Analysis
-
max time kernel
118s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
26/05/2024, 10:42
Static task
static1
Behavioral task
behavioral1
Sample
753794e3a3b532d53bf899f083bcacf0_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
753794e3a3b532d53bf899f083bcacf0_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
753794e3a3b532d53bf899f083bcacf0_JaffaCakes118.html
-
Size
19KB
-
MD5
753794e3a3b532d53bf899f083bcacf0
-
SHA1
efb3a4600bb261271814a8cae9c280201ed2ec8c
-
SHA256
af44cf5b2bb87cf387eecd3ed42a13bbbdc989500c11289bb2160f907e09ecc6
-
SHA512
6b85d99fd58c4035c4ba69a9c8f77568e43a4faac4dd20a17091461879b889e00ddee7230b49f5af6017aa59f620fa87551e8345d44f2b8a0f29ddd312582116
-
SSDEEP
384:ziQKV9iNVBD8cmFQ3RkAZszZmLA8kKcfIk9xheKzVc9V7J:ziTqgcmu3WAZimsUOIk9eMqV9
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A81FA7B1-1B4C-11EF-BD6B-4E7248FDA7F2} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000007551e17674ce32e6d4938f161468f2abb8cd199a20e868bba4f43ff691dbb6e4000000000e80000000020000200000004435bf5f1311b7b63bfe6e2a6c8483661ded8b53d2cdee9d68226ebb7eeb211f200000008f8ca6634cdf9192176c52a50d0ce9efb6262e574b6ce960ab9d46d1c40873cd4000000000581e52c4e4f8c4ebe9a6661716ca60df6a876a95afbc2e4371b1543e1dbb0ef4eea9811b6f645b666047e97c64c190d415a203328a1b99ad9bb17d951d853f iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d10000000002000000000010660000000100002000000099d4d5830e05668bfcab4d1cff4b17e983c0cfaeed9e557f03a7f04d38be0545000000000e8000000002000020000000f9bf97c91eefa8e40d7630ff1cf8da2dfccada3830c9a5923a6ef99fbf7652fc90000000309503e1480fbabc0b02f67c5a93de9fa88469689bb282b1e9bb1bc1cc97f01e24877153ec10f7f303a375a7ffcfcdb0999d4576df4aac1c9552405993d7f7f3ae544d23a98042e4db864df89e2f69ec3fc7d5733df43842b73d2223df59704c5e6925ebd015f7677920a1bfaadbea680b113fe7a3519e8555feb4a4dff42016206caff3afe44964faba766df023a4b240000000dd47006c0c7733ada37309ab80fab58eea1a619a4f51e5c0fb939968dc4079068ea558beeacff32cb46ce37c172ea19e566f28f4c4c13c304b5064fbd65fb2bc iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422882020" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b047d87c59afda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2100 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2100 iexplore.exe 2100 iexplore.exe 2780 IEXPLORE.EXE 2780 IEXPLORE.EXE 2780 IEXPLORE.EXE 2780 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2100 wrote to memory of 2780 2100 iexplore.exe 28 PID 2100 wrote to memory of 2780 2100 iexplore.exe 28 PID 2100 wrote to memory of 2780 2100 iexplore.exe 28 PID 2100 wrote to memory of 2780 2100 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\753794e3a3b532d53bf899f083bcacf0_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2100 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2100 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2780
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51f9dcc4066133230822650e4c2ee832d
SHA1ea36cef795abb0282c63d645f1aaf7fa6dc35db6
SHA256bcc5d19d19f4e8ac84095fe003e24d1bca4bc085c048ce904e1e552d45c25823
SHA512f36b504aaadb5fbb449eaec9989dd0f02672f0070f499bd7617b252231e7221d65c1bd822838558e6bcd7b3cab9f58668cfbe39cd390c187fc4f36fc771b01d3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59fdb4ec3ffcbab9ab95900cdafecd794
SHA14202af08675256decbe38bce644c1726fa33957d
SHA2562272dd7f7080d921cb8a2c652fd30459cf0c862f16b2d3ce062bbb5883d26a04
SHA512bb00c25192ecb5ebe1fc7099150bed61eaa1c065a8afc8b10683d77302419bbb20ab9dd0551d8f6cfb616b8b60739afbab66747f0a2dd7686628ae8ad940887d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a4acade689719099e84483692847e949
SHA11818e94e589d71dd179a215fe2554d06a0b39b19
SHA256980ae067e7a1ceee98cde0e7107a8c4a5ea13fad9661e598e48d186c83e4ecfd
SHA51207b523f324d6fb4792babffd97d069d808a68e5724dc979571c9e638ed87129bfe4291280a416a6176e2525d3ac2e9779416a7abcd416a39910c2ce359dc424d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56b7c8d97a843ab71ccd49fa021f92248
SHA13d3d6e6ef6d8d43b6b8fe46890dc65acd7e3a101
SHA256f266ad822d221a98389895bebb01a47f81511c5271483bb30a99ac25bdf0b991
SHA512cdf939d2d1bc9bb4ffb3b39e2a7ba4fb1cd63c240a6e4b879191f899591f01414d6fba56571e76099ff12c00011bd6d8609cebe470b34c963e9fa8341c584ffe
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58b59e15c5d2b187d5b37b94fa8122ead
SHA15279e5a4edea8334b2822aca2f3554d25b185e5d
SHA256e82f20549a268b6a4c09869547617c66ce707c31003069a190a4c01d8a26b605
SHA512dcb9ffcca4a79cc16dbb8553176023d538540d38312045a568e5327a419eea4940d869b88aa6613d1b2bfb722f5d90002e06e1f70b9060f80dbc5160628ba1c7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56a734df83de2ae41c0a0b23ba6e20349
SHA1066f3742a9032e72747676f589c9fb23b0a96f95
SHA25639b41231b1c027e58d09f6f0632b575dd10753434eb42c9416ceeb492017c578
SHA512ba623f12d86beb93c700366000a1c33cc261673b443458af31badc6e1862f894ac7acdcec84bc633e56e6aac36cb20186eda87075fa30156c07912f5d1d583ac
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ec7555422a5fbb9020ca61562b1ce881
SHA1951874bdb9a98e868b350d158de594334afef133
SHA2563140c7ef348fc119cdac10d8429338237d945e1abe28e4859415d03060e7ff58
SHA5126f12a2c70f86cf626c31841bb01d35cbde2ca7250cf8e3dbc21b823ef579c8e0ad2ad17adc73ba5e92d6eb07b5a9502d7ae6c48563b4daf5213a2dc988c43115
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD551ed353e3f2acd655adf20399979c528
SHA18d7ec1511ba8e64c37062375f425ddc39dbe1c0a
SHA2560f51adf55b039eec6451ca92fb6d08083e74aa88cd85b1670a9a9fdcdee8cf76
SHA51248c4332f9886dea46abcd789c918b789bb71150862c11cfeb78658aa49a8223d5275c5a684ae22d142c845492580881f7e7e1b48718f333e014c4bfe0c87efc0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a7db5a7209cfca6b79734407720f13eb
SHA1762edf8bcbd44e45f4dab119d302b9f6fbe974fd
SHA2560fd5ca5a8ed888da064e3b3d550628b4ef2f50387361f39eef7ea9090789cb38
SHA51242c572efa6f9c31addfd8d508ac55c40210ee8a99df5c2a15cd912f5ea4a2821e71214b8a4679a942f43f8ae8916fac59f2b03bf2bcd91518dcb7d47e2ad90af
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a47dd12a7a89fae06de29737e552e790
SHA1ff9bf2bdbabf21f51ef820c2fc1950f6597448b7
SHA256f30b824dbd37cd24f3deaad29052029b9ebc53c771a12dab6580ccb850c6411c
SHA5124738367cc36e6d9fc79be2fe03235eccf3a19737b806fdec942eb60bf98ba7bd561fd9c374525d717705d27a90ba6033d4f6ff3463cf44a24df25dedbae2bf71
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e2e50cd6b13e7b88bbe5eb0874c54785
SHA189a5be2687a93a4637ea3ec6e8042b8b93ad1712
SHA256cb0c550c13b6b34bc1dd255d807c86a01699404b951339c9fb02da82d08231c9
SHA512cbc4bac42e870833c60d7782657e027ea60242195243a3fa7e516db055a6d9188e810086972d41e15da3851fe79ec67ccf67600ab52de1cab22e153d36f2bdfa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f26c23ff9f6ad9a52d245bdff6c8d003
SHA1ff76e20dd4b29daebc14705c2ba40b9a9a420ae2
SHA256e83428f26812a6d3c59d797340c87e0bf96c71508aef0bbfbd21fcd2d01e3fe9
SHA51255e3b7b0da03ad4ed23f466fc3249658e5ed5151b10a439c26881318b7be7d5729491f7dbcc0867a9e1c726fabbee1b03f5226e5e9b9e8f6c34341159466e8a9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52d633cb3f6addcaf3ec44c1a28536a37
SHA1369b35290e58b79906bf8727cde60144f0379a7c
SHA256e35df02a32e2ef249b613d97ae20e42eb63a06dd9b810124d6a2ea554942ea23
SHA5124c8602edecf14995c869e75cf3766579a6ffd5e113a5f88507749bfb62f511f1e1f2631822b70624463a3a0c4f232eccf7cbd72058102c5d821e8d54dba61f97
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD542dcd988053babb9847d0f7c4b7dcba8
SHA1e8e303fea6c26f97b8dce7c7694f6676f32f5720
SHA256e6b89581c2e1a69547de7868b93366a999fbb66bfd67d4c883de38562a029574
SHA512a9a4477563ba0bd28ec18a036beedee0226b199f3998abad92d82bb90513fe9b5f47a2378d42be188d109567c2cb0bf29cb9c4053621d079b42acef45567dc54
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51ebd7b4c51d9e66f08cb36d6280eb6c7
SHA16e01721b42c640140bb7b65756779f2b97f61560
SHA2566f37bc49ea7827a99cff33f098e9f91dd52dbd6f09738553c7ad3eb4ecb1151b
SHA5128c73eee6d20753dff2b31ec8aa62c6935d02febadfea712e761dcde0765e2774b189810b9449838e6398e7ccefe0e6f8a72972542cfca54c84cf42443263fb58
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ca4bc5927fce5d6ab8e50d5c9aef7ecb
SHA1095d462ee25188edba82520d10bcfcb1a4966855
SHA2560b57ef195052ae48f16ff1aab3f5496f42f0aef491fa4d4038912016b3b3445f
SHA51284889a2d4cd4feabdd33311e5e4ea817fdcde6d3d8aac0001ff7b95eed989f8049c7dd13794671a245cb7b61e92e7108dbe5b34a88caf3273eff07a97772d1d2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD572fa93df27603b8b834264d2137d148b
SHA1a2c8e507d0b7fb140b13b1e70ffe1c764b88d59c
SHA25634538e4544039adcc735e3e7fe0c321f70dc30c5a50201ccd841973a4fc50298
SHA51293dc8fa6b0e9383760fcc3bfef3be1e49c2ef58edf0dff87ef442f66049a4a41a7237190ca93b9460a9e33d56d9d560c3e7c211f99a38963d3b3f12d5dd3bd53
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57b09ff8d58c5a2ea2d1de403064f1e2e
SHA132f5d4fcd4586ca09e532e22891f9ce8447d88d7
SHA256e19b4a1a71dac70e07e0d914208b7e267c200d30ad70177b5b4abbc16d840b9c
SHA51222f542188bf068c7713e40ff429595b28dc5481ea7e57747226d06cf4ea625be2b604a9021eefad4e6a233bdececa930db13a9b3dc595815f9900835580dbd04
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5dfe7254ac7ff5fdd5f65dd51dac23ca5
SHA16234a8b17537828bfca1982655cddb77137f9d80
SHA256f230f78c734826d4e67fa6d3228399e80e49c76c4230a7b02b8c590266bd0feb
SHA5120a7ff81fa6182a0cd05a4368267d1928cd4bb2f531402be6379ef0a1688a3082b8584ec756354935c13a3fe34e00ddbee16c5b43728b56dbe66af68ae7ef4a8d
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a