Analysis
-
max time kernel
121s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
15-05-2024 17:46
Static task
static1
Behavioral task
behavioral1
Sample
474efc3e63f65ca54e1f94d2fc099143_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
474efc3e63f65ca54e1f94d2fc099143_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
474efc3e63f65ca54e1f94d2fc099143_JaffaCakes118.html
-
Size
24KB
-
MD5
474efc3e63f65ca54e1f94d2fc099143
-
SHA1
02a67d047ddbe8016905c60437c12fa904e1e02c
-
SHA256
710b13d9554b11600f47c3554221f753f76c7895aba1531d542bc3a58e0a0bc6
-
SHA512
2836911d4394890ed500f8a74d09e1334f8c5750596dbcdc9c8bae8fdee877ef8f21b05f3c4482c69e8690d27a532ad59d70604b109d6ddfa6485e77ab410944
-
SSDEEP
384:+PamLRIJiO7p2AglwU3wAO+kekMk9MWfM:+PamLRIJiO7kAglt3wAOFlv9MW0
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1660A7A1-12E3-11EF-A9A6-4658C477BD5D} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421957070" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000c99a7168397e7abe644cc01e848e001b0d1af272da10161d6e35a70e54cf6eac000000000e8000000002000020000000c546a3c54b15cf5471c0a45fa4585d4abdae5748253b2c49a4d740e158253dd620000000a9e52bcf66be00f5cf61089fb17cc54dd55131c965b2d8ad5c8429b66e0b6b204000000071aa2efe705c7a0394b4dea2008e8b603a49abb01df475800ea45354686d2f722a7b69a6c23acd9147f6da6961ed63d8a923a48cf2b0d94fdd2f289561adff90 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e05930ebefa6da01 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000d15c604fdf2e8ea5ea274aabd8a3b19b0c1b2b172832d2f19b9af151e07bdb78000000000e800000000200002000000097a8308cca17f902856492799f84a98ad4e7f25feb5c6e3fff7ff4124f175e6490000000dbdbdfc3fb586aa83d7dddc084cdf9c0f0f892579ec0b4822a641bc6ee05c1696ceb6927a2758d1c9c1ce5304fa35da4d211625db7a030ec9aa73e63846cd7eed8fd8fcf3b194adb252f38b14f3815e92d3fefead85da708f9c2584dcd3f5cfba69bb262c74b3c5ec6d32476c50f56592cdcbbfd6a54df7aacd9c9a5d254f6cdd0773cd4da8c102157ec119db30da9944000000033c35a197030e49ad2f215787a233cb6ed93e3bb2107dbb8f7c89f3f78bd129d7916cda1f0388bc6ea0c721b9ae7d92626f869145e6044f317b984a0a26694fe iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1956 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1956 iexplore.exe 1956 iexplore.exe 1260 IEXPLORE.EXE 1260 IEXPLORE.EXE 1260 IEXPLORE.EXE 1260 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1956 wrote to memory of 1260 1956 iexplore.exe 28 PID 1956 wrote to memory of 1260 1956 iexplore.exe 28 PID 1956 wrote to memory of 1260 1956 iexplore.exe 28 PID 1956 wrote to memory of 1260 1956 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\474efc3e63f65ca54e1f94d2fc099143_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1956 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1956 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1260
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f0f2e624e94eb5f2e32a92190755e7dd
SHA133afcaf3cee7b91ae1bfbb4d93f02544abc68826
SHA2565bff6f637cd251e34fd1f1989a017055b2f2a22574daab64c373590880c93ed7
SHA512350e85374e66e80eaef18a7776da75fee90b0c3c0914adc834a7d3086519e892668ae5387529787b4c6efbd020918840880b6e3aa14b5896d541ecbcbbd53ad6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b2d5db640a24cf722c065c3fe93aa3f3
SHA1ad96f42216ecf2cf06f1804c86dcf3d38b453bab
SHA2566cc9477a81961acb0fd841b88f833f87287c1f07bf2c9c271c3b39370dd73c82
SHA5129431ef52b8c1682f7f134cf19777bef7fb6d5cebbf9a5ebddf30150890060608a69dd6df71b6539b8a3af50f43867a5eda060311c88ae858943c7740004cef2b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD535cb369674b8b58e1838d1491e1e2a1e
SHA145bcbec7981e28b7e6613e04d638c6e902149e31
SHA25658598b426d770df9c45f747edc79c01736025c2eb8b58ac7a31e9172dbab445b
SHA512385fdd393ce6617e59c4c080d6f0a29d929c22e2d4e87c2c66548b5078e6942904a465665732891180d19cc40c7d26da0213d9fcea4ca58f40e350b7c2a61e61
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55bc3b8d5ed4ae13af764ca977df8e803
SHA18909795928863ad0e24fc4ea7e1d264bd6ec8ce0
SHA2566a2a4ff3072cb23ce7c341fd044df4ce80a711541b3734096768cc9a82d57050
SHA512f4e1a2346e80a50b0c33051afc55297514b39d05353ef961522a6983cf3a8ec38414ce5ced378a04e8441c90f332272c80d2521e1022ecf79cf4ae3b95abf1ad
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5533999f03e5c631ce690e9eb9be7cd08
SHA1440645ca0742fa1b11e144bddbfcd1010eeb8f5c
SHA256965b068e2cc783b6f382401981879e0a524b22abeb1f8fbf50dd665a8d3ce28d
SHA512b1435aacd7bfedbf785f6c7efa1331eb6be8cc44d0af4b13a51aac4d77a1534bc7deac1e586768222485a78977e4ee14b0cc63566a45511164a5d2479acae1d3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a2f4a27ee7fa035ece0661ab64a1fc7c
SHA1f2c13f31af29a8bd95ed17e9273d75e8b03b8a68
SHA256d502178c095f7160709461968b3b6082844361cd9ca03bfb236c894857890641
SHA5124199cecef4a4005f740b80d953d33c3e923a3c03d9eeb9064d2d496911d2da32b05c060544665c164814aeef9cc3bad6515b1f4d7218d64acf1404d7ca763feb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD547734bbbaeaf316895a40c92d5bb72af
SHA12791eacc367ae46375cbeef0cc09f58acf291e30
SHA2562b4e987b4b85de3d45898bd810337a460b4b20c7eec27f07d721231f496847bb
SHA51285e20c83aaa9b31e33250d554e15fedcf56d88cf2552dec12631e40d5868203e56ea2a788d623799f46e782284ae011cd2e75ebdf0a689f9ebadf723f1a61ea7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52cede2cc945db01783254cb30b708fa5
SHA1bfee591831919c83b03efdf2870eedd1107973ab
SHA256fb6201f6c65c59987478efc593a21d6546166abfd2b2edfa757f64444eab8133
SHA512c67f9aafde236e78f48b9c64f50c55849d6ab7a056611a921b8e61d424f8a8be0872a5494bb4d0c431d7e5310cac5b0bedff3cdf9f5a599bca2970acd2aabfb4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58a1fcdbc2e0aee671cadf9b1bd4fa462
SHA18a68a4acbe2439229d64058857a6b78b9d7ecb4a
SHA2566f079e7c543386501663ce20c902088c2644b18cf08edc5ee2ac3448dffdcf99
SHA51257247501bf6c9bc40cfb0ef07a8042723eb93f204fd1781e0d50bd61e6721841f098dda0435e9cfecdd8aaa37a4316313177cd39c9ac47315c6c885c5cb1f987
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b2236bc1bffdadaa5eaf73353d206217
SHA148c5e69e4f3d4db3fd79318c2fb700f82c1205d6
SHA25618469b0936ba67275ebbfff38970b9e6fbdb365c346d1780accc2eb72f91d0f6
SHA512b2d66aca31bbbfeb26b09f0a34838a19ae47a43b6dc30852a7c1b86faf29769b6a38ed7e14162a62e20fec13c7f6198abd451c682921c6f38b9f437cd94464ce
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5acd22797fb0db42aa431c0e283ec11eb
SHA1eb653866d32fde7cfcd88b62a5cc1755fa490ce6
SHA2565bc567862316410436b79ad5742cdce492ceed7c24fe92e1967e3517df15050d
SHA5121930b36cc50ecf7eb973c738732eedd087dda412d6e8b846e87cca726aa9f7b2475f98094b38ca3d4f5148d357d7a4bedf4436c44bcb9cafa9faf654c424e301
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5650e475255bb476e629f0e761bb4e3cc
SHA1a822a8152d78e08a292df8483c28b30d7bcc3620
SHA25632131fcac026bcceebfc5adb8377b5d80985708773e985471a7821c87f718d3f
SHA5128382f0aea8311ac39210a5fa4d9718f26675f90e637925aa43271ebd40dcb164f92075dc486de954bfc54964c8a6276ebd7ce73ed50eba0b1234cdc7ef7b9dc4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5dd81eb46abad4a7f4683293b06aa9ca1
SHA10aa134ed0d5ea48e7b594d46a27e4f71ad06c6e1
SHA256cf91c107a2e4ce507d9a21287fe6d0e6406eb74461b4bcd239e84597cdedcb11
SHA512fe354d2d48518fcff1cfb2e37561d0d51b9da311ed7828d61694a174d4d55e8fc79a9f1a0ee7953350cd1e103fe3f3fbef04d1c6a02db931ad48e69380b1ecf0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53cf9bc6f2eec0f13bebb53d484b5de42
SHA16baf7fe1dbd46b680568ced1158e268fd0189117
SHA25633a5cccb74307b93295845572634ba618cef0b84858d23696dca09d1b40c506f
SHA51256d7409df5e580460fc2fb93def450cf083a4ec1c979a6df36c98c27c641f8995d6f0bc8f5f037339148b653c1539467f94f887fb9949c7b64f13829d06a3101
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5eeafab000816752325f9ac19acd6389c
SHA17e56fe8074d6bfe3c5f1a13a76a63bb3e093542f
SHA25656961e8018e0940d415f78e5cedac7968289c2ac4ecc66482c53906d548ba719
SHA512fb130c707100809839d734d9af4f6ab2334dacec851a8df884df2b4708829fdc77e87dd5c50aad88c641ce156ce78aa45006b9aaccebc86ca934e5c86a99314f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ac2bdcfd388822bede6dbed7806b538b
SHA167865b429e24d3a52c7934f042e6fefae0f25a75
SHA256de7ff4ca45921f946654bc0830567766d884ffb6716ebc920a879e8a947f53bd
SHA512480a44e42f9a57a96a37976a5b8794192da84cd733bfe099a8253c3e801825a570d65e76cb317c2c91f9dc28f321a0890f00d3e7ef34ba8af81378a8ba9458d7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD593ce96a0e7658eb5d3b1a671d510cb64
SHA151fa6a09de1f5bba57a0793998d8e2850fcd181c
SHA256e1ab5858a84a98e1a1c50ac286c7a6af93cdb2664a42f8f348d8e24902e04e22
SHA512f6437f8000dd359f58e2a5c242d438fbfdb29848b3471a6361369dd19ece0dd85eb2ea20f4551f67299481b116333b4f77e100fd4ec1530a265ec8765eb0fe20
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57bec942c2499007600dd6468a7e573ad
SHA185988a2c86b50fe572dfb517c3d21a93086653bf
SHA25617b2bc53d8eb33a115326f344c5fbef725770aafd1b4228b235c776949f0ee8e
SHA512bea1b7cc51102e1e02034aaff364d650f276971bdae1d3fcd54db52c2def1d5995f39a00b45aecae827b592a218bd087a9d86c7fff7f1f7919272ea8b83e0318
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53692702cb07bf5051955ebe1ac46d511
SHA11bdda1c2ba735b4f1324a31bf52c7115e12e4fb3
SHA256c5e071719aecf3795f084cc9eea98656e245548f6da898c59c4feee7a3e794db
SHA512637b9ec965ea0a2e1e7bdc88c6063c640b0e2117d08d0a5fa44b54606df1ad789e12bfe3d26a66f4f84d3825f88cde1e3aeb6fc1d8b9b663fe00d5aafb1c5102
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a