Analysis
-
max time kernel
134s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
20-05-2024 13:00
Static task
static1
Behavioral task
behavioral1
Sample
5f35957ebe9742ef4a9be8eeb273eeae_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
5f35957ebe9742ef4a9be8eeb273eeae_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
5f35957ebe9742ef4a9be8eeb273eeae_JaffaCakes118.html
-
Size
68KB
-
MD5
5f35957ebe9742ef4a9be8eeb273eeae
-
SHA1
df2a66141ceb818e81bf26a9873082aeb0ca4263
-
SHA256
c25a74260b2d6e86a6ce4b66117634d1c5fdf634416ce796d3747544e17bdbe3
-
SHA512
abf2cb6f03532006d5a8c3f4fafd72b5ff1e6950d51b5cf3242a5125d2ea989965b47742dd2de000407d5b0459cb630dadcc6b76623a72237d2ce2d9ea15776e
-
SSDEEP
768:Ji8gcMiR3sI2PDDnX0g6o2oTm/hmxoTy4ewCZkoTyMdtbBnfBgN8/lboi2hcpQFf:JEYGm/hmGT/0en0tbrga94hcuNnQC
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e861098c19b4244d8627ee4664a9606900000000020000000000106600000001000020000000df36e2035e95c829fadef2853747958d6bfe853737785afffdd82732bf3f01e5000000000e8000000002000020000000be2386c9fc2bc2d618cbefe376670b76858b8ebe93e4d52c05388ea1bbcfc93790000000a0aaedc95c7f19658956115f85d3ad4be63f29d53d1ecbc95c848b9eec806032dfbbe8439d37067271720438b4db52bf500caeac9401eb498b0d909071fe96a78263e884e4011eef1b8d29ae66990ceac8ba177aba6926b2b5cec209676e2a3803eb83beff4bc27c7296c6373edcae81cffa0d51dfa46d4eac6d8ba239793fe70275e38c151346730fad9c8878b4e252400000005291825871d6b29d500b35a75ad94c778b3bb36cded0768bdb94f53ff32da23d6fa07c571d255676cb3fe429c3f034ccb5ad61be0f73e84558dd91176968128d iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422371882" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E61E1271-16A8-11EF-9542-4A4F109F65B0} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40a8d9bab5aada01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e861098c19b4244d8627ee4664a9606900000000020000000000106600000001000020000000603d2eb202d77ca6423d5ac3631e9d6ed59eb7927d009667e7d2d07b0b2a6067000000000e8000000002000020000000d67a8ef0c63f8e08cf52e76f8329cff4822799907c36cdc237abe889075e300f200000004f83e4140bf71402da48b1b40c101809a59cf9250a8bd74aa2f895ddeaa626f8400000002f26e7100095eacee5139343d68311fcb95c13bd1fb93292a2095101bbc4845f586258c033deecf0b993bccc9da965eebaa3ca03e9bfb5f46682649754e52036 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2380 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2380 iexplore.exe 2380 iexplore.exe 2252 IEXPLORE.EXE 2252 IEXPLORE.EXE 2252 IEXPLORE.EXE 2252 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2380 wrote to memory of 2252 2380 iexplore.exe 28 PID 2380 wrote to memory of 2252 2380 iexplore.exe 28 PID 2380 wrote to memory of 2252 2380 iexplore.exe 28 PID 2380 wrote to memory of 2252 2380 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\5f35957ebe9742ef4a9be8eeb273eeae_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2380 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2380 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2252
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59b78f1aa1bc064d1f6906fe990726c52
SHA12099c10d8a797c8c871500df2abc7a3ea7a7d33a
SHA256b166e4686fe7ace446b2e2b5f6b03e3fafa396309f89861aca17966b3d2245c8
SHA51214a61c72c515379bcaa57aa615485786aec4932f62d3ec200a5bbf656417f662c9b7f897b209368918a1ce50ff5a16c362c3ac9b8b2aeafd31347971ff1cf50d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50401ff22aca75b5a2487777fcd09cbfa
SHA188e20f73590740aa87c796d4adf429ab74122ae8
SHA25637cc756192be4d1b0e4ee914d5ef96df8ed684e0adf518acea7a2e607a682970
SHA51220a85abe6c5746bd543298c03e7b6f8adc8932ddcda69ec940b65caafcf535cef460450853f2c5f54eb9946fadf8b8ab5f529aa427a44c8f25aa22309985b523
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD598771100bba6e1d760a3c54ddd2f7e4d
SHA14ef9b238e034bee9fbb0f5f5c58e8809c3effe47
SHA2566d2598205c082342d4ddd235e890813b4b24748ab277c30d5ae00a56626ca5ef
SHA5129742d202653f410f13d3ad7e604547e51b57fb55108dfdd0914b23dfd54739acc988b6354216951c70d56f6a0cafff978708a90f796946e584a98eb2a5095d05
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD520b234587c2121b08ed6663f109b7c9b
SHA133d14421b1d0423f17cf844f1e97392ba24f1421
SHA25663bf2da0bb92af2238566636c1e67b76fe06388014b04aabee8ba4292ee9de8b
SHA5127513cdeb6815e3076caa9f83db99072a10c1a8efd7cc3aeb24cd5f39e0bf84be980a6e4d32d640ea028de93c150f9ce67d182fbf350064bdceeeeb23df3b2336
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD548604359a8c68163501566117ee16d5e
SHA1429577067fc3d7e4cd120ba87c3456420b8cdb58
SHA256f272c8c66c01b902e86a4a87d6fa6ac7b761769452fd58dce9632449694b1e80
SHA512d26d3328d457fff9fc8984213b3904c00bfdd61ced424463f6d4de567fdf0be56f6adce24269a0fb4856fd065d8a4cddbd729944859eede62717c6cba5e9dbe9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56b02523a03a8ab0f514581e79b29621f
SHA12354be0ad8603c6a18828a15d294a7d26034146e
SHA256c0556e43ed3a833548c3350796ed0628e1efba431545eb1f712fea59a2777e29
SHA512806b84c1c27a361acfd55ea64ae35b2dc6a5505807de78cbe0c6ec0b6b8d3c73b2aba44cd9d0ebff4289a1ded4c8efe40d2d49b62214d29a5c21b46352747d85
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59469cea7560edd7b529b1b2f428e3a57
SHA1a790dbc25caba3415cfc0f72c8b7a2c65668c180
SHA256098d3accc8505464980e9f9b73fa40fe50712fd1e5532c46129746ac2ea8bc17
SHA512ca7ddf8b2e6372f499b897c8a76f4ec73c0fa6161c4127c8294a6c0b4d807ce7698c9ff2a9d1720dd0adf3d6fa46883a0b8060adc94bbe42379af02b32f033de
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52cae94ec845fea723573a3de40f30084
SHA198c6837e06873b4165a2460f8d94d10eace36e66
SHA25691d5c55e6d08ede43116096a5f2a033490828c03b8d284f916ce7eb0f3ea9a6a
SHA51284a85263318e60bf3dd281bf5236946b1bc873016c0da539e276ba67212716b089d66a6fc19d40dfc5589287f8891527c1ae25872891caf5e8b33b4cba509aa1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5920680ede677a2c974da4ef5a7bcc1ab
SHA1ef721a418c056ba5b21a4f8767ab49973a0997dd
SHA256dd1d15527fdec2b54fefbac8675f5e71e27ac177509a59d8dfa771c66bb48072
SHA512e7c85c726680617c65a7c0e97b00d04b7c52f89fae5e443a4602815a61d08b36cb2102dc47c262f79359f6495daa1ed91e0c2390f7a108a74c7e1c2b0239bfe5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5166c88cf1d3b0e7017678e0ec5043e26
SHA1054124478ab997db79d4adfe2f3c1fe6ae459767
SHA25674157920cdb8d188d5d770dcaaf7e0387431ac3dc4499ac709d73c2c71140935
SHA512151981de1a587c845251604e346a3b8937fa437e6b54a0434ad6b6ae20f124b751b1383bfedc1f3be4a21ed028d1c56c50f6d36aa8b74e51d3a83e625a0b3e53
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59d7f90f481bca2b47c427dd5fb49a84f
SHA1f7b8205b3651fdf7f35775c4d37755e9e90a6219
SHA2567fac8b7c64dd22cfac2e92c2f9e5c4cfe4716a6857e93cdedb1e04e85db857e1
SHA5122af3768d39f2180c08e774b043f3af47f2c7281edf123ba082b816550e7f6b5836019b6db5bc59529f01d8518a1e92eb50d39f7de2e4902861203a8b15332637
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f1d89f9e4a52aa34df0f52a82a6084b5
SHA1dae7ad3e2b27069fbcc910a032e70643b211cdab
SHA2569fe99f2b0de3cc2207211886d8a2e426ba7d8a2c3d463db43d12d8162c9599db
SHA512418306c32d05a1a67d071179dca57d64ddb1d468e6f22d4ca61591f970d8a85f62bb50375b3d2c5f9442cf8e7cb134b2630c7b62c680ef01155f201a4e76ed35
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5bb4cdd557b057528e99aac8f406dd9c0
SHA1e7d51de5b19adfeea6001d0b512b56dc2d305482
SHA2560a23c146bad7d829806cd98aa394e88fe2eeae836a4ff4f4298b36c403ffaf9d
SHA512a4b95c8c0348419d584d67be7eb6019a36bc1bf1addca4783fa176ae040db47bf029f1d272d06214019d3874b62f11fd724403bbaa2fb75389df259038bcfa0a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD547bc9e6961071956eb719c7e1f28d35b
SHA13d0128eee0c8f582688d0af056f77736a7a0d20d
SHA256b4b16d803947854e3007f885d0e8c3013360464c27c88a62f4075f8fe6774347
SHA51268986062e560de2f616642a871cad647090702cb0e05cc0240ea70bb8aa1d9a05c4da38a26e181838d2fdd98a2f261ac7255b90696f1955e3048ec37c8eb6c49
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53567ef56df143eb327c37f64ee6b368a
SHA1411b8db8136b03d551957e4200b94c13234bfd1b
SHA256c4ef0dd32f520f88c2eca13f83af3676967d328a23be980b0329ad85705b09f0
SHA51292e7b5b646dd9664a6f82c2c30071d17ec31ec341d1726690dd79da4d7976135d183e8b90d13a8f060952744661b83b8c2139d66f63b8cd4833c68f0e8bcbadf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD570302e0de58f69b95b760a8f838b5de9
SHA13d4990e46d6b5c2acd14e9b298024927e9ec0754
SHA25688df578a10ca6b69dcd08afc35bce34bb5f097ba6fe093d714d4ee60a6dc3ae8
SHA512e64d87f80eef36f2009676bd904d9ccaa5c493576c1c5b37d8a6a08304bb14e50978040ae28161c4ad5921e736c292381c0fdd005bf82f967c6a9ae6d66f1476
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a