Analysis
-
max time kernel
134s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
28/05/2024, 20:51
Static task
static1
Behavioral task
behavioral1
Sample
7e5b9c9eb767bc2d6ec378551ed1a292_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7e5b9c9eb767bc2d6ec378551ed1a292_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
7e5b9c9eb767bc2d6ec378551ed1a292_JaffaCakes118.html
-
Size
4KB
-
MD5
7e5b9c9eb767bc2d6ec378551ed1a292
-
SHA1
67835b90156d48c16ea0c0a1735397f2432221db
-
SHA256
35b1c3bc3f929acbde51d2c424df2e3b38b076bb74d19d323ec40bc216952986
-
SHA512
e82c266e93aa47528deaab84fc3a209acfe7da553ac718252f19b2b6d52403639bdbca7563eeb2bce0a0167bc748ee55d3f391b48ee5eb2d1748dfbffeb42045
-
SSDEEP
96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8oxyv2FSH:Pk7yY1aEFHVKtF37sNjtXATIQFM93pDD
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0C4005D1-1D34-11EF-9591-6A83D32C515E} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008ebe5dbaed1dfe449222700e5322641c00000000020000000000106600000001000020000000fabc6c57917477d5b5dc042d47b05a0e2de3fe0348efb5816be5bbcb80c1d181000000000e80000000020000200000005feab6f412137abd8c193696293b32ebc6c9914ec34db28d325b0cd97be562ac2000000099dd58858176b8b515c00814c42a60492eb5c7cb6ec99ef5cc77830a8e605d4840000000c9afa128b3800a8ab814b3bab6075b0ea6d417e46763ae3ed1efc9f85d36f1d50e18e34c60ff867f361e332d4c7dd1152f60bf0e7f322eb6408ed89db080e024 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d053dce040b1da01 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008ebe5dbaed1dfe449222700e5322641c0000000002000000000010660000000100002000000096a7f44343517939264f884542a41217a4e73a96913be3a399faec022f3d3441000000000e8000000002000020000000c6acb1dc42f5d2fd4f233d227e84d038a8240e5fc9b5227819f6a3007ecaf2f190000000ce7ae486ae4cacf7f7960a5e3548f9f243b5086ef1ddd34a6cf51068be6929c6fe0e08cac3f323888e83368641782ff2f7bc525959f215dfc2f081b1f9abc97401db644fd19d239095ae9e0715c0e9af066b0f34217d341d572019f4d0bd102949757cd91abb869eccc5d484e5bfbb0e39d836ad2375696d3fec9a986df4c955adbc356dc7c0aac80ba2163e878ca739400000004afe00d331a593cf49825d077cdc83f1d7b41b5d02d6361283790ed4f48b0d07deb6a70def010f09976ac6a1173be7ab7b8c1c808ad814fa31c7be31930294f6 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423091353" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2324 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2324 iexplore.exe 2324 iexplore.exe 3020 IEXPLORE.EXE 3020 IEXPLORE.EXE 3020 IEXPLORE.EXE 3020 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2324 wrote to memory of 3020 2324 iexplore.exe 28 PID 2324 wrote to memory of 3020 2324 iexplore.exe 28 PID 2324 wrote to memory of 3020 2324 iexplore.exe 28 PID 2324 wrote to memory of 3020 2324 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7e5b9c9eb767bc2d6ec378551ed1a292_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2324 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2324 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3020
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53a54dc5a0dd93fec9d494f6a41a00dcc
SHA1058f2b0c1853196eb85abed1107a565ef99860d5
SHA25643171b24a2bb22ed3f7011efc3c8a94db841d2d3d852d2bd728ed7137d4e2b97
SHA512c1d3d7094a26c1b41bea05a657208a5a4b339b086bd739c4f1312a0dbe98678ce71869d049ee86425075eac5d441bce254358f8e261e76a426aa457ea70cd69e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5822e8945e943673455bcaeaa9122c4fe
SHA171cbfe551a912a4d2c2fb8419a4100174d2ef311
SHA256b7c94d8fba7abdaaeeb4295de4771be162f0dbc4f9bdd83e8e55f870fc3cb138
SHA512a3867d5c5c566aff90919c03f5d6e345c0a48e1ed27cb556fe7fcb74aad375a1fdebde96288e0c356957c4842186c709f7e8f2260ea0d705c084a40fc8630c1b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5bd7dc5ffad8e5d13518b68347fd107cc
SHA16f9fc3c4bbc53a208f50e437ef9f1ea22177ae86
SHA2560e0dfc91b35c6a08db8eee35cb79c14c462a407919a7f924468a425fa7eda0e7
SHA5123f32988e520ca2c34a2c2a432ad6c929b9d05f1439806474c5e61f1a7bc9f8e52599365ef9967d24420a04df81e13c038e7b5fce1d5423730ff435f0944e8361
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e2db45e9a1b27292c103ab29f9a6a432
SHA10fc95560722ded91fbe58231e38c6761a16abc30
SHA2566edc3ba899fc7cdb3aba51355a42e0c221baec5cc3a170ad6a9b3143ce2d7109
SHA512602d1c817d2b6e4f5d4cc50636fe6717db8deb0743d303f4bdca7f4932c8321ad1a03c1fa850e6ad2b98f12d387563536f232165d72c64390903ee871e33f920
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ffc7d168bc136a00124e739569f1a495
SHA1e8f6ff7a5f06abc6c61aac2ad24a0186eb57f1bb
SHA256c13146f6810899d82588c8c2a194797ff13a5282684793389c2c9ecf4b03fd75
SHA512b052c8c356e0765dfcfae1dfc87386fcee2df569b142b68fd7f47cf2bc1e587a1903a2b62496f2df8aa6d8e5c91a46fa40610efbe4b301322ab809ef2dab9a46
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57fa39b743d9af450b8899e7a49dbcbeb
SHA105543babc0600be3a72a880e7a55a293ebf88648
SHA256bed6f7189de87de01455f890de0820ed1a32ca091024c4bd8820a04545260010
SHA51298e7f088626f7513a60cf0001e9f5c14c3bba4ded820673fad43cd6e851fc6b92824978d19dbee08e75299679c10add4014715f3d0d64ad13c51b9c54185295b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5303e6abc1cfe6cfe0cfba9451d4eed21
SHA13924cd17a49e277c4b0bdbab49d0fa8ae8a25c8f
SHA256f187cae2c33011c5e82618878c4fbcb282f462c712da0ddee86911dee47510e3
SHA512175aaa42efea9cc99723c89f733856b7becc950aab5fc0409a12f9f124a2a8c4fab35aff90ad6c0a7245c2fef16b89c987081c1bad33376c27059c8a21c98836
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD538e752f441eb25eeabbd329a4842d5f0
SHA144efc047a9221457300da615df556c22aedc309c
SHA2563b4c190846b3c146a49551f651055003cccbaf65fe281bb6810200ce2cb337f7
SHA512234f7f2fc7f7b2367658cf2d83d2a91e1833ece5ec07f53581260d035e069c09d90a3fd7589f7ec52ba5daa1a86610eb8c21f3edb3f303f10863c1234263b052
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f142c4ff5bc1b9aa5c3d949624369111
SHA1e655ad91186514b6989f0e0472a406ba1a4e4936
SHA25680efed2ce5eebd1e63a2b4aa7f9d3e7fbc8d7977c3ed9e8cbeab62ef851e2b6f
SHA512404d0467ecbbd467313f2c9bd836d9637e5dfa94342596cb069f96d9f9bce51bbd6fbba9c22b22ce4a556c2f2d66017f5da30ad7291f0eac2d2f5168ab2110c1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a695372b28d07890ed3b962d333a9805
SHA1c7013c6c5c28e2643ce7f23a6ab299fbd05271bf
SHA2560ac820610654425faf95afd29469716080becee94c907610e6677d7dfd406ad4
SHA51244de29ff3eeb6ec1a8526dc7a70dbaa0e0ce8b7918abbf3ea87222348e0811ae5139357fe9eae19e9e194595eecb3596987d5e742b827541fade5df7fd3f7e52
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5fa38ed71cedc527e8ef80dbcdfabe5ba
SHA16c6e9000cf0b9555ee26b0ad0ad057b9e40edb78
SHA256f27f81d1563a9954c49ca8421f76ebc3e92b5b8c083af3d5a0f1e8c397225f14
SHA51242e1a774c4f0cca59957f75e81fce49c14f9d1184df2dc09b017e8a8124f5af6d8795ff2f06fb80e72214516cae33a63a2dfbd802f725221dfe3296dc69dfa93
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD578655f1be4db406f1e1df9526de4a75d
SHA1304cf101e6c0ea15a9e3c6e61da6ca55bf0e3598
SHA256b492014f88b64e74f345ff1be7c0f06030ea0759b9223fbfb656101ebfe9b65a
SHA51210bbe332fdfd515411305d942a13e9d1b1c8cb1e3c5e562ef9d2a3502cc2f320d646498e8381896a0fbc535a39c28db35e2885f14ef42c73e251f0436bb6b6fb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5668c15cfb8e6aa9b4ef01fd742b4b1e5
SHA13c9fa78cfbf6a85bcc6cf88fa5840b2d7a38b14b
SHA256a4f3047529091812e735bc3cd449a7ccb8d13b9cbd86e3eedf8f9bb8fb460ca6
SHA51207c13a07abfc14699e208e76dbf789f9a8f458aefec2aaa20d26f86dfd8e24e83d353dc2fc70e7b220667fbfebe329d344aa69dc7147dcbdfa4976e05b61f4be
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5eb01ac1cea36895e36830c55c9264314
SHA140f1788e214a9bd9b4fb2e42377cb0bda58a2da4
SHA256e50f1f653378b882c4121d1cfae62ce0120715eb0bdf09c582a1cf8591214833
SHA5122395d03aa2bdf66a1a6a3d71f5717e5c39ecf17a1cb87e17107959cacea659ac3a91189054227c3fc2396a1382d0d70968f36584815529289c4c2080034db97e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD506b74912775c288844e10fa10dac1b7a
SHA189470645e99b48169869611ea8175154410f3463
SHA25640fbd40be61a047f1757e707b4b3ed216250d6e971c28515d765063338d07fcd
SHA51279c17d07f5a5c500e68c635df213b3053ad5707e254c1952208696251f4f29f5f652a351ce008389498df553135bb94af03a4890a178c5480d695a4794e7935b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e45873da779567ac5dcca7dcbf38f712
SHA1ac7f1a34c5aababd4d72d05107e992772053d57a
SHA256c0a6e52e1f295a3c36ff13bead7eafebfb6aab88f4584348704f94f13992e219
SHA5125f1edcceb8a96f48652dcd02b9cc044ccca49ec56abd1a89ba0c62ee66c6a847a5b9859a48959efa96c53168d521795d95a5b6c889864a17a0da37842bc3e015
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a