Analysis
-
max time kernel
133s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
26/05/2024, 03:16
Static task
static1
Behavioral task
behavioral1
Sample
742b31ac6a70b934b0582d9b463cfd3e_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
742b31ac6a70b934b0582d9b463cfd3e_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
742b31ac6a70b934b0582d9b463cfd3e_JaffaCakes118.html
-
Size
4KB
-
MD5
742b31ac6a70b934b0582d9b463cfd3e
-
SHA1
d9ce8f2c7ecda0f1a8a53c4815ce4cada3880d34
-
SHA256
fca92bdb2eb0f63cde491a4a86d58bf494cdcedef16add5c5be0ba4a051090da
-
SHA512
465f308d5f6f35080641f833c760c51cf6306cfef679465bea1b8741d3f2ac1d88fb7392360fa5874ced7a3c03d9ce640e2ed1814c01a91e8419c45672ac47fa
-
SSDEEP
96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8ocHNJd:Pk7yY1aEFHVKtF37sNjtXATIQFM93pDb
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000006efbed4f3855f2f21230ebb97180048c4f04a827bf304f1a37251341f17470b8000000000e800000000200002000000027b1cda4f66ab986bb5ad50b617ea96edbfcf24d2fb76c3544f535936572ec3720000000dd1471525d4dcaf2d1c2de7a3444e5d2cbb183d93d6a1710a681205503d2370a40000000c7b5ccfebb31fa17982bc40ef6bb89e1580a0979dae072bbab7c5abbfdaa04ac859da7eacfec93df71d5e64aa4678623811e495687266ff6da845971f593e16b iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422855267" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d10000000002000000000010660000000100002000000067f592935e9502ad8b6c0359b0a1eb25fa8ca0960a85fb6a376161cca40e80e7000000000e80000000020000200000009ec681dc100e86e6786dade9bca045509fec11a15edb288afd416155af0b4b9490000000898c83930d3181502c347d06a0a2e3ad0b8c536a0f211562b0fd649639334e5722124de36cf00635878dfa5688d25c37a787607b20cf43a818ccb0796e743c2638977ae6a21e319fade2b612df7c8381c05e5adb061f1eaa25fd977d63bca3c9b18f283cac1f3af9a55abece0296ba871fa20dcc59b8135cd9ab8b7fed964a6e5245c6d241985dd7e2b02e24d732184f40000000145d0b8a302ef9f50515c1e5431b43fdc9bf09719d678f32d10a12e2c563a43bb5750d714a5442b0713518cf9b39c0a57650621ae69eb6279bcdf659ec82f7ae iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5EAAD201-1B0E-11EF-A346-76B743CBA6BC} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0e649331bafda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2028 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2028 iexplore.exe 2028 iexplore.exe 2016 IEXPLORE.EXE 2016 IEXPLORE.EXE 2016 IEXPLORE.EXE 2016 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2028 wrote to memory of 2016 2028 iexplore.exe 28 PID 2028 wrote to memory of 2016 2028 iexplore.exe 28 PID 2028 wrote to memory of 2016 2028 iexplore.exe 28 PID 2028 wrote to memory of 2016 2028 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\742b31ac6a70b934b0582d9b463cfd3e_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2028 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2028 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2016
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5cbcde2690b59adb847e7dd550f97f627
SHA11bb802d73058710aa10769e8f87ae95b5fff3729
SHA2562359b325eb2c3093b76bce83b4f14653c16c79ad40707fc4cb3dda5a36a2530b
SHA5120b42fcca178c2478e10b18dcdc5ba2a84073b123d8428226884be2cdd361f4b782bfe7ff8698c2e3c4a1e724ee9ad77b695ba79780cb57c3729d80c7056f41b8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f55226d37a3ab3b29f09fd2a6ea1eac2
SHA12ecbd22470d737f7f18fe8ef1e1e2c8ddaea93de
SHA256806c4b66fb6f5a2d17fb1014a1825d58c9bb467b7072be912bbe86343725269e
SHA51215b062f49aa25c174f7c16b9263fe44601026f2ba383ce5ceac110a58dd013315e0be43556aa821281f4e69ba3cfed4cb1dff18c725031c47ed5f560cfd09f39
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55fc9b59721b8bc9b51008f346cf59f8c
SHA116d167397010685d6b415d335c3ba1d038511074
SHA2567cb76522545ac22b7782aeb05dc8d9996cd0e2ab0ee666b059a52774d1690515
SHA5122fa612de1cc01af2fff23f22699c2aa64e5b1e8358949907fdbc6ddb9cb006aeac214e192ffcec286ff6610560c0b25778ddcab7db3f2b9c7914595f0edbca9d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53b8bda0392a6bfce1a43365c86d791d5
SHA14f432fdf146515a361c150e9ea145ff5e2aff7a7
SHA256a3ce0a084929326725f85a4ed5c248f037978dd7fea403cafb60bb3c145e627d
SHA512e7c5578c1234ea8c029eef28e2ce6aef459c59b55a420981e753c096dc91eee9434207f4f5e1e1305950833dfd5335e4c79a2fd2ba43cb0e5aa1caf795539505
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5be26e653dc0ca4a49bb97e43543da353
SHA14f325c6dc1fa968e4b293715b87411c3da4da5a2
SHA2565b8f31f8366b6d4193b010cc7e7caebfbb7d64c864cb86f4c4845a8f48ad37ff
SHA512320135bfb1a6aa1b446a79edc6e6bdae41c1fa266e9cc89e971c19faac043b07c57e38466417b05d443f0112d85c95362e9c5cab6771b0dd0334aea902b71ba7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52bff88d793dd2d67e9cc017b142215f1
SHA10d49c59d31c47e3d48a499fed314fda73e62b49a
SHA25611420fef9543b25865120a4161fee35c22480a39771fbc59caa3004b68b89667
SHA512403d5c4b5830bad3e6c42646b910eed43f01d6bed9a24e73ca4f450dba47925967ec68f0ad286dc5449a5d2ac9f74dcb1ab3c1189ff3c18413fcc95deb009243
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c56c2edd85cef30710b0081c510d01da
SHA1daa4ad730f60ac5435a56dd2bdcad1b5cb90d18e
SHA256557c8f4d082d9239eae6bc39d902cd072cec691a8928fbb7df58c492b234ba10
SHA51267d2b8e87b29c177bd2a5c64f8cb6635e112d332f88af2dd1f6d2a70367af688cf3748992b8dfa6d8dd26d255b2e16233fd314736d8dbcd13ceda0cd860b4e65
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d50be4269436914a8d943b25e0db590f
SHA117d68d61cc7d8169f925c2a3c256a2e92f0acdcb
SHA2567eb4b239fc624e2bf68cbc64aa03d4de78ead86f7fac6e24683ca78a98cbb3ae
SHA51216391e303f976b5c8feecf163466d712564607a5ac7bf0c652f426207329ef4e1e9f01c63f7005e86b0be072d7f1b208062089646401099db19818304d46bd25
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5cb3337b308bda7fc75f6de349edba472
SHA144a398bd0c4703a723dffb159489f351c7de5428
SHA25689cf1e35bd52498c0cabfded81d5e1f315f000830dc54595f7ee0ff4cf4a76f7
SHA5127a7e812ee0316d3b41781731f25fd0655a48d05e936498eac1bfd399d5f4265626599fba9068573d06b577ddeeadf24baeab1a56e2e1064001750483a33af50d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58e447388e4d1927fff0f681cbc3eeb41
SHA1c4786fb3e65ed410533939800894f44747575926
SHA2563c76696a30435c6da3597559b78d613f0edf8bbcbc5891212930de7409d7a5fc
SHA5120a17ac1e7111af1a3ccc5d175199c3c1733ba70fba9c7b4e1330e10188f10426d8fabc2878824a3985868ee7304f61ba04be157f407fa8be460fc88d3c983779
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e62cc8c677c845c5ec1deec357975d39
SHA175c050340600e7e806084d5b2958ed20767a086d
SHA25602f2c77316fd0c9ca78543c03f90b43eb762bd537603c26cbc839fcf2280cadd
SHA512632f2c98ae3efdaad1194c6191fabcf7bed2d2459edd1c2ccd665ba360b5dd5e81c6a374991add2e8a37ff7e7e1565bec6a8b052dbff9e20f35a8341c12c8307
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b2455393cf8508886d4fc51e2e86f6b5
SHA1b3352a4797fc47eb1f21139213cc49ee90996dc2
SHA256c421eac7ee9a9a0117503dbad31a85fd4d554b3b899ece5e68c934373e1001d0
SHA51217f6cefe897a1f7983c74a5632203e929ff57b90075cf12f50a8d6370504b0c57fad3f0dfb2a02e60dd301facf30e35f9b2e5a40e0687cd25b2710202d252629
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ca6078c2d08ae391f53cc7e3b3f82e26
SHA1fda96a1f8c755d8344a5cc8f1985989dd0184a00
SHA256a149717f5c8ec74377565e4a3bf5935e72a18fb4f27e72ce1c9d71cad5fe6b58
SHA5122da9be93155f24ac7b528b83997ffd45cd101764160efd9ebac8ce32f79d6c329ff4709fe95d1277b9d414e387b44a0d264dcc1a3f305a2530449e2b6ecc1599
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52242107779bb75ecac0dbab20e1fa903
SHA1ac465215ebb6e1da77429d1a7a949bcab222b80c
SHA256edb8998a902316421140b64c1a3e5afdb1f06d6681fa2d3cd52ae977d9d9bff9
SHA51266b9cbe348df0d5f6af0a81e9b5c3afa1ad8e4ac708691d5050b0967f10955c0236f3ed7854e78c61526c4004ba5547c036ab649a351f4d8b48b5c716f6ee822
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b82c216b7d7f34b61655d003730f6d88
SHA121cfa85808e4cb6d72a8d820e9d89d140fed4c41
SHA25622481320c79c1743aea79516457ddbaa2af59623e1d1667ab4e56f6f2d34de91
SHA51274e56097ec0182ff656517a6b20642ad5c10e48863662182a25c605c247eed8b04ceb54bd63ea3443838ff51045e527e2c9ec8f34c2ecbc04012a92e6a4ecd75
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5138e28fdb132162b655992a8b2265812
SHA19811e5c6b5be75e9f59ff473e6ac8f42f7d4212f
SHA2566428b602c7bbac372c1e44580fef0e78ab08712017cb7d59f693040ec9e99906
SHA512a3487769d529a6a25c0b75c9d0db53cd996530cffb0a25e952cd3ecece43b73b8979e9dcd3bad2dd5dc67a0dc99aa50e989c45c884cc8c607b02618ebc44e412
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58db753902332e7ae62807304f10d0543
SHA1b0f476e338c7c264dfa3190deb9331ddf12adc06
SHA2564ba16b88365666ab94f80cf2191cbcbab881bf2023fc33f13e109e0e1a7622cf
SHA512f8de42a153583cc3109bbdea69a2da7639d4c5f54baef10e5495a7c6e005132fc4533335c25677f6985c8300b94280db7fe172ccb5ecf24bbdbc65b105a1722b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD579e128a4ac09d2d5241e822709ca976e
SHA17197dafc8ebe38ce8c4514c40d744b4a993b58bd
SHA25635366ddf6cb5bf53205452cb322d2ed0ecf08fd62518160e4b5fe725b716eda4
SHA512cb03a5eeedc8fffdb691630b3ce8e31374e99b136f07ea3c457ce638d4db8d12a814a8232845e3496a72c1872365fccd3baffffe73ff4eb81883fd829f6fcf10
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55403caa717c73bbc8ec561b695cdb434
SHA1020c623fc032add995346c73c267c697b2dcb265
SHA2560d82e7c03e0543669890126c10d564e0fb736cd6aab9e71089708d1d077454ef
SHA5123aedc9c732498e02230b587d0e5a7f2958696aa941db699e88d604a4292fb750024bf22fa6e5d8043ce4f6bb3983001a2362b94adcaac9cd79ce0e5c4221a4c5
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a