Analysis
-
max time kernel
119s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
27/05/2024, 18:27
Static task
static1
Behavioral task
behavioral1
Sample
7a1539ffb0872fd9d760f2973db41868_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7a1539ffb0872fd9d760f2973db41868_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
7a1539ffb0872fd9d760f2973db41868_JaffaCakes118.html
-
Size
13KB
-
MD5
7a1539ffb0872fd9d760f2973db41868
-
SHA1
ffe7b67ec0653774be55da5fe0230657831a5979
-
SHA256
acc36c050d30b54c8556548ad007c327e02b4cc3030e98e05761bc49839d2a3f
-
SHA512
d3cba484173ccc2c60bef342883947d8708bb394b18ad600fc94b4df87259b75caa536c65077da1d80aa120571dd0000b643c4eb286d6317084626729b38a683
-
SSDEEP
192:JUWvHpwQbM2f6jIBnDbxQ6ACtPNsF/GZJfrIVXecepdIfsdvdarv:RH6QbM2f6jIBnv5G/4jIqpefsJErv
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1704 3016 WerFault.exe 28 -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422996320" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C8311601-1C56-11EF-8356-E61A8C993A67} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2156 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2156 iexplore.exe 2156 iexplore.exe 3016 IEXPLORE.EXE 3016 IEXPLORE.EXE 3016 IEXPLORE.EXE 3016 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 2156 wrote to memory of 3016 2156 iexplore.exe 28 PID 2156 wrote to memory of 3016 2156 iexplore.exe 28 PID 2156 wrote to memory of 3016 2156 iexplore.exe 28 PID 2156 wrote to memory of 3016 2156 iexplore.exe 28 PID 3016 wrote to memory of 1704 3016 IEXPLORE.EXE 32 PID 3016 wrote to memory of 1704 3016 IEXPLORE.EXE 32 PID 3016 wrote to memory of 1704 3016 IEXPLORE.EXE 32 PID 3016 wrote to memory of 1704 3016 IEXPLORE.EXE 32
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7a1539ffb0872fd9d760f2973db41868_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2156 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2156 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3016 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 22363⤵
- Program crash
PID:1704
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
Filesize1KB
MD5ba3b2479f7e91c7270a2111eca225418
SHA18191ba152cdd00fe10329be899a3611f1c4b08b6
SHA256f8d35c88406277445e3f57b3c9229325135e3fb07be9a37cf1eb4b83aa57b3a4
SHA51267cca29daca2c44be5f4760150587176c8c8f8bc293c99c3589e894eef4958d223f6718ec564922f320ad885160417ca4a87963deac3118eb9e8c5826e3837ca
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD592ea965da1aa148a9dd9d72bb4c4c1e8
SHA124fecaec22154fd414ea85116fdc1d21627ef7f4
SHA256554df702c1931963976168aa476c0fff9e81abbf28cb89d4507091a07bd9e1e2
SHA5126051ad53bff61984b2e9a1d0cf33b457fce4f413c032f36c0d9f51ebafc8ab1cbe68b8d6d1cc3b7f43fb67229a63ecf8d08ae35ee52b077e3b5b98e11a3da8dc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
Filesize408B
MD575a446cdc3d424585d0de8726884ca75
SHA1d162f449ab33ec15202d063cbf1332c22f7839fc
SHA256f3931a27780f1d223eca2f9915bdcbe129bd6363243a5f2189f378af6d9d0465
SHA51284c186325581735304ab397e2783c12bdbd9bae6a52abfd4db12793e800ee22ce75d9b87ae1562739fac6ace3ebe14704bd0acd4130cb53b42dbeb43a9e13f83
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56c34edb3e4982baa74f51f387c82b4d1
SHA14b2513f799acb4208b49d0ad54df28ea63a5a553
SHA256d8256c88aa2ecb7c8616dd90596b6f3c0997c285f3b4a3e3f6313f8a284ca0ea
SHA512c42cd428ce98ddba3099ad7de5383bea778041589a60c658537633bea57fe1e5a4fb0c7ced54265a75eb96cfe7c0f6c98d4c27e269c77faa758449358aafc65b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5921fff240967e05362214869f9d7f149
SHA1daad264635c6ad141a18f6840ef8c4d928216e08
SHA256f59fcfbf893090bc2f6a6bbd10fd51b0a0ab94cf9dc0c176e917115714e538ea
SHA512308f6bcb325c06b474b9311120896e8a53513b6cbe3a6a48d6df499dcef58f0eb42b6e0bf21bca7b55e788b317cea1125feadd28fe92f0825ad5254066e4137c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55e885514a0a842ec100a912214340615
SHA11b515a7df322a848cb9be0c22030178eab7d0ce9
SHA25600729319d3d2696d8d70b159d5e9bdc206ca8b321d5950bc84cd9b3ea000cefb
SHA5126ad046a90e6e7c6c04fa9433b708c3dacd15dd2d99707b8e9764f9fd993131125211e4bee394eac93c54c1f3f6f7a22126494198f7135bad1e86c610fcacbc64
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55551852560e0d50c5951c4fc07370779
SHA1a58dfdbef7938f8b10a2bd6a88ebbf6829d40459
SHA256da54eb3c07e95a728c1b5aac01bbd6236ff1117b15ec6960f58cdb0a2ed52ad2
SHA512a188a73d98d8813e4ad1ed099cc275ee7acfea9f93cd395f439a6ed198495eb5d999b393b618e458e6bdca5e455fbf86dfec92d4bdb5194360150bfbb891c1d3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f35726ffa339e776236613e5adcff590
SHA187d27bd75ed6ce3dafd3bfb24e45dcf575d88bd9
SHA256002798bbacd84f8fa47f83a17323fca1509b229620cc0682121fd78938006dda
SHA512a562b580742c1170f57cc68250b09a7f5222ff0fba8517f4d7b64aac28a932a11ca29500ba1caac33bc3cdf7424348a7e160b7e6a2121ef8073df89d9c4dbf78
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD555987c2e875773edc8b57fc35d1fded9
SHA122d1df4db14396f32fda8c99f712b2b08adb28da
SHA256708ef18352fd815d79dbad03132b911775df613861fc85ae7661985dc75dae41
SHA512cba64291f0e2bbd9f9902f473f1adc99227245e85543029423170c1a3543c29e596519db8d418804be5577cb01d10fc6089b404ae0467dfe20ca37b6f3f2d792
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD502694511698e5ca11fec5357695d6a72
SHA1d6a6566164500e4ac25e59c87d6d2e8f374d486a
SHA256191a99980a7a1ad1927421151956c8a19d3408972c1bf6addca473ab64e7cc09
SHA512bb0ed3a5150be5841b2e0d5241b3c29a1513fdeda314717a26ffb86d6ede6f3d6cc9eab1a226e72b62fac4470d9bbf9f225d06cefabb5fb6b007f099a2e54d4e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e7987b71c760f614b23afc95146a841e
SHA1ce2db8d7a5a9c6ab8dd8eebb1f5ea2752a9db39b
SHA256b08b2a47e3b75ea9c2929de87e898cb66f834980b9dd8a67bec08eec6c11d8e6
SHA512525f249143c95756ac59dfd2c0232d10876c2e85fbbc5bb45c84d7509eadc5effbf2dc34dc19ed1ae37f6731c011b470a97a42b804a875687665e4740b797199
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5643a171f1fc6db1432a8f1bc58f0cc57
SHA15d4c38766239a4f4037cd8e42c702b40d3eb40a3
SHA2569c5f6b7eea7a808be063b20bef2bcfae48fc5dde93d2cbead4aa21d42cf41fde
SHA51220e1b6255a68a406acf734cda2d691360b77e9367fe17e85ab248aa8dc690a6957891f7ea302795c110fc3d44506dbf80ed1d98dc9777639a0a7765203975734
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52d1f5d364f3e896ff76c57c008b07466
SHA150ef3fad508620bbc8759e704c3ec8c49694282f
SHA256e9520540c93b54ac4cef38e119482fd9618b5e8d8bc9537e6fef18e5bd0beee4
SHA5129bf8b87c9d98f7d66f231e8ad8d15ac2213a95fb9497a334c76e744823b9f484e3f1cb12e8e88738221af571d1b49796bf4f75b7b42a3f2c53866fa9342aa658
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59699e96cb12f75c43fa8c4f82421beb5
SHA19f40f3b6777a136290428d4ab04914efcbba3dd9
SHA256d95373072d528387401a52a5fdb598b38b53571e9cc06786e8f09d55330dabbf
SHA512b217c4a4d035d64397bdce2030fe0967f14dda209e0b7b4662409f03f3dc82c924f3165776841d8741c19de48a3e6ebc285295243457b13f0c2f56ee8ba6355d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ba22425b20cafd809921449bb560feb9
SHA1608960e4c0d208f4e438091fd5474a5a0da48f09
SHA256f6b5792809947ef0fa1c1dfe23bfa0da4983e5a49dc877a6d5cfaa7f67357229
SHA51272c34e9eea84101a78c7839b93b826ec1054e670559324e75490d9be39cb13829e0898917f86f3c040bc968693dd3531dd2284599e421f7205e03d62963cfa05
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50f8061f584329d8b595b75559287af34
SHA1d8b17ff3447c4285215a7d27f8c06f7f4e3033e9
SHA256b0cc0894b40554f134cb081aaa2b7801e6cad978f34f6d4d226948006650e2c0
SHA5128c860cac424c22c4ce33078bb921a106486124e7523ddc748ecb2eba50d98e10658fcb93044997e5ce16742d41974ff92093e6cb5adf1740f0316cbb6489816a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD5829452846ceee9ab868467940c31bf7d
SHA19e3cbca0bc4c159e0195a6d715496877f7d09fb0
SHA2560778796fc77fd15fb5b099577eea8d5393f15eea592a0ffdc17d73698e6356eb
SHA5128fcf77849ab3a9c02401c1de7cd0d0d7e4bc184ad331d01ec71518e6d06f794460f2c49da8e0daed808fd16466d8e0e1e554d9d17a9cff195632aa29c9f506e5
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\font-awesome.min[1].css
Filesize30KB
MD5269550530cc127b6aa5a35925a7de6ce
SHA1512c7d79033e3028a9be61b540cf1a6870c896f8
SHA256799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
SHA51249f4e24e55fa924faa8ad7debe5ffb2e26d439e25696df6b6f20e7f766b50ea58ec3dbd61b6305a1acacd2c80e6e659accee4140f885b9c9e71008e9001fbf4b
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a