Analysis
-
max time kernel
144s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
22-05-2024 03:13
Static task
static1
Behavioral task
behavioral1
Sample
65d05a8e3ac315bab652fa712af93fb1_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
65d05a8e3ac315bab652fa712af93fb1_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
65d05a8e3ac315bab652fa712af93fb1_JaffaCakes118.html
-
Size
41KB
-
MD5
65d05a8e3ac315bab652fa712af93fb1
-
SHA1
4010f316623a21d71d0ce1e9ad421bd323e2f973
-
SHA256
06ee97a8ba956ebf9f20e3c68682ea99ad268b148bd610a659049364c95e903d
-
SHA512
2e565b70f463f5b576bc7b3e2c53d9933730e4ed879da9585fa38192e950b2adc9cb7a1f8c95dadabed1f6db3b7298026da6dce5c35fc11f2df092d06bf60e17
-
SSDEEP
768:SO1x/UGuWpu6qxctQCeCvC+CGC9Ex0MUPjGkcDNTx8Tx/jCUNtRXjVEV:SO1x/1uWpu6qxcij+FrWMULLcJT2TnNO
Malware Config
Signatures
-
Processes:
iexplore.exeIEXPLORE.EXEdescription ioc process Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{37D4D2C1-17E9-11EF-A233-7678A7DAE141} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422509457" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
iexplore.exepid process 1116 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
iexplore.exeIEXPLORE.EXEpid process 1116 iexplore.exe 1116 iexplore.exe 1676 IEXPLORE.EXE 1676 IEXPLORE.EXE 1676 IEXPLORE.EXE 1676 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
iexplore.exedescription pid process target process PID 1116 wrote to memory of 1676 1116 iexplore.exe IEXPLORE.EXE PID 1116 wrote to memory of 1676 1116 iexplore.exe IEXPLORE.EXE PID 1116 wrote to memory of 1676 1116 iexplore.exe IEXPLORE.EXE PID 1116 wrote to memory of 1676 1116 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\65d05a8e3ac315bab652fa712af93fb1_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1116 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1116 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1676
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD580a0c04403ebfe164af05859f86dfbde
SHA16c3f113c0c9f4574542a8ba2ed4da36f208145b6
SHA256f560679e55e69ee6bcbaf7b4f1f0e967a67033f3705b57c27352e877c7ceb5aa
SHA512e4562fe8658d67e29d4f12333b500f845d3317c21d46247356c01978179c7a4c63a62221fa226ff31deca6c075d1d0a3aa05a184eafb96a4d6a9a35666060256
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD543f42ca0955555c8b284a1602f7cb06f
SHA1eed8f6bc2e32d5c00ad0e2e4c76d1bc490c7cd21
SHA256dd8f804b6d467be87f62887b7b0888c6e24ad5beea686dbea6527f17c06acd5e
SHA5121a440a4cb7f9a188667d6f39e19d73758a1a6a0306c9692628e3c0dbdeb0b1bd8e0b74f2ed00de72561c8cb0b226a33f6b183a6fb9e5f7ee1710e11197ea83f8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53a00fe646777eb2a0cee73bce1405fc6
SHA12eb6e07d9d70739abfcba42ca7a212eacf3c0ab0
SHA2562871b2653d6a592bd59bb269cf9dbef9c0767ccbb47725c7b541e1d420a02bc2
SHA5126e2f40f6a6886dabf50f4cd5fb19bf7bbf37891af6a2c14ea626e69046c7380777db4dec1ac0ab5f897cee9a1639a42241afd22fb62bd3b6d9c4fe922467a589
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD522d25746e32f79123a70ffb6476206e2
SHA1f988ddd3831f45b850d0dad34d1ae5b0d4ac1ad1
SHA256ab0b4f424a47c3b91ec831cd6024f208f99cb4671cb5c5b1e4520c84c18606d1
SHA5123a518ac7661367ac1739cab5b52a2a5762c15964f1f745ff20f208945153e6a3befe2400d5a4edf8813a86e6c5d8fe03beae1bd58cc84d9b977bf2f7fa81a6d6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ae06265b091a006e1d4cb7773111688e
SHA1979d1fcfb13402a83a5c89a25363ee3909046093
SHA2564cb723c8c4952fbb9f0bcc66986f42f16e03f096233ccd9c1bbaca2e03ef2955
SHA512fc4bcbc706702024df5662ee3dc03e138e16f4e1f1d789e13d7d99aa013c43bc2097c5efb2aa2cd6a1830d86a15e2102a086bbccbc999ec01f8bcdf571feffd0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a502fb9a6854280c7629e2ef1ab11c67
SHA1f2d074dbb168fcddde607a791c22d82360761d68
SHA256076a20938fd8764836fe5a4e5b9ba3587f6c08724ad5a56e588d835339022ada
SHA512fe6c0a9f9efbe29d00538fefecbf0825a1fac4693c7718f511b53355064a10b494d37b13442ef619722334766ae332b1c45c4fc11f3dd647aa6676309d4d7fdf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c09b532d7dc82233eb8c2bd8a8786567
SHA195941063547610cb19800bf32ecf279bcd0a280b
SHA2564e7c8ad81531a758527e030aa63ce3e573fa65d371f4d62cc6385508a3cf2ac2
SHA51253f2ba3936dcdb6481f1d41933e9a8f2e4026e2c99f61e59dd862e466dafcdef33bf4c4901a136da3f564f87a053fde74b57f23c17fc93056ab674cc0f8f9b35
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD571f98790fb430b9aff5f764f2c33e255
SHA17dbb8e9a52f62c0a154f9ff6d5ca9142f1c1d43c
SHA25649cb10d3ae85aa9d4ae244cbc4fac27ffa16801d3a153043c1aebf4914a9571e
SHA5127321361b6695db075a34f8fe8fd6da7d515567ea80825def92fc44306881ad4ef5c9540bb8f294b280625f23bff2e6900e332e8ea91019c2d075fdef363583b1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50034745c7a2c73e58f91ee06e9df42b3
SHA1bc4e17e3dcd2f1908ee336c796ef2dfc9e28c186
SHA25631edfaf717a75713cc67dc7fd9fc23a3a89e11e87a5bd538c8d2feee7d085723
SHA5126aad43f3fadc355acc80b4c6fa7e41744f95ba0ced01c856d6522549d4e19e8c7f3f8bac2a655662994f3d5aa316e6b2137f7781de542a20c129c90a5a334ac9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d3e23413563433e10e058f9bc12c7444
SHA1b166de120eb1be3265a31cbde1dd4d56670a2dd1
SHA2560c938ba068b2b04ee48926090f6ed59a7fb2e12d4da277d3442b52f6488715b1
SHA5124571cb4ab8acf8a134ec485d583ebc9bc91a143a143f5a96c69a0083f6bb104445d0b1b5e306120f14eb5036de5c614dc6d10d6d3bf88040044ea8f0fde2e1ab
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55dde29cfcd43ba6d4ca8d6c56322818f
SHA1bb58e6e99a9c056d1cd7cb6bdfc77f15d05cc1e2
SHA256ffc6b3422fabea120667ffb20caaeb89a9ceb87ec70a3db8acdd6d486935fb84
SHA512233f6f05641e0d8a1c62349be7d40ae8082e6e55c9fc921e8853611601703d8329ef5b72b5f07f3a4a39ba92326581fcf246ce70669bb53e7ba9633ee39c3019
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50bd3aacb7105845167bc20ecfae61b12
SHA1bb7698cdd88bd4fa6d0da36369b16c54a30d5b2e
SHA2566acfa5828d8095a3a4ffec9024ea0f63a2cc4d7e481345724c1808478d64c4e6
SHA512e19770a1d49ee461d52511fac4bbc697d3ef0d569932cb7426f78f3781bdfe39b4b9368cc9d6858fd8d10a8dcba51efa4dc43e70589467a2ceb999e878b1bb4b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59b15e30bc5190224a856802d4827cc07
SHA1dbbd4d744491f221292da3b9a2d23301ef0e2720
SHA256c87fb8987dff8d1944a2b5912596f7132388616dab4c9223b69d980f12b567e4
SHA51251a7bb072a666704a11d31eeec3c6e44ec5a66a5f344054fdeb41dde29ce3f7c4c55045236ea931224db6ced4e29be25c9249c6d1c1be16d8a13681cd8cdabc8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d6440e0b0636376a72afd68a0c3b9deb
SHA1b7f4f768c2747f78f75d7cc47544113e9f5c6f3e
SHA25623463eed5c604c857e57713aabe9225c750b35ef8792f333b53de93bc2a207d8
SHA5122c90b4bef568ef6dd7a856a74dd19417c173860b165f8f1a2042bba6be5f72f252e8170f9237c20919cc163910e9954111772a0a713398964241280cea4a725c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56c53f2e5e5e714d0bad1ee6c73af8164
SHA1710efbdb26db7b5bbbdd6f93928e81b0cbf28945
SHA25694a565bf0f4979f2fb75f712a040ae434a6a123020657edd1993eff849cc7d43
SHA5126a183f9e5a5768a275d26c2ae49ab39b72c96ac5de88ddf2a50fc9b7dc1bbc0c43c59b890a59301f7f9b2181efc293dd782534865c148bc4335bb93f1f5f9f0e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d6802428017f7964c452177e285948f1
SHA19aac0d4517a784880416fa34abd851f249381449
SHA25684d1839c58d3e7a7d6719b34ff1266f162dbcf49b39f1ec5cdab3e8f5d359407
SHA51248030531243ba595933928b886c447eeb165684ebd877df77829a390dd23ad60b11cf99df562c17ca23cb489750f4f977e5ea82f5a1652ccd1f0cdc39a68ad96
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ecf99de94b05fa657d29c6a8e5a06d3c
SHA1eb4469067a6a8a51e200190fc9482635fdd67572
SHA256991d8ac813fbc66ee0637670c15372519e241b61a36cba28181166291c984cb4
SHA512c71def2bb157a144248cf8bb02828731d4d6d7ebf7bf9f235389a09617aafc268e280b82bb9c8eac4c35bfe160b892210706ef290ac0f363023cd50715461517
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a