Analysis
-
max time kernel
121s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
20-05-2024 09:08
Static task
static1
Behavioral task
behavioral1
Sample
5e462c13b7141c1807f25332b8fa356c_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
5e462c13b7141c1807f25332b8fa356c_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
5e462c13b7141c1807f25332b8fa356c_JaffaCakes118.html
-
Size
32KB
-
MD5
5e462c13b7141c1807f25332b8fa356c
-
SHA1
fcced7d966e246a2a0bbc65b02702be6f30dd42b
-
SHA256
01770a5df07aa2478c78dc258ca827e7df7923c4a46b318c0918433d7acb420f
-
SHA512
6dbc329a1ebba1f4bc00cadf8459f9648f83eaacce579d03d95438bb5e8f4f5857a91a3d5e61dea10798afbf9858c7fe6a6d0281d94097e8e12e58c92ed39727
-
SSDEEP
192:uwLAIb5nEQ4inQjxn5Q/MnQie/Nn2z0nQOkEntISnQTbnxnQmSExGtwXBA6368y/:6Q/Azhrxjh68y/j/NQC
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e861098c19b4244d8627ee4664a9606900000000020000000000106600000001000020000000dd9c3d3ee467cd7e5dc1b94e80223f97f586ee5cb7684cc32858205cbffaeeba000000000e80000000020000200000008359001ff5bd7f71bf3ce8bf2b8ccb10a19bdec637029e8f06c11a43700fa9d9900000001a9c0045586394cecc3d75a96cdf5d60675904fc28d744c9239343709dc186bb5723736b724bf42b3a6c31c316a29241a2ef60fd284af9fea829088444741e15d685dc6cced532d78ed173db6c7a91e62502c2bf58443e12cfc62d1075e9ff3d233a3b34fcbe81bde59f5c40273c71e0e8b3118df765a0806b3de9d3e489fbc66f32a706b544fa79cf2f03461c2258b6400000002e546258128bd466c4e0895189056a983573edd531ba59d586fa3984eac795436cfc1298a28ad1c34303d5711d6233b9384c4744ca8ea126d7c7ec04e5cc9024 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422357991" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e861098c19b4244d8627ee4664a96069000000000200000000001066000000010000200000003cadde408f962ff68a092397f15bb81a8268a0033356d673b83df276afe00997000000000e8000000002000020000000132fe46ac14554ce101f86dd8dfd959633d1b80e589547a45d20208e2ac410bb20000000f715702290c7ef38cd7dc13cd1ad13c42ea40c2aaa4609e5324778978ceffd2740000000030062fda9c46df605258f03841d2120d44df7949bb1ea094b594c34e640ecd85635a0dfb75eff73ff33b6224e560cf14e6e11d8c689527fd68d111ccec1f702 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8E73BE01-1688-11EF-995F-5A791E92BC44} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 4041366395aada01 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 628 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 628 iexplore.exe 628 iexplore.exe 2128 IEXPLORE.EXE 2128 IEXPLORE.EXE 2128 IEXPLORE.EXE 2128 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 628 wrote to memory of 2128 628 iexplore.exe 28 PID 628 wrote to memory of 2128 628 iexplore.exe 28 PID 628 wrote to memory of 2128 628 iexplore.exe 28 PID 628 wrote to memory of 2128 628 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\5e462c13b7141c1807f25332b8fa356c_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:628 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:628 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2128
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5924e5816d9e7f274114ae65d530d5e74
SHA17cf4a9972b01e7d5cde90d80fcfc80edad22f5e0
SHA256911dedbd63c1f267940f3ae999f4fe2aba7e40c5d74722a1b6bf5330c60f1adb
SHA5126088fb5e13623565f1aa0107e624712cb7d2c5db0e7701e2ebfde69e2036e561de16a5e80ebfcc1c1d89bfcb013444979dc35352e7cda8ce0a756b2fd2086e67
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56b960b0e884f5676dc291acf893ad6ca
SHA1bb6a9ad01f0cd1e5fb657646bce31dfbff809051
SHA256b7eddae5b6dc04674c06a35b95145d4b2b7cc2fedcbeb4a5437892940752152c
SHA512d0765dd6c287c6652eb995dff36942e1b061f914f69dc27cf09c20a4f046d020d3475f917cb04af09f075acf90a39f12c03b073848f7e0af767cfe5e1fb88f72
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51a5b91a0d035b88c36ccc80afecf81d0
SHA1d265bf19333ade552e599e7c94534f6dcbf27e73
SHA256408a2e1fc804d604b74a04f0a6caacaeede4832182358b8c3781718b61b18850
SHA512d9cc51d90b943f7049680438d2d639d6f329778f40025d4fb97575d26010b98817bdb31291530997db069816fbaf937aa08a7c4817680890dc1d2bf181166a5d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e50b2cb53a02b4d1d784808d220c53a7
SHA17790afcfea6d2287f58e7c3ff80a2da6e4f013c5
SHA2568e9fe7409415e4363d52f564ac9ea7a74c1ade5f8f4c91e0e08134d024a4179d
SHA512042f24ecea906016b724ba6bdd041ddbdd0c9ac9bdf9526e1e25672825df8f05e460dce9d1a894dfe03cf3a3180d204cbe20a102728bafee09155db593cd1170
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5fb22320692304dc295319cdda985642f
SHA19e68d98729330b84d0e223bdcc62a832f486d2ea
SHA256948beddfb85fd8043b10be0418f2aafbcb08617cefe9c4812621b3aba7496bcb
SHA512228913b0a600e65532513279a661d652dbfdd889156f47df9c563af4fca7b5b8fce94d5bdef612ce0117f49067f018da224c8893fc2814157a26b0107d70ce67
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5861485eecc2e3c0836be963a47d143d0
SHA16f07816ed80cec5ec71101d1b51f4376587a0371
SHA256cde96f65dd22a46de782a45689cc7772d5fb1148796a11cef423c06dec990c19
SHA512407ab882c4443ff22f41f0428f4e71994a6013073a85137f4851922b7ec17a9673929884c691edb121d258816be0c54516da93519e2780f3040cf6ba1ee30d79
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5eef3f9c0c0d9690d7c5e98ff1736fc34
SHA1477ff8be5452f41ef969ecece48a1e470e17991e
SHA256040129cd342da0cefe9ed6562d7dcd1a4dab561f551576c4fc72ff1327196706
SHA5121ee1b1f6cec4405918717b019449ecb1a669f7abfe60d0d9730779cec0e4947a26bece5a090a0e3c2d5019b504aaa42389792f0041fb67077e1b654eabdbebc2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a2deea2eae9094ee014ca7df3006b542
SHA1f46130cd87ade4081bc6da2944903104fe883b15
SHA2566485083513ff8773ccdbff0be04833685b3501cf6d78f7220885e060e0d0e4ce
SHA51226b1107a124d1cf13df40b47f8426b969d526a7acd7c22e484fcd430909a451ea2788c49c07b312ef7b196cb75963e56b14ac2fa661c432828908067d52ce21b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5fef56264b96fc9f3eb7ca38945d0353b
SHA1905f1398cbd859ded2e1c3b8170c34cad49fcb91
SHA256f775a9a7ed7966181dd98b2454365e8d7c7251a702bd824c7e0ccab5130613af
SHA51265fdecf3b2aacdc18ff1d47cd4536fe21eb0d0312d35e6e02964a5b4d57164a2971057c2a08f11bb54c84f44e307911435e793c092091125ac4aac6fa50c00ad
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5936d8e3d786c8998447ad49d7c947041
SHA1ba1096b94951b750a98ebe735d7ee5da1ad56fb5
SHA256daad34bf35dbc98cba2d7813aff5492623e6b8e790bc605bb03a08f9ae51e281
SHA51294d1f860b97f91e9233b833e64d0e0bd8fd5ac91f7089fa6fa28ea8591263c2e3f57ef6bf871af8f8287dffcc62e7ec8f51855fe1095769544cb4613ba067a79
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a