Analysis
-
max time kernel
139s -
max time network
136s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
22/05/2024, 14:25
Static task
static1
Behavioral task
behavioral1
Sample
679192d52874270b3f022544f9c278e8_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
679192d52874270b3f022544f9c278e8_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
679192d52874270b3f022544f9c278e8_JaffaCakes118.html
-
Size
14KB
-
MD5
679192d52874270b3f022544f9c278e8
-
SHA1
5bba3e56e659e3df024d907f0ba9bafe71cfdfa3
-
SHA256
f39d128821da6d5f9832fa013282ea26fde1e69fb2db5d7047781bf9bdcd55dc
-
SHA512
75fa1e7cf1d491cf3da57db11276752186d6e0856ebb72a567669983a8ce3ca40840b8ac5882999e32edd0bd499c6c1bb5814c59d966dd3e3a7a4003a35983e3
-
SSDEEP
384:FAjYxJu9EY7fJb37wpN6TIgSN000qGZh1b4sV:i0xJu2sWpcO0xb4sV
Malware Config
Signatures
-
description ioc Process Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0eb720154acda01 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001927e0e87ce4d142aad295396055d7a0000000000200000000001066000000010000200000000426e0e05d6e34b4333559784283e0ba18dfbf82a629ab09868b3767ea29ebfc000000000e8000000002000020000000de8e3fb69d0f82ec5a764bb506093c753ca12ded80395450a0e377799080401390000000da4148c7b91f91c11de5b9ee6f8623c3b8b4d6550bc66c56a7e844ac301c83028cba7d03cc453249f7cd10e47d24ac0f353a4ea5f88e687adbb831b1249d86eeb1bd11ccd26a8bd364b7947915ec6f01b871cd1225fc34ddf53a54e7358de58344b0257725093c5865691c5caffffe2454530bf1aabc9348e9c259ccc914c125d4ac868edb93153e139be7f7d1a5cf1640000000c3d9ec9856ab0216b460b24b2b7d43972306ed3dc12e70ee9a4b56d68797897c2497285fbc83cefc7a0d1cc2f7d03dc6415a98be1532b34bdddc32d7d9a3adbd iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422549815" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2BF80591-1847-11EF-9CBB-52ADCDCA366E} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001927e0e87ce4d142aad295396055d7a000000000020000000000106600000001000020000000a7f02fcc7d86ed213d43474adb497b24354077edf2d2a65c44d357c44a4fced4000000000e800000000200002000000017c438201e4e34ba909434c72aabc220c0500114601639ac26a04bc45ee5680f20000000c63d2d107772c24abec4f6ba32c0e08491b936f553f0a905d25126888decd0c040000000ec8d2dc095ba78f8fbb3ba40b89d1c942f219a1581cddf31c2e9aa7a1ba76fa7dd761ff6ed39200162bcd9f84a1c4f7fe53c76cbff137c252128614a6df93e2a iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1308 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1308 iexplore.exe 1308 iexplore.exe 2916 IEXPLORE.EXE 2916 IEXPLORE.EXE 2916 IEXPLORE.EXE 2916 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1308 wrote to memory of 2916 1308 iexplore.exe 28 PID 1308 wrote to memory of 2916 1308 iexplore.exe 28 PID 1308 wrote to memory of 2916 1308 iexplore.exe 28 PID 1308 wrote to memory of 2916 1308 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\679192d52874270b3f022544f9c278e8_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1308 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1308 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2916
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57bfeffeb7679fddef0e287bbdf8e1275
SHA1cd1886df3581dc4129345cb5d5c26f8626d29703
SHA2568a0bd360b9c0af51a78377b7c23c31e4b81c28eb9bc9fb04aaf2d8e1571cdc24
SHA512461f57855218ea0ecf6c397fc3a35c631b4d5392c61054a6fff58cbae04859c6448b31d947b13a49eaf61b8b389c81a4125f593ed0f5dcb83c8cf7957d838131
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51a0fffa8470575d6b161c30ae5630e3d
SHA1fa6c36fcc52cae7db1e130f08508405adc3938fd
SHA256e6de563c42345267dca698d8b60b21c9b6757f098a7bfd4a58519fbc817b30c8
SHA5123ebad452db3a413490f5ad41554385f5dc9f4efe5e6c69885a89d30bb7d2f84685a97f118e1f8666e9eb4874d7625dd7f784e07e7563d61d026933947e16edd4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52aec397292f7b32ced4cbcce5a80e1bc
SHA1edcab08d6d46ae1b1db58238a3f645ecd8b674b3
SHA256343c7f55fa06a23f3b906136f13247f90a7333a7256a49322585e8ca2b912ec8
SHA51240e9b4f7626b8363c36354202b14498b8e3cf4bc631f0a3703d5f9f699fd8feebeab5ea1a0b4420505f50033f7659338f5e7acdc687c00e08bd30972763a5a1e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51cc704ce85c4b7d13a841e9f88de3ca7
SHA16b7ac0f0abf2227b8f89a122cd44a95130a2dc01
SHA2561d39502029fe434863eb2f2d6a92dc9b51a49125d5496b06d77304aedf217e19
SHA5127e91b798454fc696a2c880d3f1f8418d3d86e4ce38fd841202a2225f61d772c047025ec2be611e45a827c7dd6a0c8749a0bd7be4f976b651574f1bc74cb1b7f7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5dfb72433f1089caf9900f7cfa26e2067
SHA118a77bc9647906a83276a4121adf9e17dd769465
SHA256049f77995424b12fee76cf27d85f53e3aa94e5bb9bf175ada611affec099a190
SHA51247ec274e0e0f0fb61bc2efa4843b8c9a5d8e9550e769ea109679105fbf2fe30a88aa3b98595c91cb5071e2bae115f0e392ac81cff63d9e7744de22a8c3051587
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5787d8fed803d68e9c451f1c88043d292
SHA12feba292f0a5cf2560b284286a642b03be6c4342
SHA2560081c0fc3152e306f7dd2e2433fedd36709e1c36013a5840ffcb219a530dc897
SHA512211806134ac925bb4dbe59cc0a66d19a738b3805b2df6c32dc5edc32500dee79cd5f9ab9f9b06373a7b9c1dceabd3e30b7d475a21348e50fb15bfb81b37c1c14
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD522d74cccb9ec4c77066966be14375c27
SHA1e3518d4ea5d78aedb4353dd074f7017639441fb3
SHA256b63d696677ce66b0f9703943f0e283827be85b7838a538f2aa9937db44311e16
SHA51255047e0ef7567728b9395e0706788ca8212bcec56f0f7a088df796b270af1638ec44109e8b33c98d9fb9421891df4db643b3636d1f103ae648288734fdee9493
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5dfb22e8d0834e8cd1f78c0838c46275a
SHA10b8ac80cccc65eaf4a8d4a1339ac72679e03a2e0
SHA2560473bcab7d6a1c0e778b0b79197498a5db216b5bb79b2fc481dd3af977683405
SHA512a10491f115fc706b613084469951e7cad30779d02532b5fbb599ccb01d089487e53715d4b98a7643c72828d7a8c2baff25c886e81f60263ce0e337181c397630
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c70080f4b77a46c5dea10e1d09c0eea7
SHA1622bc1f3b8845af5b2a9d95cdeda9d3c3778e583
SHA256ea1dd915e3fa16715b3eb0ee889471faf5c5b4d1c4684aa46a8fecc47f76f733
SHA51268fcc40a4348a779a8c416b51d3aee866b8def484e3d7e7739d3d8b7d291d8f419512d9a8ee141fb6e4721507687ad44d8038b6729201ed66474541719b10ed7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c394d3772d4a6233ff066193382db0dc
SHA1119db748f874173c332998b5ca9e948fb8557169
SHA2568d81c4f979cce561af9f01e038dd0966b03b7baab87ec6463a12a067ded2455e
SHA5129683db2aed2a178afa8e430e7de9ef1ccb6dfc67151c1124e2137f1a02a141933dff2beea74137b7446c739b1da87c014129cf4bb7b03d6c56cfa5133702388d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ff2014fad40b6cbd7c9485878f681550
SHA1e99e784e35f42d8288b1edf90f730ed6704a9f5e
SHA256b757ffc8a15ac27c7bf8b0d4d57990f36f03a4b23d9409ee368a7ce6c00354e0
SHA51228d46fbe26181fd3b77acd124a199021380fb5db7ff5da3bbc8fd65419dfd99d5ee5b37496c534c9a47188709208bcc7de18ebbccc1bd5bb445fafea4beb033d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5bc51a614969969391ef9af14e56df2e6
SHA173b1d852d3bd79d479b5e98b553ecb676da39324
SHA256a421730ae0609631db0bce6ec7af23447ec3120e8af8a743e33e204c7907f5aa
SHA51265d562643bd214c39f9fc561aaa969bb2cbb8c05c14ad809f1b70f847e8afb284626a86cb171d73d38f8284cf39fb283a4be1ae4dfea796aeae58f5c436bbd60
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54fc5cf20366736ed0ffc71b74cffc83d
SHA14fa2f38d254fa08d3feee2e2e5664a7ba344aa8f
SHA2564885815aaadcbef7169759ce28bcd1f2235427de29a0c58f34a468644c874653
SHA512d76fa8d7515e000411bce65290b7e027c7f6dd5ec8162b1146bffacf084a9aba5102c47fcfc96e3849d0a30f076245bb4af6f72e5a5559564f6b7d6a6298ef26
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54b4a30c0c008f3f9fd9bed37c1766e3e
SHA150d6069ef6e015c7c07a39a0fceab5b90ebfc18e
SHA256a70d66933296a339d43ae837cea3f86396309589ed3438e6c9af35bedd82b124
SHA512246137841e0b4b8f9d5b81a17c435f52f2384dddf19c54c6a55d43254e029920fe765042fd42ee0df044445993845c4eeb5f31e0c2fb3bb8039ceeb39ea87f1e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59a42cfbe6a83b3c8c1d3aaa4e14b7274
SHA1babbc9381d724be78aed635369b789297ac67dec
SHA2566380d4b58ef6011dbcf1d66b1839b18bb22a9b5fdfbc3ffdd3da3580b8402eea
SHA512778be02d7a24c6596ad3a7bfb384738b80c28c2e955093fb1d1c268e4084d24847cc80b1cc41f68e7ed7880a32eeb1ffd261dbd1ed153d968d1679dcf395b1ca
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56e447ec905c66cabb958b5ef13aea361
SHA15939b412bcd9644b3efdf2f3a06aa70b8b73a28d
SHA2562f7a1ae7d0011325e015b6acce426264d5cf3e9e3d21177f21f73a93912b3c82
SHA5120c60feaec57bbf53373859a1da66be8b218f70debba15f4ab85f7cfcfe6c730ed86e49e17431cf5fd177a5e5ed5bbc2e5e93369d36736a43bcd4ad98e38a5117
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5bd1d3f0b37e611249cad26659515fdba
SHA117d66de5a94d8bcb6b3ef3bc1c77c25e889fc792
SHA2560c763f570c25dc1fd4034093feb15d2fa3d71f15d3cdff11eddeeb22f7221f40
SHA512b0a38816f880101322ae1c4acb97cc1e5229d4a94feee8a354b325ba220a508f246d80c05bff2d937a767ad17f2593ec2798d452d1913228b3ee740d42488aa4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a64f5b6e5a25e14ea12f00dad17bcecf
SHA18fcf1dac87096f279bef8e781b2c561c6cd6af26
SHA256b81ad2246f708c19f641987c610e295a6104cffd22df434697bed324bdf4a3f6
SHA512b33e6e5422d5a9c1e352d4f9b3640e712d90d837b8f83121e5d97373d76cc8d860d5b9b0c1cbff5e905d41fed71ea7f043868b12df9d5406a97cc57dea96fe9b
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a