Analysis
-
max time kernel
118s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
29/05/2024, 07:44
Static task
static1
Behavioral task
behavioral1
Sample
7ffbc00c6525919b3958bbbc02d35855_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
7ffbc00c6525919b3958bbbc02d35855_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
7ffbc00c6525919b3958bbbc02d35855_JaffaCakes118.html
-
Size
460KB
-
MD5
7ffbc00c6525919b3958bbbc02d35855
-
SHA1
3ab322d74ff01e0833ce129992ecdff639e93f57
-
SHA256
e747dd9bce1d190301549dd08c30af404ca476504e810ab12e80456c307b0d10
-
SHA512
0051906e60849cd3c861a2dfb6623991a3dc5fb79278ae322527548412974a0ce713aef1d7d75ae589617c220bc55f057c8b597227d720441f875cb18d80a4fb
-
SSDEEP
6144:STsMYod+X3oI+YtJQosMYod+X3oI+YcsMYod+X3oI+YLsMYod+X3oI+YQ:w5d+X3X/5d+X3k5d+X315d+X3+
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000eaebab7699257443901409d9e7e2ed1a00000000020000000000106600000001000020000000fae8b36cb87a585f7e9096fcf12050e8dd8b898b91f00ccc08e558fb79ec050d000000000e80000000020000200000006538effe795f2f637af76c11e5fc104e933b74c6e8fd09e2a6635f2432e94f2e200000009cda465e8941a7fafc12b24e89c6148216f25a206337621e941696508c33338e400000005f895d95d4d7b4de5c9bd7c2fbf85425e713ef6c6467416439cf1280440d1645bf189408197f72c9e334519eb665ba18632f4b50602b38c08742155bfa363e30 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000eaebab7699257443901409d9e7e2ed1a000000000200000000001066000000010000200000004c2d9501494ed57ae86145a9960684d891b42ec797111c04ee7f96bfc657135c000000000e80000000020000200000001b7358c696163e41853f9f0ff810dac2e3599efb482d60c95414b2a41c02adcf90000000fa1de41d38517e9bebe70a2c09d8dee7ad0d8c55e44d7fbfef12608f48da3ba15ed73240782b79cd1646d6b0507136eb1afcd7a616e3b81cd3ced9f1522159957500193b7117913710f9b37f701353a0affc75b90ec97409280f2b33c83bd78e65f1abe5be4187ea839ae83083612206256db50c7f73b75303c1f7cb254a828e445b2097f8a325769993b6bbc3c662c540000000efa54f2848456e52c2995bc6bca2068ca403feb3b5fe3ac9cf0e72888251c5edd830a17121be20a93020fd4160b29e3cd08e3c1643738066c6ff7540a781c017 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0e19b289cb1da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{50177491-1D8F-11EF-A596-F62ADD16694A} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423130551" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2356 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2356 iexplore.exe 2356 iexplore.exe 2584 IEXPLORE.EXE 2584 IEXPLORE.EXE 2584 IEXPLORE.EXE 2584 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2356 wrote to memory of 2584 2356 iexplore.exe 28 PID 2356 wrote to memory of 2584 2356 iexplore.exe 28 PID 2356 wrote to memory of 2584 2356 iexplore.exe 28 PID 2356 wrote to memory of 2584 2356 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7ffbc00c6525919b3958bbbc02d35855_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2356 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2356 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2584
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f88b3a159d82bf2d391f44e748d9b370
SHA1db0147af79d8f2f56f6c03eae3560f66159ebc15
SHA2563b2c03488cc08069963a441157ee4e05afecdba06fb520b5d30ae38d01ff5897
SHA51215fadee1a7ccccf40e58bd29501a4e5635efcf3aae33eb5fe7be3dabb6cd216737c9d3df066561cbd17e39582fc9dcf60e8f8c54615954ceb83cd4a7a8f61ff8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD565eea398ef5520ea3ebf7812cb93f482
SHA1161be96d66f8fe73408eae4f5f423c9cbda42a64
SHA2568f0e6521d3ac53996c900a5e0de1b10b5881b4744c074401d7c33d42e661504b
SHA51234dd2ad3b4f3e84d9057c74015a88876f9f6df27a3358a42e523ccae251da8e5d35ba2d1ea6ae7ae3365180b26ff7f4178162a38d4c9bcf4cec5008f2a4abece
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a3fbe116e747cea1c5e1de1ad2aba392
SHA1add410a383bbbe83073af411b076e5a34f04114f
SHA25622cf9d5d4576c54694d445acb4525bf48d5fe8ccb4955e79072f41de7565661e
SHA5127057f481cfb6e645f276934c72f2242b7a3b4bb0c0e326e6256de41d1dffc2ebb1727a918f327aca381083334d1842a65bcfd307f8a22f9d0694252bf8431022
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53e96ede60da6f7c1082186b35101c292
SHA13a6cd3e1650b1793805ff62fb6e7f4993b31994c
SHA25637e8cc60f004adf68a3524aafcd2702a9c7b2a0783401105913466b38b779991
SHA512d6f378d7b23ca7210eb95c50103eb2c8cc26b36c750415b127adac789365d8255761866ac676bc5b2de64c9877610db7b5d3d4b667ac85e95d689487a83b1ed9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c05c73abac076cb2b673b76c0c44d9b8
SHA1d0ec2ab59b1d6759e8cd48bc5f414fd68fc56eca
SHA2565e8adee5a7157b025b4215264ccea4970e05dbe3542da2688d8dd4148d673497
SHA512e61ebbdcd135923ab95bc043c2b72c347fc145b208e2a24b47332fcc00ac8ab5f7b176f8e38aff7203d07a4653c11d55f0dad4ebd3cbfd1ed52655bf7787dc0b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD594a09f2024405a5f851cc63569438a3e
SHA1d74b728a36ef934cac8d23f2b0fc8ec32f3c766f
SHA256238c0c3199e5a55d2bc88c773c7f5d729ba14ec7c989bb96e9e21ec9778530fa
SHA5125d40c7dcab3570ff48d42b4dd510d7a4363164e90ca2e152ec6a2aa6170c8a80c7936e552b30edfc3b408a14bc9f16406a3290c29f7b98de8356d0d360b598e9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a5ebdbb7c9e78464b21c5409271a3cbb
SHA105f1d5c69c444bdfaab8ed175e412be0b9792bac
SHA256719c1283231142d471cf7607576b31d090388505f14619dd04362a357ebcdc2d
SHA51217afdafbba78c5557131ab653dfb3b14728572de76c48a3bd45eb8bd9edc31a611ca386b2e2e9201c79137364339fded3537bc78cbcbd6f9c4f3a73c2ebced49
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5088f3a98b4f0f32bebef34c39ad96b1e
SHA169e4bab3e9a57595bf4250ab96a9952a466b4bf0
SHA2565379b2476c8d3920473e94d89a1e9b87a7e8020818734d1a057a773667ba401b
SHA512a27baafaa586f7a0a7ac0bb20a774c4d12982d18c6623a0c3231b98b4a3a051c8a525daee5af419815f61402f56f75bb4b350094bca5621bdfca2363cd7bef2b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b57b67f0419792e825868573dff2cf64
SHA10b4c7f9f185ea51fd0cd37356eca4d5e6999c030
SHA2561a3a1c17b0220843e0acc3baf54176d1a97ed18e461534c98e62c29749207be0
SHA512800a9b8c60527bc73ca4d7ef3d1ded47a7c6b537c101776cf2b9671960ca1ac4e5cac81cc10a44d0d6a74e3f675d5818b62db2739d321a825e2db79c2b642e91
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d01a63d2cbe30d8e8e988845ab11113d
SHA16ae5fb3fd62d99e077baa4460d16bec5e9b1d3bd
SHA256e7f128d36a33d378cdbfb6e07e04f28ef5f0e73ed171dbaab9b357e2bf234517
SHA512b2a1271df16f68a921adcc614858e7845c5018dbccd72a60d2cf701dd6f63dcc0cfb5ce2a49ca2c04a498139d11445c0c2114c2d902e16e7d8221c1236e83655
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59b7ae779e9e0ee2419a780f3c3c59765
SHA100db89f5ba085524d1f902fd3d7a12c99a7e9aac
SHA25656b80510bcf84a225d4ef9ff775f1b39719d19321335e699b3a7f4d583736ae2
SHA512a8ba175734d71f12a219e7022ff76d0ebf1889f0916757b3f00e4992bc50cb53de4e6a617010e5363fc4334a2a1bd1bf9e5f5f838e8b6925eb275823d5e8edca
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57776f9c9e98587997de3d08cf47a4c3f
SHA1a969a7c86c5e071b564f8e8a6beb8be0e79e3b00
SHA256a176705c7bef188b29c145ffe7e1775c39b719fa2e1e2c19b7a41263e0eb5c1d
SHA512bf179df6ce78d86ba51468aeaed390c1ff85e1940376320d5e893368852f8e05d623e4409cb7c72b3fe5ae551b384800bb9d9c0f284099bed5d8ab7e50991495
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c91be0e3ad44e21e7a6457f49aaebe08
SHA144553dfac1d64ada7bc58ac2870ff32346481456
SHA2564db0d3d4b75153b05cfce015d647165277fc47196b3a79971b4df34b928aa885
SHA5127e8187028c8380deee851daa9da44ea3aa3e2ab5499300099bfedfd8091db3193ded4c7714f8e49eac10093a256a356333ac17bab3f8fd075e684c04cb6fec5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58d3bb1fb7a17fe2a792d75f71421c25b
SHA1d32803cf3bb3b568b51716120d315d255a774254
SHA2565fe02123c84a55f49579383f47de83c0ce70f18e6335f73dae71d6620e5fe0ec
SHA51260d0141a5a8baae02b1b2e218b4463cf2c204a9ff4d456fe3fcdb9032714f6c82fd6932f123ea5254e3bc70f0ba2e46b768ff338684408bba5b394de866b8c01
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c560141167863c35c70faa5bf0745832
SHA1e24cb29b9d4c20139c73bab438cdc27d96d9f957
SHA25612f661b37ad64bc6d65f499e4a2719cf682685bbe42aa44f764f34115a348a7c
SHA512ed3d89bef1ffb85ab4a2b3d08feadc2d75a653d47598ac15a7c691501fbe7c8a96267ebb388cca594cccee71f024dc0a30f3127f2fd8be1e0caa0d1682a0d25e
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b