Analysis
-
max time kernel
142s -
max time network
144s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
27/05/2024, 18:30
Static task
static1
Behavioral task
behavioral1
Sample
7a17f95b775797060d44a33ee1de9527_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
7a17f95b775797060d44a33ee1de9527_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
7a17f95b775797060d44a33ee1de9527_JaffaCakes118.html
-
Size
5KB
-
MD5
7a17f95b775797060d44a33ee1de9527
-
SHA1
0038b96844222efbfca151d8ca1d2713584cae97
-
SHA256
1ece3b42544c397517f58085fceb2b3aeadb7546676a6de4bab943d1d20e6ce2
-
SHA512
855b9b080a0e54146f8800c4bd6608fcdb816a76f72aee39aab76266272eab9f9fc02b73011601c86650d633ab4949f1b37f27b92900cfbb97649707269ff935
-
SSDEEP
96:c9PpxywhG95koSehaG48DMDqAcwSocIBtgcIivb2D6Z9li7oHo7w+K:cPlY9Xf48DMDqAcwSocI7gcIivb2D6ZD
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2D83DE21-1C57-11EF-AD38-76E827BE66E5} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000004df9f690a8dd17aa50e0dcaf04a017db8eeaecae78a1df4c518c24295d6ee972000000000e8000000002000020000000cca90304a2ff568e901179a320dabdc84497fafc205636121fc46c5363dd114920000000bb2ff68b2c9f788f9dd6017e3ae571aa1619f8326d0918b88503e8a22c1818fb40000000fdbb3b150ed2e698b8d1304669f343f18d35946c93c1b7bce10fc192fec641284477dd7e07b30635c652e3b9c253afe10d89fdd21c6483938f76a7d7f93ce849 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d00dc00264b0da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000e5c5dbfc06fae76ea2e5c312a272ff9b7b7e5397788886dcaa2874d829257911000000000e80000000020000200000003608eb0c073d1b52be1d86211ef0d555605ee9ec673c5f30d1a867e9976bc47190000000d356b6eaedd46da6e96b406015f91d87f185c4a9e405e71305c2d69edf92141164927e4d9126838e34d3fd1b7217688299acc6092b9e453acf45dc42395f2dca60b496e7e7fee790c59e3ffe98751375bfe1501bad93dedb2ae4340e7ef18cdb526a5edf608d6c528be4ce058a78ec59ca255dfec65187dcfd37b498c6a1ea2c2ef00e9cce28a839c7067d7cba58db534000000084d429e2e0b10244c232fc1670711d597f7551ef3c31191b25971b170d6e1db01e1b2350971e33e09d1db680da6e1e95d4d8ca93dffd49eaad2d0f324b446b94 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422996490" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2236 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2236 iexplore.exe 2236 iexplore.exe 2264 IEXPLORE.EXE 2264 IEXPLORE.EXE 2264 IEXPLORE.EXE 2264 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2236 wrote to memory of 2264 2236 iexplore.exe 28 PID 2236 wrote to memory of 2264 2236 iexplore.exe 28 PID 2236 wrote to memory of 2264 2236 iexplore.exe 28 PID 2236 wrote to memory of 2264 2236 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7a17f95b775797060d44a33ee1de9527_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2236 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2236 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2264
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5877c2dc4ffe348cae14855351d6cb27c
SHA1f97e0a4e4b91de15e95fba8f32d15157d5bec7a4
SHA2564676c74a329d416ae2204b911429e82c1eacf15ae99f80e13981272bcf1799db
SHA512d26ab1fd1a77fa94484bf134f731c0af7c7d80c0008d6e82611252a3bfcef303e4d19307714700d63de0dfed959f5a4d3c420cb47cecf1b11e27278c566c8649
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD515214416fa75b0332cc46d084c2d12a2
SHA1397312595695ae5441bf464a1c828ade52c17e6e
SHA256c48c37c569118e075aeadb0064dd0cf40f9344969394b0cc26b4d61f363e701c
SHA512cceeceb1bd677debd43e9573958134ac9e589613527d53a6b4d2720c6813b2b3145e8720b73fbc15304fe4b2799373e5b3907fcfebba06a5c3c80b1a74e32116
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD588e93dbdc39dbbcac7706b0d3a7c33a8
SHA1b81169228c3cf442cc211693713c71a0378bee6f
SHA2564c902b7a28b483cfab7be3ec105f07c5e3a2a4e1463657b65267ba4ae587a628
SHA5125115afa42cd656390fa564ba543f9dc43bf9cffb25c4dd5c61472417aecfdd043788b69f0428891bcea5deaabf63c06e442342c3e8d4c9ec89d061d1a428ab3a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50fccc7e90ff8d92e6f9e3f540adb4d68
SHA1cbdae2c55dcb8d86ae72162e254e710f957ac4dd
SHA256d228eff366851ec97ef93e9307004e9760d7c1374649464f7f4b5ee9c0d6c4ac
SHA5126b4490c155cfe5a2a52c5c50c182b5127d53a86d5175e3b28f7315cabbb6aa87e002851b12614db9a29c4bd71382faae8781c74d7e64b6406226abb29f6172b3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD517e4767ceb96d5ca5065f32433495d89
SHA1c83bf064ef28383eaa86210f99593594d8b3b7f0
SHA256cf0793ae1f8886251f744844326d0db7cd157e5a0a3c12e67dac499ff2d2697e
SHA5127d37c127d341ccd8ca1e55396389ec3ed26f5357603c909c9c93302129d60b035ae3dd09fdfc7a73d265e9eda57204c03cd3364cd3084e4d5ef07992bfb1aa36
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD519511ff7bcfc9706daeaf6d575140c27
SHA182b1748a4cdb8c6d79ea5f00a952c172074cf27b
SHA256e0080a8fa40a4bbe9ce28303ef856bc4548a5bb39eb06b07f6de6f486a9baf01
SHA5120f40f7b8698a5e941ee2bfc8547a794c685e91cbce5212c038a1cb50d182b8b9716bdbf91dfda83fe4dd8ec6666b7c545bd4dedf966bed615cec2c3bcef27b28
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5baafefa7cd84e7fdb204daa55b27e748
SHA1fd84f671f46d06ca713c4787e4bab2a3667da42d
SHA2567ece4ce82c8a0e26b321870f56ffb6f7d081b10cb81067b7f8c6288438d2dd80
SHA5125a79eceda80fec5f8d7a99fd08f9f81bb8b3f2200c91daf13034033cd16a5685a7ad1ffd386cfa7c6c9da8cd2d6525f4244f321a1734955bd8f860602faa3571
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f4eb70fc2ff528bcf11a88e46025a9a2
SHA1a15667995093313cbbbe3c0dff11b7c94f82df33
SHA256cbc63a1f7428666dd5832b4e3803075352535f7b15cabb59b4c54edb42ce6c50
SHA51282c409723582c73d39752b7b3d5cd54847f00d79e8c33bdfbd3857ad2ad1b82f1f571c35ae85fb8994261b19b14c587b5f0a58da326a32586a68d29d348c2333
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f715d70ea25cebc3125b2b8f6bf6913e
SHA1356e746b2ca1eb0d45ecc61261df269241e835dc
SHA256f6c6816a596c6fda3f0ae1ba28026fddff0a2be0250cc7cebc7105add2e675e0
SHA512e93733537011aec4c81ddeb4a1bfd9149e0981fbcdb661222e4377dd0cabd19067bfee2005121bfa91413f5e6d085f2c23b7ca737a6259de9081a47707d6ca93
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52bd05eb73bf29b024d5899ce06931212
SHA10b76431d3fb971c393fc1dc29a848d2c2554ae1e
SHA25622c23ea4772a45c14aad10a586805654704a785dc50215837657477c9be3dcb8
SHA5125ecc06f88a50004060518c5ff014363ad8199173849719142c3512f54522c9a27968eab42ef2340c3c759340169d4516b74a4abf8f54991f66090e4f5dc1cbca
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c004f6ed789bddd557f384c1ded01383
SHA1c433b4a602c1c5b49867881450ea3bd27cb2c30d
SHA25694a32af936f3a343cb99fae880d3485f93b27728ac737c39c8806e941bfce049
SHA51256be5180d9c41b52cc5e8bff5b3e171d01ffd174cb40ab54a9a75d2eda2c14d7ee73b6925ff519539d3b5d55a7542a1f9349ff2333be85b38485f5ee84c510f8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58648874fc558f45fb3e1c26c9454aca5
SHA113fbbb04c74ac9e65e1c690472c9969f3495e08b
SHA256b30527f9a104310a357b2e2578bc6f46e6cf8aca1877c4c33ac58a99889d1bce
SHA512ce09db6615ff879270b803aadae89dbd620b9fd9fe48fb532e594701145f21f5e3511e1e66d12ec6db918b694cc1008e7d2ccbb985f233a52ad0234067be1842
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD590b3d97e26bffa95b8123fa041ab9da7
SHA19c96a1af277b3f58edbffc8be44f83ed6111667e
SHA2561c7aad8822863084364c2d851ebb62b751bdc1b9f7abc0a5b3b3e0199cd24472
SHA51280bd2f74ddf156284c29f2f3690cbe47057141fbcec96539b7bf9c00b2275632169e5bcee6a9aff20121446387547a7ce5e79c95cf9cbf6edb20267ab284529b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a7f52e668fec91f3d568c77ea1d15570
SHA1bb998e1f2b44ff89809e6d69206319383397bfc3
SHA256cf4f8d90b2848d48de89ea34c37e2c7718de8c18d06f3b29efdbef6dd9f83cbc
SHA512064c72fe127299c02ff27ec567bdc4292d72b7f989f21d6e7f599df5343f6aaab8910258f5369e7759062aa99606d20dc9e7a7947b3396622f7717021b336ec3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53b82f0785c5ab1499c9aa902cee0db3c
SHA1246c379d4f698ac01da0461c8d11b6584b242597
SHA2567c7a8eca69011662e134efb39af886f331f7042938b4b07690dc0a74f3094245
SHA512a8e6184a642bf97447e6d2b3af9789ae1f69681e5ce12615ca2c87fc089a9563cd9dbc3bb07b90022e43e8b342e845f168e6491e20420eab98e52e11f5be19ab
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD591a999af776c0e65f00a3bc9d4c46b6f
SHA1236cb6c375236d526af36e9a6b4eb7110803a998
SHA25688197a0c312601d746e6d16647c409afd136ae24fb16856ae6c698758ee41777
SHA512ecf60fe88cc5342e59f1f921ff85753da5951ec043f4b0a126c64b058149240b035df50919cb4a8bc5c81984bc1534088d611eb5c2134aa1d5d6657cdef815e4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52030326b8a7caffdaf5782ce73d9892c
SHA15fb82b21a43bbd57d77a7406e1541147ebfb6145
SHA2569d16fcc81593f5e96cfde27519df37e48824b2b876074acc4f2075318f3aa4db
SHA5123f7e21e2db5dc9bf971f5e8092d91423cc5bac763d9df771f0f867411f04260e7de4fdc81d6f09e64a0ad15632c0517d3c3ee7eef06445188eff6b7e054a3f59
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD550ceff18a16a84a5296640ed1c476082
SHA16cfd26eaa2fac420b344ff4fc9d7a8ad8f78f97f
SHA2568bb12db54fc0034b2053f0de757fa430733f0234aae7fb232878294069d02434
SHA512b18422d61d907148bbfbe396a4c5b50199479476d6fa2d780558588831362aaa6769db010883c1c26b82eb262aa3d25232bf3f13c7124543a64e5ae2d6de44aa
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a