Analysis
-
max time kernel
133s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
23-05-2024 04:53
Static task
static1
Behavioral task
behavioral1
Sample
69c9d73dbae8d6a0b1806b7c7bad9214_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
69c9d73dbae8d6a0b1806b7c7bad9214_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
69c9d73dbae8d6a0b1806b7c7bad9214_JaffaCakes118.html
-
Size
3KB
-
MD5
69c9d73dbae8d6a0b1806b7c7bad9214
-
SHA1
e9aad5b98ac7eff67d4b89b4698e653eb64e7c0a
-
SHA256
32a44e4dafe8fe7d6ec99ae7e5396897c85f6519450041e47ee223dccafa73ef
-
SHA512
91fd0b1feda124316d8a8f0d2e599df4bedfc48aba7bccb269e0da8c54da22029ae6d24befe95fc4911fad4d6a5e9e4425d4254229ad9d8db9594aaf1e8ab718
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50220c44cdacda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000007e84016dab730cad4107208235ee3a91a5e20330fe05bbefe4efbfeb8de7edbd000000000e8000000002000020000000e4a1d54a7efa4109c2b4670979ba1548ef91813f304778f5bf80e7d832e00016200000008ab972ed2c7e579045a6c554ac5e29956946eac320218412e8882fd94d2f78d64000000091fef70108e0500eb89e82e731df5e926e55e01e7a234aeb0852400200b579336149c2046fb7b93aa4e883c9ba650890c3056fa7b666705e157fe9ea98e0b24d iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000badb09b2f97fc862f2bb14f228c73b5b4a7e938f7d9ca8d2a3aec13da5a62151000000000e800000000200002000000088d5c39d18a115ae3438d830a8e4c19c77521fa7bfbf1cb4c24a4ceb773281b79000000058c3ab9b747b654e709bd5321ecf57adc5b90eded5d99681ac0ce0223d2057d17ab9dbf74ad9ac0d63424d2b7f6f3391eebf78edab78063de3b4abed13489e8b53302e14bdff42cc470010d1d8c4630af9c70e2dc222a3969e09cd58ce24d17facab1b25477af0619e504dddb0a8961b41fe3b3e6441f6f430d1d1608448335a604b2afb71c589132f47b05b8d7f50f74000000036b4b31cc42a84d210c35ad94fc9c33ccb15aec00d49d32f5f4da60a36d523fb76f3bbc2dda6102441922cf68477f3eec1e435b37b3d6c2b03b144db0c86b5e9 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422601892" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6F62E3D1-18C0-11EF-91AC-F2A35BA0AE8D} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2844 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2844 iexplore.exe 2844 iexplore.exe 2600 IEXPLORE.EXE 2600 IEXPLORE.EXE 2600 IEXPLORE.EXE 2600 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2844 wrote to memory of 2600 2844 iexplore.exe 28 PID 2844 wrote to memory of 2600 2844 iexplore.exe 28 PID 2844 wrote to memory of 2600 2844 iexplore.exe 28 PID 2844 wrote to memory of 2600 2844 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\69c9d73dbae8d6a0b1806b7c7bad9214_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2844 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2844 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2600
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c95b2f40074a92261f32a599f84995cc
SHA19adbcbe6a63aa7db8984f7089b3869fa757f52f6
SHA25667ac269dc70bfcb58a6f41f48a9eb7a78afd5e7324cd10e8c4757b0975379c49
SHA512e1cf21530ce050a60fd65ef6019c256afaf748c56d2067d191d0bb8fc39c831d1dea9e7ae3431ea643327e7799344a9afcfcb93275d39764cf7e7a4708ffe96a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57c001095444a12dfef5b62c6d7538c36
SHA18b98ecd42f307755ad91c0f9c4c6a11521a3da90
SHA25697814ed2ec05d16a96ba153ce714eccc03c3583a0a948a9562187c5be6d18801
SHA512cf444b90a28dc3329e7ad67ee947e089b528c0d32cfcaabb4fb528ffbc83712d03c95f73f7098d23f03ea1154314ee8c736d9f4857e99ab9e6f05bdaf56a95a4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a314c14b95164000601bac9e8719bbe7
SHA1ed315e2266f7794392119d522e377c5e22a5f1e9
SHA256739b6fb7fead2bb8462285faf86d4a14cba6d635cc235b2970150e43079bb39c
SHA512c4edd7721c2bf67eaae9283f804e6d2b5a1384bf9b796325225f952a0cd44f92dab9c2e5f46ac09f9d2b7e30d6b7f94c5f83bc3b0516c725ed7f33641af6604e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d855ea055da243cbc70f887ed356ab69
SHA1d84feb8d75dbcb81feeb34e6d10a13f637ae1f6e
SHA2569a579fe8a65379d1ff24f6dbc91caf66bc523455386a723a6621c6ff16b181a4
SHA5124057a4b008ddd6c524765edcfca27ab1d4cbb1b29a1ece1396fd537cb783667652f37bd95f90869b6da9740c5fdb39cdc7a32b648e353e67a9f40ea708cdc3fd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50a13ed881eaea6f2f732f9083d6d2bec
SHA13280dcedef62832246167b00a6d7b66d61f92509
SHA2569a3f4a42f790e9e9ec149c3d7b803d2ec9cf6163fbde46e999895d8d0e4b1f4e
SHA5126dfeddf436ee78159c6ffcd6baae61d92dfd038895fb814b12c58a2d621a06797a2bf7a1a50aaafae50c6d6e18f81eefebeb7cf8de75a6f0c8879e50839e34cc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50ee09276989877683b2e6ee881a40e7c
SHA135c85c6cf9b6d1c7dad73c61738c1557ad9b692e
SHA256264bbdb5f4dab864c14bdaa3441f8a9776a524402ce608ba991f336f15864430
SHA512a3f0f177d90ab2c87133c96c56b66be18d9b9717cb0020bd0dbe8d30d7a6350cf29028e1983c4a21a09a8695c8c04d65c54ad96ba84c35a0b91dda9a583e02af
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f31c782cba16a04830e872df58e24b42
SHA1d09f516d149d889cb2384b5dd49d3b185152084d
SHA2567def439c69f829497f7699ea7e23558d4ff38ec1563353486ffc1f294f8a3aae
SHA512f6be0fcc42da13c32c2799eee69bbdfeebef95fb828a58f0916b6a4d3be26f7470f75cb4775c6b08c63f689219db355db5cbc550fc0d28fe0d28a5d663226d45
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD571bd5a563a30379b67c2a567cd2d571a
SHA123ad349244de8a3281893204397b56ce4cba1425
SHA25656d60c22203a43449de8323415ba8859456d97be10ecc264907c25689b36c0ce
SHA5126aad7eff970bbaf9cbd44545edbd21aedb4b57f5bab30d67e4a42b1fb2115fde73c6c208f7a50f5c2b6f3dbb8793397f758b8d6b617d7c63353a67edd40fdc50
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5025263987abd2ead99d4bbc481e06ff0
SHA181c46a11a6dcecd7722eeb640aa43e53f3558e51
SHA256fe10c3fbd6a134b12c19101d73199251443b19aea53b9766eb23f74044c53d93
SHA5124457dcce1003e739c64d14a5881abbd296a48e3157166b3933f463c4a2db1f18bc955347d72150849371d527a61ac488e1409035b79945b224de29d0c54f698b
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a