Analysis
-
max time kernel
140s -
max time network
141s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
27/05/2024, 18:31
Static task
static1
Behavioral task
behavioral1
Sample
7a18bfb48a71052ed9e508b24ff7dfc8_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7a18bfb48a71052ed9e508b24ff7dfc8_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
7a18bfb48a71052ed9e508b24ff7dfc8_JaffaCakes118.html
-
Size
5KB
-
MD5
7a18bfb48a71052ed9e508b24ff7dfc8
-
SHA1
6940ef080233d70a92d84084144e65a1af2b3c53
-
SHA256
ae8d462119f2ba52b59c56ddf408cc16a0513e9b324c62a613b5ea28071efe30
-
SHA512
2e10b38292a5a00617ef03f88260499ce0de6fbad5c3e3072994def2976b480f477f28b63e9b01fcb0da3f25c3370033369539fbd79ed77334534a6e123f38f1
-
SSDEEP
96:6dGaAssu7isGF9GHskecqiLzUCROHDCoMWZvg0vMRgEgkMowoUVxusJbiz4:jLA3XES6VAGbiz4
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000be0e18a667e78243899ba82b37ed1d8500000000020000000000106600000001000020000000fd9f7f3d5e9f6a2acf156ef0aa58e01040c87be61d91e4930fb0223b0c757a95000000000e8000000002000020000000e181f5ec4c0694d2b3c4e92c4416931692eb4cde083f772b8b94d3a2d3dda7e620000000a15b0a1494a3ac37aa5c7b9c9e9d893b06882508cc0904418d609e7526a9026840000000d443274951f072e072757ea5099b743a4794377d8a2b031e9e08a0041a2cba619fb7407a51da6badb0ae9527138a847753fa788852fc46b25c6e8b0b3666529f iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4C863111-1C57-11EF-9CEF-E299A69EE862} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000be0e18a667e78243899ba82b37ed1d85000000000200000000001066000000010000200000003c76dc50cafaddb2591b86451d8055972ed9b28f97537c713535682774b4afd7000000000e80000000020000200000007d96c02326348ee7f5276fd10e0b969c41cd527f6ec77646da1cb4ea10fb1612900000000a8d47a8f88ab285f9b3d48c1263b88fcb1c836eb73e064b105999654951a3eea2ff1bb9380052fa5093b0e1f9f80e5e72c61f72d4f8b92bcf8246fab107c8100f7a73c5e0e52b591c957bcb9ee4923c9fe10e8f5f19d2d3b5d170652b6284f02e08530794688a48d5cd695a3b8e70226bf8bf9588ebc249b6b4fb32f6c1c8c077507811a3200845e9d0b525f895843b400000003453c11e6e0b5d8fe1aa2141c96c42b268aaf45d6596c24ff9ef9f4f5ae49ea916608e4befafca65bc9db4c68153a6c78cbfb2a7003862887130d2607c91fd7f iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422996542" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 207d142164b0da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1096 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1096 iexplore.exe 1096 iexplore.exe 2212 IEXPLORE.EXE 2212 IEXPLORE.EXE 2212 IEXPLORE.EXE 2212 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1096 wrote to memory of 2212 1096 iexplore.exe 28 PID 1096 wrote to memory of 2212 1096 iexplore.exe 28 PID 1096 wrote to memory of 2212 1096 iexplore.exe 28 PID 1096 wrote to memory of 2212 1096 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7a18bfb48a71052ed9e508b24ff7dfc8_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1096 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1096 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2212
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5874785d63bf17a97c728fa7c00a85523
SHA11a2ce78642b20cdd3ca773dcba591c125f023796
SHA256c1c0bf946ab316c9433ffc715e79dac0298f6e0a92a1483cc774f6198ca9eb81
SHA5124e6dda0796972b128977a22d8f7993cc650bd76cc89b718fa65f543d233f3b7e7f4d73c0883fdf81d787b42443aac1d0d8d7fa5f9897efe28631c367ee7d4337
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5090c0e79b3d684568f6e860c26810aab
SHA100028e3c8670c0c82dd418f68113790cd2bc49bd
SHA25664a409c3498df0a00044370543af7079a9c9139a36523f49ca82e14f5e32cb4d
SHA512c6271f2ea43f546e157f9f36bbd591b6631509618ad6e0fb0ef5a909202b23b47867ca05006c151989120d121c6bc7255abbab72c97b99124dd5b7f90304184d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f78a07771f0c0f2aa128928693880f06
SHA17b6643056e4cbedf6e5ce6dc51be35dfa68aa544
SHA25666773c64d32d65317c12fa955e6b16cfe63055b9a9e511370139f2e290f36ee7
SHA512734ff8f12e3bfb04c1c7893fcf60101903562c3569d9f1fb379eae001b2d97620bb4da9828ef8a6fd55f0a120e667d09ad43378df079bb8918f74449a9342e29
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5aa42abfd4a1ef2e4ac5b2cd13b1564ea
SHA1278634d894d1e0f649af6925750548cc18093694
SHA2568ca291da324e847b6170d19f27f8b69361df90b92502ac7b0200638cd39c1671
SHA51265bde16edb3b152a70dca971f6f825e3ce9a9d808cfa6b1fd1f5a32442039e174b86fc39313c8c5167588e61a885513e9955eb37c7f8ae7c7c762f75a6ca0c1d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54eff2145b081acb1f24508a875e55807
SHA1b8a5f962cb20508b0d8063f230c8d19bc9bc7365
SHA256c19cc555db6bb9e1590bedd3b2b029b2abd4ca748c6120e32e5b82926a6abfc9
SHA5121a1feed37d22ab656dc2bfd9907d65b0538d9544b02fdb7df15a2f7956362b8fef621f8d17ff70d3be10732118efe3c29b99516b1098c1c56f90b3324a6ab72e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d6dce712f3cecfa9741d99a0bc5aba99
SHA10b09ba8e740946f81c84b14648d2030f1c112548
SHA25634c7b98aad2ec60e8dc42a3670dbaba6f0f6a5171d3a30fefbbf5067edddaf9c
SHA5129a1b2015a4a63b4709b55e4ca035e4195ee1d62efd958a08e6904ff89082a9b7740138e9e5ea7ca6ecd478cf154fd2487a59c79c6f04dee2f156d8d396bbaf89
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52da226686edbefbdd743dcf0e0a79b3f
SHA15d94aa35b203d71b0e8c545fc5c2c2ea48ce2aef
SHA2560a1e56d27e776befb7319a95a6494cc2068c595fe77e66135ae473e715b8eb15
SHA5126deb0f04fed79f3882a76126469d6291802dd7acf5615224a8ca1b17104b8326fa4d9fa53b639320e9c95ccc73b74b2ac43b2f6f4bef606014ba70197fd0f899
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5292cb8a287790f5e7d63a6c68dcee26f
SHA1964880d85f5a6bd7598d2e6e6e9ed95876c63052
SHA2562f0b6606a6dfc793bed8ae84d6ebaba9a15462b162aff3f6492511669f1aeab3
SHA512122a78f50aefe5d2949734bfcda112c659ff8a9c752832d1a67501777c016ba10abf09d6f5639579ed6612d0f15b3ee5c8be627ed387414d559bd8e25bec4f5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5bb62e96bb65ff3a65ca8eb32dee796bc
SHA10abb9b860ab06d9078779dc76a4481243fefaddf
SHA256baf518a0cc132a37fd9964ccdb963c109a56eae07824cca8dec2adc42fed2078
SHA512f365010d723951b141105a9c224a5c3e19612f020437a86f80d8efe4323476324b28a02e958ee976b704b9f940863f69518d8887741bfea6179b3cbdbd98ad5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD523638fe1986359986cb0c6b93c9d3dd8
SHA1b77730b86e431cbea5b0764c4acf98c6a289720e
SHA256ba31ce62e1b7076d527cbf2c62f260267ee64e08870a04e006937f4a39544c78
SHA5122d7c9fb65e1d97efa37e6877099c5a5e8ea5da88e1400e3945cde728347c8483a520598474cedd2578d21cf64242133c7f6091bb45a10070cca78290bc8e0bf9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56750a3ab7264926ca9b3d59c42e2b9a4
SHA1a5c4a5ba38c8e75f5319b2f61571b1569f5416fe
SHA256d82674e35552004ef1d745cc3ed934527f9e7dfa143ecbfeb63a5f82ed393fbb
SHA51258cb4170ee76239a055261b85a98871374611542026aea62bb841208941ed7a401ce6ee27b06dafb4a13c054c7945117ff0dc3c02b5fc9d787258a81b9ffc136
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD582501151c9ac20d3eb4ac15e67be7bdf
SHA1d6b324a7aa1fa85ca5c2115b9a5197bc515ba937
SHA2568d9f9ebd72b426e916613fef4c01deba4390a3465555c9978150d60eb0dbf391
SHA512b752dfb77868762ef4ce8d7d5657fa29eb868e9c4dd21c5fff5341823963c1eecb3f3c961c4ee9ee4157c80d2ba9b3189dbbfb24a7750b0f8e6cad4c913b913a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53e20645f8d8008d4e6f5ccd4de53bb98
SHA1393e060af6706b3eac1c4a23538843170b7b2339
SHA256015aef62f35ce0de8589cb74eac26c12e912743c1a231ab3b91c517096f31b68
SHA512435962458aec060c2325ed9b0aba3d817d0fe1bb92a7b96a39005b962abf7a6afd6d63674cf5acbe8bb1c469ba94e3f82eef9f98ef50231634460c8b086b1d65
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD533858e9429e4f06e8a080af3d38276c4
SHA15623e5f3ffbb7625f354d49932a76a0da7d8cb2b
SHA2566f744f4fd672db1f7bdca27a7d6efa5f1f27cbe2aee39de443306e4801fa6a94
SHA5122aca11b4684a418ff64889dd0b9c38e96b27b15c434789db36a7d3ae651ab18c3a3fa3784e3415b9738c0f0ca58cf2cb7fd9b62e56ce4d761acdfcffc8046d40
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58dd46193da0b04c89809c126e7501be6
SHA1f3516b4739b7185a6caf7bfc63ff2b85e451f2db
SHA256ad752722ac834b2c8cf1cad210890e055275ed518508c82e7e97701ab6465e8b
SHA5120ea9834edab5fd3c16a87c547365ed1bfacc3c2847edc717a7134e6434a1c11c2dffeb631734af2e8581908fc56398d6d494a69746c957d2685c986a045b750b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57c20ac0d9b13ebc1270fdfed5caca45c
SHA1023f3d3a89953d61ad8cc5ad05627dab364036e2
SHA256f4aec2a7819370d57c087117d9b997890469172c65ebbfabd6a6d03dbb8a4530
SHA5128a4fcaf639e5b20baeda9f95b793935ee9597f70e496856a94722fe4098a60765228f632d630bdfdcbdb23e698cc00d707754e138e585090cbdc1a253ad8f1cf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5643331299c2e394384d47cfcf70cad98
SHA15753ab269f466165f9a442e2522ac9b2ddd7cba6
SHA256f77462b04102baf9cfa144b04021edd583dcc73a7c4cdab29d5bcc8e279bae65
SHA512d64a516e8c0754a285cbbead5993763d90a4a2b124599b592d3ef4a74bc65f5a4ee1cb188e7f87a78b194d9baa071a0f98f0d491b3209003eefbf508df595e94
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a