Analysis
-
max time kernel
132s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
22-05-2024 13:40
Static task
static1
Behavioral task
behavioral1
Sample
677347594361dc4a8d1fcae67df2f8c7_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
677347594361dc4a8d1fcae67df2f8c7_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
677347594361dc4a8d1fcae67df2f8c7_JaffaCakes118.html
-
Size
27KB
-
MD5
677347594361dc4a8d1fcae67df2f8c7
-
SHA1
b6e87982ce83477882e666ac5a4278d90a94d056
-
SHA256
bbbeb4a2679c2f44b38dc103cdab4de345d352e977f22b137faa420f648a01ac
-
SHA512
f16df1692185370c7d47abc232c509e2c7fa5301d6b4a8a757652fa436464c52c4bc831be3386a58642d318f961fe65d03fa4e9a935b9f39c020edf859bf5059
-
SSDEEP
192:uw70b5n/ynQjxn5Q/WnQie9NnhnQOkEntG4nQTbnFnQ9etFm60rHRQl7MBdqnYnI:2Q/d8fAH4SbUqQ
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000a84ad45c37e8304ed9c0dccfde421346cfc5983eeeeb7cc23ad2a7fd02dc5b71000000000e80000000020000200000000f8d5ff72bcbf33f05159e039293608c051238c8b31ba18af3ef23f2f01fdea690000000d24bea9ff8d892105c061475b6bafb58aefdbb05f31bd154c9f6bc55550bdfdfc178d8245e6b81fc0f289c0101e576ecb4b9a668abdbc00bd6e099c2140db8591399f21907b18294de8328febdd1cd321748fb42b95c1aaf6fcd497369465bf37d24e829a4a1310cbbef5c7df0c6082ec7246e290bee00e56282507d79c0916f20d7fb1bdf750fd1535c0dd374c53cac40000000f37aae33469800b700353e1726fd3fdcfe4d5f49b514968f06154af20f8b00cc75fb6f782bf0b0bbe343daa8bc918562b26ba54e57f763b222486431c3cc7314 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422547073" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000003391cead668775b8fdb32eb12d9590f317db2989d9bc6ea65612221fee2a98e2000000000e8000000002000020000000f5437f278bf7f5f3984b02c5f4db266f0674b170453dd5dd507a96f396b643ef20000000ffb9ec7f0b45f6610f6a373f828aeb1d3076403b2c185d601db7ae9f4feecd5f4000000074d49f89bcca3420a5f624faf939667dcb78df972755615f7dd0f8d07861dc92eb1b2af69d2dde34b6cb419e3753a63b0ec56f95348cc9e32b7a4dd42c8de3b2 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 306ed1a04dacda01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CC189781-1840-11EF-88AC-F2AB90EC9A26} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2424 IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2264 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2264 iexplore.exe 2264 iexplore.exe 2424 IEXPLORE.EXE 2424 IEXPLORE.EXE 2424 IEXPLORE.EXE 2424 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2264 wrote to memory of 2424 2264 iexplore.exe 28 PID 2264 wrote to memory of 2424 2264 iexplore.exe 28 PID 2264 wrote to memory of 2424 2264 iexplore.exe 28 PID 2264 wrote to memory of 2424 2264 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\677347594361dc4a8d1fcae67df2f8c7_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2264 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2264 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2424
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54baef77828296f9f56fd3b26eaee8940
SHA103837b54d5f840754957c2da8c550c6c6c0505d8
SHA25627ff874039834c60f498124c83a91f08d97d708d311745aedc085ac391cfef09
SHA51279569a145f5da5ab47f20067699f64e110d587e6b42622a52b6c3eec77fde1921404433dcb40467c69c628b31d9ef6d36715b955864dfb858cf6195e1c572d2d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55c3a42f16dd846365f8f2087013eaf91
SHA1734c0659b000b5851ce149e4385e3aaafc5f4476
SHA256f961dc1a4d3f64a0fab88f8ca577ae8c04c94f37245b8bce7ef2f0b03f9e27b6
SHA512065ee95de9f1293545b3436d0dec9b00f187822bdf5ab2d7cfc75b7c5f594e7d7bba0c55852eff69e88311807f34c6ff6d6880069fdbdd9a6ee392032e3fee20
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a60f85da935a515906ecd28972356100
SHA1dd8a3f5c226c88f808ea4ee08c15fcebfd908d34
SHA256b554142da70ba2871da43c736541cffb73edd2833d2eb7e7965c2777bf5c63eb
SHA51211aaf2542d8145018fc2a277c39d6e567237954680a25660cd4b351895adc7e991828453ba718f47177e65927c841a063cc494a1ba5e733e2d64bd3f75669a79
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d4e173c9f13d1475ddc3145dc646ff4b
SHA195d2c64864e819b44cd43f313f862a81c1bba16d
SHA2563b07641479edd2a37b1815b86c56e7343dcf6006615b37c2d266f724b7e1bb89
SHA51226fe09d3cdf22639129cbd906b03debb991dbcf03d4a6a10199efb2a00c46ce3519e85f4324f63445d8ead5c10d6d0d04a9b4917ec40b403a35cc8439037560c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50dc909a2d499f8c014e2c26f845680a7
SHA1240b5a9a9dce5368623e39dba58133fc4b9fdeb5
SHA25669887f65b58139278e0b0fa8562aa74d79bf8d7e178376d01f0aea0bcfbf2f61
SHA51229bf59842efadc2c1686360338aa170d5a242107c0dfc9aa172f93d8831af10fa72f8e4522dd94a8f28b1a105b603e82975b36a5d1923aec0ca05e26ed73a775
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55240bffb7daa66894475bf7064fae20a
SHA1af01d029ebbdf2b9fc16307d19d9467556525071
SHA2560600fce9db8b321b8341a37d23c23bbc0d84ae67de671de223a7f42e9a6ae766
SHA5127f5415b8aa1c940bae1412ef446edda46e385cda163c73817b58fb2fe18b6f65688c3515029f10212a202d39c70724699af08cb610a4a42c854084025925e05e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD510d31407d40f93537773f2d948bc3452
SHA137c7cd9148262e220aab4d06e78708b87ff03c45
SHA2563fde1e1deee52a88e638f6e5e82144c5c70b946ba14a7126798b48ab7668109a
SHA512d61d99ffe1d3ec49f88108213fa7dce8e4e788a590eb090e3f11fd0eab9270324a190874ad8f507d258af3f460ea104b409cfcc267fa79db7eb8a14cdf4b9334
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50a11f6f1d29e0fefd6f3755f0c7892ae
SHA1b5554022d29a6d20e06fd0043daab90f5ea92802
SHA2566f84ecaafb6cf7c5f5f9bf62f1a70b346501a13c36f6232044192683481cc953
SHA512cdf120700e0562b567a9c0de2cafaad8141e55b678242023f9fb2d5fcda19e02bfbe726366b2cbd8ef93432f5b6ee2b6828301f9ecab3ea6cf986d4e76c3d09c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c1a33a8b25ae9c8de3fd608fa4efe884
SHA1d4538dcdd34c736b75a48d437baaceb2998b1163
SHA256955ea5daeac0f130eb67d05abfefd5c25e4193aeccaae63fc2313470f7ff820e
SHA51204dc5e6d8103d80652a1c1a69c155cda0756bd99bbd16d3dc28587e6ce96bd493edbf05d34c8217e2401988e7d6a7821c6cdeaead4ea3a1d725db6292ecda73a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55a032d7cb745dc9b5a08e3ae12b8c3bf
SHA11261d56583e162dad4fcbf54d74fd2ac436c85fb
SHA256bc29411d977eaaba00c41326aa68d639783502f703513bca08daae543ef283ef
SHA512aa22c2caf2bd2e8154d2a91ce5036c273718a648425501155dfab82edf9cfa8dcdfe0e0a44b0923161655596a5e1e0a2518a8c8b979863fc3b8355c50599bccb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD536a7d685707c3525a02202afb8e81416
SHA1ff5c78731ffc7b55d2780ee50914f69ead810468
SHA2567f6e36cf7e808234f09242e50ab9513492f8d96c9461837a094520f8b22fb6f6
SHA51275fa77051c00791ed67c7dcd10f79a644488ba26e7f9fd7077f2fb71bb4664f3efe5c42a0710e10d2eea3054e575dac642fb29719429fc4467e8dd1e9bb90ee0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD545b65e0f786fba4145b12663f13eb4bd
SHA1a32115251eaf3b3047562ea2e5b917ab916811f7
SHA2567c722dcf6775e6be349a3b913555ff96351787d1a9fcb9848a208c0b5a42a46a
SHA512b3d00d315c941d08a088fd3ae18ceb160201175274b74f9e98e8cd4a293d7ce0abd7f75b358c4c4ae6aac86fdcb712cba4444571dd367a3eaa01ab2e19cc2fb3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58379711a1b3375a0f4a5569b45281514
SHA1f70cfaa6c911f214fe8d486539db75ed83165851
SHA256a23e12e38d909e44770158d29e6cec3d8a632037b6de3a44ca936a046dc5823d
SHA51286b02de2a41cce9b0b4d4231d6b823c19cea0007d53cc473fcaf0fe9ba980363abd84912708a8f83f8d16186fd31abd255b4ba627d86ca9956d572a891f0632e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5136ce3bdd3894044c97cf8fdbb27f626
SHA10448d9493abbbfdcb82fe77ae4b0e57b3fcebd33
SHA256fa8f7f467faa63339f8c1a6d876d0cbca66c4278ce515a9cbb6a468957135a05
SHA5126c442ebb814b11b32e5a9ec2ab691bb78aecf17fd9ea932835163bd692f1393cbf6236319aa24fdf457b9fe95450830bc2f74a968f1e0596f810c25aa75b46ea
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a