Analysis
-
max time kernel
142s -
max time network
144s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
28/05/2024, 20:24
Static task
static1
Behavioral task
behavioral1
Sample
7e487aba0fa5376e5fb39224fed106bc_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
7e487aba0fa5376e5fb39224fed106bc_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
7e487aba0fa5376e5fb39224fed106bc_JaffaCakes118.html
-
Size
5KB
-
MD5
7e487aba0fa5376e5fb39224fed106bc
-
SHA1
e64822d4c79949c35c66e4e27660efb1dc5cb501
-
SHA256
2912466e6f547f6baf3fe97db4a5c45726e434b68084e9cfb5c3310267220b3e
-
SHA512
ed515fc4d419bceb210bdbc544b66d88b2ff21a7f2590772efdfddedea71aa124d73bb6337836b0fa6bca9eeeb298ba06747565548715fc6da52db997e0c6709
-
SSDEEP
96:0Fw6nmqgJcbqMAPSA/pTCdajlQPtVHBbFWNOH6MatXMxs1qxXT9tGtEsG21Gqagz:0y6nm9cGMAPSAiaj8LFIOH6MJxvXTObV
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002286a96931480f4199397a46749ea25400000000020000000000106600000001000020000000fca304044a1791d564d3b3bec330bffedd94b57570795916c0592aa16f455cc6000000000e80000000020000200000007021b091669bc2b9c9657c797f7c6070c0ffd1a02b327422e3abeaaaa278f2d320000000dd34b2ce3039c37ffce99a17d8faa125e62739839eebc50d5368b2f63c0a90734000000084d868a2a7299d7eafaf3e94ea6434238c2b565b28c12512a59c0f5f0525958805b80f329868bd3ef131956b7fd0bd861924102d775dec04708d1fcd929d48ac iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 203814233db1da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423089742" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002286a96931480f4199397a46749ea25400000000020000000000106600000001000020000000cdfeac1125490472dcfe833aca543f3c7238c178007339681e154a44447e0cee000000000e80000000020000200000001b8c6e2a1340e54be070ebfa3f7c563bcc78b4fdc6aaf2358cf526b913b03f3890000000513dc600ab1ea5dc5b8b65492f506e197c741e0c73053af5c08456f1740dfb82b4cd1e3c8b144c0c2ba7c1f91487d9ee77993ee0029e9352d9143445d278e5abe6cadc435244d6b95e638faccf7f814cec43f34e8f3120e7961638700e33ae128fa21c1724a9490cc0f01078e3a7a1f73541f14c6976cc4852e0044ebcc5b4c8c2bb5ed42a81034335b76d1030e2c5c04000000093997121a13f9828e5d77244eb3a79a54133d556d04b52afc722212d571ba0d8f05ce929f7342abc612b9db3fef2c4b2c8b27ef8d2ace396ca2c4a550aef36a6 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4C124461-1D30-11EF-9911-62ABD1C114F0} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2024 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2024 iexplore.exe 2024 iexplore.exe 2092 IEXPLORE.EXE 2092 IEXPLORE.EXE 2092 IEXPLORE.EXE 2092 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2024 wrote to memory of 2092 2024 iexplore.exe 28 PID 2024 wrote to memory of 2092 2024 iexplore.exe 28 PID 2024 wrote to memory of 2092 2024 iexplore.exe 28 PID 2024 wrote to memory of 2092 2024 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7e487aba0fa5376e5fb39224fed106bc_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2024 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2024 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2092
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD50710b4c390227a295d111d5503605528
SHA1fb766591b0abc1b8c6f84fbb1336eb618bcee8cd
SHA256991adcb3df0b534a4329d4e00eb22da50fb086a169bfa145c1f6dc265bfad72a
SHA512c67512aaec3c144844666ec56c32106b78d76258009e4a567814afe094f6fa9f5df5aae0c60ff91b187400a04a6a21948894bf6c81febcb3322bb94d4b4163a8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD500dd366a402b95e102b6a9d3b5fe1905
SHA178d216ea39852497786cb9ba6b74b676d9374e19
SHA256a7ab98719a4a3e7c84a792b3a299f8197fd09e975ae713fa17d0c40ffa430bec
SHA51211338ab910c37bf17383bb22db375fe32e5b89ade69bb1c2ee4ad2cd0d4c81d35d835255626bbc1800b0e41bc66ba9f4bace8b5e8de24436307caa67769fcfd6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d13eae759ede9cdab57fc7c750bdfc7a
SHA171d3339850a96618b5356a66364f8650de88a2b8
SHA2562cdf3162a0ce915fdbe403319f9ffc4791ed825541d19c17c399663b1a3e3963
SHA51261aeeab66edd37d5300550573c00dd8571e675ebeb34fd93f29105c22faac0e4d3c6696f37f2c992e7739a4a616ebe4517f8a1bb82fb72a10beb2643591557ab
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f45df7ea5b93e55cafd780ba220b751f
SHA1feb4eaf7019939763f19175664e61e1a7660c3dc
SHA256c6f83d6f07b1272ea5c6882193e4e00cb13c32243323977bf5bad4d1bbca86b0
SHA512338ab3a7288367ec4a3af7799103f4b27f2f44f3958eaeccc98b444c529237a397f1d39b6d9ea94fde8181a65627f8ad71b4b9322a1bc37ad26678f89f5c141c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5df802565594b9f814ce80fb21ec44fcb
SHA11f2a80600f1e3a7ba126814ed82d5a025cedba04
SHA25690fce7f4b6009a6dda9d03328851c1ce95488bf2c1b7d147a2181cb005f628bd
SHA512e646446f515ea246a347c78c0fc7112957769c550f724e8ab4be2d854c9e2c4b34d852ae90f11f4990577476e9d7789c4a7e6d04483922d2397e1760e9d866fa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52c3c2114ea45985bc22f9ddcd11fb9c5
SHA13c924f2d6d21a49256a9df4a02fd8880f6c79ab5
SHA256fae9ad4e10019d9ab2af46c8adab0b023d44b553cdc12ba27fcdb1f56ce113c7
SHA5129779c495e1dfc96b011b789588039e96135ce458c14ae239694b80d02419769b4b981f5b275d743095103415832f643b485b3c24d0b382b707f54ef8f03af7b7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a09726793feed4d1a0530450574e3562
SHA1601ffbfa251909d33a603a2bf806a00340f186c3
SHA25694603f163860c1093162d7b3840e706211ab2b8057ab00cdb53ff04932f43b0d
SHA51230c635325ad56d39c56f6785f29384d953eac42dbecac1d4f6637682687ec54d553f8d30d3d20cac34516f7b2d5c1a19a5b5b0ef5495dce33c689aacd0ac7d24
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51b7dcb5b9fea7dfabf22befedabd1d27
SHA18fc40e3da7a437bd03e497c23c8f1caf6d6fd3cc
SHA2566a3e0c888e4099af4a675e170461a76df4e2c01248813e10b5ae997b6bbbf539
SHA512dc9c4fe7ce79430731ccd62dbd9347ddf0710f777a7f4e1a3c2251f60dead48eb94a3ac68ff7911ed2360404dd27f44d95c86c2ec48b531ab7f662733d52ce90
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b561cacfe1915e78104972a8f08ded5e
SHA1edb884df5a98d44ed3c3877330373b0186665203
SHA2564b4ddbdccc457ac0e66b97ab614ee48908d93abaacc59541aa1bd19301726e62
SHA512ac97c008b18cbfecad24f094445dc6a8b433c48f27c56dc4ef0b25c694dd23213d33600975e26fe63e54505c5a2d399f76130461547c360608421d67a5804f7c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5350d730d7f7c26883c11a4c828e92420
SHA19678e875673f2953ef913efc5e55bdf6fdac679b
SHA256d47ad8d1f3e0ca7efa31f3bd846954f2f75fb0bd76412efb08b566167ca52f8d
SHA5125f57269968bca764bde843e44b209144098314ea3473d7a7edf8ba1e2d04641a89c0fccd44e54138daba7b1b120355206b79fbbe7cbd0018fca5cbccf3cf7034
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b2050bf5754577a293f5264e15c9b50a
SHA120e289eed2e7f35a8e3501c91b29ed5b4ed17115
SHA256693626f16c02ddc625ea42324e3f004300479afdf7466016bf5d5cb8e5df5f65
SHA5120fd80456f3ceff0e4e0408c5ceaa0de7983b12afa4d1b96daf05d9b262634ccd51f4faed9e581ec7a889c8b47a935f2d2b8f5f94748d8b0906e925960caa05a7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD538a3a7514d5a20ba2873c903da627596
SHA1fcda35c820a1731b77bb62d33edf3af6bf54cfb2
SHA256812fd9aa90fdbd54b810fef508d573e94d2a6dd40893cc49b635a5dcf101116c
SHA5120b5ab4cf1d7939f601d1301c992f8eb787fce71b4247473f4cad3d2d377e524e4d90944ba44065020d9b7321f14ed42081dc052b983663e7a63ad600e5e24af8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD5dd0c03ea38e99ac8a49c4650f7a1a675
SHA16b0b33eb115ee2dee91b93eca64db104e1eb97e0
SHA256dd4b211df9d208ba3744852501f4934008f907c4f3380f20ef01253834bcbe21
SHA5122b19fa45a4857ed83a8218450bcf091950691fa22ec1ab1b70586a0f82c46efa428498f560f52a660ee3b1854be7867eca909e6139b9cc5093c23369ae611bab
-
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
Filesize4KB
MD5da597791be3b6e732f0bc8b20e38ee62
SHA11125c45d285c360542027d7554a5c442288974de
SHA2565b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a