Analysis
-
max time kernel
134s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
27/05/2024, 18:30
Static task
static1
Behavioral task
behavioral1
Sample
7a183d82aad6c3ec612610f5fe7b5ab8_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
7a183d82aad6c3ec612610f5fe7b5ab8_JaffaCakes118.html
Resource
win10v2004-20240226-en
General
-
Target
7a183d82aad6c3ec612610f5fe7b5ab8_JaffaCakes118.html
-
Size
19KB
-
MD5
7a183d82aad6c3ec612610f5fe7b5ab8
-
SHA1
fd2688edc6eb4f84ac599e72aae10e092746f830
-
SHA256
66649315223b8a10ba8181598a810ab21e4cbd7333c658a13b752b1af5aaced1
-
SHA512
3ed3f745679b7ab68b6c6238d02ba239e14e87a5c7536efbcce31998c47d8cbd69c37ed5467ae1b0ed48b64e0545b060506ac0bbcd24c1732c8bb7bf586049f5
-
SSDEEP
192:FUehCyKWv7fwcmR70tlSryvT+OUumDNGs9Fix4El+z:FUe4ylvv4YTvT+uyNG2ixVlM
Malware Config
Signatures
-
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d10000000002000000000010660000000100002000000072db484d601ff6aee6bc1270fa441d723d3e7314ffa9aacc8f518c16c193a4c9000000000e800000000200002000000034c9228bc3f4faff51c3f39aa348ff55bc39d6a6345141980f84047d2fec823f20000000b864a60e75fd99063350c107a34e500bce5af69bf217c1140a7a159019a82bb9400000007a7dee932443c0ced4f348a2ea0bdafa9f55a9ee48cb0593c31d755adf5c8505f0b25d935e23661eaf8b79ce4f6c178cb36e779c44d208f3e7c1e74b2ea5a814 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{35E6A841-1C57-11EF-99B2-4A4123AE786E} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422996504" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d10000000002000000000010660000000100002000000015b12c3a02fd28c41cd8b58b87698ca3c4494e2fefc8abbe3fba525cc2ac7837000000000e8000000002000020000000ce15e38f07afc29d04224570606784b1df2e82a45b81fad6003001a0debb3fc690000000e831dfc2f61e3f18ed203f586e7531d3d703cd377436fd6405505903a80b16bfed4ef64f5dc9375f6139b3bb38220c1f4828750f43e8aa751bead8957210953604920938ea1f4b0d9b110d29b38fbf68986c7d757053fc7b5fda86b0dc0f935d830002d25ce3ac3c2ddf7700f5a78f4585d74e7a57561f8529b348f09f5331e2bc75056a369e7e49e8da400cbdde124640000000c4611f25f85ed5221a29b9bb2bb8f45732474de81d63045c28f0299a70d142af945408d7aae7aba1cefb3141f11622bef2165b64131083a1a6c4adf342e9d00b iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0112a0d64b0da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2392 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2392 iexplore.exe 2392 iexplore.exe 2160 IEXPLORE.EXE 2160 IEXPLORE.EXE 2160 IEXPLORE.EXE 2160 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2392 wrote to memory of 2160 2392 iexplore.exe 28 PID 2392 wrote to memory of 2160 2392 iexplore.exe 28 PID 2392 wrote to memory of 2160 2392 iexplore.exe 28 PID 2392 wrote to memory of 2160 2392 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7a183d82aad6c3ec612610f5fe7b5ab8_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2392 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2392 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2160
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54f88f14ed44670651e937c856ba6323c
SHA131aba4ac235d9c98223bd373ccccd9c9e63b8e0e
SHA256fb4b87c49228d1fd5a417def444bdc28e29c25835ad9cb9f9e014a2502977b5d
SHA5124d3475200be7b22ab9b59b0633293aefb5c53ca94273f8916f15767b792e475cd4ad20b9d37cf9739999f252bd1c514949200a04241b4b014d95814efddf1f03
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e8c8e358c686a703882183751616a9a2
SHA1c1f4d3e16de79e2fd40d00d417aceb424c90baac
SHA25680fcf4e864d0af437d42f44d431e02c8262e55d219560fe3550ed8dba1ed2c2b
SHA5121b9c201fc78a17d893f1916362dc2004557614540d30f250033f072a251bb9c396a20c93042a9d1ab0ffb7beec3b0e9ce49d6dc1048cbd19089573ea386f61f4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59265d28d30cfc72c43707c1eba58d525
SHA1738d49f1975379df1098f22760c01ab9652949d8
SHA256cde1658e77fb25f1389cb02f1914aa06bbc546d4a4c2de5eb09274535a7b5e02
SHA5123e14d0b8c4a85f0db40ecc6a4217e515c9615d528bf6e0f89eafc2587bb9cdb351992480a0fd7b4e0cd09c55d9888a33a22b7561f551547544ddf7c69f32df4b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54be0678f2fd559bb7fa7f6c23a27d466
SHA12ea8a66587c7f5843c07abb9158a96d9cbe2cff9
SHA256259ccdb5f7434fcbf29a4e3901cae0b2fc498a5c4a09252ff4f5b99c3631d58a
SHA512f95490830fe7083a88dae31389c57093985b4b46543edf4700aec97e93894a44dea5fd04809667c273c28a03b48a83839474af1fb7c59f7ae6e6734504f7038c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59349885adcc013fbd1359baf52b44ff4
SHA1128abff7e40efe58e1e350c27c3ed8a9ea622ff4
SHA256e0dcd4b5647a9920c7400f4e6d484eb7410ea8ff68c88f7554d457f9b5652dc2
SHA512a5cec83d032b6b2fdb0683e1764ac56e55ad094b9f6f89e0e5316b66c14b24bf7760bc3a028500063b7b3177a88a81681adbc1405d414b032cc449bce893325f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5110c9fa91546b2d4210e6f62795607d5
SHA1bbbaba1e9d42119455e00c92b97c1163c3d4bd62
SHA256116c6295a820957a4f41c0893ed6f2016c5cd43796fed057f186efde31e8eeb9
SHA5120e500ebcb2654eadfe26b8848eed3c546bd779c1c245d3cc9e6322513900ea278a9ab5f676a72a7bad5624670a118ad79369afee14a3785a2d5911ffc5c73fcd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5381534f696b4ba7ed82555ca1d6cbf43
SHA1a483fe9aad92b97ce3217c503bfbea457f7b1b1d
SHA25634f4e24abb67b9a058ec2f844cd2d4ee43fc0bba66aa40c830ff393d5651a28d
SHA512e03a6aea71fe654c3345e6d27a1952e043350bdf3b3ede2b5fac5a2e07a44a988035f7b332cdce6812f3a1ba8ec9b1dc20cbfd0f6bf326a4b513613b6643abc7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52729638b4998231be282b65f2b9d5de5
SHA1520b667215c10571192944cbb0716073d31302b7
SHA2565e6b0988533585bdc7d10dd3c9fcf603f14f9a206354989d515458b85732f0b1
SHA51218198eb449ac8bb0a8793007679a83a669028063ca439be186ab4752e67dcc347c4774ca111b820c30ec769e4d22ff5b3a0251e82ed8b4d00965695a1d1c3f19
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD514699991738abd46fc1d43f9f7e8ab7d
SHA1e0316aeaf59e285f5fe9216a96f5b70e0aacbfd3
SHA256b034b5faf5f5e0f75505672f03bcab207431029db6bebc1e2e42cdd305c39612
SHA5128069686ee8d121aab4651dcec866125a9bbd5e1ff216ce19e63e3da9f86feff525d98cee73aef43c2af44d735debd44a3269049f1650ff2f4df459ac38430693
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5544b92fc8e09dfc3bcbf6ae3e7b4cd7c
SHA1736de725ff91fac9c561cfce5b4f5f740da6f505
SHA2566826b8abc9540977536ed5e3716ee962de0de4ba8a71b07d952d7250d3bd8bce
SHA512c2bc7b901e8c61b8d38b6374c672639e2c021aef3571e60c85e5f7a81b9ef8eb71e8e35744643e57963b3333fa1d83adb421af80aa014cf73e09e245f9a5c5d7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD548e8154bd0eb4e6c0ff3992ca5d34117
SHA1c6a7871adada07110cce5bec27fc2d8934401299
SHA256be3e8863ea8e5a94856dc6ca037850eff15d95d7decade4b6d1abc3e1d574cd2
SHA5120e0f9bd8e44f847bd4298510da19b4e4a1d8a8ed41844bc8447cc42d698f96f3205e58a250ce8b12f2362828edf8d647ad58b3860c5f0a87a3d2cb787de782c5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ef511c38bf5bf5ea9449c6272ec45c14
SHA1b6025dbe08ffb8225c0e1680b6c525fceb216a55
SHA2564ea4894b000d0076770d5e578732a707a4a6a611dc0c5b20ddd6d902bc2e0468
SHA51231ad6113fb1209096332ca85844fce5fd8756d6f2e927586b068fb2569927e9317825a1d743a5837fe723a21f7ff935283064001d202d888824e7677a693a24e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD571c36539d76ce248a6c1fb998f19be5b
SHA1b26b4e6669adf18afd6e92a8e8870f53c818a8f1
SHA256c5b49bad22755077024d531bcf83e603712199a3fe71fa0e91026c667fc50f7b
SHA5129b80026b2ac8dc4f3757643581e2f4703f1bbcd72e7a913fdc7c28d43259fe645c0e9096cce950c1775e1257d01eb9b6f900a3a2e450d309b66ec3a58fcfa4fd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5cbf37a3e563d6b0ab1c76038124e77c8
SHA1307965c9b436a1beb9348aaef6b8270b303cc1a8
SHA25655f8f3dd61de514f7195405eddeb691d56bde7d481a1b555e37dabd59a09be7a
SHA512d2fa223b650f7b24997bd768d05899d920337c4adee9d35987388d4c5f09e1acc2d758289d1733bf1aee5636361abd2ab62f63e830ae9441a7a03c426f662ea5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56af26c62037e8e71400b51767d97a85b
SHA1afa3ac1a24b31f5e22fbde54e0d82a7ee0d33932
SHA256ca2b9c2523c666d12bf38d2c598431da522a673763d2c0a0ab3139f8da3b77d5
SHA512d8806e871661eac50ac675180d8db31539ab959e3eb29686d1f59ed3e674bf8831701dc1a8b2e2806673ef2ee3ef45545e8278c2de8f381dd593e8388dde9772
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b30401536af450ffe15c72f8b5c72e30
SHA13d6658e8b46d47fdec51a8ef1657fae1700a01db
SHA2560a830fadb425c7ee839365770f4079ab081ec09cceef51952def811910c4e2b8
SHA512bc9cc64c760037b0680b7c679f1ec9611d2c21460fe9ddb26a6d9a1253239f51d96ce651f2e078aa610326aacf369f7b8e8f59e834d5f405e3e2579584f29868
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5be3fc04d19019c61e7ab213c168a1a42
SHA1b2a04edb2438cf84c35ae3a5415cbdba6da9b549
SHA256081179d2d2a4c1f0b8b8b89e3b471dcc8e650a59ef26982aa7e6b3b3e4838d55
SHA51206cdd79f0f2ced3c3cdd1101de03f5032089163860d3aa1f949b91daef3a4e6a85f8d6185d21305dcdd39a93213555f0c8c8a52ac9b5eb4e3023bb3cdd11fa64
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a326bf919c1ba68d1ec1f92822aa6c9e
SHA194e5ae87a9c8c4906f5e08c8dd1506dae0d16008
SHA2566eda6536a8988d83b916efc864e1f4885ec11c5b776bab7e69947a2e3d9ce87f
SHA5120f60c6c69b332453612a713bea0db3cda5f871f00339a6017b39b0bef1582e0d95de84b8c2ab4d3cf95414c0cfcec16eced509e0c17c91348fca46e0db3a6c64
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a