Analysis
-
max time kernel
134s -
max time network
135s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
27/05/2024, 11:39
Static task
static1
Behavioral task
behavioral1
Sample
790745e107e6ee354f58d0315f116fa6_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
790745e107e6ee354f58d0315f116fa6_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
790745e107e6ee354f58d0315f116fa6_JaffaCakes118.html
-
Size
213KB
-
MD5
790745e107e6ee354f58d0315f116fa6
-
SHA1
6bd5dec3cf57e27130152c8458c8aed978b76d02
-
SHA256
a7649b2d10558ef34f24a40feafd0d2b4c96d89a03cd617d9a3a88beb3b4e2ad
-
SHA512
58d41858143c49fb95abcd664fae6d9ad76d45aab6f7eaa4fb447698a2d1d8cad670239fe84735da2bd5f11f5364f179c5999fa4894688a4acf6e4eb63b8f8f4
-
SSDEEP
3072:Sv44iTmVCX1WuyfkMY+BES09JXAnyrZalI+YQ:Sv6aLsMYod+X3oI+YQ
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422971854" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D01D4071-1C1D-11EF-9A67-52FD63057C4C} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1680 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1680 iexplore.exe 1680 iexplore.exe 3028 IEXPLORE.EXE 3028 IEXPLORE.EXE 3028 IEXPLORE.EXE 3028 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1680 wrote to memory of 3028 1680 iexplore.exe 28 PID 1680 wrote to memory of 3028 1680 iexplore.exe 28 PID 1680 wrote to memory of 3028 1680 iexplore.exe 28 PID 1680 wrote to memory of 3028 1680 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\790745e107e6ee354f58d0315f116fa6_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1680 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1680 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3028
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5af66e207a512c066b4fbafa257dec9b5
SHA175f7a2d27cf69506740722e2db8c938e4a6ade1f
SHA256b985f804ff027344bd8c8d44a8cd566fcf87cfa52359464fa53137ccf7e33de1
SHA5126f8f467966c5bf13cbb564c221fd5c1ff086613793121f55933e5d999e64691fe3922796b68a024cc564334212503c1d93aaf3a1d668b631ef07c8448a59b2ec
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5bbed1580d86c55ba36e207fc2148172f
SHA17087816e929dc6f6e4c024b2ee1dc7ad95f7f7ab
SHA256c6f45d60f16e57ebddad34dd116b965d340a6e595b67c89e978a20600f81a28c
SHA51205225364accb503905ccad2bac94205f98663b9abdc4791ad10485390806a2e65a08cf45081d62fca9965776e9201a41b8f16a69ab8fd9d254218574f7b91475
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51cbcf0aeebcfb3bbabeb38a88a5c93ff
SHA1743c9b3b9cdf1efbfc2e6c99cf235fbf01ffdad0
SHA256ea0e84d1a64358f8f5fabe2a8bac71f9f2be42309742b1ba2a4b4ea067f80dd1
SHA512ab02dd2f4b186e168a64af99d261ac1802dea0b8ccc8fece962139eadde7aec2dd6638e7bdf679e2bba823ad41efb7478dbc1553ea31aa02a7179a65e907957d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5914ec10c796f1510e841a533581e8b1c
SHA1a15bd110afb1aa60f68663afc58511d19b6930bb
SHA2564a368f7228008d54cf528dd7ca2c4d38ca4cc70427ea453a98fdac21280478d3
SHA512782428d5c1e33735e0e5d0eda7ddd6b42aef129c3624cbc1af021aa9feb1a80fe004fccc81149322cf5a9b56fe534373bce6dd4ed349bcfbc493abcedfdd0deb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5fedab4afa04a7d3defdde63cf04a7cc3
SHA19beecf93320f13af2f82176271a6bb288a66c7b0
SHA2565e5b3dcb3bd124f4344f4b819cee10eddde88b9e2b9ee4e5e794dce02a164bb0
SHA512388f30ac1e9219bc0912d9b7f1a8dceaa679ff07cb1f428ac78c8f1eb900be564834ff7c18934800ae7e47eb5d9758f1d6c116096db0756dd15c07e423de064e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5864c7ed37a28aa75da4979975f72c170
SHA19b9fc19f681df17c4504e303f4bb0e0b9ff244fb
SHA25685b288c4b00ec7fc23b9b2ac649918cd592e48c816e48521cee3bd053f2731a3
SHA5123559a63bb87e5d9c983f66d7fa3ff05b00f965560f426e289e47c6f01be6e16b247de7ad093cc2fb75a428bb8ff59551ab9c5cb75006e9e1de9baed6874ac4be
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5778ec57345676e2ca09d0f47331cbc85
SHA13e587dad88d67c435639497b68b07bca510be56a
SHA2565775db4fe62dcabdbfaeb5d07123d0a545a4203d804e55d6ba209f27827fb9f7
SHA512aec4d29d075e52466d125f546c31adb8a56b598f746f99faf59175167d1d63f62416cec273f000945d80b3f0b0e90e183b88d17a1998e1990b12c8bb5dd5dfce
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5fe19e3dcfbc0ab46d85deab83743e8f7
SHA1fb1717ffc71b4313922e4afa2845eea20f77cd3a
SHA2562137356f4505ac9484da3c3df994eb6e372212f6b0f73605bb8b1539ba7af458
SHA51228d3dd34edb86acb72ad50ed5b0880ceea02e734001b8e88463fd3d0d9a75585f2a29d1a1850a919bcdb8677c299f50134d00dba3d2d914d86b4e96a07524520
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD514da541b2777248c95a17ddaf9764ad3
SHA1656eed7895e00ff7538874b4f5a8ade54320526d
SHA25603859d518426d25c3132b3af4aee07c9da49d43ac415a2a2eceb9b5062036e47
SHA5128ba1354c3001d98ee72205644c28649d6ba8269b806c8ae6c3313a6bc4e6c49400abab7fb515072ee417b3cd9c43e998d3fb2478b7465431af28beecf76795d8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5cbd4310f50ac1e65a72e77ca85e20265
SHA18004b4e98c6cef3c9bdec46457f726867d4f8bf0
SHA256d34d9ba2986cb475b767253811a9077f0cdb9007ff9b2284acc952a1a3d1de5a
SHA51258145e8e071f6e5be984763aff491aac375792768405634bf111c00cb9322e4c4fde5e6f82a031c7245795975dadbdee73bb33678309c82f67bbc9868aaf4d44
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD550d22a840065828ac3c272db9c85339e
SHA1a070a0ec106ed2140238db8693999796f30bb93e
SHA2565d5cb5ab9aa42fda649eeaf3133f430055a8920a76599f30ad909c28893d1905
SHA512643fae81375616e7e4360fbbf3afe7536b34c4cbe42ee7b204ee2454e50759889a755de39ee1cd47866a99c52d57b3b0d3b1ef95c922b7b27af1e092874dd66a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52382e0831875d4fc41390bda47835d33
SHA1eca06583c5601e2a67aa643248af8074f5b2c893
SHA256e5e59ba843c832dc12dcf40aff514b308bac56e360b641746a8a73c52ebdffc2
SHA5120a46eb31ef068dfab1c5981e78604bdea9bdd4052c0b3965ac3e58f9cbc7eed89a921b5262d079ebbd388735afb6c2479e10ab92132647ac09563d29f1b03851
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD500361e9adfce04a1c04c51c6fd2f93a2
SHA10c0e365bfff82c7db9e3598595ca43396d3264f0
SHA2566d49b284d1f46c96a1f2147a82b36aa6ec51f4696d2e767e9eda1c97db26469d
SHA512529bf88ddb3fbf79eee195fbe0704894d589049edc1e9c1961b9d0a301d976fe05f4d7e4670854b7153ee697b17d36c71056dcc5fc150b630b40af84ae586d5f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5decdd088738ad57f3f4d136291a3fbd1
SHA164fb6994956fe93af544df87776b9a671f6368b2
SHA2562b05448753a6bf7990ed383403d8f82ed81479457244c96cfd96986c49b61d4a
SHA512f8a6a4271154a1921b4e27bb19c1a94b9a0e2dce703dc86f5bd68835f6ed13404b39ea2b1cce2d2a78c5c7ddde7d177af46181b2d7a0319f3ed2b393f0e72d15
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD536f3ce31cbd43447505b1913e255e35c
SHA12a97faabaed25806ddbf616280626fab2549670d
SHA256c4304c9be6a5a1fe7cf17bae6a0e4d87fe27eeb1b3f03ef953e44ce9430342d1
SHA5120e88f0d1ffe5199bb281d0ed74d4fce30b040feb20635bbe9548f47e9ce208e04be551130e1c45c8b69173f7fc3454eb71940741471648bf61aec7a7c83cb214
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c912eee2edc675318557dbd3cf4f83d8
SHA162c801a8de7f27b1f1815bc0b7f1370a019d3e10
SHA256a6529a203dd90423978403fcefa6e2fe7b1c00ee9eef546bad7408a073745d30
SHA512b3b8ea6cab36196ec5740087226948174c5ef1446325df52113b48eb44473520be406df251265b8418235a22e22bc6856b20bbfbb2e2e5a1ee8451158eaaefb0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50b8f8d9d27b87ff319bcad3ba2348f1f
SHA15d784367f05e60aa1809a1aa10d628e0e03a0e07
SHA2563e37b9c60708fb084cc13688abbec85f4522d3c13d2aa257898c1f84c6a553ff
SHA512c03c682159c4580c951e931acac671caf7d42ee2ca253d27c059856d7637d39802ff08207ef792b5527fe07c01dd279bde0090c1880c8f7fde61327f35c5eceb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c9973f5b8fdb750753106765f70cb398
SHA1b6dffe99ef6cb56aabdd04a67d18208dc35d0eee
SHA25663dcce17c372977f85e02912657496ceaa66efe9bdcfee7eb26edde9827ec426
SHA51246b57fa911ef2431dbca3f595d78df7fa805804a5a788fed64c7adb089655bcba2f2c887bb00c4a4cf3838d43a4d59f536330fd7aa500509b525b8cc84031d76
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5854bbf51d71af10065d735f32308d930
SHA1e716c032f00d20571c76079354518c4150b08495
SHA25649251f55f8dd9bf7552ca74769da7f3e47e8ce91fd181bb7da0e6f9d8a6f0b8d
SHA5129560aa6021240767aaa7f54b1d2e2a561aaeeaa770f4983d9630771328b919e1489c090dac0eef01079119f169f9191f0c56102430567037ff3e663983254479
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5cc4330300c77d0b9cac58a40850ac835
SHA158f35100b892177f39f81122a605f58a9a843a02
SHA256db0c48e19824d989b9d00be6efabfb89ac8e44a8fc8f8ed7182320b3a3bef716
SHA512021e9dfe0ff180684272fc1e5575f05de443f10f6b98d292fb02c96bb0a7c03a96916ca42bd00f1cc40f02074f80b6c9590993dbb36c048c34d167dcb0c80314
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a