Analysis
-
max time kernel
133s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
28/05/2024, 20:25
Static task
static1
Behavioral task
behavioral1
Sample
7e48f1989c5770524297e05eb74cbff4_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
7e48f1989c5770524297e05eb74cbff4_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
7e48f1989c5770524297e05eb74cbff4_JaffaCakes118.html
-
Size
3KB
-
MD5
7e48f1989c5770524297e05eb74cbff4
-
SHA1
85d2809072240623f90705d80d7719e5aa8336d6
-
SHA256
a747de666ffcbbee0151a106f40023d75d9e215ceba5330fc097854adf6654ff
-
SHA512
04c2095d453a5c72846d08e211409d98527573eed6c8badb7cb35a930393e31ed35e773aa115d4c85878513b06318644265cc570043d0b720450970be53ee9f8
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90ff61343db1da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5FBA1101-1D30-11EF-8C89-6200E4292AD7} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000479b2778c48cca057f3f365987dc39b0e6b91c911626ccb759d74df656c391cd000000000e800000000200002000000048ac760be78a63886f0e2e021d6531be8bbcff20e5d35784c52c85e735003983900000003e895cc01855f40585b9a6f183c840c55bdc40f3fabb0b9d7e6b7bee216d5adf48f52992b736bd50e03f2655d9d97852d758e77bd2ac2041e26773f0c018c195423790ad41ec508aa4cf48732b697649c5d3560f39ab58eba7bfd42f59ba18c02163f28eee4faa32d98f6b8069f52b34f7bf144d2b8e37735d377e4c3b0ceb38aab8f71daa8ae57ee7d809a22978a76a4000000004d057c37d69a77a38d68c0518b39a0022f13965cdb080482f88c3eee22288fac83c4e1584f1e572e7124736fe3b0fe6a5fbc9627403a404e7bac29b4c317280 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423089775" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b0000000002000000000010660000000100002000000058b4dc62814d864198bb30fb425ceba85c1c944944290cc611f3385341bdec8a000000000e8000000002000020000000d0da593fb8bc2dec90f5a5bee194d01b6dd4122b4e9d7eac523a34e3207bd2742000000020865dc66451f2d688decbe052eb2d37ccd9f235db28a4f8345ea1c1a6b10ead40000000ea53dfdef4127dede8aaf50099596166ae45af53b005e5ff3a71d1f67db6f69caab968cc4b5eba3791e4252a5c4b92f79a53d9527ede656ea54d6a8996dbee72 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1636 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1636 iexplore.exe 1636 iexplore.exe 2832 IEXPLORE.EXE 2832 IEXPLORE.EXE 2832 IEXPLORE.EXE 2832 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1636 wrote to memory of 2832 1636 iexplore.exe 28 PID 1636 wrote to memory of 2832 1636 iexplore.exe 28 PID 1636 wrote to memory of 2832 1636 iexplore.exe 28 PID 1636 wrote to memory of 2832 1636 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7e48f1989c5770524297e05eb74cbff4_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1636 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1636 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2832
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f4a38f3f4181e240a60698a5af0f9a52
SHA18d555439c66aa0fc024a3ee705ea7116fdf8a563
SHA25651d99b307f341ac9d72dff365d67f962a4f204349e30bc148cf18fda1ce394ac
SHA5126008898cf8a4331f08037458978b9416f4fb369d08090ef2f94df7b2b6bf68842be50da16d0b2dc9c1142cafa8c0d9ee9135a6d162be38817207b0fc28b0d1ee
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54e5de46bac1c7abe428616a6f7224121
SHA1e76f7109be13b1c07c009acfcfe9d0c3a30ae3d4
SHA256fa4eb70bb06c1d11d6d325d5b7fe655c27a89d15f10d371c02d7e55beb2367be
SHA512d6bfdc049bdb1adf62194c20919b24412fc1402587ec30c26585b0eac036ccc58ad30bbe88c177337becc53d71730921d2993c4bf41a6ca8bef312322f961f6a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD562274dcb5fa43aedcbbf569cd5135536
SHA192b5ea1927b1c2f637628b11d54fc6b44b3478c1
SHA25684b87bf83dd948170defbce312b576bd4738fa21110a5a06ebe7e21e6538c1cf
SHA5122bab5826dc992c4ea5e0d6a2a528873123b3ce0901601b28b52017ed485b2838712287a2af5f3f7996db3f184b7cc75d18c6a44709053a856f73523a36e5b5fd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f2689655e374fda2bffb6e1bea6e3cf8
SHA1cf17832d553bcbec4489263381b8c201ad6a1974
SHA256d34e13d1412e8cbfb0585204c415de85f9b880a3c0527c544f48051d9a141b60
SHA51297b46abaa4b69433334491c5b675609a3b027cc85a0941c92786d0be624b5767c3f3f99d5f9c34f3cc101873cbfcfce1a9fca20754fcc7c6288a1fbfcdddc0b1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5aea8aa700746404272f990b57eb1a95a
SHA13198aa2c9075255a6878cdf2b30ac73c60bff985
SHA2568decb8dbb9a52ff21e55a3bc8e2432200f2f1085fccfd12902e11c888b3abde7
SHA512060cf943e108ca31bef5da4fc0e0cf48ecf33b833757d7e85b3a98145b1d91dab4ff96c05153020353f7339c72c89f1dd956fa7d4c92aa8c09c38df951635c6a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b3fdd16aa21b1ee69a954dfed154342a
SHA12948eb7f097b44628a051a99cf97413a33927fc2
SHA25694091157edf20cf36a8890f2fff0fb26e5c0459a2650f5da629cdac30c395646
SHA512f34408c748676a5bbad2eacd12e9b76eb4bf36b24cdca84ba552620da6fa9e351c8654cdeff723e804a28b6618a3db3a3c8a279a5b426ea1cb0932c1c085cf2c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5871c90fae65f41acd4ffd8be65054b7b
SHA136e6f4583e80c598d376476d046af04920819872
SHA2567576abf6d906025bd14de303706b5d077e61b791f2f35eb1152973c74dd1540f
SHA512f7bb9c4ead251a8acf206583c968f0a33d696e6ae9036dc3293e3e758fc620d684aca808c80702c8920454594bad0b2ff51948919a010a79b4e0f9c8559397a4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5448490c1a9e5663c6605f32d3917f1a5
SHA178cb9d21a6a51bf3541fb5be87ddbfe78e3c11d3
SHA2563f4efbbd170d474620bf3b36e1acea9c597de6c2c0e382d3381f954ab7e52ddb
SHA512a495373a17dceac9a6e0f876b6a9397eecd5c809a28519454f68513dbe41fb8756e0199e48680152a02e3bb5b8a9f8b38f0ab4daa96d21a6c64dd4f45aecdf3f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a68c21b859c348618fef2cf3c6912ea4
SHA1249542068c311fbb477bd451a74ef9365c89f777
SHA256d63df82c072eb49630c5011d2f58d941ac1bd09033fe2d52f0717060aaf681e8
SHA512c9a49553fd09e7af9502c1c4d1ded08cd2afb3b22dd9334e680e5e81e66af19e92b4ce5a13c8f2e4e4dae3347fac30024c36d8c73cb34fa209226a0bff660cba
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53895df22c70a57b19d1a4693930e1a31
SHA12e3087028026c9adcd3bcbca7a994c88dee4120f
SHA256f360c6dfc9e22e9f7c48dd346a906bfa2f9b6f3453fbb2fd74892c83e7b06cc6
SHA51271d1f96b7aac890ababdf74f323e141c21fccdc8acf6cf73c5f5ceb72cbd4e7c631d0841cad0a0940152168b6c756800937ed1e581ebc1b761e7d1c1ce5682e8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56bfdbc9d771f78a748b3c44037e1c7f3
SHA1fcf7308601f92e380a5b133f2fa240e0ec6c606d
SHA256218ae57b305708b65d261068fcc3adee8389eb786431adf4106e2afe4a8e7864
SHA512f07d13f749af251d7fd351d9cd2beabc015cf096b40c3da921ba0201045c04d003a33ad666b841450455ecd1e0e52a8c2267346a37c15eec18aa4daf0dd8a4d2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55a0f8d0de68a956249ebf60f06a09ee2
SHA150d3dd47648458e5971580a925171140a8eb2fe9
SHA25660236ceba82900f71410c513e349231583a749d1d3267b85aa8152d62328fa9d
SHA512c803c4151bbe5f7ef60ead7bbc462caf0ea028bf3bf14ebe14e7c10d0e6034ab68ba6f15f8778145a54c8517bee56e7e825da37f1a5ff20fc2d361c022bc9efa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57001c375290ad991f7b325ded19d4563
SHA145c500823daa43b7e4cbb41b0bb2d7f06d720e23
SHA256d0ee4e17efa16525a331b3f2edac04ee89d6acb886bcca446c95d27e542b2132
SHA51269171444d4e11486ed55400d6e5833449ad748c5f2894663c6f3a0ef75f5ada18790de5abe2d282d33633e027bf8d16e09c32151f02a7139e0b9a9322e29962e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5816086bd44edd836b63d7b7915d3c0b8
SHA1de47219d8c0d529842a82a8e8324d9e780ecdeaf
SHA2560bfcb27d285220b6e43828173f298999b3f28586f34c6298369ec2ea540f6d02
SHA5120b93c7dddab8fc744b2b28520001805aadb8116f80b11846791350e02bca96ba5b2171ae5417051411def64284b53867e55bf6c3b0f5ea690242d8a28fb59004
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58865dc1fd20bcaf95f283c84beb9cab5
SHA1db9bee6af145075be4484fd53294e595c42a893e
SHA25664743e841221a839157388ef0965de9878f95c6e4e49d3608e5909ae68b3faa3
SHA5128fbfacf25f163dd8239a39aa9c324cf1673d372346af5086641abd76ed1d23f67e1acf65c01b7e9c6c86d0b6ecbdfb8fc0d25a43de1be1e25d0eaf024af7cdd1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b80183feb24904e94b26f83d33d01a81
SHA15f42b4690b5d88d38bfb19f4e8dd7ab6e68af798
SHA2562e0d97b68af2759759ec8f3d98ee9d9b55c7a1548a9275b2031755c72f524ec3
SHA5122042d2cf9cce403c9c65dc14f9a3757fff5799107090f240939b860019eae778299590121f15cb798aef14753a9bca1fd441d607b0cd2b1b7c695349b49646e4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5dad1f8311fe3d9bb9fe4d668cd936066
SHA10e583adf2b8b5a561030f1fe6c652a7847466adb
SHA2567e7ec6412a98767b4062fdf1f2e1542e1b9c635f0a689b7dd31f8a21f118cc61
SHA5123e1825cfb3bef880ffdc71397f21d43a780be5c1c77e81b6ec51aad9da21beb8de5f30ba50d584dfbf6d1b076ca278856b8c52b461b658c2a51fce7b0404daae
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f3e3ddc5348de32cedbfb1b887aab2c3
SHA19d3c6f249e3894d00ae744debe3c574fd8f4372f
SHA25641dfc2bbde443d95a2483a508524205a74d9d8bd85b61be7c680b912545e4db8
SHA5121fc2d1b220ef25cec0418a74d50237ba476aaabaf9e82cc352d665854d345e7ca54f31061e4b9a65adfa0b1c0c0938dd4c143cb94b56fe6a3244762cda4067d2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57f7036708f941da1c8e7c1254a68ff2c
SHA1360ac1f6d23050ac022cf9aaf2a5ef80344f4e72
SHA2565e40ff9b89a3a06d7624983a8047f7271131ad6a66f5830dfeb796acbbe15fc9
SHA512851025d93d74e3f49a1319632bec71d828b7770b247e725fefa29611720e729764074723b1b2eadec35b73a50e6709c00924ff0475997b0b46be80656613da0b
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a