Analysis
-
max time kernel
133s -
max time network
139s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
29-05-2024 13:54
Static task
static1
Behavioral task
behavioral1
Sample
80f735e9cbaead3cac168f5fb9ac36dd_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
80f735e9cbaead3cac168f5fb9ac36dd_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
80f735e9cbaead3cac168f5fb9ac36dd_JaffaCakes118.html
-
Size
69KB
-
MD5
80f735e9cbaead3cac168f5fb9ac36dd
-
SHA1
d163041ee0e553c22d00880edb82c5622821a06f
-
SHA256
404c930027d2e98fcd8d42e2fd3dde6f7807c54284b68d39adb170a643c78803
-
SHA512
2e03542577130f3271ff88e0960e6b5f2e100f211fff22e57c103afdf97669c04f84402e320d2d1024967f0da0bf125ef9399786737664702362a49e95465ff9
-
SSDEEP
768:Ji7gcMiR3sI2PDDnX0g6sea6qQOl1+ToTyS1wCZkoTyMdtbBnfBgN8/lboi2hcpq:J36KD+sTzNen0tbrga94hcuNnQC
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423152726" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F16EB501-1DC2-11EF-8C92-6A2211F10352} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70200ac6cfb1da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a230000000002000000000010660000000100002000000043563a350ed2ba1d8ea1877cdd6ebcf8324d1058003176dba6aee3a3fffcc01f000000000e80000000020000200000007d3e10643c2af30e79a2cb982540c3f6baf7f17852257834b6accf28f073b5d620000000f46ba82f24ffbab3417c7b4aa73759fa38cb2a8ffe902e95421da521e7c801c240000000f617fea7a5539e037377def18be9c0e818716ebb84d5aef175916a007d21ec0887883d43f8a7ac69606f1b6797ec320ec92a2c064b77c9b7927693e2554dc48c iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a23000000000200000000001066000000010000200000002d0c1bcc72d705f9207f12f7efe861767574043b0042c4a8e755f441734fc102000000000e800000000200002000000057e1b638129efea9e8f81b0806e445603cf4774bc4f1578b92f64cdc2efc78f2900000007755391e60e7237d8f52def3b2f28dcc607598892889c1492343c0665a3acfe8b1277b86ec6cc217f1d8057d0e3dc1f62869e11e44d16afbbb6142d1cffc44dc14439212649dbd6af85699ad6fd2575c085d0dfffda99ceeb19d6c544aff6b5e72f65ab9892c7b70e21fdf3327e5067b1a471081a5b981c3a6c1ddf44ba51bafcbe6e5b22eec1d381a088e73cf6960e440000000144d10d76874ddf66f1f9828925298f3b8e74e8b24028d4c58b3fb551ecd91f02c43decaf41ad450834bd2218ce98d710148e64de13db4978d0af2791111c261 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1368 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1368 iexplore.exe 1368 iexplore.exe 1984 IEXPLORE.EXE 1984 IEXPLORE.EXE 1984 IEXPLORE.EXE 1984 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1368 wrote to memory of 1984 1368 iexplore.exe 28 PID 1368 wrote to memory of 1984 1368 iexplore.exe 28 PID 1368 wrote to memory of 1984 1368 iexplore.exe 28 PID 1368 wrote to memory of 1984 1368 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\80f735e9cbaead3cac168f5fb9ac36dd_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1368 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1368 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1984
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5706db0462a27272efcc8c44257047901
SHA1a175c8c41fd217d6d528e398fb4e4575f21d1e24
SHA25697b29be94aa6d0a579122f68242b811ad82570c49fa59b9d1df288ab9b082ef8
SHA5120fd6a152c294ae4eebbef385617b1f10445a07be33427a4a09deeff32b9ec163eef7dc1dcfdb81875623f98b3a480635627b5864e1c1069e407261397f4b1a7d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f0101d9604226da8a79b11d0d0a29941
SHA14814f9e98834983f8d42788ab25d69ab1de4cf14
SHA256b84ba5140e1412baa9d6cc588f7e4060a0bbc79355a71fa5f2bb54033e15ed8c
SHA512c0699c2ecc72876f336b96ddcbc34c6d16288c886cb90123ba9f835f45ebe881e23328783e9bd193c6f5905578b5c4eb9b5506249a945f06dca7483985b7e679
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5610c994366e02f556746b65ebb474458
SHA1fe3f7ce186bfb8fb1a91c26c3495d63ae6bf1e7c
SHA2569f190463ddc01cc8c9b88240a2cab26151294f8a498f9a34b1fcb4812cc59e58
SHA5127ada784500055cf07d473979b65a8b7f5e31771107e9109eb0fb601aebfe9191dd7248a542675ee3920453c8cf7eb04834ad334980854a60ae2465027fcd1046
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD556228322399e5c0eef70a127cc4a111d
SHA15941c6451367449157c762655ce81b363c4cc869
SHA2563ec4087c5f9f53b7a91773f87e039a4e0efe8a671ffc66f502a43032eb910528
SHA512e941846134323c49ac1ea0334ee26ecfcbf12c89d50ca4fbd4a2779ea79227a8d6784c1a9104725cbb16c330e95a1033f22eb7b38f92cbc41af2727539518db5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56226d5000919a0dad21f09be67768d40
SHA1f04f26a4b0f8cc6356195281097d5f14021730fa
SHA2561877e14456a7f048ea6ac49920e779c62a3bc0f177f52af39f669e794fb056ce
SHA512c6956c46c3b659b74285ea84cab1907953460f9068ce4dbedbce64eb9a422b203cc7c35be258f094c1ea02acb7b4bb6e9d2e9e041ee2cba7614582dc2c97bc15
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a1a348ba6d7c2839c5a2f665626ac31d
SHA1199261afbdd1bb939f94df8e7305be357a93230a
SHA25635a502d4bdfab99622baf901a4c7f9c3ad2b243def617150a2b08879a3ef192b
SHA512f12e85f39bb3dff6da88ca04ee692866b98ceff5214c162a943881b968a1678d86815cdd3ee24e04759744c34568a7ad3834fdd922ae15f21f63b07f42b5cc86
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5feba316fba367fcc498e886faded49ad
SHA13b4576493db711c3afe294aadfac22e3d1ae430d
SHA256107b8ec0bdb129f93cd8c574bd731ece8f646b4961388be96945bc06f5f8d28b
SHA51249a439a0dde247762cf7b66f7956280714f9b1cde3f4a2d86feb268fea29b29f08b6710877648703b309a5ae9e13445528fbe4149c4cbf74588bb1b78301db62
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD519aeb91be961ecddca77e4aa7524cd65
SHA1ff832bf35b92ffdb141da8009c236e1ab3c094a3
SHA2569afd3c5a2adfec51c37f7336b4a1c790b6cd6e2878309489dd3cd5a3a8ba1ff1
SHA512bfbd94ca84b884b8d27319b06a710a64a674e4a05cb7c6fda14b101dc9a1f10f722aca75be61116be6e14a228317aadf7258903344844ae1808b24d66f86a044
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD589e2b9adc12f2d50421eb2e13581c836
SHA1de5b91ad3f341e22a315137c24e8f91c2e0ef8ad
SHA256efa055e45b8cd16c9a41a5f12aa818b457577c0ea04a13a613755dca2a252194
SHA5121dc5bf4301b617e8aacf3a653268ac14788032bc8bbfc0b7fb3fc5470849b0dce37ceda5ce2e5391628bfba453c82f10457124be5b57021c8b2b29102328f3bb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d471778c3db64d912fa8492f4ce89ddd
SHA124c6a5e2ce81e0cad0f5a4ccc52f17d394f207a5
SHA25674cdfa1467c06bc1997a48920ad6f832aa7937414a1716d1c0c52187aaed4aa3
SHA5123888d81961e093767d2d27873413b3a43341c40e6242978b04ecf638d461cebb03bdbfeed76730a14a1a3ce36d8e90508f06262d30e6f5ff657ac88011d9d4c2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bf3e7cca94026a7bde6cec40543bd7d8
SHA182176682ea6f618949bac58e510527b16d470149
SHA2569f4b7c88d40017a3f50a9ea6f509e3a46cb4c299346ac137b3769fde58cf54db
SHA51228253b7875e9452210176cde2d29b34595789e49cc963182397e305a818f267db0013b664d8248397bf80837f6924c59ce961f364173c643422375b6b40f05ad
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56b529cfc4c0ff441c4f00c17afbe2f30
SHA19ffe7cac51baebae46c3ed3312890fce3005eb92
SHA2564bcf99873831d6764883c3c104ad591785361cee87bdfb0842c33cd7d56091a3
SHA512c8c14d2f44369c8594525df042548bd61a205d6d19d20b6ad7457dd4235c4c39e30bf553f97bc81b252db8322ea805e57f12220ae14dc3b5662118f675f003bf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b9069f5870e01222ad17dc17aecce1a3
SHA1b09bf739051d29d1144606d42697fda540504024
SHA2569a695689db9fa24391bc81d8eeecc70085c9ac422cb8263d4a3ec9f1b47ff45f
SHA5121b088519a22920b95c73ffb98cb0323f1eea0dbb9fefa9403e2dd4c5076eb63e05c2ff7958203a020346959b46e3cf7cbec3238661eba0e6d96613e3f9c4cd44
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5eae25dd50836bc03f1f30a7dd1246d79
SHA176ac1028302b08858273f95f1768db7740269195
SHA256d31fa1da3c7499b8ce375af9bbe0f22ed581c43f17b3279fd4efe0fc41b001a0
SHA5124f849c73e2e04b96bc7bf63fb242a034c6f5772662a8e59b9c2cf7c5674c630c406568a51c49a3bf1d0e0b7321183f960427080c3fed0adb056df1aa2095e9b4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58066b38f271db7c3d8b5439a36fb505b
SHA12fe7403a5ae964ae485dbe9fdc43b875d140f01b
SHA25627bfc0a317c42b3b1695a7e96d67a5a0d0ef32273e5e1c60a8c0cecdc36f937e
SHA512a6e78edf15cedd9cf6d71a8359ee97a7136cfbd1b8110da77c50da4914ff8b25adf0cfda33e1477a0fab05bd0a9b619786018501d136b2cc4571c7066d9c1ec8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53fc9815fa3da9d33aea2f89c00253acd
SHA11f4901af4e54d6f51a3fc34a0b4bfca779c644e8
SHA256feacaf794a5890e339c4a4da39c20325f56147383e3f51af17667ce4454b60f5
SHA5123670a44da8ea27b0d5a8818b46f09cca45874da977c34fd581b043acae8f7ba474553966e392ae85a574050631dca524ccf11dc3264e83f72f5c765e7bf5415c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5af67f04a70d495534fa8409cdf4075c0
SHA162b9b4f94ac4bb97b91affcb17d356220efd53df
SHA256a99eb3d98a951aa2f98e228a932f3235f29e7386fc901d8f624e7d38cffa0edd
SHA512f559c40655bb9d46cb185cd1efc45cf0ceb375aff6465bb1293f2a6979f5c364597afac69c2ea6b710d4ff447412ead00b00fba7e1895f428b807f07bd8789f6
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b