Analysis
-
max time kernel
120s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
22-05-2024 14:16
Static task
static1
Behavioral task
behavioral1
Sample
678c5d2e7936e9380367888f2f15389e_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
678c5d2e7936e9380367888f2f15389e_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
678c5d2e7936e9380367888f2f15389e_JaffaCakes118.html
-
Size
31KB
-
MD5
678c5d2e7936e9380367888f2f15389e
-
SHA1
a81e616452db2181978d277d2a5f18564e81401a
-
SHA256
c66d915de5197734f918f8a597fc1d751c10989dfa507c45cd65eb3b6bc8b925
-
SHA512
0e779dde9a883dfe6aa13a00619d59833cdd6b3b71cf7a91bc75839a7dd650935a70f445a4baee55006f7592b4b41c77f00deaa814e91f4b6b37323588c80873
-
SSDEEP
768:HWcl1TI9VLEgQKEIw2K1U4gOrWV7lrej/ygJ6RGUYIK7EZe+rUcX2+/Xvivn:HWcl1TI9VLEgQKEIw2K1U4gOrWV7lre/
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0791fb752acda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002b70c6d200ad2e4592d253c1de0a6abf000000000200000000001066000000010000200000003e6cb1d56c946ca6dc122409de2b93ebc44bc2e55b348d7f411dacd0791260cc000000000e8000000002000020000000f14029af5b9dd0e5e26ce0860995f310fcbedc5906ba44025b938751e7a32d3c2000000074c7ac1f23828e3dd9e6a3b624ee86867ed9f439f82e84f5f5d2b0b8681368f240000000553fa13a136e3b89f41f434afd7d9dbad9f4d360b84ac8938607eb077a20d90203b4482a91874872a5fccc0b40b9d3b42ef59554d039207f45a859289159f373 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E26FEA11-1845-11EF-831B-46E11F8BECEB} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002b70c6d200ad2e4592d253c1de0a6abf000000000200000000001066000000010000200000002541b7248e45e0f52a078f5b18b3309dad434e4c187b860eb4ed0432b8121da4000000000e800000000200002000000099bbdb9150499aa8497ea65c1518b3b0d9e5d66a653199b549075f757edd1acd900000007f4af24e7faab15ca44892f9a8e9ac27a658fe62d23fc53f78cb3aff0d8e597833c62b1d1463f204f0f9b6b3ca333bf8db239bb0d7573859bbd0bdc43d571689e64c94addbc6fcbef7aaec8800f2aeb7a5e9a3628c71242956f9da5a3bb0a2f10aa440927c59694b92826eadbf4edd25a11d29388359bd3044b7c483cb0281719e79064a00d6c83f6c12e9d84a82dbe64000000057cffe6fc17b712f3666270fee61640d6c30029e17f5b38ed7e052e74b2d0a4fbbc16123260865784584aac401f59c544e28f39bd241cf695e7f38a5300c3370 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422549258" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3028 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 3028 iexplore.exe 3028 iexplore.exe 2944 IEXPLORE.EXE 2944 IEXPLORE.EXE 2944 IEXPLORE.EXE 2944 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3028 wrote to memory of 2944 3028 iexplore.exe 28 PID 3028 wrote to memory of 2944 3028 iexplore.exe 28 PID 3028 wrote to memory of 2944 3028 iexplore.exe 28 PID 3028 wrote to memory of 2944 3028 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\678c5d2e7936e9380367888f2f15389e_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3028 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3028 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2944
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5889ca1ac67cde2cfb2c734489a37de78
SHA1dc967e6f938b9c017fe9f20b4cc97eaa3e9c1980
SHA2568f8616adae1a46879a50da08a6bb4f40b7aa1d1ea38bfc84460594e4f4eda468
SHA5120fe7ef9be0b92cb3d569953a9c00401b300fe5605e9f37f810470b1e0533ecd3dda4a0bda02cb6f9ef981874f9ce81090e80e94a3c0bf0ac9f755e490bddb0a8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5008a38dbd5ccc78274898127a5551f4d
SHA1da0d5322ec85039667cb28584ef002022d71ac1b
SHA25698765e0a79d1c3b9f29c3f6f98d21adbe1689e32538546d8e9cdcb022cccc174
SHA512b604be33aaf2991657cc43e4f1122adcf451e703a31a85fe0aa05f98b1ea4dd19f049e52e96c6aa84c48d57b7b8825c63aa338cfb543f2fe67dddb80b0bebb0f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57b7ebcbc3eaf594350a99fe370a9eaf6
SHA1fc778f8fb8790b075f3cbb07bcfbc7e27bbfc32c
SHA2563735c9bdfc65e386a1fc2abafa9eeb051939157985c904d047778237e824afd7
SHA5120724631a81cff998b017f9382d00b270fbac7237dabd36daabfdf13a5e5a1441998c144aeda7c3c58916cc3ddecf7d2c4f618fa73dcec136e1b61a60e413396f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59ed57a3a2ebe4666c99458311c34537a
SHA1eb8aad4f824ae7ca76f8441044aff0fc6530c9ff
SHA256b91528e7cf2b2c2b144b73f840f06a8918d794c811d49e8b4aff96ce1eee16c3
SHA512643e83147d7aa672814ad9fc26b6862a8deaf88a44149f4b93bfe10197e1261d8f12af5f46bb2687e3680aa8f0f6b72c88aab3218082106b3593c5bb2f1f1878
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5348556db14863309ff240976accbd4ba
SHA1e809637c07399ac6634aad5676195fa7384a3840
SHA2568a6d23b98567859ffa47030bde6648f988ea41a6816d13c4b2f17be6f9fc4014
SHA51224abe789358e734a3030b8b5870250dc5b77a93ea19d073323a69b91154fb9d4c05139f4939a46ba9661d2fa3b6f19d03f6cfbbb8d72addaf3c74746f34a97d4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD537fda4459432515f19aa31ebd88b21ff
SHA181d59ad2af817ab0dae94d2e05ec78c1f70f6155
SHA256c952e9459597d562359c61908e38a5c309fd84e12aebaccf84749235c250a4e3
SHA512838d4b098634d526e8fe1f05ae5edf4dc7b0bcdf59f14651ddba6d4909930e857bd52afbc0f1b38a93f0182fc83bba206ee2d082d5ed24a533e63c3bc35a38d3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD530907cce6c6ea37569c86253b08cd3a4
SHA1bd82ecbf1561363280e830f27b06da9fdccd0a9e
SHA2561e58d43fa7e0d75e21b66dc232d752e695cbfa65338ba5f12eada22ac64a8952
SHA512ff82885bf439bd47e0b8d44b05b4f4dacde9d3fd427cdd2a6a45b4a303006fe6cb63e4bbbf6562e3d46b39d2bb9534a0f8415ac5675661d7ed64a65292d7489a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50815269b7573a2987e4352563ab71434
SHA1c64a1e6f662d2609b638290c187ba2710a9989e6
SHA25693873d1fb514239889aac363a95b5b1740502d893ff01bcda619470128495df0
SHA51252a38a809423d0021e620ff83e50e6a34d09e3b087b560ce9fa0802f800e0971eaf2f7217e18a0c5c5f4cb17a28650a896e876c296757b796b85f36e724bbde8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58c9a519ade5ac5433e5c0c705dc7aa0c
SHA114149cfe3fb86fa77777011b7985e1c46bd2b0c6
SHA2562a6d700fbb55e0d3c92896fc4a815f515d01b3d727f96d3fe6fbab805fd767b8
SHA5123f2d25d0f41b6ed7debb08bc105b386a7b89c17c5149b5ce342b18039eef510ed91e2c86d5a0744c9756129582e48424dafbe4e09339cb26f49c641fdabaa7ac
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55a747365c870299c34d49c8b288da321
SHA10730af9719d17c85ed4076db41240ae10b39d0b9
SHA2564813b8f5a3746f63d2a0ba2a9a3d06418305843908a8d1e021b50f3eb96a089e
SHA5128264f9f38471063f8295eae3f845e495b097339926fbb6caf562f7aca437fb3fe020ed5651fdae566c3358b31d72ff72c285f3894946c2338e20c11408db2df7
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a