Analysis
-
max time kernel
121s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
26/05/2024, 00:58
Static task
static1
Behavioral task
behavioral1
Sample
73d5748067284744b53dfb49c7b3ac31_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
73d5748067284744b53dfb49c7b3ac31_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
73d5748067284744b53dfb49c7b3ac31_JaffaCakes118.html
-
Size
14KB
-
MD5
73d5748067284744b53dfb49c7b3ac31
-
SHA1
c7c3a393c2f0fbb92c59072fe03bbe3fa250a018
-
SHA256
add34d6a77d10e0562a4d848270c8d3d307326746eb1f947748624df1aad7158
-
SHA512
2b1e493b0df454b1e8ab324bc017004beeb0ffd56c319efa0491b9ab53eaa9104a64c439ba3d4fed073c3ed0526e27698877db0fcdf5a452d3c63c43d45b6a48
-
SSDEEP
384:CyidKt/acDKQFAi79y1wMMn2DJHT6mI9M1k2bL:CyiKMQFAi79ILMrXS
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{19C96061-1AFB-11EF-AE43-7A4B76010719} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000602df3cf3aff390cff89663909a4e56590254fee73d7b2ab4c9571addc4a716a000000000e8000000002000020000000de1b1e82710953f1848f85570d388448b13124b025ea5d8f3ec0e7a37675623b200000000f9b136c4a2febc8e37d9deed1cb3e76311026059f567d24d6f213d6cad50e46400000004a48affedeaebf377dc7c31996fccf9ef2613e217bf96d2d99e6b60c830e9637b768f1a5007a830ae9f84a8b91b1b527283ff6079891700a3a9aa90c211b86c2 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b08013f107afda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422846991" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000296361b6f77346c6b94a8bb580f680d12b9eb9cce675cdc8b7b989ac977646f5000000000e80000000020000200000009d8858deb03eed65bd0fc381d3c4ab25af0f91264b0bb44b3d7fc9705d4172df90000000fb97ac582ac2892fb9d963b773fb097db5bac630837e29cd75f5d6b970bba4b3ce4305ad0c0232e350281222dc9a805fea6436efbd8f4516fa9bd16237f1e5851b227cd8e147b56abdb37211ec8190ed6050098ef9ac6908c9d9d0eda5649c41127adfdb898c5cc873c9551a313057434252b3df849c8b2e2dbd8e7361442e0f7bca05511a249a23ed73578ece6c869340000000f3b895388bed3c144be5992c53b7b6c9a9e4b38e87b8f8d2745add1c1744174fdc3b202942cc49e3b6c1986b2bd9d2b8a519dc69617ead77bd448f0c955f280a iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2072 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2072 iexplore.exe 2072 iexplore.exe 2656 IEXPLORE.EXE 2656 IEXPLORE.EXE 2656 IEXPLORE.EXE 2656 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2072 wrote to memory of 2656 2072 iexplore.exe 28 PID 2072 wrote to memory of 2656 2072 iexplore.exe 28 PID 2072 wrote to memory of 2656 2072 iexplore.exe 28 PID 2072 wrote to memory of 2656 2072 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\73d5748067284744b53dfb49c7b3ac31_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2072 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2072 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2656
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59ad9aca2c262510bef8473ad78021e73
SHA18bd160ccbc3f50cc5fc3c294c5bac2c1e3104bae
SHA256d5d4611a6ba0916a18f2f31c8f9bcb0643af109470f3726986899580ca27f726
SHA512e16403440bd9ea073de24574c26bddb273e1ff670c05b810be67c24233349a79cec24b3eb931f677f948a9f024d8dd8462c79fed4afef867dd54361a6da49a98
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ebe739f59f30aa81679227a4815062bd
SHA1acd7f12567d232b521592a257e50ad759ef04dfd
SHA2567298a4955c44fa55246292cabde5b08b56f9d112953ac61f493519e6ed3b7449
SHA5121f8a341fe609155ee90ea2cfe611ebe285de1bccf864e5f45c5522c4f80abc4147862c5c09f2805186c6cdd87bf46d08dc616c8e33ef1920b0b688d33c23f851
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b0214860a82fe1a420fdf4e5a2bacaf8
SHA1877f7dcf35ebf1b2dfbe8fe9c4ae1fae56b9d444
SHA256ebce768079510af2ed0d7da13c1e0a135fc285170ef54354423cbc6eb45dd343
SHA512ced66d947518fab578568dba5f6db085d51fa555838328196a733d4c2a3babded67ea31c2f55bfdd85d030041ac996750007ffed79fe38fe163844361c681fd6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57133c0a7025c01501285f1816824fbea
SHA10f74a9c689ae72ee0076a6e0a3a0e4f975f28804
SHA256459e66e5ae10dab3032d8e370c7e62b0747e7997ccc1544258dbec261b0231e0
SHA5123497d9ca60da374bf5772d4d74949be0649b239e647f0f3c38e6bebeb0dbd011f8ffa43c2d79a821ed000864c656066e4a14004af32f8f8006b211a4d9c62904
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD563398e983ad8bb9639b270a266cb050c
SHA1ce387f68f6b5a0254470111ad8136216b661d7ac
SHA256c7b4c48a6ca186ba7b9bcb43853dc6f8211e3a978c40f1762109538bf48be63a
SHA512c0d00a849c0d2282b4d418369e0ee5bb8d6fb1ad82ce871b2b2e402dd91fefb095cbb6d3043eb294b14f7f5191b57fe361fe28979a866dec5bfb496167034cc0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5847ff64711acbae47f9a230051ba405e
SHA145f2dc79a0762bf4e5933908ff05551918e6f756
SHA2560089edc0a66d8174c482c3afe12a526105fbb7b3d2c3a2f602b802c0706e4344
SHA512ef76fc1fbf6ada0e10e9ad1a41d7ec9179dab7b28262d1ff86d4f9ae80fe6f52ea6c98afda9222850d3ed6e018c581183ff58c95d460576e79718c3a848e7914
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b96698f01f107e333632c4016320e403
SHA1502b9d4469fd19f8fc7ffa4dc89973e1af971221
SHA2563f5b8c0349085cad95135ebaebbecc8a66c808da2a522f69a8ed8fafd60e67e2
SHA5121272619ee0cc73e36c5fef76bdd69f6da0bb1d4ac21f515cfca5c5e2fd8cfcb8e601b94114cf6e8af322e1815568e1681d02b74eba6d2922afa3d610542a9b21
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56262f07058a650a7905954053f8c67da
SHA169b6cdfad3ec52702279e94172afa40ab2cdc33b
SHA256882e510fd138f4d0d418a24a9d0d6a8be6cf5fe070031ff8ffb15d6cfb26ff24
SHA51250275f6ffd0a2d99e83a161ceb2eea60b88d0a44fae18a2c96c107ed14f5e76b696cb5d22f90f6b5aa2d25c8c5a6fb5e24e02fe013591a33e50972938927855b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d0a59d1ca5b6b6af77473e0dbb3a72f3
SHA1093730488c67d714ef27c159f3ffdff197139944
SHA2563ab8cedbe0d7f72e9c1f9ed3ee9ff81244cc655c8ab47f2b5049130d344352c4
SHA512d99d1d737c615fbb6871ba72999a39d788f5a838041a5d6bb36dbf3be2089aa3c363125b2e963732348bc285c7f52775aecf5e8dc7dbc951029252abad5fcb19
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b11794cddd93d6d2801444401f063f9f
SHA1bbf4d3d1151fe233c0ab4c1a0437600ae1ba86d2
SHA256737e85352e5e32f55df79cff566318362228d87d3b83fac9888c19587a55ebf1
SHA5121c2646112e43cb26f7a5f83b9754831f374e45393950528a9ea068bc706fd11cae2cdf7bb95c1167d6b405b0c4a60a702bffda18c7dbc0b9307dd55e2b426a1d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5bf81cb282dc852f768359b759d95ee18
SHA18937156dd3a232f7406e870998b7f61848e02300
SHA256ac667567e066b25ed542b5ef25da143a379c9a426b8ea14ebe78d22f5e95d22a
SHA5125c71ab57fd760b9b8a5967bb20bd223800b7caeca872752cdf78814f03204595d386bf9667a042fbe68caed87bfb71f81f9f74a8ad37fda2e00b63ee940c54c9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53b5f2d8856858012f84a8d5529ec7d67
SHA104f9f4877269d2bbdc4e434715d6f0079509dd7a
SHA256e5c9777d494a40612b847e63cba78789962c438cefd96ee4988e9b93661b471e
SHA512f7de0305eae31227661eff23411624093e89e97b82adff47d3e62a8cd80d9560331cb19b00c015dbc3944d42b82e07c9c76ae2164af8a34389bfe9a2e7769dec
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e238d9f8e5df467c45588acde5f68712
SHA1461e321f502582dcae82a3b91b648a198e02e880
SHA2564a792d69cae6f0edad0fa855db7b59c6c26ce7d53fbcc4c8b41bcde7a9d0b514
SHA512f7385655fde2cfc12b287630f5963554a84c81be4439b7223df58d98b8624f0fa02105e43439b12baf645abae7e0ebacdfd841be93f898e2d22674dfd8c195f9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51a5b67b7a484fa2b3105f27300dac636
SHA174834b1e78951f7e3bb8577ddeb4ff3321426725
SHA256f6278c1d24335569cf2cddf780082a113cd008dac791d09a25d0990c796639e5
SHA5127c12c2b312c1bbb6e6dcb361f55b08e5a5417ad6bed66be6a81748d80a48e84ee1c0e9a272c7bf7223cbe16ef97069decc1011813cb7cc8bf54455644a1b5f8c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5161fccb11da75395949d46be473b13a9
SHA17fd8d43a08f068bea6376b30e2204a3ccbb41fe5
SHA2566251844a459a18fcb1b9d395fc1f28d14a6b7b9d0d302b3f4230389dc54edde0
SHA5125b38ec39811fa7e821e5089495b6d068e9bef58aa6e9729577f377f6d4e7a61926c3cd2987b259ebbed139acf7fc719d23ce0f91456cfdc33f9b042ec7eb3b58
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53f009658b3f488c8d924d4fd86fae41f
SHA1165d41d7c39842bf9c8ae599413e7951547fdbaa
SHA256a11c71e1065fac3fb7cda3cfd854b76b214469f84ae217a5a7e211e2f8e7c4b4
SHA5124660d030597485751a25015edb625417d5e108a738ca5aac1a047d2a782ce6d3646a4e71f1d2fcdff1092247394ed9e90e5395122602dd8b2e03a49136d9399d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ec582d98bf5e787457be8ad1bd5fc6f6
SHA191e9403049972e1d94b16189f0c123fd0f5265ec
SHA2562c28d1c464e61967c16adab10fa0e0315689e04bd23573b4bcc9a19dffa5f27e
SHA5123d3852777cef3f1cf5df28cb15e887fac19cebaf578dbb625568fc7fe60185ce0f63b5ac914772bc179d39570cd0e0462c7d0a81fec732c5d5f0f9b2a4655995
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58f4a09722348c9b1673bb48fe2a45d16
SHA155e407964b3866b91e11c89a971c2f36de684b9a
SHA2565711488c8c6af7dcb1a005f1a9ff805fc5283c703b98f4029c31c1acbb5a11b4
SHA51289bc9b2b6c986f0107d77fef5c16eb4bdbdb773f80d99a0d1eeb22cea885b9a23a2f4174a0498142bea81024ac1e7263d9427d4f9ce8c454f41504d0177209ef
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a