Analysis
-
max time kernel
139s -
max time network
142s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
25/05/2024, 01:10
Static task
static1
Behavioral task
behavioral1
Sample
7063b48e2d477926a1f8989d3720e483_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7063b48e2d477926a1f8989d3720e483_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
7063b48e2d477926a1f8989d3720e483_JaffaCakes118.html
-
Size
1KB
-
MD5
7063b48e2d477926a1f8989d3720e483
-
SHA1
490ab17aa29c412e87689ed33c8c930fe060c9f8
-
SHA256
52d948666f836f111dbb8bd7ab114e28a34cafe8124787c7d139a5f058b93057
-
SHA512
9b3a235e76d483feac033151f0f51cc02e9c5bb1ec7c09ca87005fdc436d7ace7134345fc5883485f0a847791c09abed19a5ffc2fd8068730593f7379cfcd9e5
Malware Config
Signatures
-
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{85D8E0A1-1A33-11EF-9034-729E5AF85804} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b08a815a40aeda01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422761273" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e3160c31bce3af49be20e3fe75e48075000000000200000000001066000000010000200000004cead22004d2f139134abededf5b2ba7bc8649added41c1c09c3e949c2d2832c000000000e8000000002000020000000a28109067754de1ae9e6beb560e4e9c75200ef254d2e81e35e4b0e2069a96ca7200000009d942de9c172b4beafb40a3eb07099c487f022eaed533ab0af3f2260551f75664000000090d68a6cea265a06205865c39c9d648f4bc9b78321d3474c8ea9d7f1e81f0cf5ebd84b4787758bff2a1098b3dfb244ece83db35ecb72ada79a4627a25c4a6abc iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e3160c31bce3af49be20e3fe75e48075000000000200000000001066000000010000200000002b3eeae6ccc8a947a5983fd8bea00d73e4278d32f593e6ea0e6459027db0bf75000000000e8000000002000020000000efbc60369503bd975a3d8abf9c25c9d51187e3b2fc3fb9baaeab5340ee1ba5ed9000000015a4e9f02650145cf50885615b70dd5e7aee40de353f1618c33307b5555936c8259a4ec28d0e8b729457710a1e8f9b88f0dc574c9f252be8fb06f282d0a7db8a6db1541e24acd107e22389319656ec647a62b70af31afdc2448caa6e6ca8c734a62b3fad670f1d251d757566ee1dd1f2c92a1ec03dd082bf9fa9532764e443de56ccf462dd7552b00c6dd4797afcc43340000000b2729d36b4ec8bbd2f8c9ddf62af393860cdda0bd666ce9f46b6a8487fdebaa70ccd93c7bc3cc741ca401d3572ed8025c2afd9742230778bd86eb3da81aee96f iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2420 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2420 iexplore.exe 2420 iexplore.exe 1788 IEXPLORE.EXE 1788 IEXPLORE.EXE 1788 IEXPLORE.EXE 1788 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2420 wrote to memory of 1788 2420 iexplore.exe 28 PID 2420 wrote to memory of 1788 2420 iexplore.exe 28 PID 2420 wrote to memory of 1788 2420 iexplore.exe 28 PID 2420 wrote to memory of 1788 2420 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7063b48e2d477926a1f8989d3720e483_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2420 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2420 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1788
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f8d4d35f975fed481f23884ba97ba267
SHA1a8aa0df44b8800d278208136515ae419cec2f70f
SHA2564030f25448e83292a5032881d462b34438b2dc3ecbc31876a3318de04b1ae1b1
SHA512913752d6548aff8349795beec30802bbe0c78c05d08b5bc45d99af1ec5edea465071d69b74a3ab8eb0fd5c2c09b94d5e566707a5daf8914d07ac7a0fc024cd45
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a1b0ddd82252fb115f7e4ab74df28252
SHA1df7598ef40e608d28820bab8a368f2f12944a267
SHA256b5b27799a6c19a82a730df47bdc71e9de33e0c668426d7648af3ede997e4a7ee
SHA512dc114ac0a27c05e1d09940ea8379101b4e919c8cb4f62f05f4055d713354042ad05f3bcdd230845d2ef8f32f0f362137948cba8432cb4fa764e7981ad8e48f77
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57f9c5afe7cf748635ebbbc84de7bdd45
SHA1c7ca06d473135daa0106a36f83cc72a8083a45ea
SHA2564ee6517ab49c0692833b3f73911a77fdfbb89ede1caafbb6b2b3097df8bf8555
SHA5121795fc1ad04acc1babe4fb95fc52571dfda5efab3ce5ee3ac3c6f2f7f1fd2ec5d40b62b37cb193771ace47d04f169d02ac857decf20ab978954f06617247ddcb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5503c550cc4fa727b21118b4064d5ba43
SHA15ab5631e71d38c7d9e4d3d6cc09c3d4a7ab2e974
SHA256ec3108db5d7d987c5cf5cef4ff85dbbadce79663499838b171e05885d008637f
SHA512163b622a9a41275c9fda767feacfbe1e6630a237ca095da84a164a7d1c5e39af469ccc710d67f7521b1df448cb778f1ec792d60ac31fd43b5f81dd6bcf3230e0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52d4891f913cf6cdba7273869eda35348
SHA1278dc6fe9b8ac975859e161b6e27443fe8c126f9
SHA25664ed3bec3fa0d98314cef857e873486f931f86c63d8070fe68a3f46bb38f8a55
SHA5120694c707a9f40549b7281532afa8fc97b1864a8b7883926e833a63ac02f577642a8181d2fb3f85f27d39f7b2eb475d696d685ee0d4e53bfe734ade28df9e0fcd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5951a597c428763da98045384b1d8d0a1
SHA1d091fb9d5c65a0614e2461954ebbfa27bd8b3e1d
SHA256849d4909c07504c16cca18e99c29957d72e0d69686211ee61ac96ba1df16e9b4
SHA512f9a61f8262cc84af8730ea115d0ed5b17d73d93328f75d2407da07d3832af54afe7031403f603df833bc071386ae5470b4fa25b1fe1fd585fe42738eb95e3b60
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a7ec13d1fcc235a6ba81e83fe6402087
SHA14d7e5d0cd45d3401c851a2571332818cf7e137c5
SHA25642ca384168ae87713aa9905ed26d74c5f9c58af57f2f2fe53ddfd2f2559d50f5
SHA5126f1ac924a0da3856fac222b36f4353c88f17327dc0ed6dcf3c75a0346b275fe06c6974bbae81dc636e103180d132d3bc1a3ff52f750a2970fe9d171661756cc4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD597a23ab9a619eeb63bf38f018d9d5aa3
SHA13488e5c0e6c38eb0af6e0bdebbf1327d548117ab
SHA2562f7f3ecd617bd3bf123ff287ea24ebf94a729656b5b06c73b2e27ec08e77cd10
SHA512d3fc118cd7829642b71cb9cb5185216d216c53363bba6490f2f43f1f57e75c598981ef58b34ecc47b1277fa1fd0fb69170f366179322e84729c68106bd6b7bf3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f23a27e2576df3347651107e8b7b586d
SHA191d03d927e7bae4b4d5979a348b8bbc3bf7f8438
SHA2560d5ff9fa2652b23af305be97066aca817d6adbf2f737f248aea82a3db6c2cb2b
SHA512d4d9aa88abe0631f7975f5381000f6b57d9271362accccdc71ca46180a74f4c1b7ab0ff937e6c1069c0e3699b77618e137e8a1d81aa611c34fa2c28295144f7e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD586623f8b9344c3604063a6e091078921
SHA1e093f5cbff4da96b1e4ea8eeaf4408a418430dc9
SHA25620fdb06451c2eb7b83dcf121d2c8461e5e984967ae98f5c9e74de8c6935abeda
SHA512e4094761697ab5e516efad03f3ccb35412c3c94b404ef9e3dce39c4ffd6f13b0175d6bfc6347febc2a46d8d80bfe5b0df1e3758838e001fd6bc651a9891b7917
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD519cb4bcfb1be377023086843c4912b9a
SHA108ffed5482959a4ec7a652f2c08e2cef9916d858
SHA256b2c52a5b3979d2c3ab99ec8c587caf49f6e5cdafbfa16a87a12e55a8c655458a
SHA512fb345155aa15bb6504f321509983a1dda41045b29376e2f3eef2cc5a2de658bb67d48658d64b729023b1f5ffa064846ae6f62db878990f6876033dd1755bc08d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57b61209009004473bf35863f21a20ba8
SHA1f6fac5bba873998eecc7c5dc367438cecec1c7e0
SHA256a217d8075ef896c3d8b82a13143ba871723fad3757a845fa10c1e0e781c98fff
SHA51236ea2ac394c2d478e0651ec1436860095a4156509567dc8483be3e0f8c425b8801fed3fe9470ffc9f987ad844ddcd20c7a39826ccacb08f0df14f9a617714b3f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e634fc8dbd0279fa9ed4e7bc099b4007
SHA10b90acc31383fd063dabdacaafa0329b26b68fd2
SHA2565a5b6bfd21209993a54ccff01acfdb5b64c1e8605c2decefb702a4188e1e3ac5
SHA512cc8ec76b34cac9f7fb8417d3ce0ca19b6361daa53a0d61652e04dc75ef0cf5251961bf4cfc2965f5b28529ff535e9b474812c1833260d0885c157f39c255a35e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a84c6fa965cd53f8f334abe495377bbb
SHA1b8f2c578fbd07fd5f913b4d33c52dbdabf3d955b
SHA25672e954f763c3ef107c64aa02ab97f99ee7c504af4db725c6c37ee3a5d268a978
SHA512fa4cc3b5be0d6e472a93c57fe4b196e5e81e65ad88ccfa09438e083088add524e855beae7fc2e8ebc14b1beff624c6bb9ec8008c5b91abe62dc8377c515ee026
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5583b0fd83ef6c8173d721e710805f019
SHA138fde62bfed42a73c141e588289ab676d70cb06b
SHA2562fc520121b55bf4c3e4666c96712afbf17d4a1ae348b2bff63f5bc9f3407f806
SHA512ecd150eb0e7d591c6fe09b53cddf70267dce0665c013e0d07818b1a3469daa5f6259b0baebb32d55402840972e5a8d964861f817be66826cc14288bc5e80a9c0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e70d612ed454ecc06cdfe089a8eb69ab
SHA181ff01cd1341c8fc445eff17b682d7681f8cfafd
SHA256c094b4db23571065592b7072b4f64cc0ced3f6a62db0db0eeee8f42994161050
SHA512d7f9abe7e16b40058957d107b78a6694181885c19b944092dbbdeb41a03191e09d514f7f9da9b585547596f53b8d317fa1c65dbe22352018ae79fabcf2baa11a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ac5de8ba0ba25b17d11eb5e641d4fd5f
SHA143b6520d3987994d601a26eba111c91f381c65a6
SHA256e797651a272a7af3bbde08280453a0f3050bae38ae06da4eab37eb25c082952b
SHA5120daa81cbdbec26899a6e304cde530e21acff0a05f1a04299d1f64c4dd6fdea9ffc29985684042a8df6f66699e4f336d42cbeb94581d3cff93f2a9e6c2966d9f1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5594d0f431996ba663e99d1c1a3b81aca
SHA187785cc07531400571908c5fbaaee9e19c18ccc0
SHA256c5eb9b549db4b88b168e64ce5147ced05c7545786a5739b2138712ad9e2048ca
SHA51289ce7e9c84f252eafce745cb558f2783b2bf81428ea7818f4c24a38efc4ceb5190d95a147e896b9765b82c038d00152227d02ffa5875c7407a54afcd5fe7afc1
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a