Analysis
-
max time kernel
134s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
27/05/2024, 18:30
Static task
static1
Behavioral task
behavioral1
Sample
7a183e1eed516cdcad8eb5e0cb45ddde_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
7a183e1eed516cdcad8eb5e0cb45ddde_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
7a183e1eed516cdcad8eb5e0cb45ddde_JaffaCakes118.html
-
Size
789B
-
MD5
7a183e1eed516cdcad8eb5e0cb45ddde
-
SHA1
f25672989a99d7738ad1d3f7bd6878c4e80c45bd
-
SHA256
ba189cb291d71db9fa646ce6a10f3e3450b3b85eb16ca5d9371874a5756e7fbd
-
SHA512
b432cce32c6cd0a2ae04a074aab4febb725a17364d74e7f9f8ffb8672e53f7646670afb66f0b1bcf98ae99cd1a99a2fdf33a165c0297a230b5da8acd12989994
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000e952bee3a5a5873381db5220e6a785312c900607f125c4d4b5ba20f5c2b7938c000000000e8000000002000020000000dde92a000801eaf9053398b7c01658d7e1bba07116dcafb628852ddc091bac9420000000f3a943701479a6c919c41f657bf5cfa861da23c34f48f27fb9a240b54b891c5d40000000f59915a244ce2aeddde3a96d3265677908d541e229f281e6a8e231a2e146b9b80c98930f76ae1bb10043ca8cb8a27253a3839eafcba10b4b58a4383de35a6aa8 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422996508" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000004b335f47e2f815d23b1eea66a27065c5e28510d083559da529619117c070fccb000000000e8000000002000020000000ba87208c371231db172fe058036fc03b49124667fb93f687c4c9beb2ac0a510e90000000293d0fa5e6ae55b7bffd0a83e94e049a575b51ad9f28681149530e3bbaf0b789c01000282204e3756baa2cba03883054cd320263b5c6ceefa2daf16c36bba796a1477b615b4780173b083a5a7453f278c470a34059fcded1b80df4b738c3e7abd3ae05e1425a2d716948087249360e243658ce4f76dd7e1eb0b8ad0c9c6035b7aceb67ec9e37c4083e7c45f1c8fdd04b40000000d328cfd9f1bb8d170511f740214ba7bf4251adb97ce75799b4f5c149cf25ead01431b7bea768926085a8c659fb35890a58e797e2d186523229a279b187a08202 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{38604361-1C57-11EF-BDA8-6EB0E89E4FD1} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0d81f0d64b0da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2940 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2940 iexplore.exe 2940 iexplore.exe 2968 IEXPLORE.EXE 2968 IEXPLORE.EXE 2968 IEXPLORE.EXE 2968 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2940 wrote to memory of 2968 2940 iexplore.exe 28 PID 2940 wrote to memory of 2968 2940 iexplore.exe 28 PID 2940 wrote to memory of 2968 2940 iexplore.exe 28 PID 2940 wrote to memory of 2968 2940 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7a183e1eed516cdcad8eb5e0cb45ddde_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2940 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2940 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2968
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a3685b44b5859e2a09e666a1331c9e58
SHA1f2e34de916d044ed6617be0c8681de292fe0d521
SHA256f699a6e099f6ca240dab85b5aeca271582f24150e38c4b16786c3e688a8961be
SHA51203b826a4a5e05ef36fc64624e095a09ed774bff348daf6cd7891700e584e3610729928b6a62d71aaf911bf57bcadd8fcd034a865d78e1e5b14e7f31e64bab9c7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a40b7f189a93f170baaff13eb4415e54
SHA196534724bf31d850afa31aef8d7b2c6b664dd66d
SHA2568ee612a7e324c2bb888374399b249ff85968c5354444df47744807c5f4acde76
SHA5126f3b84374b0b98611aa1893a999816ba67e412a8012a9e8bd584583c2145aad5f67e8cb340682409c90ef4dbd8dbeafeee85590c4115a21947895f7fde59825d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e054574e2199aa0fa17e5b3b5c4c4b6f
SHA180874d21bdba441cbe2255c2030b6c7aa62256a8
SHA256e36523ca32cc9279860c870c4f5d4cca8c2c11ae14fa325920709e39158bdc9f
SHA512466dd79d16515b7d2a4df7375eb02b3cfa8a052e926a034a06f29d449a402a9f27107a76b405bcf62b1c3b2884847cfa68fd9ad978e2d122d3e517d65746454f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57ef84a235dad95ec67af1d9d3457092b
SHA184c37a02d1d4ff7e5384304ecee864fd81a2cf2b
SHA25649f33e7fcf0db2ae689e7d65f8dc961f2aff390daa722544019c85d38d8c77c6
SHA512fa50aa9b3c3721b63c0e9233b9e28eaf50172171d9665ee9df4096257015c73d48f51de450fe2a10c7ab4f08a8b6ae5c350810c279beda71b161a153e7bf4cab
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5eb12f51341238fa70219245c179274f8
SHA1fee73c03d75fe89ea939d7a94193dd4b8559d5f2
SHA256453f4c0eff65a77b10b49d4cc010176fe80e354b510c5bc30b02e47ebbc999a4
SHA512fcd33d06f6746cdc1a92af3539363650e1339cfd9fe088423e6c9f24c4c021bc42edda6cc355b4aa004911b44068d92ed0d854727a097ffdd5a559db86a495f9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b88a84e46016306be3db52f7841cedda
SHA1a4f7fce7321a0a3b007b7b9e31b27b55925c07f2
SHA2564f6a91483ee253817afb8dc83625a63c3c7ab21a215ce0a4e99fd40ef7732e6e
SHA51294e6714e16899ba40ae7175c117816abdc1d0ead9ab7178d0d87510abe03fd6dc96a9044a709af333256ba85a00632b7daca8278e12f791a159bf0c5036168e7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52ec439ef9dd4aff6df270c8700aa38de
SHA18cc5347ebe5735ce3f46c6de56fef686a28f4058
SHA25617ceb9ae4b43b4adc50f75acd9f689cfa3f988995eab8d3cf9df5f6c120cf661
SHA512966e39b1bfdcf1e693722a62739d072a27aafd9bf92d9e82ea9f8f7a3d0f47720d264e6484aae7b8b3f4bda9bb607ca02e446407d0e6c78b5bac5a9b35f87d86
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c6a0b47c00ab500fe88387b472ac4bee
SHA144e4f70e44e6fdd0f7bebaa0dbca0a1d02b4771b
SHA2560c654f6e10cdbc06624388da3440fa95659c7bb5af8615e34837c7defdd390b3
SHA5120e61f4c87507259078acfed8de3966a39bd5de403e26398f0346146da1965449ac5e27abba2c946ed760b566c5111123b054b8eae2a030888b7dd95fdc245f19
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d427b96a1e336422638a818e5d4796a1
SHA1af3d8583d9053af83cfc6885748b52cdee0669a5
SHA2563120a32522fd6b8cbea72dc8f359671883227ac5d40264674947780bedd64958
SHA5123a7f45009742cf6151379342c9538594ddb1b64cc643ceb33ec89a6c75dbcd0f96040104e31376eca98f521bb4bc4c4efd954d4b31cbdcbaa6a110cf789e831c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d714326d085a88b68e27f1efd2ca6d9b
SHA1e45ba49cb7066f920447cd1d2e64cbe73b5dfc23
SHA25677209e2f058be383f683f8e785e093965149ec0e46a47f676dbd6efad33dfb8c
SHA5125f1bedb4f1d38eeadf9d9f9f5c0a6c3b9d7a833dcf753c58fbb76639f88e73ccab0e6bb1906acca796322d8d7951d975e8ed9e9c5476fc0db333cf09f487c40d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5012ba54e02137aebee3855930bec18a5
SHA1707ae6c3ebb758f782a8a7acf119bb60ff74e17e
SHA256b0b4860fa9cae8d44d065a965897441ec3f0bc37572117ce68366ca30f3f5598
SHA5126909e28cf86017a6006eac2d8eeda6cee7e65abf0e2d9896be0b6c02efeefbe0a038a759695652bf26158170f38bde1fbc70de5b8671a529f382e660c067e9e4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5faac83902ca2dd5e96ccf8c9a89b1fcc
SHA1830dc7aa6a1375e04925c5bb211f3e6e96202619
SHA256f47a11dfae890c8e03edfe656d75244900b42b429d85ff2abb3ce647afefe639
SHA512a81540c8e3112dc9ccbdfc9a20a9430ef5cd2cb801895ff315b5a28cf61b47750d3aa6e11aeb82ce11837903e15ffbf5c68859c6e64802a96f61b27c7e0b4fb1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD502622ba67518c3e8962ada86072965d5
SHA15e3e778bafecf78a2f274f21f3e65ae3b22dbbfa
SHA256fe2ef7951917f8213daac9ff442f2d28d9f8cec3bb0e5024bc06236ec8f9a254
SHA5120ef28cdd75d0334711f8b99ee700b96c60b37f7542c997d25e98248b95707f244f7363a678ec5ad2a1d349cbd59519b83f955c2f72b6fca5691993f544fd6ae6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD536c7bff0f6348cff755b39357b0dba75
SHA1f1682a1d9d39a6248ba84ad637519959fe700551
SHA2568b94e2fabd56d3046e702d35fc0424048de57f2f5d729044925bf3ed7e7b045b
SHA5127642ce39a6d0f9de30c8d4991a06644a35154dc45b8ead54ea6f8164582b7e792c6d8ac801c2c7f055e23205715780235953784967401b29034281f27df3f8cd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59f0a1e7c32d007ecc6994da10c45a4fa
SHA1ff4adfb916068308cd19fcc691a44c2557bdcb09
SHA256d77b1f9a4ea41296c66d13722a54f967513c94f63710ad62394f915c4158a9e4
SHA512ce3d23a25e0b7482284cecbbf14e7f6cec95fde4c1ebdb8b4bacdb14e2f7b0a40a410beecf0a47ae61ef3259ceab8c9aad869ad3f6002386f82b8f43b4ce8c7a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a5d2c2ab2e5bbdc27297043329c2c658
SHA15aa31057798b754341a0995de1f7de5b2625b5aa
SHA256ec03d98b359de4dcaee234e5ec3e11a1889e9304bd54d586b129cd64c60db079
SHA512fd5bc442e37a7d6c4d24a812e164d218c24f8ed6277dce8037f8b643a7f167803922614918b209657959fc71d89903275f609b8207eb9ce7e34524d666c37b51
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58a0b5f81694244c67604a9d8effbd7c4
SHA126d5cb1ae79408f45ec5ea84f5f06be3d7b74dc6
SHA256f820d6c78b921b983c260173aaf869be5caa6622fbb689bfb9a220ed91723d58
SHA51211a58cf0ef4452d2e9f3d1446e0bc88513b1315123e8fde9dcfb23cf8a1a7f2b1c4521420785c87f783d6113570f2161987762b93e3ec1d025f9acc8d3c5c411
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD542125d56afa6c2e1190d599747ed5df2
SHA14b9a1541b3fc1a259da94b6df68b9b1c306baee7
SHA256e1e234f2731ca53e8b0d247df2d6f0d1ec27446904b647e61adc98f5c0e07675
SHA5126cf9927be5e4f5e468eee37e03a46dca05f8ad7220b189709e2edf6bb714750e05d3e46f0c46d949395d7192781ea284deb80ad9d839c5432a397a8062ebd0e5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58009ef94757a25f9edf4ff4e4ecc66bd
SHA190d78ad1e46268ecb67558abf43fbe51ce9a0870
SHA2567027ec4e1338285e3bbed110119cf1722e8c0900c90cf719eef4c2627a0dbaff
SHA5122d5fdbcc97d5629f98f25b33b3f3661b76beb47c3e3b0bfe6ac571e872d1583af89705f61c7fd6b3073f7c25af765761cf7cebed79157ab2d41ee47b5e5acfcd
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a