Analysis
-
max time kernel
120s -
max time network
130s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
25/05/2024, 00:37
Static task
static1
Behavioral task
behavioral1
Sample
704e711d71565a1b77b27e947f315167_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
704e711d71565a1b77b27e947f315167_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
704e711d71565a1b77b27e947f315167_JaffaCakes118.html
-
Size
461KB
-
MD5
704e711d71565a1b77b27e947f315167
-
SHA1
0c86c8dd4549d0eb4ba50a139461a0694443facd
-
SHA256
f5875997ff39046beff09ee95197613e91d7bbc44e35233e56daa774224dc79f
-
SHA512
cac88bd0c7a39dbd2ff8c97ca7bbdba942b80d3dbeea131ba47057a1571566993c0eb9ed582eb65429285ceeb4603749a0322df3046e6d1b474a4daac243f202
-
SSDEEP
6144:SkesMYod+X3oI+YGsMYod+X3oI+YtsMYod+X3oI+YLsMYod+X3oI+YQ:65d+X3K5d+X3n5d+X315d+X3+
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000e165a91dad55f089d99c7f7219fc2748d3626027b68357f5a8d53d9e64794f3f000000000e80000000020000200000006add9017359ab9688f2ac1586b9cc69fec62d8c650b4b15e46c52bb7178d86dc9000000082b729588e565069380a0f1e7720a5084c5d06cc8840944477f204eb5ea8220b944ece2af3ebeb498b662c78f89b1e7e3114d30f8bfdb34ea4c559acf5cd13389e62fff603dba699ae3f9723ebc78a3384f3fc7c9f46b34d36cdb807f200a1f86222837921ae003dbbdb483bafe5a51accb0637bb87494f3b901d2edbf1962ac06bedbab7bfc8fadb1105fd75c30f8be40000000603477a6a9f2b0926a84d685b17cf9fe8c726a451f02163fffb82e97170baf2302d88c31303364daf512cef448860ce0f271ab997964363b3d62471ccd0d9b79 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FC2BD6E1-1A2E-11EF-A585-5A451966104F} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 5042afd43baeda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422759324" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e93610000000002000000000010660000000100002000000085ab60052d4f5935c075f2abad3f60212e24cfe15c1ea73fd276030987406ce0000000000e8000000002000020000000a13bfebdee8128ff8242dd0cba4e7cc3140508ee520fb5d84e0925e8ecc2d780200000002f0f83562797fa5f8b73f78840086059f26df63153b6e44e36b28d4ef71fd235400000005bf0003e30e14ac420caff2fa4c801874f3d89e08232676f403e8fb3147e1bdb0137b1a20f8f94bb4c66fe93e9be88a2afabe86b4fb46e1c83a75206416f6ab0 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1916 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1916 iexplore.exe 1916 iexplore.exe 2184 IEXPLORE.EXE 2184 IEXPLORE.EXE 2184 IEXPLORE.EXE 2184 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1916 wrote to memory of 2184 1916 iexplore.exe 28 PID 1916 wrote to memory of 2184 1916 iexplore.exe 28 PID 1916 wrote to memory of 2184 1916 iexplore.exe 28 PID 1916 wrote to memory of 2184 1916 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\704e711d71565a1b77b27e947f315167_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1916 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1916 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2184
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD579ebc19c284070423b719db8cd20dd91
SHA1a2edbbc1a75b322c9e1c2184d45c9e2d39031515
SHA2565edda504a87e723851942fae17fb9fc1d112d5ce2d9ea0125cc447e2122dcf1c
SHA51209a61dd7c0f2896128254c416433e31ca7d0ec7ef68bbc9155ef49144339127d83b5b158ad7f9478be9e491d4fd560a127f51dd6303d3e3fb35b3a940df77c24
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5bc162d86052f72968952f65380a51773
SHA1ce4d5ef48999fd741115964e89f83066a3c175d8
SHA2569a1c60959c76f696be75aa01882faef75eb824b7f5aa783b9704a494ebd5551a
SHA512d2f55bd7778b4685a037fa91bf0a586c489901e1ef54529c1a8e450bdddaad23435043954ed8f53c54cf0bc9095f8c3af17a00b9e3987a1cbdfc4f025ea4c507
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD530c643366e21adba177f9b6ba578a180
SHA17c779ce0aa1db999b7aba096123af23a54d039ad
SHA256f791131ebfd49c4d532d63b640419177f23d8850ee4467046759fd486f3b138d
SHA5122462cece9fe0dfd553f77021e6d1084f9db2bdafe7851843565fc1404c6aeb5b79329d191252433233e668080fcfbe2cd4090a133208c7cb5d3ff966d001a420
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD541058f186deeb90a1bdbfff1413dc6f0
SHA175b88a2ef3582fdcffd98778b544bf7d661bec6b
SHA2560c5182fec51a201bbd8ee011b14abdd22e19714dace3b6ba76001079095a0310
SHA512bc69024cb124af1b78e9822e9c7ba351a007a080288ad0e1219c3bf369881b1a1e0f17896e49b9e24562b7d317bbe2b2761bc4b201164bf1efcdcde63deaec22
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5261596f407b88b1cde321b033a81e559
SHA106f56dddfae07e093face4e7e2cf942548f50bb8
SHA25669c4cbbf62614de41a1d541cf7497401bc43859a6d35dc4b2b5995b5339ced69
SHA5128b9b7d3fe12c2c9a2855759a6be012757467c230c0b26609aba0c266f4d1f2dcf670ebc59ba3a558298418a93b748c4500b1522790ee75b52f462a2bc596bee6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5072be2d616491c610e2a5c0c5c25d345
SHA1e2130521abfb1d4df39d13f3b57f88cd95d07e3d
SHA256c06e8ad7bad04baa2775cf69204e8d7cfb01134851df292cd9f9386cd0c6c2d1
SHA5120179af7b57c3116066eeb6fe8d774da9335e0b4f05cc186f238394b5c5cb1e1a1c1026ac5a896e09dda0b8d903e86faacf547b638116857d34784f376218237e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57554150c1afee02c366bb0fad1070ecc
SHA125a1bce42e4c69b96f4b78b4ca1b3672633490ed
SHA256e4802927368a54a9c62fbb7bedccb8a441c17ac85b915b248e058c4e3ecdd43b
SHA51208503409b71c371565bbc7aecd504aa3f98aca3b09fa09e417e89eff5d840cbd02da9bfed4d21a8a2cf6705f2bce5dc043305a42e0fa130ba94fc39dbfe8a428
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD543d72b900f68086557a57d24924899ba
SHA1a097855909de341a762e8d73b3396ca4cc69e026
SHA2565d2ee85faf25ff9fd803f7fed8a1e9bbed8d35806f9cfd7eeac206283381088d
SHA512d7c047916b2a7d7812ff87c40410c6a7915675a4d32ed83fa9de212e310f4fe6a7f1b00884d33a992c0709794e87163378f44d46cf5d960b1a82ab6e39eb2c21
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD534632c1b93890148a3134f29e44556dd
SHA1634f2c35a2269e054635d9efdcaafb3abcb76efb
SHA2568a5142ce1ba0fbd1dee437df255eff610ae365a9af2ab1a11e3e9aed11dc7800
SHA512b0e85097e43a38b9ec9501e5c6c8cc9882459b2fa17a48533b9f9c212bdfc1bc8cda78f15bb46a9821527c2765144f3683dd8f98a6783210ff0f4dc8f36f6a50
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5557685db0be3589020aa97a7eeb58f1b
SHA1f07a7348beb0f3ba98e5273bfc6ebe68b605e418
SHA256327730bd96158b9d8eef95f021f920e3f8e7103aa2265839c7cca5047b3f1613
SHA51280eb781677afc328bbbbd5ef5dc50240ccad7a329896e931bf512e163c646b90259f2dab976faade81675639e07ffe70cc865ba3a3f9d6db8ba790fdb8f04c95
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5cb528d368be624d45aa8116a7b4ac908
SHA13095a0e531f92125f28a8f902320a27293312ac7
SHA256b099d3a5e5fba5ddd97cbd80e0267b215b7a4f21ff9e60d4a3966a9616aeb137
SHA51208d0eacaf29ed2a0991fd1547960dc94fd9c5917bf2f03136381e59c9d36cb4a2fc49967882ee52f980ad8ee818020cf59788ab3fc9a35c7a39667f8b2c56216
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ae8c58074876430bf44ece2d524df6f3
SHA1eb11eb222b7da402ef125bec2c0e39e4e5f5d9dd
SHA25638ec04ea5bc3951b225c0e1b1ae1495139023e071ab4d307fd3f4d050bed9357
SHA512d140d63c1f016b4b4db67079be3def2e407378d013ba5bb48e00d765af19f6b1ec19e098c6b805a022fc8b96ba94f814189406b33605810c8798f3f5a1d25d5f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5db8f503553394c79a632db22829bcf4c
SHA197ec353f438c07ca9bc06ce2aeb5f59178f8da25
SHA256f6129fddc49b5ca68462dea71b24999ee590f4007cf57fb0c9cfdebdef008bde
SHA51230d4793aacbf3ccae23973b815644f69f0c6c71e91dce93a8bb9eac5f87bb330415d0c040bc07b843b6df971b4f1d92df11cdd60b39c5d09fd1ef2bc75c0fbcf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e6d2e356a0e1ee990c64767ac6206cc3
SHA14897f893cf7df60297e4cc6ad4214ba7f8dd5263
SHA256f7084bded2b80a9b8fbfb28e2c06890d0c8a6bb6670a7527085377fbbab962c9
SHA5125a50d44b88b6cb84590038bccf0f40525d4a2def5ea07ec8178e4f579516b45414425edd33ca49a8283d124aa095deb085d32af325829b964dee2a724e8992ee
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b755bfbac14a774b3da3401fca5673b7
SHA11dff9f43a9ac881c634351469acb22b017aed01e
SHA25631c82c29c4ed529b2e44efa50d828f18f783fe5a09c5d1308834e9bff5f78934
SHA512cbf62a26c7e02056a6118670c97f91272c7df7af37c2148871bb25af6b6a20f9040a114d8269c61d12680f6f11fe851f4c1ac53f8f75fc0370e73a58d8b02b94
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD532e507a709ab575087eb519e5745484f
SHA18c2b78c84460031a0350702d6c0a8cc0af634fba
SHA256afdae7cbc7aa70494da43e121db88a9fd65f8a3e8c62960ce733d231bb4d3db0
SHA5128054e361fc56b4abe38d226c4a30047aef6cdbfb5faa754cb785f0ebe4ae808f3374010fdd3f3bda0de7bfb42b4e96bd693ff7093aa8f5a43a4fb1000af65348
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5172c29e978bfe4423d86963dbe9d0864
SHA1747735e1c175e15882b464b6fceaef45ef3ccb91
SHA256a2de09ecc63d222a2db5a800370b6544efa96653466bed7dafcf6d4d0383b68d
SHA512d3b7217485dd02b851ddace3682df1a3e0a8ff2464f8b47320072f4560785ccff95acc724d60944be9704d479b18e14204def4269048e78973a9999cc0024789
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59afb0ceccbf59bb6a0a8f8ac407ca43c
SHA1b49f12c3ec3a7fa69afa2efd9fe3d9195ff83306
SHA256365a32fe4b6a0a6449f51bea43ba52cbc84f279523bbc7a9fff8fed877d1aa81
SHA5123d1ef34ab8db28510708078759679c62ad642790dfd55e1d4d91a3c87a954e4884982d9b394e241630ffd927e4811273230361eca7811f02bb1fcaec099c9a56
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a