Analysis
-
max time kernel
138s -
max time network
140s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
29/05/2024, 07:45
Static task
static1
Behavioral task
behavioral1
Sample
7ffbeb6376a935e9f84060e1e6ee2988_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
7ffbeb6376a935e9f84060e1e6ee2988_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
7ffbeb6376a935e9f84060e1e6ee2988_JaffaCakes118.html
-
Size
116KB
-
MD5
7ffbeb6376a935e9f84060e1e6ee2988
-
SHA1
616aaf9c7fcbb03819a8a90523e9747b4f78d447
-
SHA256
6a2dd56521678b9b5ee3fa15af5e407b3e4b3302b8d7733c8fd4dc4a0960c441
-
SHA512
49314221a49193266ab63d91205e8ad99b592c3e60c530af51a0d08920698bcaa456dad2e54265edab7f496e300fe3d87c6c22a80fa9a6c7c2b0f5e55058d5cf
-
SSDEEP
1536:cggLMfGyZxfHdWIIFFDnlrnl+Uf8l7/vI20e:cUHXIFFDnFl+28lR1
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000579c666a16a2705a217cc3b7cd73c3b789da314038be2727906dbf41a91989a9000000000e800000000200002000000098338de46bd5d8f5b64ea9f5b3c6df8048a613b1e37e2a47761c0f8756eaf361900000009140e420a79d7c4cd69d956c8cdeee5410fd8afec60d64a6ed560143629d521e4e860301c850a3eaa1f0670b3ee5d2c8efbbe3b7e71c6ec9c152c6487315cc212e7d9a91fba55abb964ff10db8cf114245df3b6efaa671c71f1855d7765f9cb39aaa7efd5275b7445d0458c6d63a3632092fd5e58c3b8b2b0caa03fce80606722167bd6124bd50824e8c7ff150aa3b8f4000000090901deb0dd0ce6712f57d1ae848611e5b28464fae022a31fcc6c13bd4dee5550cf8e6eb33d4a14b52f3e05459e591e95749729ac98a5f1d83847669f06ddaeb iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b0000000002000000000010660000000100002000000007aeda2a3974f63ba3cecadf192cd91ed9e940d6e08aade895c58cf69bf5c014000000000e8000000002000020000000e24e254a5acfbc078bf7242d6ac6b2417ff4ce9dd81f483976d64320162d5df520000000b83917c30e936bba833ffc0eb5345421c7e202c6fb0b4a07a8959df2d611216740000000298cbaaf130599aff40d77415a2c831a3cd690413cce596056c20845bd55ee77f917ce333b3b5421ef370f7bbdb5088ee082bdbc727762881a86dcbfa2fc0554 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 104772349cb1da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423130577" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5F938171-1D8F-11EF-ACD5-4635F953E0C8} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2136 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2136 iexplore.exe 2136 iexplore.exe 2924 IEXPLORE.EXE 2924 IEXPLORE.EXE 2924 IEXPLORE.EXE 2924 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2136 wrote to memory of 2924 2136 iexplore.exe 29 PID 2136 wrote to memory of 2924 2136 iexplore.exe 29 PID 2136 wrote to memory of 2924 2136 iexplore.exe 29 PID 2136 wrote to memory of 2924 2136 iexplore.exe 29
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7ffbeb6376a935e9f84060e1e6ee2988_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2136 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2136 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2924
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56ec97944d8f969f1a26f188971d071c4
SHA1678caf8a11bc70dae53dc1569d082a5302652d4d
SHA25629a5bea7fec589b26cfedb5b71c4a0974c601631c02c3ab45bbf627e25a655dd
SHA5121e8d2dd25009052045a06e12914ef73d671e5074c81930d790ceb03346efcd43b3a60c94c6628bafa3c05982d93ccbaad4d7a884ebde1da0e51c73a53cd9efd9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51efcdbddc47fb69d4848b7889c3ee7bf
SHA16129cfeddafce9947e1c5b3aba320bb32a92248c
SHA2569172b000892ebe5adfe0debc7b6cf6d11e272d4470bf528d11281f5b1d75f8c8
SHA5126e1c0e6310c4687aeec5619d567739d99c69d08ac90c9f90bc5e01fa5fb5738748a0b044b778e97fe46b5fcd6d70c20ec7c7e1a78d21003a1773ad4e792311b5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5de6253b1fe1b2609109bf614a9fe46d2
SHA106912628247707eb0d3c81a0415b79e1a7c1f0b8
SHA256d4478899bbe1bd0634ddda382a3b10ff925eef23baba13230b260aa8adb49eb4
SHA5125bb8e6cf5bb6ec57111d8dc6d93baf66d2cc06fd272416b8d12b2a87b22e07ee0c885b70402686ef70b251ea2a0c3835b0fed1f568f991f15ea46719eef4b454
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50b1441ef8bd9a354c889b41b2f310a04
SHA1ef3d05395e891fe584dab1e7c0627221f23cc39b
SHA2560a6d8ada153280775900edc8aa6bfa9b7327ef724ba1b82576ce1367919cfe46
SHA512c23c3acaf2764c2a30ddbba8dda00328d4ff4a6cd6fe5dd70565242a75ed673125926d2f2a5ca4f8df2321a4b301bf8ca42484fd132e4c7c67e590b17dc642b6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55d7efa0caaa00646ebe0e2ebab9d4a34
SHA12dd239379099866d4c5065cde521c2585f3251f6
SHA25636b9eedef7a688e6f1260f50e02d0231a02071115a8b095267e03f2e9f410866
SHA512f4f18a86dd513b4f7cbc0e2a838520cd4064b3edd1c61001948244320c0d80719134ad3eba0cb6b3d390c9460db8a38e552413b8920c57c9552f6cf07c6d30bc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53b22039a10e4d7cbe18866970b8c58e2
SHA1fb6e0e051705c3e5d7b79ee39068f079683e77b5
SHA25682c3e101ed74424239eadae0e955c1f26e9399e3b34e74cd90c0bc21aec584a7
SHA512f225173ff0db0cb0b0d78797784714b03942d46c1ef09b4d3b87d8a7b76fc0ac15442854c9b4484bdfc1a7e42b32a65268a1f6092dce5f41be6694f0218e76db
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53080edd9bbe8a2c659e60c102bf32c60
SHA12db92fd12de4a6b08488f1b3f30cf0332de52f95
SHA2568386919dfc640f3008903f073750d0abdcd8ef97608818e793717bfe8ef2c8c6
SHA512835adf366b36b15a450d50faeb1e9a66f9400e1f488de83e54bb8bb7e587545edf3d471f57387b21595660e3febca460bb4321a910fbce59e3b65915856ea344
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b47182af3fea5c87d48b8a645e328c3c
SHA1cef40707d00e856285160d2611f3b5c06d82063f
SHA2564661465e31b2494cfb6d3160b3398b88fc9bd74bd4805333e9c76085eba78a85
SHA5121958afb76cd50206b6ee3c93cf9aeae654358ec5a43c6ba9c9ca9b1b958c20f6510f7ab6f53e270091cec3ff39aad7ff0619faeba9cf6e52148ac77ecd3646de
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e9231ff6d743ee065ef711c38421a852
SHA1287415daf0a955a69cad04a6a42d669322ee77b6
SHA256776118ed91e602e4a008672a6390baccbfc4270cef3b2313413bed7033274f58
SHA51281d2e14fc246636021bb67e64ac14492ad1945f2d463055697b7bae8e06c87ccd8590b66c67ed9074f305fee535f090747a346e1487a1d700f89b0f923a0a150
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51c6211c293dbea89df26c29779ddbdf5
SHA13fd35688751c3ff59912b4c37b7bef63e32f5e0d
SHA2564638ccb5e3a9a7c04f80d266ab675843bad0fcc40977adf3ad55918a8256563b
SHA512d4cc1dd138d0650f319dc3177b9fc41c82a3cbd291457328dea7f40693545617cf095efdaf1f440b9c29a152dbaeb68c1c239561721a51fa8edefaef96a8d397
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD501873c756ce8a0aa571a6d67121f95eb
SHA1df41e36ab3d53762f64203845fffef9d38b6aa30
SHA25632f82266a69630b21c6bb90ae629beb91fd86706192cf3a3b5f26a61a7e9ab39
SHA5120edd4158501da2aa2ebe81c9e818eb6069d23410d0a02b504b99a35c5e81bcb7028a2be78d8373b07052886e13a05560de29d8956a10051195e5feb5dd1e32cd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5983b7de58808bae8111110877aeafa71
SHA122415f3a4077847c4c92abc12d1763fae99ce904
SHA256cf461ea4d108790f20e16be061a14cd0a1ba964d05794c8441d46ce3cee41bed
SHA5120ab9d83291dec2060eafc5773a76a13bf8beaeca5de27c2c8e965998a286277581b0bfff73372e7d9b6ae546b2f2a536e130f9a2dd840323cd6bfd814e2e4bd5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d809c7b0fe5a6da7e6537396f33c5b52
SHA158abdf5691b69ad425b96b027c9a4b08632ef8dd
SHA256e3cd6fd079d36dac3f587b7f1671f4c198c8b9a547285509e23e75f92d3a5496
SHA512faab51c61c24428d7ca2faf14602ba592b49449950ee48b5a101925cb8641186922e5523723a7a5f7ef6dc33049fa280e27f1fc585864d9f117504fc4747a97b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57e233942101ac0a1c8e4fbb5c88f1672
SHA19cf2f648ba7c486dd2b8f281a726a00c1ee33cb1
SHA2562782bfdbc90a315c74fd94b5525ffa8fa3f4ffa47868efca52d25dbc355de0ac
SHA512c921b8b3e1da6be7a666724c1e1bf5198f0c7a746d4bc2a774c4253f5501a071499300883e43cb964afaeac4a3f21e637464c64e18f71e071bf56775039b665c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c9d21859acdf997d9a16d631a22be81b
SHA1d1eec8c6b99589279f23a29f388fa944a949af52
SHA2566a9e5fd68b394815a46d2cc88c21be05954c79e235e77d8438cae3e6f0f22343
SHA51288205bf7e67830e8af3615548528215bfddf73592e291443554fbe114df5c737e2832c227732dc433340f7b0763a138f60713561dfac72734ee7c376d93774dc
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b