Analysis
-
max time kernel
138s -
max time network
139s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
20-05-2024 16:51
Static task
static1
Behavioral task
behavioral1
Sample
602ac4b4fef7185f7e81c276332573a3_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
602ac4b4fef7185f7e81c276332573a3_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
602ac4b4fef7185f7e81c276332573a3_JaffaCakes118.html
-
Size
25KB
-
MD5
602ac4b4fef7185f7e81c276332573a3
-
SHA1
a908c8dd6d844e86c78328669d2d33e86d69c3d4
-
SHA256
0d3a469ad14cab1498e958a1a602fe8568fb835305042a46effc6689854fef34
-
SHA512
cc3e47b3e059de7dd98d972b7cdf974403650d7d1d1b98669e6ed4a7f2e6cee5b698e0c9a40b41429789bd7953e4ac90d83a4b4ae58db8e7698ba76d1aad053e
-
SSDEEP
384:e+gO7w/THylYauIJdBMMI7witKP7ApeEahRKAx5A:e+grjyliIJdCMI7NtKP7ceJvC
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a230000000002000000000010660000000100002000000027c9217922d713a55337bdbad263e6db861106290067aaa9cd3bc3c4b50a256a000000000e80000000020000200000002d3e3185ea223d1652f1803d07ab7c42d6b30f522e85406cf052c0b4b660cde6200000001ed121661f0f2ae340430cc2e3164a1e766a2d0fd7504e1952c877f27fb42b4e400000004c65f7696a8a377a803d9396dcac033639ab586077acdd6080e95e9e3c5526bd0818a8c19899d6b4d111da6b616f3ea20c913521996ed515008426be6fc0c94e iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422385768" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3B734B81-16C9-11EF-B0DE-E64BF8A7A69F} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a230000000002000000000010660000000100002000000077688a253740321dbb621f4e98d23721cfa6237706e819d41286a3b8034128d7000000000e8000000002000020000000250c530d3d6aadff8dcde4a278f31d20be8f46a4e73fe26894414cc28bea2d9a900000001db50f6a72192ef2735b5fc60ad8cbd31dd4996d59f3a1ce57f39a0131b917af7a213af59b7e6998ae6c28e5133d3c17da929ab2333a6d1ea28ba9393cf671a44a58354aea41b5cc1196290ddae88676a037d2ab4f8024a22da4e1c89e2399ff7fa953fef9509f5fbd768543cc3b2a60034d8a7d41d3d56edfc0c15fdb0fc982ff7860516ec669ef0595a5c383e5f4c8400000002fa6983f4e66345ef6071a18c700ffc27874c5500806c86d05aa4616b4718a796871411254a68b22c435a3eec8010b958df9023327706efb984495136a474239 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e07bb810d6aada01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1928 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1928 iexplore.exe 1928 iexplore.exe 2120 IEXPLORE.EXE 2120 IEXPLORE.EXE 2120 IEXPLORE.EXE 2120 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1928 wrote to memory of 2120 1928 iexplore.exe 28 PID 1928 wrote to memory of 2120 1928 iexplore.exe 28 PID 1928 wrote to memory of 2120 1928 iexplore.exe 28 PID 1928 wrote to memory of 2120 1928 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\602ac4b4fef7185f7e81c276332573a3_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1928 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1928 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2120
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5dda65a3ab5c15e8f90bd1d6e9f8e72d9
SHA114e5786c0c8f13ba6d052e938cb99bc7ec877816
SHA25693deea539147607274675db03355ddc84d4b565033035fb1f9206434e852c25c
SHA512e5a3e49e73ee0419ae5066fa75a51e770284e2b6c145fe9f80095d54b36aa32f91b54d840585ddcd371239892458877bd72511fa2cd06430d0c87f3e21fc3d61
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD593d0b2004ea71736ecd26daebe8074d2
SHA1ddf63908b6232f75d72d3ac01c6a60137c1443f0
SHA256df85f484bffff437c1a5ad3b7dded624cac2c943f1e74313c41a769f244ef9a4
SHA512d8a5617601646f44ea9b3852ce01915494c9d3272dfab86d8c13e9f82ca87f0791f0f80f6ec291bbf56cf6229cb286ad816ae9502bd70009951612426685899c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59b1e9615de88815a426c99f9b31af1d2
SHA1312f7f973e53fb80985691d805147c318c3aa5b7
SHA2562614226825a01d042d08d2317c3a11ec9b5221943f004e0357b36c778e3b859c
SHA512f7c1a808cc9287bbc517f12a5dbc86ec500a9a8d17d6614265d86178c62d128f5e4e90ab5e2fb4e7177bd071f96a2be0dc37c52afb95dc41f1b2c546e9cf5d61
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c2fe945f269a361d01b3716d04a113b8
SHA1e88d33e42700827d0f7f85684802e916f64aaaa8
SHA25604985624489d58c5608e20a9854852b0a85e718a0610675992b78aa9c0f1e26d
SHA5121b45435b9773aabc47b2e2c060fe68e7aa52e070fa70038f7cd49c404d5f648aecec248e392a5e6dd67ef374fe55f475a658c62f91ba0f5bdf889618c23f3301
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51d311ec5afbfb5a7fed7cb4398cbf1e7
SHA136ed5ad5dea23056f1a331d5c04635eec7765971
SHA25661384d469180438f4f32239e84734650f7f7fe197c6e952acfacc208ced45f68
SHA512d07f507b0b59f405a7e5c61b1c29cb9b18a3f400df933536ab6a350694311979c22ed54904b1bab89d721e47e5ce546e2f65bec9c05b23346057e7fb1f271b43
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51ed2fa3fd8a62dc7a850beb6346743a7
SHA14c79e6d30aa5bcef2bad7436281c684b073826a9
SHA2565ea5b691afd1707735e001b4cad2b1675da944d4032f3a7f852ea1c75e5ee66e
SHA5127638cf76349244f62606d81838f8fe1b51228ae8eeb649af042896e0b141fb2b0b631823d586ee3cfb0367719b39f5c5bbf95c32fce4aaf7cfd0e3cf6e201ed9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52d8c82aa3eededc20d445d905deee210
SHA1c72e5e889f937b6b7007d8eacc99dfc23109db84
SHA25638098d22d0664fd60dd42035ec594fc1103722cc4917baba9ea419b9109cf560
SHA51276a07463eabdd947bbdeed99574e95d042bddcb865bd1a5ce65f90fe52ec972e42282a3c8772c16b1a27fd8f0c51ac3a54aac4800ddd0da193efaefdb55193ba
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD551b908e43dc1a1954a8c420753a27bba
SHA184d9c766ec75f89dc2f8bce4dea90b8c9b2fe0d0
SHA256fd911b531648146f6a115930a2b50d5e512c0b31fccb65e46fdc65269e726efc
SHA5121f08a3dfff3bab300bb0388f58cdd3b2e5a15e0faa36f8428b196f51449393de1d7dffd6af5cc91ce7f9916ed676cf440945fa57ccffeec3e5ca36c9a3071cc6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50df351468f9e4cd483b87b867418d5b3
SHA1ff4abc90fbe703ec1a119903678db1b674a5d7cc
SHA25610f2f463e12f9d6f7f97921e4f9d1b281c117b7422ad0ac363769f1b6b1b661b
SHA51217a2ed2ce592c344e9510156077e5e4cdd41b1c04522714103d53cd4a10e89f2e0d3d7271ce9f3518b0b94157f37c2a78abedc6dac7372635768207db545c3b7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD585d4c246de2b6d494cce7e6d52943926
SHA118ffbbc9c8e7313d0983ade94a3804885c078005
SHA2560b0c5db389bf0b6b95ef674a58f663f64c82625d6ca54f809f3bbcd47027b960
SHA5127b59bdd0709b3645630761f5ef255567a03404fe7b8fe70821e6a1e807e73497a9ba6ed215ed2121a81278a436442ed6bce02403be6b264254147303a041bc97
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58c484349161a522ff2762da61e1a7209
SHA197f2a1b620e6bde876c8289187e4f443e6969cbb
SHA256b02144dff36f3228bab2587feb070a275632239fdbc0ff940d5373633c5a6486
SHA5124bafe038358ba49c47cd7711714157e42dde60122dd115786329aef0fe00cfd9321d59cee6d9829247c2e419ba216998ff2f6760837416c15760dbf74104b9f1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57d47241e0d149ef74de40a486e7879a6
SHA157544e74ccbd4c0c804d7ae424eac10d6c03fd63
SHA256d4651b8ca8d5800db1f66c12ebcb4d1f1eff779c741d21787b24bc7730a1d236
SHA5128c6c23ccc22ad36c78de9bf5cb6343d412a583f9a1c91ed3eb587946b58b5dca5c47fbc0c7b5b46fec305db6cdba1fb18b4427af11f1fc587a1e164e3042818c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54891122a1e1631ca9131feef71d57429
SHA1a7494b0c8df9ebca39b26b32b304a50cd5cc2e5d
SHA25626b08ec8af40e09cc12c624be5e46b5afa0846594a462f179f88476b542f4947
SHA5125adabcdfbc4baacb74954e24fb6f33fd6d9aa152424c34efb07533aa3252a8dbfc34cf72ceebcd418d075f2a8c1e2b205106152050b758bb8a86d5606a8e5a0c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5bbc11b7b4e66e0ffc278ed6d5dcd1f54
SHA1c75044188026f9de78ac474c7676ab3f9bd80dec
SHA256ddc4656743cf7c155732f8280c6c486e91bf621d8823f32682d6459df24b8dda
SHA51255acb42f7c246194a50264c6893c6ea9c5f3a6040f9c8b38454c8c7e757fe905a41e5c5a5750b12dc9b1e74ce127fa0160a1a509479bb8f148ce9b099e74d464
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c7474b311268796924328983e589c6f1
SHA19452d9e14a2510c943a01c893d6e9eab6dcc35bf
SHA25632c141376608b5940e49470ef8651a9d4994ffc602c4bb227dc42553f87a6a33
SHA512d7ab7a47053efd2f1b15ff6a23bc46e3ebed540b82a0909b0f1886d96e23c4c201cde5f34467a1fbe00d181abab4185c616d5164c8ebd2c30cda9b4f6dd9b76e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55bef01984c449edb832138811871cacc
SHA164bf40493f066b6cc7540d30be76e7b1e5cc5163
SHA256d057dca9745c851aeab9fd5cc9ca21d658899b766b1706546ac773ba99102b6a
SHA5129d22305568304bcce688ca80953b14ff70f9e27cedcbcac9bd16fe8e2fdc343281adf1ed2ded3e473c57818ed0db66cf6a0d66e54c87d41f1b719d162f43c954
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a1b738c32c65e023ac280f7a705b3b9a
SHA18ae3d2f3845f6ab3b1be301a7e3dd7a3411d5822
SHA2569991e97833c9bb8a18579eda71cf138ade96a883a61ca9266907a848837481ca
SHA5121b24bf91aa5b708f813a743ba04ed66aff4bb4986410e5168a0e08af13bab98ddd7509bd50438364f932127a6b5d07825e254b469692e65c7506429dee4e0ac1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5dac30434cbe9bd87f2c041a460056aae
SHA141aaf499b8d68ff3665fc0b7309d19b95bc73d6a
SHA25672cf9360df35463c422270e91d770a11bd40d0671a706eab9a836a0ab9ceecdb
SHA512c8e96c1ec93201ffbfb790c8a2d0958053f8709900496e59025da56c9fac2956b612d547a587a1649523cadd25b584e6bdfe50769c6e0315101be2c506a9547b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50f19537e00173c12c8566c44ac2269b8
SHA1f2552c6c99bd8247cf779dd11d3b30da11eb4b0c
SHA256165a205a09c07b7a80dd7b755c61aea71797e6532754a9ba206047a14beaaf55
SHA5127906f8701a23d25beceb244a8b83496e4ed2e42dcbd697171b045202bbeda6987a39ceaed2fd6e943ba2926ed9eed22a78657821a13e104aecdd4cf6de430711
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a