Analysis
-
max time kernel
120s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
22/05/2024, 22:41
Static task
static1
Behavioral task
behavioral1
Sample
68e08ae80c620e857e70f3f7569b5881_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
68e08ae80c620e857e70f3f7569b5881_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
68e08ae80c620e857e70f3f7569b5881_JaffaCakes118.html
-
Size
350KB
-
MD5
68e08ae80c620e857e70f3f7569b5881
-
SHA1
9e5316c27ae6f61638d02528ff17b937598d65e4
-
SHA256
3af4ed6fef450294c68d19868da19acc8ec44dfc3e2895101f297e495abf385b
-
SHA512
1dd3801a9c333fa802c0afd256735913968c8b850b7a039f16bcf2a1d9e9006409f2f9357a6c775ce873d26b8a62bcfd582723f1952dc9d23475929101373b96
-
SSDEEP
6144:SvsMYod+X3oI+YK5sMYod+X3oI+YAsMYod+X3oI+YQ:W5d+X345d+X3Y5d+X3+
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000774e0a442027d24a899d4d551875db4b00000000020000000000106600000001000020000000783dbdb2b67ad82c4df0adeabf34307c24f0979b541f9bf0a4fd56c1e5a46dd2000000000e800000000200002000000018dbc08d6f7bff8fcec957581ec7a05154a17d9ca47fb166e38eac497a232cec90000000d062b3f05d0bc30a0d32c781bae13dcea17171009be2fbbad146bc08c0e377b393eb1ac31913c3fb62657a92ec390d2136f53a78f5e21746d8c2ddae48e04b1d042f11614cfc04fe7d0d8ff87c32b5a65de34382c92c354546b90174d3da3834bddbfad509c4d0ccc3a4cc9a114a04bb313f3a880ef9533da2c7251074f800a818dba340400f8155031804d3653620f540000000adca2bc14bbee6366555e3b93916991c96df9867bad4f3927959959324cd319b459785c1b363a625f9ac74f055dabcc93f29429e34d8a918ec8899b670597f00 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0d1774e99acda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422579538" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000774e0a442027d24a899d4d551875db4b0000000002000000000010660000000100002000000063d567f90b20d4563dfdd016fa802e9d3967eafeb23b44389cb84d2d240a864f000000000e8000000002000020000000294242128a03cac63ce8c0fd216190d7092a9efc44d135da4646515c3f5e9f65200000003f272872d25b0b4ccd02e05a3ee1ec85c95bf39d55a7d685c28ce87dcee4a1d24000000047194dba08024372558eb79f7f806c434b0a2e97a6675b047af81e35dca398a7cc52a9dd6c7e00debc1f2de13d19cd2de28918ba10344aeaedbe73757afacad5 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{62CD3371-188C-11EF-A6AA-4E798A8644E3} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1804 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1804 iexplore.exe 1804 iexplore.exe 1828 IEXPLORE.EXE 1828 IEXPLORE.EXE 1828 IEXPLORE.EXE 1828 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1804 wrote to memory of 1828 1804 iexplore.exe 28 PID 1804 wrote to memory of 1828 1804 iexplore.exe 28 PID 1804 wrote to memory of 1828 1804 iexplore.exe 28 PID 1804 wrote to memory of 1828 1804 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\68e08ae80c620e857e70f3f7569b5881_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1804 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1804 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1828
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5edd3042eed7e1e59725f425de1d71b49
SHA178f641bb439466dd5b188563dbd9fe4e17b5e7be
SHA2561c9581b17a46ff77cbaae1f50472bbea48845ea23b60c50b1306553cee56be45
SHA51286589eb72bff5f244fc54307a1e21030de95a46785a59e14c0eb64fa62df44bc1d4e782e883bf17f594631c7da6ab04a1e281909f4fc172849c554b41b7a8f91
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50e7ca38fcd1eb21542687d91a90ff750
SHA123928e00a62cbf28d2d66a00c7d76d1d6d7b8e9e
SHA25662b5ac729c64e618fff6d932b2b2ebd299e8852c6d87821c69ef9840889efc5f
SHA5128741ff6c3bec85b4c2c0f933089a06a4bc34a8c5c374ac929f36a1640a148962f21f7ba89b7ac5846694718bb4fc16380aff42e0ce6aaa652e084ffcfd5b34a4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50c1d780b77409120846efadeda6eefce
SHA11697a19b345d8be8345411a7988c7b1f7358e5d5
SHA256ce647b376c00a2b317d8d451a68d8ededa9666ccee04165c06d2726cb1ec1e40
SHA512156e9a1fef3b022accf3369b4624df5d0e69ad985464f53b85c9cea5373233de1d8a868d8b6afcdcbdebe6913296ef00ee3c4d298394fdff80b18ad281f9495e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58a0880f6ddb6ae737197316cb9f8fcf5
SHA1bda6342a556fa15ce35c70f1352ce766bd1c7a3b
SHA25661f564ef2c00f2ef4974285556947e412094e56df870ea99a62df82e2c09467e
SHA51259206d873b82bf60e9952cbedeeb8386e11ee160d7b279d90b531411cb7976a1d379f84bfd56a82a565ceecbd0972f0ccaec7f2be15e39e8947a6249168dca30
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53ada8fbb61cab93442bb9e8732f83c62
SHA127138b101a246142c6b913f873875b4772801a30
SHA25687a3d3c7e0e804c7552e31abd5b5a8fdb5c6e078b14f4ffc547ec72a2c5c7a07
SHA5129a1a91b1cb7436050ddc316d9ad25769f0979e17ef95594547a5228d96191cb34f2bf651cfba0aff6173bdfd54189ef625035be5feab9232c2667057c18acccc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59293824262e0294f3002c1816262c9d2
SHA180c9f8616dde2a2ce6bab35691b89ffe4c54db0d
SHA2569d08486d710585ef0745735a2aef044bb539f5813a2e69d0328fc8e35fcc69bd
SHA512ef5ca6ef590eac8111ca0a8f984267c971f4b64d8d9df7fc8c27770bbf17e15978fea22f96c795d099b124747eba67a7313abef001f107509d3f57bebb2af395
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a9ec4ac9f213ece71135ecb665fcfc11
SHA1fb51fd5feba743eff039babc9c5db1a9dbabdb92
SHA2567b0db79aee13237caebfc68f2d6be338c3babfa11ea2d1abbd3771173240b718
SHA5120a122e633e9092a68026ec135ed45c280afb415898efbc3dfcf803d5b194aad19f9e19cb8f40bf51bea5dd1bec07e87169a836f293511c1dcd1c4ab0da0cfb08
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52a9bda3e882a7857016b24b59ae4f101
SHA1b7d27df14296c73dba70f57b2c82499867f7e708
SHA2564887da16a4a2de58aa4d8bade65e4b8efe173f190b7e6d8a39dcbf39b8df669d
SHA512c586fa4000230b3affa8416d4d6b8a1bdffb9c01c3163ae25e4332b1ab3e9a242e70152e1495f2eb5d17a36cece7e36fee3565e9880c261c7a2a81903d5c8499
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ab9deb9f688b2d05d6da3deebd61dd93
SHA1ca52780d76bf859297e0bcae4f5858d3df62d654
SHA2561ebe5c36ec31e60fc7eb854da05bf37afbfedc03720aaaddb43f80a792d6ce62
SHA512c4c14362effcf51be14eb3a37113b4718704157c37674fbe2adb9bf6a054cca26b54814ec99ef4427c9277351518eb16edde44a28b69ffde79ce1cd3614717fa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54c2a6c5cdde9902f8d16a65f026434c8
SHA10554c01681549a0fc0104e83a64569805cdeff80
SHA25605b8557687d18de072be86fd1a016f4b01e4ad6dde792cbc3270e1541bc99fd9
SHA512f49b65fbbced016677d978d339d9a1bb1adfe94b6040f6bf34a732e979cee4f118f29daa76dd998ed964576ca6b0d94e579ee29cf5c92064edba2e73f7e4ea2d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ac377e244fc92d73b47ba2b5bbcaa8a2
SHA1f00c3677e13172e55cb9118d5f0a3d8078d2bacc
SHA256bf80dbabcd2946c5cc780edd8d90871f68d60088f83fea3fc294cc931ae9d7c9
SHA512ccd16b63aeef9b36e88aa791276e77a38b62e5bc09b7250a313b257761381166de517aad423aa1243c361711fea6c90be225d0182c80718601c43c8f30bf423c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ec06e65f03eb416381a2b81d41df57dd
SHA1c477857e4dc313dff222db5f2e35dabf84d88469
SHA25693a11ff584bbfa4a787daa67f61de95f9ef5b99c979ad9f83595d1c0c24a8603
SHA512ca1b12be3d14f39a6b6f6b3986ef805e3c012eb48e80b5da231d5836e5e04fae12b9b82c977e5a7dc3ab3db669174e249ad7f0a6f9014960747d54b18d5af9d1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53d699902a2f39198fe987645ec2f136f
SHA1bc7fe12f0da3bb1f5e4124bb452ef25a750fc36b
SHA256dcb38c7ab202fbade10b03dd8713e26b9514455e669d7a661a6963cf310a33b9
SHA512c7b8ac427fbb5f0be88650da5ea00e3dbc4c9f0257688f73e36aa91806bf7c85c47b6902c3e690623fa85bd83446d9e7c2164e00bd87d73cb7b32e790c2ddee3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD501ccc088dd39b55b325c859b3239e883
SHA12b00c0a74303c92a0b6e5c21303986a224744f00
SHA25635c5fe5d1b7430ef0f5fff1f675f3685aada419c136743b9b768ad00dc91e48f
SHA5126953b5a66967b3c728e7eba092e277780e877ded157cd44698053c691491c566a8ff3a5f1d94898259e2acdaff27e783e4899d3fafa7f7a33d715440aefd6b57
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d543cc94eb5abd3e8d2dfb925ad2fb96
SHA10f1841e8631cdc23703fce530c84b73ed7b14651
SHA256984186c763f6a69f7674e9005c8422af7a42c8f6a099a81a2f202eb5402937b5
SHA51258ffcc74004ff7e5d0fe98d5ba9e636298f50397891fb55f80b7740d36b64b080c458746a137edf23bc494244391acfabeb07809b76b7e4c2d0e1486110d799c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5958490aaf275ff533173184c17f5b1a9
SHA117cb1bdc445aabf1f824537e73dce079e6b8a383
SHA2562355e62d83f9bb17244ffff4c9ccecc458e0af35b5437e5f75170352b07484c2
SHA512ff960c195f3342b6aa7eab7845c9ad190f9c91b203ff0fc930d1e687c24bf2a2adaafd18e022cb7d31fd8a86bc11eecdff2b74b31f6ce68bf61889ba82819079
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD593b69a6e9d4d001ececc9305d37482c2
SHA1c17252f6175b2992c1b5681189690d0dd4fbd7f7
SHA2565d0d39c62e6680f812f185aceddb2ec05a618b66dedc6cfa7b1327878faf6407
SHA512240bbfe7e07241a23edfdd1ee38f2995561ff8e6c5e6f971f8e39b0a83345f9e6a71861a0c6f3240de651667d687febeb6b265e63161d7eefd3c098cd994c6c8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD582f523ee8bf5160ebc5b1c0a0b4b47f2
SHA1aa7d0025918148e918cb106860bd1910a77b7128
SHA256513656bd49701fa4c685adf48a55dd32a793309b4f8adb2e42bd3adf0da6aad6
SHA5121130a2556a01eba7a277a7f7d6dd391198486e072928587dcf38f856f629fa0f58a50006dcd10d11c766b1d89c8cde40418ba19111b6a3e5ece54333844d7b8c
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a