Analysis
-
max time kernel
141s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
26/05/2024, 11:42
Static task
static1
Behavioral task
behavioral1
Sample
755deaa96d4177304c6c805a61ee92f4_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
755deaa96d4177304c6c805a61ee92f4_JaffaCakes118.html
Resource
win10v2004-20240426-en
Errors
General
-
Target
755deaa96d4177304c6c805a61ee92f4_JaffaCakes118.html
-
Size
139KB
-
MD5
755deaa96d4177304c6c805a61ee92f4
-
SHA1
8b812deb5d5395cc81a1ac02d37cc15094c22a23
-
SHA256
c16843f5d27c356caae3f2078e393cf65f984d9893253988f5e2a793d327c108
-
SHA512
0ae2f2c627a4735aa3fe07c35fc1137041728c413a7286b7fd87024459ea94b73252f67418408e5b9c8e4af0bab9d9dff592305fb224df205c27b7e481464e2b
-
SSDEEP
1536:S0bwbf9lmUyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTs:S0hUyfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7B1BCBA1-1B55-11EF-970D-EE42DE2196AB} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e8178fabcd77124f9e5a31ae505f1185000000000200000000001066000000010000200000007fcce44a6f9bec6819adc4474d4d0d1fb9396a3fd5f5dd3a2889acb38cb3c150000000000e800000000200002000000096bdaf9ff9dcc2f2289c14e0d4b9d52e16cfadac00e11020afc9c81ddeffb6a690000000d7f3fbffcc71dd631620f3088b2f057a6ad759906e142f6beb3cc5c6379ab4f5f45a992579d44d7defa475357ba1b865d8c4fb79c75e5d965cb1130e71bcd2e81ff4765c8cbf87ae787c8c7dc94ef40b2a3455646ea68eec3d2b2ddc0eeb435a2ccb3386bf733cb31a946f6a77026015fc8c67e91e83536288fd181fd0ec5aac894ea268f7c59118c0fee8e8713688d64000000026a8bad520c740978e2fa42618df9be418ef28d2e26592d829192a1f7aaf4ba0498ff86803320abec08f233dda15768aea9e5ac97a3a3413d8d304928fc8a65e iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e8178fabcd77124f9e5a31ae505f118500000000020000000000106600000001000020000000fa800956250aa7232793b9b0c31dc33125607af80013473fbe7594f5ca21ff44000000000e80000000020000200000008200af5967bcecbf28a1b2d7294feda19331fc019f1302cee62f2f21de1db44020000000b29154c36561398db70923c0a0b02f0f9e4d15915c9820b87397e00f21afa67540000000fb4f5761750a5b848742b7975cce6564ddf7ceaf08de6ebc22da17a91ec992240aa967664b94a99d81fdd026a7408cfc23c9bf53f55fe98821893f40398a6149 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422885810" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90ed8e9162afda01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2004 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2004 iexplore.exe 2004 iexplore.exe 1720 IEXPLORE.EXE 1720 IEXPLORE.EXE 1720 IEXPLORE.EXE 1720 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2004 wrote to memory of 1720 2004 iexplore.exe 28 PID 2004 wrote to memory of 1720 2004 iexplore.exe 28 PID 2004 wrote to memory of 1720 2004 iexplore.exe 28 PID 2004 wrote to memory of 1720 2004 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\755deaa96d4177304c6c805a61ee92f4_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2004 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2004 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1720
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5aaf11f6066fa413b40148489f1fda17a
SHA1e275b8b4c93a35a08dc873d21ff625fcfd819014
SHA256ee7a3544aeae95785618f9b3bfda93a8a5b1ad54f6daab06f3ea7eeaed43e23b
SHA512baec4206c2fd090917fe3498cbf5858a4d5658c880af7820fa442ba06caab765f75e597d56da24b966ef6f35e28c41aa7646e5f412c7e1b8022ae06e56af5e81
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f7d9f28d1074f4d52b66ee71ffa4fc9f
SHA1d43d4adffc9e3ccb7ee020434f78d852480cd27f
SHA2564f5bc262dd1f19f6dee9000026ea6c13055b07d6c25e80d7b409fc17d2c00c37
SHA512c81de157a9a5fbdc811eb5f85f7343a21eff79697ec208864e2eff44e50ab6e50d5a050b13044d42b496991125b6509b3a7844d49123ef0dbefd54af543a2018
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f7642ca6a3a56f64bfa6f6d286d92d1a
SHA1eb09151480771e7cc15c61ffdb597c0e77e4d45e
SHA256aaccf9a248870fbabd72f23242311694603f101840663add2a00cd2e9ca4f371
SHA512d39c337fdded3fa1941b8702a3ee6359d83f4ee2c4928e912e8dce246a08be677e3f4068511f955543418c2b340627689482f1aa50354a1a30f4c07e80eaf1a1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5027db6ad3f967afef852b3185d4b047b
SHA12cbed0ab406411dffa963fe33ab1769c60a035ce
SHA2568285aa9243fc74b8f07b672f8cb11ca91af201cfcec9a47d76adeab6c4402aa2
SHA5129e89f20d8c5d89504c2abac70674660c698ec4314e8c35247294550f12e31d0f1a0ceccb5dae28be1eee8debb98cd4e73b36c36a400fb39bbe20ab14ab3b2dc1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59ce00db782a66de7d8059e61d8f74a37
SHA1a46bd4bd05f4f0ddb321231a4c22184cae4026fd
SHA256acd808d7ec4bafd16cddb585f26afcc9953101f996320e90b8e4ec6b0b3436be
SHA51231b5f7d2968d8421069707c8498b58505ff972940a33d50baa1c8ce9dd3dc0cbccdccc903a3b57bbc7808e4047c588956f06963c4178a716a40e035c11930d5c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5eb02bf3e806a111d41aabc1df603826f
SHA193670f58e420ae9809cfe55e2dc96f13dcb9cd67
SHA25690379ee0bc32b935e2e1f4e4a538681b011daa0c9cc4ccc05d03d2f656abc8ba
SHA51258050314eb18f68c0b331d1c0729bf75597706cb9ec26db0af0ca31412503288fd4450c2ba99f8599f562bb5730c23b92c35f41e566a08f654e3103a4efec10d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59651bbfa51a5d548c320f23491b63488
SHA1b264be10c99fa716037b103ccecdcf2b110811f7
SHA25651897dec2adb87e06e837f76903b83132e532e753d0560faffa904892e1c29ed
SHA5120058409d34e4655d687a065b1d5beeee2aef0edea9416663da12cb01218558e6613baa88f1c8d5eba9831bee4adc3a58578a2c23daf3ec2978afbf7226dadfda
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54e62c12b2ec7ef4ae8cd88829b2d5f56
SHA1accfe42655c400473fd0a17d5697539ff74744e5
SHA256eab6fcb2cb51083f4249e5f9a9d78a1464bb201007223f99c681c2011a08873a
SHA512bb05ef2084b6f153ad58e1364632a699f73d14e65f44aa5ae7b1cd59415c92ad18b52db448ddefbed36e1f3561b7879a99f9ad000e398a32363ceb2f417affdb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5fc104aed3092bd1829aff3afa5ff678f
SHA14f216af3585456d170ebcc1874b218c27a949f17
SHA256083c33b59d5167c148361913c77d95f96a764401a5ee41859be85d7cb7ee4901
SHA512c4aad899b6ca9e30299c8b41a62d360be442e3f13e44dc213bf62f38fac26205f8b33e986d64d0a2ff28da97e9df872b2c372cf0babc46e7d4931b7940a1971b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5453e836b8cba75733650a591cba22575
SHA1255f6e0936b6e18b0dfc623f2867843f9aaaca67
SHA256b9b5f88417769d392f5b62fb4730cf337eb222db6211e14a10f718e81c0fe4d1
SHA512e6f6aa15d67ac32f225a798511492ee4ba77f999c70088abd9215a1bc2b3aefe7cfb213556495d8807135ea4d4ffcc5f4a6dc8b27e37f69a08e9cfcce137ad6d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54adebcc496d948e48f0a9e31d23f00a8
SHA1d62b11983f72fc3fc7f4cead891b22e815b75fdb
SHA2569b6a7f7c74f61f40e1f53170662cbc9be5dccf86010d01e143fc9a6edbbafcf6
SHA512f29dcef43c8adb02bf48ded5ed7219f505eef6f77d7751c5abf0d2c3b3701218995fa0fd69b3b02bea6e894c237719b893c63650957348654e9c0abec4fdcc1f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e7536917a768405ac99e8a02306ba28d
SHA181593977209a82d1093051214afdd4c5a2e92a2b
SHA25662f27df4ce8c9860a96c7a9812cd826f39392002dd80e396df386b6a7188a22b
SHA512088f8c53c1d4a8a6a325846a0cf87666db007b7c4762b61d863024f21c686ccbf5dafbfc8ca37d3a695ffdbd37f1f12dd3a9a07e03becd406ff2e3d6b414b449
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f12a243d7e7a3fdb462a213701f846ff
SHA11b0bf489bc6b943f70b4ca9151eacb26fb082d54
SHA256e4d56c101f28cec7f6db051bba0d896220bdbeaabe0e27bcaf5c132b096713fd
SHA51215589755e02da1049ac0ec701cdd4ff90d3fb76c0491c21ab4abe49555bfe94f6d0cdda3b3fa2407c0cce91b010e583dfe9dc3940ea816a54caf99e591e06733
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD597778759046fcdd6dc805e807731ed38
SHA1cad3d40855eb2d6142fc47bc236dc23df750c4d3
SHA256600a99f93a45282deab7954619765f63c5b906d54cb862bc2bdc97c03d1f52ad
SHA512ee3da9927bd25f0ed5da4b946ed1884a7789179a4fe84aeea28e90cdc1ea1d2fac65a2580548aea5e1cf7dce970bbe4be475a498e0522e262f6691d8e791d83d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5790086dd4214dd774e57f6c35f37de22
SHA1e4687f67e2d7b0cee767b2b3179cf188b5327727
SHA256910abb9d0ccea54e2823f4d2451e0d595369ced4aa58e4907b7c373595e5996b
SHA5128392ecc6e34f956fbf589b5939ff83fa1877843717f4210d269f82fba19b695ad6a561b41534d892e0164eb94e9aeeb1b0a108f765ea25e8054068a55768f183
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD510a7642b6ab08e9eb668ae0d10a67127
SHA1abc4f75552515386965a48ec853275e9801979e1
SHA256727def46e3821e34b5b3f37f5ff1fb981b1216fb13e8f4e5f2a4332367548d4f
SHA51271d7c7c16e27b5a2533969f32c49f693869f194c54ab5a13c6656363fd987d4d900028eee64cb12a4597143663d52f6e0a3a8402ac298e0780d2cd1f8f5568fe
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a