Analysis
-
max time kernel
139s -
max time network
143s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
28/05/2024, 20:51
Static task
static1
Behavioral task
behavioral1
Sample
7e5bf0d43e688792f185d14a60e2056b_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
7e5bf0d43e688792f185d14a60e2056b_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
7e5bf0d43e688792f185d14a60e2056b_JaffaCakes118.html
-
Size
72KB
-
MD5
7e5bf0d43e688792f185d14a60e2056b
-
SHA1
ce78dfb6897386357d2dfca70bdc2232b14dce4e
-
SHA256
b1db395481a71e2da38b323f82c342498c732dbda765d017987306d247f8a5a4
-
SHA512
2589dcb81980dd3b5e84efbe4971294e4066ffd398bd24295baa4419c880e738173d24711f3837d2106b32feae98456ce1512b686a102647c58ce88508182a48
-
SSDEEP
768:Ji7gcMiR3sI2PDDnX0g6sF6SpZgf4oTyS1wCZkoTyMdtbBnfBgN8/lboi2hcpQFf:J3yTzNen0tbrga94hcuNnQC
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000002d7a532e8c37298c76ab310854163b6ce4a2ab7e83822543c34b22a74b31992c000000000e800000000200002000000012ef8f2f8495acc62c4fd32f3a07d0f878dcb1a15fabb40e75bec8d24f17a14920000000ea46f17c473d309cafd5c9b37ce764f4679852883ea69acca74090642a162f6940000000d475dd65600c369a883d7c4cd488db6908684f59e8f6d7a7a10ec5aa383aa2a1e040bd47da695e3660d39d22b9e1452c681af858831f1e726c549d1a68d05faf iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70476fec40b1da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e93610000000002000000000010660000000100002000000083b63e74f8c1bd749ad90d14bf390ded6dd94a53d2d1b949378d6c39ebbdd068000000000e8000000002000020000000309d495fe24bd0d9705a032141c2d41e24d54ef3a82c7e075445d0dc65f0fac89000000012dffd1711a44826ffaad47efea4e0024c6dcde59d81dabed9746a5ae38d18b8c1a5e204737c0577f01ed7d4d8ada62f870bb09560757e56418348c361436e81f90db46d4a7b4489dc41ca5b290ab37322c0e3b3d1d4aa8a75b804268732ab8d0e48c3ed0d310cabc8056c9308f131ca9c43dfefb9db529dd5b0e03722161f9f5810b419d3e9a05645e86ff65a7035eb4000000020eb9945a7aa0a0dd2155b108d04f7c5236c79f41e23ecf282d08c50fb23624e6bf7c14183dd49084941c5eae25f846218920cf82a5dbbe7a266ea8bb7d0a877 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423091374" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{170604B1-1D34-11EF-A538-5630532AF2EE} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2148 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2148 iexplore.exe 2148 iexplore.exe 3060 IEXPLORE.EXE 3060 IEXPLORE.EXE 3060 IEXPLORE.EXE 3060 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2148 wrote to memory of 3060 2148 iexplore.exe 28 PID 2148 wrote to memory of 3060 2148 iexplore.exe 28 PID 2148 wrote to memory of 3060 2148 iexplore.exe 28 PID 2148 wrote to memory of 3060 2148 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7e5bf0d43e688792f185d14a60e2056b_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2148 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2148 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3060
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53cf3c6e963eec658b0d2409584668478
SHA1f79ae2c3c84c1d145e49a6c947e5dc522938c5fa
SHA256fc565ace918744bf9820006b15d01018517d69b286dce72a537e360a45f49b89
SHA51299298096e4f7d1bf2ffa85a77d276c29fefcb86653e40316cfda3a7ff7102df9daf627cfe0724e05e4ef32894bf8f7e6593b41fe6dba4380419d8deb74add6e5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5521fb8a345a73cc3178545bcf92d2605
SHA1dd3a9bd2d2a0bb9994a1a263cef3b1082ca24fd6
SHA25602efcce84218f465e2d47ec0af284be3bbb7dccd13333e067c109dbf601a76dc
SHA512dd7fab9a85d27b67b555fb06c566c446efb2159f14d7700fa518ec68a78b569edf9a84a73830391bffe149bc5c05a3103d7fccf17052d88abe4fd18ac12b821d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57d592a541b6cfb36134704deae56a9ee
SHA1c873eebad6bc8f1a29366046a0bf44f837b2478c
SHA256b86e680fd9f5d0f76cbacfd62a6d78a4f9ac54d42736c20b06d89fc3be94d0aa
SHA512ce18bd359e5e436beaf1e21e5c75a72c275156aeca3a96ab69bcf25865ba0ae3b332b5af8272c8175fd3e68a77cc389ebe390e72178a59533f9cf64cfb9387f3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5185763293e46630633574d8acca452c2
SHA149c3d5d8e9b3e9e692d540f7e475dd1904e9f97a
SHA25656527ff6fe8a087540fd5134b4e200b6964d0c401980af6a350f56d384f29ec1
SHA5121f150150795af947eb958a410dd3d7a3279eb96fddc47bd9d41e9f1b13029d6924204fcb6ab9e0ca7922c0036265ced8b7fe5c613fe9ce621e2ad9f6d5a4263e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f747d7046a45d7914632980286de44e2
SHA18217ca24685f0cead255a9c1375460fe8753f3c4
SHA256e7d6c2b773d5b5593cf620edce4017e0cfffe3a909b74865c000e08850a436ef
SHA51272ffa6ea3687be7606e212ae57a7f33bf9045e2a4a8a139c9759c215149a259f1e2eddfdf8646367121a9c18d5f46d40f091af7e0f26824c5fc738f8ad443077
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51e1ca0f9e9bb0f1d7ecf585140b8cae1
SHA1371ad25f426313c7ac6eb109e8bede878e8b80a0
SHA2566c054f7e6cd3421e88247c3163af228b232b8b209db9248168e52cc5199097a0
SHA512389e119fc4dde2c981554da1f6d22cea2ccae7877fd8113e668e29078e39cffec682d2609edd17b5ea25b05c2c32f31aa87c9987de9c2db468d590146cbed324
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a517302344784b296272ffdfb62f7175
SHA18d56d232339eb6ab9c91bb01878811c0c5214e0a
SHA256801ad3efd6587e1d74718f156a412223997632b2ce48c323048938990baa5d8a
SHA512d64f469fddd4f55c2d3165f2c428798cb7d0ef149c5a57141f2144b7ce4b0ead2d97700fcfca517d52b83d2748581e76a1e1e3c5b79f52411d6d4aa2ff6ce459
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d1fdb7bbb56b51a348850df9e411f3fc
SHA121e6ff9505ec14ae2b6652b446760a3f5195621b
SHA2567c900d3db9d687cb647ad0f6683f8921c7a17527d6db6600e2695e0971a3ccb5
SHA5120cf6be685bb2355333def58e14b0eb1c35443c1be7d869eaa74f01be0a6fd3b36e24229f56595b9c4e16a87f8d7c0890ea7f22c1db02f8855b0407ff61d8c868
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59bef5174a303b51bb463d9a96d3d850f
SHA12f91275c21cacb297799283a91a0210546194769
SHA2564b394a5d9d8186636e38911d29edb89b2a6a34eed04bf055345cd23ecb28f1b4
SHA512cb8fcd1040bec03fa58162e5541ae2eb0eb1f1501fc04bf6a09d2d07c9bf117c97e9069849f38c6eecc3f3581ab55b8bd919821c14a59910f23341a095ef2137
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5681c76bee1d1c0ddef07a6197c8f5c88
SHA1465f5e613c62b73a39707c2a00776a2a0ec12623
SHA256508d68d59ab3a77ed0e27487cec60ac1f0db3d7eedc70cf391b5756a619018aa
SHA5121f902fb3f7b862b42f8c29555b682299f0ef6572003a2a4d26178825182f32619f73d87dcd50e8b22238e1fb5b948ce71710bbc53f7a5d439366061cb02b9882
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f0014852943fd456d9ee8eb952594b8d
SHA1ee6e561e0f1505fc238efd66872b5a2dff1a6341
SHA256681688ff4cbb121f75167ec6f3f636f55dae1ac4e8cb78434dd9461f8505e1e0
SHA512da30c0537d8968cfcc9b30072acf84ae6c379d156d56b1cf514a6b44ff21f387a0b2ade5ee609c6cc4a86559e7a70840c94eeea24fcb3ff6e863f53d2f4da09b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5219a84bda04e4b14e36d13f608110cd7
SHA1e495459db4abc36bed82de21cddec7fa86d4a38c
SHA256212acf64862866560a10ce4118383b7c9291347c93b30512ede3b3bebda4c53c
SHA512f107dc3eba9fee60697504cc180f337040e7fdc15e5e5b29760e3993360df9392912329032e5a768ca2de839b8cd7841ad00ca3436c30802b46307460f13d10c
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a