Analysis
-
max time kernel
117s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
24-05-2024 05:34
Static task
static1
Behavioral task
behavioral1
Sample
6d7c4981c2aa723c9c355625bde556a3_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
6d7c4981c2aa723c9c355625bde556a3_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
6d7c4981c2aa723c9c355625bde556a3_JaffaCakes118.html
-
Size
12KB
-
MD5
6d7c4981c2aa723c9c355625bde556a3
-
SHA1
86495264613ea27c17915d6bc56676c84121d8c8
-
SHA256
6af5805e55e7ddfd5691ccd187a96c25e1a6f50f0e15059ec2b3a33930046d82
-
SHA512
aa74bf3869cd17c57ac994afca0bfba668db0a782adcd4ac10376d3be8239f17789d23a0cf252a4ca039df0abe5b28824c53e195e6e30168f2083192e0bedf49
-
SSDEEP
192:CljMgBEOks1QTxE6av//X7/p5uuxhMlssPEIpiPew0dmLsJLDMv3x:ClAOkjHav/T/7uEhT3x
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30fd562d9cadda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000220c5e565b6ff6e3709042316e236512d1a20f553a380c9b1cc0a735faf84b30000000000e80000000020000200000005b9bd5dc2ccdf7bc205b228ff00f3817e4b17c92961e14b6d30cdeeb5c448f6b20000000dd7d478565c7256a3356be9e17a4a14ae73e003da15898211d4b8ada4997ce7e40000000eab4a48838094e6a15ad37d4a1fb04c3c5acd99d251cc6b6cab1596b4c5dffb6203c0b1a261a87801a61f7fa11826d28247dbee1c3298e0dff7d152c02f01d6b iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422690760" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{58D34041-198F-11EF-AF3D-DA219DA76A91} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000b32aa640a4a394068c4cb0c1326e524b125d380c0cc87b4173e9598d34dd015f000000000e800000000200002000000070d992f7faa59fc96627fca72c454d6ce541a3d1730910e56d58aefbde8bdd2590000000fe9d249cc57151df29ed82d3e7206e6d9c780711cec539e8a3ef98ccd906b6064263ef8fd99ade475841b07c777e788d12888a448f8ff7a6feabe1576ec15b65336af7608da331e1ff278afce3c6787693f4ae0e2e2be95ecb326f50e0627a19c1487f474a85c22a00b7b47427eb13aa67a685d8c66f4fb9904cd989be83705fdd8d7efa8f1a4d791f8e526663b4bc08400000007187b3083f5a743af2a562d860eb6fadc99a6a187d1752b5f4f7b34b0ac32a9b797817aab47be24807ee95b466bfc8c81706edd6d3fd89654f6e6cecbb123018 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1684 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1684 iexplore.exe 1684 iexplore.exe 2348 IEXPLORE.EXE 2348 IEXPLORE.EXE 2348 IEXPLORE.EXE 2348 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1684 wrote to memory of 2348 1684 iexplore.exe 28 PID 1684 wrote to memory of 2348 1684 iexplore.exe 28 PID 1684 wrote to memory of 2348 1684 iexplore.exe 28 PID 1684 wrote to memory of 2348 1684 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6d7c4981c2aa723c9c355625bde556a3_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1684 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1684 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2348
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD517e9887c3aa1fba9535820907d5a5598
SHA19cfe7c415077a5fc6f148668b4358de16fc7207d
SHA25672ca5c896d9de9f425f2d3a5e0ee5c8627a0cf0bc06e7addae4bba79c0a4039f
SHA512434ee1ced7bb43595bedb91c16f0b6e687298b4831b4a745c1c97e20497e3633371436484200db65f44f1696fab7b3a058bc9dec184b3bfed21a755f601cde1e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD596485c9e0af6eaf77467627f42743434
SHA16ba1983c843f533fa9f130c5c0d16369262e5ade
SHA2560afd36b3395dce766b6211b14ea0f94bf073c9c9b65198c1497a9cc7dcc81afb
SHA5126b499299037ecf7abb5005925e0b1858750b724744a07d48b09e7a488827ea59389391a66264dc94f685e93cf300fb7c5a84e06c59d1f6e9ccbdf75967fcb59b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53d558a7ba64c5d9fef31e0d222398135
SHA18e10945140bfb325dab4bd6cff7b995603a4fdad
SHA25630f47fd3c5189fd832dd623351490f31d063572b035e225fbef40101772e98e5
SHA51292bba2e4e0acd87bcaef3673a8234c0330193d34c4926bc1b7075808a994ef98bcae148c5ddeb3df70635ef28b987d1a43991002bc6c43bae215259430b8fc09
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e64c7f3c7fb36c7036d26e6a55665acd
SHA11fe98098ba641b53fbd60e425bad71a90753bfa9
SHA25651f42547a13a6dc31b354871b23f316a98caa3f53281f921e27fd66593d31300
SHA512cf25d9fd2bf456e428f60c7f1c04f6ccd59c7c2aca345a9854d6f7118165b890d68f56263c93511a219e19974365690072236536cca898cfe559b84adaac54db
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d6a3270f0a455f9a032a9910d377e740
SHA177768680b0745e01a6a01ab785ffc5ba18d8365c
SHA256ed73ff0c46c592cab5ae1d558de03f4d6da2879631c9373cec7835d845a2a073
SHA5122ba1c319297b164862268c3d927d97b13dc93710ec56539fd3215d3188ce06ccd76777fc07cb6b53cdc6ac3d134f32500e103cfa952f6fa585b856a4aeb4133f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD589f4d2f600d3f5f857250a0cce3ddc2f
SHA1f3fa4e547639f2e6c5cfd3d1d597fb8a242bd74d
SHA256974c2c681fa4c84f94b76684be31d8422d99d4d3683c2c841b21f4e53b0af779
SHA512748f048750dd5a62c0cb8004eab8ea2ad2d35ad30fbede8fad365698d8c07f590c3ac8f43dd1c1137de34fb3827606abb5611f86738bb80a33bc4add17ecf1a6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52bc8fc524c79a10489c253ff11fe21b3
SHA1da97f435ddce43234c16a46de0b6e444a57e675a
SHA25691ff0f24f3cfd56d6e22a007f3ee8da406d6511cf188c5bee925ab6faced8a60
SHA51262e61d3984216ff6b12e2b7f7ab3f22ced6aecc8a08d540c36815dc86dc3df2334aad7716f74247a03c7d658fa10a4da3e59d9257241354b48e767e0d8b325e4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55028d8618d334e3683499d379b3aae6c
SHA100abb268cefc654e1f5bf3d862eeb3ca00fe2199
SHA2561ba5c9c798cac01b23228047cfeb10779823e25235dd39365b54837e8f9d08ba
SHA512e55cc7a8a62fb6ab49b34784b77f1ab46adf65d3bf93ddf1e8c26f5da55be6d28342bc53a2e83d59407da4f8a798095d82939aef3614a7e9892cf893bce5dc95
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5253b87892244e1b4be445da7afa854d0
SHA1345ff6e4cef1a0b8b81eaa4de6a5b7fc31c5dc38
SHA2565a77521b5a50930ceecfa8cc6fda6b504552208c805d46034b9d09fbb410d4bd
SHA512cb9e9a6ec05843c75cc730d1676dd035d5157b32fd41416d05b77befe1f0ac9e21f0ec98b90260b2a0ec40babb3bafe6622d78e9ba0802d947b83574704fe8b8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50c69bd3822e1f0437a781204dad076c9
SHA13066e1ac636791a3d5c642634f5521fcc4364d85
SHA256980741cc9be19b17e57ab769d426eb9ec080d261b2c2c5cbdc2fa428c3ea0142
SHA512f3ec1978e8e143cb5867f0067964b0acfc93d5a317d98397d48b3c24c46e05593c3ff4eea96b4382758b5c038a2d238f8641cc1f236c25e36d82942a1a84eb4b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d9e8ee57d67ad8d6f4c280c4b9db5bc9
SHA15a9b679f4e29863e59e27551d709317eef267229
SHA25691d15289a4b20453253a1813c2148fea8d8ecc5abbef416d5e0b8f6ecafe21af
SHA5120d682b611fda475b988a25c3a167e20fdd4c68988d0e525286c31e62b1af6b454788a661526024ad1dc33cf81914ea06a5cd18f19919d4169ae2d9a868dc5017
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52ae2c366fa81415506adb66b4083f21a
SHA134a7f9b0d647751abcef8c3e6b733cd08951f204
SHA256a8d074e54f0cd39b684a57f88e0e659ea3c63ec8b05c38f3efdca32243543986
SHA51223dc33e8410b56984bea4fc14a84cee296e21df600a8b7a2b8abd5ba26dbd6654be18a249fdfda8331a0863f6d1ecc28459b366fb80fbd6d91bc908d7c81ea19
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55fa2df42d90767b2cf65d96f1e058b2d
SHA10744a14fc8be668001aada4c61f55a757881db17
SHA2566f3b7125f1fe1ac3ac703a81220426acd138c3cf791d8c2e1a6a576754309592
SHA5123d0334952a5ab09c436f3262e79585fc5ece82a1f8790bbecafc65709e0ec5cbcaf6a2da38f7937a5420d7cd6c137263e1fe68946e686fda50872192546990ef
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD539c9bf3f072c4c3abdb96caa6556d75a
SHA12e706f28b66be6e49a7a74e42bd0473e4332f408
SHA256e3c85e2a5da9e4254bf06fb9427db7016b865f6d8cbebe6307fcc407ffef8dda
SHA512447034fa98a740f1dde4735a3c9b7ffba2c37a99b7a1b5be4e91acf420229704a558b39d546cbc8356d5d471a5b42e2172d97c9135f46a0f0bc4261c39aba317
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56654495b4506eec294685d01eb56fbdd
SHA1f2079e3f9c68a980c92d445779283151b001841c
SHA256c94d812fd207d350538109ba3968167b92f3e306dfb6c4fd3d576604444b621a
SHA5123d4201d48b97b9d4316af79057de979f07c571c86f6f40fb2459c2a3d0850c69c09371afff027e7db78b83c2383162b886f6839bde9783700b32a84239baa8e2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57268a69a8c539e515bda46ab79f7ed1d
SHA1a4e616216dd2f2783c71f42c5400084131e5ba8e
SHA256e936eb700ad67565e0c6bda6212fe21fe4bdeeafa63a8b15511e5a12c6c76be6
SHA51257807e58d0b6b92f1aba4610aaebe1b82c6051df1f885aca0c3914050bf4a1d7c68c91bf1f2b53cd4c282daeda800f9e1d44fdfe926335b97af4dd26803986ed
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b367719d8c3b19ce43b1ce2a62131ec4
SHA1d62c66a49e13e388c5b088eadec0461345348a41
SHA2562b2861be9939407f89fd65cec9f14462ca0d54cb798dd1615f7e6c9ddf852b09
SHA5124a6b59a151c60fe67c0531d46588465418af39f6e9de943235df0ab5186aea6e76c1a7fecc77045ff89858c080d92bb9dd3d600186a881f6fae2546ccfa5d405
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56d6b3d65e810437d92888ae286f8922e
SHA1c8691111f9c10eb508cc6df794339ee5c0ab8116
SHA256467341ad3f23a402bf17d6fb168331f1afa68e8b792de17f7593e2d67db656ba
SHA51263d1ed2497de3bb407f77e35f0c761c0c43ec349957cedccb61ea8e8963b4547516ee59575f89e4d22c8be4bfe5002e072d75978a03607eec201fa431c25fbf6
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a