Analysis
-
max time kernel
119s -
max time network
143s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
27/05/2024, 12:11
Static task
static1
Behavioral task
behavioral1
Sample
791bf9425ab75b33634711b12821989a_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
791bf9425ab75b33634711b12821989a_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
791bf9425ab75b33634711b12821989a_JaffaCakes118.html
-
Size
33KB
-
MD5
791bf9425ab75b33634711b12821989a
-
SHA1
2193215a4f2e25227e0db81ce5f8f391c5dca13e
-
SHA256
c6e430cd2d68e908ad5649becbac4ed64f415baa5ea225838cfd627df0c70401
-
SHA512
6dac43400137eaf57ddc2e4d09111490b4b1bedc32bef0c5daa27731e07dafb95b51a0a0080811f648962e59ba78ab7375be5ca8db5ef710b1a58223d95167d6
-
SSDEEP
768:IRCaeCN6jI34JLyoP+fVvlHszt17SRVniZzIfGFARJ4tuqO/9/pewpl:IRCaeCN6jI34J+oP+fVvlHpRVniZzIfZ
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000001c2fbb3979003a786d80b5e443f79eea93e7aec0168e7a9bac63756df5ae6054000000000e80000000020000200000000c10919ba272661c6efb5480dcdee58f0330b09fa9113572a282d3aad0945688200000004278c8a303337730b272437e44c400e78b4ac8a038e7b96e77699fae3eae7fd14000000028d3c5f82f3987680a80d645fdf30411cf7fc531af9b0c27d4834dba88c3797b3b43de261edaa94aca4495312f93c25b97a2adeff37aea8deb183ee77c15a652 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422973752" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10df0e3c2fb0da01 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000d8fbfb0af705a4f70d86a4f7ef39d1cc96126aa68839ee10fb5427b7e138b4d2000000000e8000000002000020000000a5f440bc85503f41972590801fd6da86f1cb12f986eb93930a45d50a4399e14e90000000ce679c70067030be22905feacb762193cfafbb28491306891845f3549872ef454dc32ef6fbfa5407f873328c1d735b2bb41f0ad9cdfc9c04851c05db8d1b0e96e1319e1743588054b101bb23c208d22dc185467649b8c3b660ea368da9c337396fa7660da481ed2e31fbfad99fc0bd85432cd293cd71644db43f1f3852e7d26aff81964f33b3d08be7ed6a2980c7264340000000ec254eecc2b945f43cdd42a7813a52863a2f86b75017616566625f0897f1ec8fe2d70f8f9c97a2fa8b942ae85e3c262d89bbd77074c37ad60e57c53ec7603d28 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3D3D6411-1C22-11EF-BB79-CEAF39A3A1A9} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2368 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2368 iexplore.exe 2368 iexplore.exe 2860 IEXPLORE.EXE 2860 IEXPLORE.EXE 2860 IEXPLORE.EXE 2860 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2368 wrote to memory of 2860 2368 iexplore.exe 28 PID 2368 wrote to memory of 2860 2368 iexplore.exe 28 PID 2368 wrote to memory of 2860 2368 iexplore.exe 28 PID 2368 wrote to memory of 2860 2368 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\791bf9425ab75b33634711b12821989a_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2368 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2368 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2860
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD548d9075df96c61971bfa128be095ea9a
SHA1d9a8b50fe5af4098270913074dc477593432d300
SHA25667b729bdbb606e2fe710ebb35d0e78b0148a191fdb9a791a7871d246d4e92c2f
SHA512df5d53712d2ea9f52e2f58ec82218aa54ae0336122f2d4754aab5229e1ce58579bdbcdbdc231e1ac4f79e563ec9a291b81b708c4660bf4fa0d6d0ef013f997b9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5fa66163858fb5cf3a80b788caadbb8fe
SHA1e13a93a7e30691fd16acb3afbe9b26ff9064080d
SHA25625df4eaa2a8c4d72d4576a69c56331cbb2b6366eccdf57c25bfc441b4d2b81fb
SHA5124cdb097ea736d5eaa0792f6ecf18fcd4fc6fbb42877cf87770c8d892c58d4ef45ac64fbb0a2baa15fcc87f28a5250666782ad4104dcf1084f1aaa0ce5a30b67e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD560f33812469be67290d9cf86b0d41ac6
SHA1459b7ccf2040293931167609d290933fd3381040
SHA256594d8c2501fc1584bfe8db1cc0480f5dc3a719d59285424b5495f29775976fe6
SHA512f4f792665acd5b69e1c7514cdfb32c2f6730b30013ea3b895e53702a181f73e31223e61ee5ae5976cab78d297476a3f70692f232dd2d3a611b900be1331ff6d2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD599768111978a18633e533b8167c2822c
SHA181f70748c1318d375445f7635ab7b670b9a2edc3
SHA256f2979e47a366f0e180d3395ff44f496f40c4eccffabc896ccf96ede5396d76e7
SHA512a5f10e12e4a1186c3271300e28de3b9002d943195c2f94c77cd455666a7dd658fe4a2c24a6916f91e74f9e2e83a54fd6e6999ce2e858aa52c4acfa48bf86f8b3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5902b6766d297bcf22b774972518ee3c4
SHA121f2f79626503ff0c4a2b90932146f7f15eb0293
SHA256ea3847e921b8e207df9e5b88539faf1b95e97ec96ff8e59ab401797bf8a732ff
SHA512957a74d3c8952d48e6191c795e9ae558d758c70979146daf54c469443187100769ba818d1a3e1b89b630b101de09cb6ecf600f032a886399afbf1da718434b5f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c41e2554c6ca72d430299240660c3ee3
SHA1b23ae513618c7a3bab0d3592c6c1efa239259813
SHA25610efa7233f9cbcdea53e6ebea7d3f4168dab75979fbbb1d3cf2ddec0d3bdd59f
SHA5128e31a9add97c39a0ad53bd5b22c347588f5553db0a50f26283d34f4c63ffc7765a4ef5857f8b6dca627ae4952197a55d7ab864ca2a883074989b9a07b9d5534e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5eff259df3e6a4413205b32d7041d00ce
SHA192cde05499dfcb7f1064889f1ada3fb2b77e11d2
SHA256e18d620b74763af1aa0e2ac11ff6a403164c6b5a484ad22c3e52e2e9b14e02af
SHA51223e7fe8588c36409bdbc089164d997bd0c3b05092b4f0159c0ea6bc566b4302f61158d2104dcb3d12cc1a4bb839ce0a414f41c0987fbdd84e34ed94ef831dd14
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c6b4db7b20da31bb96b91796eb6b40f3
SHA17560f0b89f04f20b31e6957dcd9a480e1576a61d
SHA2562b7144597c2ab6e48fbe5852650ad77928cb706b5bdfab3fe5aa60d3b1307bee
SHA5120869562f97d4ee5335927b47d89c10d06eb5113db5cc4b9b693238a184f02cfb721f334b725526bfd35296949edfffbe9145fd4620ce3506a3e4f4d54c4fc3b7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f394d066de7eae89e1131a1410f26bad
SHA12d589aaa6520771d50962369a65b26cb4b06cd34
SHA2563437eb33fbfda51796bd4c5f3a496155e0be99a36aedd45cd49707f80a25eefe
SHA5125d389ed12c821d6cf89e6ce3e27d4b5be755a8f15252b464aae3a8096293a3d86f9c5251f5300a7cfe27465f9b0fe03404c902d99d44ca8e2334619b679afb46
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5dad15151762243edf3045d1e226152b0
SHA166f75e0c771f20e3bc549e4d35fa0541be6b90c1
SHA2562177fd25014443ff9e41b309eed6ec57cab810fdb1fdc31e52bddf7cc5910f20
SHA51297c50a5de2500ba02600a884e879fdbfff20fa5999d105036c40e3806c9147c798a8f3c241d9a4e0dc849bd4eb5a060bde0cd7c0be08ca5d1c2e71627508be1b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD520c5b3841dc2a19326d89868e47bfb77
SHA10b4d7e6c2b560a617a7c0cc2c2d821bbdbe4def4
SHA256196e8a2a64b25e8cdd935413792099681eb29f3b770f7d42f1c20d94b0e09b64
SHA512d21210d26189f44cfe83ca59613cf0cf8d1639be4a805d1bdab214dbddafc435a6c5af2feb07384cd499773932a530ae657ad74491348f778b1743ae51947f3b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD554cb9e81e973427803ddb6a45ccbc77b
SHA1b69e5157716d26b8a61caeb19cfa99d5fb6a794d
SHA25626cb3a6be025c6851387b1728777d76a01f0615bdf5a11be11072df02e03429b
SHA5123ba598e983e7f68e9a7386c2d470412181b2720b7673a6f704832a233a44c17efdf47dd56781df5b79fc67a867e1dff10fdeae2a54d7737b2355920f3ec3964d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e4b519712449b99af0ff547c34b80b4b
SHA1986ef1d2f0109ac4817a1bbe2ff79f9d015e8c4e
SHA2560e0416d3498515acdbf5a5c88925aa8ab8ec0d4f6bacb4e985cb2691e01df866
SHA5121fffae246dc71765f1bef6d23479badb992745763b05e3d3f8585c58de8ef99b87b0b399992c59ecfbd36aa650feafee9e88dd0dd609e494f0cff5d593f73d93
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58b1fb87f7fee9ab37d8fa2e8c57b528a
SHA1a87e4978703af9a7ecd74a0ca5a2b6ce29f02ec4
SHA2561799432a9ebaa5e4ef40e45855e09a5235e38c332d8faab299675d6225e713c0
SHA512469c3292e8052aecf6f7f222ab35f227707ab522658dc0f83799a6eaae9509727f58735caf39c5fdb74a2b4322e4cd0c163a9105c4e39313ca9531bbefad5540
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55e331e6df125467148773dee52cb825f
SHA1fbd68015b56356122a6d4cf19e79d14ceefdb552
SHA2569bdf15e956dd4cea0af3c9fa52e8f7dffe27fe20d3cddecb10f4683c200dde4e
SHA512d44c73e2d756c94bf932be151f1b301aba7876cdf9502d958850a352d98c67145a09530a3f8d69b3edfd7b571c3a8c76e36bf77ad4f2ca0e94b8d7bb5dfb1bc4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD578f1bb89e2608662e60243549dde2324
SHA156ed98304707a9599280b7b39485d78ca3289fd0
SHA2568565f679f8101529648d7662dc31dc9515d9cc28b34fa77fd4b0b4f4f8cd2644
SHA512e03f7fd85c2066ec0d36b3d5deb1c6e57ae85a7ccfece56c937d235ddbf0758d198e30f1bf060554487312113b146a023580c9b4b278ec93dfd20c875cdb5832
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e157353b3cb3e13ce925c2ee8ab12849
SHA1fcc34ad0acc7c2425dcb47b5233b40356142c708
SHA256d32a7d0838dd9e711f0f2b51bf18054db0b40696589b8a158b10d994fe6c0c2c
SHA512e959a2040dd4e2944b4534919992159e3793f8ae842badb71c7988ff5268dc9399d3d7c5affbf88baf019816df483acd597c091a93c95ab959ff764ddd2b1a0e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD539d7731381bf621b6669f99b9c797ad0
SHA1e2875ee052e92c662545ec56c6724b3d8bced38f
SHA256a241ddfc795eddeac3980541876231716f7a597dbe5f2ca4b89b9a2d8ae4a87b
SHA5120cf826cc7ed8cf110e0fddaa8606fc44eb89b2169798e197a908205e2e7992d0fcf7cbe6ac2da37fcaf03a3189588cb17f141efad840a8531ef4541874efbfd4
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a