Analysis
-
max time kernel
118s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
22-05-2024 01:08
Static task
static1
Behavioral task
behavioral1
Sample
657704a62beb038bbda0c69899eae4ca_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
657704a62beb038bbda0c69899eae4ca_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
657704a62beb038bbda0c69899eae4ca_JaffaCakes118.html
-
Size
6KB
-
MD5
657704a62beb038bbda0c69899eae4ca
-
SHA1
d0b5c2b3f6960dc441c872f1778b584c632f0721
-
SHA256
e423e11d729008588107d069f9c8068cd34ddf0c58fb5b4fc767b42c481012d1
-
SHA512
ef32c0ea698d9524d0ddac1f36622c9c5c4cb9a4cba4981f35579838c3d73059cda1df900f9fe63d2281d94a8de4c0ebfd9d0a3824af9ad4a9d8142356af1be8
-
SSDEEP
192:A4haRlaAB8Yq1SLLCb4YHX4Ea64x0yphD9prnNf:A4hQl1Xq1MMO64WyphxprNf
Malware Config
Signatures
-
Processes:
iexplore.exeIEXPLORE.EXEdescription ioc process Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e01ca6a9e4abda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D51BDFE1-17D7-11EF-87B3-6E1D43634CD3} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e0f5b84eb8013f47ac3735a687585502000000000200000000001066000000010000200000005f191d14d675c4d4e6079df3b83c05e2ff86f648e115474347e14babe451f38d000000000e80000000020000200000005d2bcfdaa2ba83434f6c46f0fbd74daa46f4935e4684b2c5c50e695040fa5e2520000000c7d2c5efe3c4c9560ac6e9b7d760d202cbe9cbcb10b5fe41fc5811b0c20d435740000000a451070ea3a16db80765baeb52581a747ff7d4b66ed61cc080f29e0f36999a455fc30500e115466b45af300d5941c2be0be91b6fb449b6631a21e9705f9d3736 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Cache = e804000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e0f5b84eb8013f47ac3735a68758550200000000020000000000106600000001000020000000af40019615c68082b42deadfe90e2cb482131d0ff43cc5609f13aa2fc739e969000000000e800000000200002000000066361ec002a0637acaf48cc0837fbbba762280c43c4d9bed73ac04d68188d3d5900000008c04e678b0e830f34e852d9938f8715b37c273e3746386d6ad8f4338f77ace4aa12709791a3ea2fca67285695fb0219ae6a2a8408c00f86f6a2152aeb16c0337374354f4b2843eefdcf8e8aebb52fb296508812ce11aa921d84e320bee44157811bb2fc0ce746eba37ae4c9f30d5c720a85df0cf4a7d1a1cebaabf93be2c2de5d96acfc416be5d60ac894a8bd09c8d4d40000000396a5ba5e78ffbe51aaf3e0f5e9d6856941b13c6cf88956784c3390db0b298511865853124ee2bb32220a304659867e0827a196f43803a3ac328fc2f05b5a9fe iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
iexplore.exepid process 2216 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
iexplore.exeIEXPLORE.EXEpid process 2216 iexplore.exe 2216 iexplore.exe 3020 IEXPLORE.EXE 3020 IEXPLORE.EXE 3020 IEXPLORE.EXE 3020 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
iexplore.exedescription pid process target process PID 2216 wrote to memory of 3020 2216 iexplore.exe IEXPLORE.EXE PID 2216 wrote to memory of 3020 2216 iexplore.exe IEXPLORE.EXE PID 2216 wrote to memory of 3020 2216 iexplore.exe IEXPLORE.EXE PID 2216 wrote to memory of 3020 2216 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\657704a62beb038bbda0c69899eae4ca_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2216 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2216 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3020
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD537ab51b88f763762777aa909a7d3b805
SHA18df2a3c9c64e2c8db1298e572409be50e2104b05
SHA256ae7a3adbff9d4c45a56d950a038ad72f1ee570d6d9db79618e5e9778f7cee599
SHA51207290dfaf7aa3630b6d0c4bab524a2cf9cf5e0b84f0a94198d9f348f59aab5b98d5c7605fd712fe81e04353eb6c7d2b09ef53fdd3cd222df5ea52982118aa84e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5622b493b7938722fbb079045df61bb3d
SHA15ad32fa279ecec08390a57c7ee64a483aa545d16
SHA2563fd9396edd30d640de943eae777b478fc89bd5ce517b40d01f0897395f889dc0
SHA51252139e4bee8bd9d1b7a00961be0b115e5abe0240dd8a1fb8c64d44db6979f3e650f88ed6f34fc40c7596b3587e03d16eb808b1addde3ed2db31c7ae5cc4c5ddb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53eb1ada57d79da8813087aed8a7dae62
SHA14e53a107067297e8f29f48616a21fc82b5c4eab8
SHA256fc48f251c0820299067adbc78564cef4a3e27cdfbd3bd2924f772f201095eabb
SHA5122c4d0d4eb0df9eeba48fe6243da2cef78b83ad33adca893fa250a483a6b1f9dce23c1b8b9e75f0449fe5c3123218850abaedaaaa50954fb2757619a9fea9438b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5db498db180c34d56616d52236682df08
SHA161c5034eaff3dbfa2162f681fba0a3380aa647a7
SHA25602e7bb3d8340fc89963cf48de9d9da12061ca7a8cf8e340ffa341b76baf10a17
SHA512f679b698c2b47ea4ee7561be95dd47c3d346ef17c1cccbc6103b5124baa4d09ec72eb03b8e179ad61c9f150d80c40836c29c11ab7beb4c6f01667c2dd557a813
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b365d87953df01c40bacb6b2753898db
SHA115d7baf7c3717091e8e06d3953e226db429aad6d
SHA256d30ccc9ca9a760f7b57b4273a4a7009c2b41c76c9ed7937317bde0e6aa595d6e
SHA512eaa797914e39e9b3f275d9b72be7d99dc4e4b1564df12b97c5ebf0f62d293428f8f5f938bbb4d0d3fe902574904ee674ceabcbdebfb7df660c14ca200de93d43
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f886d90b23a4c8ad6434f5d241bbf218
SHA10ef5e535a97edf20fc667a69eb326f6485ecb130
SHA2568fd783a44536c4ef629f8ba812688d9c79d2c9c5749e3f5cb476ffe204e04d98
SHA5128e2ddfc4f68da6b2521d0bf9a10e8ebbd94e35a17df114c31afd0ee90d2fe9dd37e0ac67dbbd073cfe4504807f0aaf6224fc9e31dfeda579ff43441f68af32a4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51542e59e195f879cb6ebfacee9703856
SHA17faf7f24440b478e5cd45545d9667cc3fb13ba6f
SHA2562d8b88ffcbb713779d5baeb216f0595e09b6384403becb872ce80aa94b90a7e7
SHA5122a4fc227e600af039d99c32a37e4818c00d9871d318b01955e689e18d55d21a554ea4ff927b4c48a04abbf586ce8941f4b3f3e3905dcec190dc2675f30e48ce8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5869cd1fa51d6c10e65040846c23a6703
SHA145c602e363afda8ef0364735fb8b97493866a568
SHA256c40759f8a0faa7c854333fb9a7fe39fe827e341eb884b6b3ea60be367c31984c
SHA5127c2667e5102c549d2a4d2544d5b5ef74301284724a942c03c818dec1cf4ba7466bcf1a4933265c98e403190fea90c4041cb9f2d3fd3131e56734cba3bf1e5d33
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56d59e2c8d91a04354ed0b3632b30601c
SHA17f48a1a6b3fe09a0e0f1c54ce8152cc9ff6a3660
SHA256fb0d476197090c7cc7f14c7fb3d8ab171a2ea6926427fc2bcb2c53ca366bcb82
SHA512646fd1f57e58eb9383ef3367e46feef5f55d0381c19a827d98525fc76f515d76c69bf207024250ebcf7718280156272259ace02662182010ab8bdc73551a432e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD536ff9490ff5d21f242d19dbab3f28b12
SHA1e5612021fc94dd030ae5b12ae18fd0cf20a7fbc2
SHA2560fcaefeaf812d56179ed2f1013088ba77040f451f2f344871d2a0175cc69b378
SHA5123237fdd4c66d7baa020ce133e9daab04cedf36c846ea0a798fc90318623ea550ab68222689bf90675dbd5622dc476b8f655d6acddf80b57af6277fa1fcfae753
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD5934f5965fde7b520878ec3d454068069
SHA1f20189a2c114873ee8fd605ff68d8648591419b7
SHA256f4b4ec55c0d8ff02f0eaa14fa56f889bdad9a63062acaa80243f6e1aaff163a9
SHA5120103fdb2ffb9545ddcf2dabb707bb044e99a3124518ea737bd968cc2591ef85ec3a5e8d3d041b9bfe64f5162f0f2a3b9740c1e25ecee72872a671da6121acccf
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a