba9a82e521efab24557424f43403229
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD522278c58f48a0724a95b4c926539a459
SHA1554541b40070aa4ac8ced34a89646d0c147bd470
SHA2565f7f56c237fc1a01598553a98f2034a07391331a28f43815bcd5e8f8bff5ea96
SHA51247724295dad2f321184088af2353ee28998cd4fa5fcb6bce8644b7303c73508c3845e56df3f391ba55e47bf85356c24384cd736a1101afd7b6afa3a7fb861e90
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f76d5b814ddc240bef53c11d239eef9d
SHA1795359445ec9df3a815dfe12a3af01c983127a16
SHA256853a8b814d46295237baadeb37142ee6c3ed0814ac86250aaf2fff4082086911
SHA512b4580467e859c5582f31933f47200ca2dddda6333e9c623e85177c08118f449cfa74754da4151727fcd2f69fcebb8ced4bd7d80d27a36227849e411c1a85f438
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55d12c2eb857fe97a2cc1d3a102bedb8f
SHA1c6548af46b8f8b072ba87b798944be9de645232c
SHA256f8ba64d4cfbc6b20eec62eb4004ecfb972577a887b6e16669029639143c5f576
SHA5129512d0a4af3ee570bef00250fab2d213498a196713eaba5b746837c9c7f764bd764fc961139e7a3fefc6f07c6542d4e600e1ad5d32817a0738f3aaeff8b4711d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54e952f4c5aed28a1cc6760d33aca2982
SHA1039b4cc010995e84e0b0781fd65ffc3ae248fa3b
SHA256ba1775ce2c06bfe06b0d22f9e85701497723916cd64c4d1bde54cd30899c1dad
SHA51231d861f8e414a1834bbdcb627a2ce581fa26dd4e11393b8061fdbe66db3581c107216689760e49f9cbaaed4ea27e8549f786e9f94943cddb24ec8ea01f51598c
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a