Analysis
-
max time kernel
133s -
max time network
130s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
29/05/2024, 15:11
Static task
static1
Behavioral task
behavioral1
Sample
812969125110e52e864ec033007ece3f_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
812969125110e52e864ec033007ece3f_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
812969125110e52e864ec033007ece3f_JaffaCakes118.html
-
Size
204B
-
MD5
812969125110e52e864ec033007ece3f
-
SHA1
b3a8e1bd4b4b690bf7a2425b12079e7db667e495
-
SHA256
5aba65a648c7f419d1779c584e356bbd86718cb81de71f58863032a34e1b1d26
-
SHA512
e3493f9a4906c272cb6695e83c804dc4b46aa86f9580af5340d3d6fab2bed5a1e2950179f09e3b3ec734fb4f781e91d6c054c17faa3ab5e4ff2ad4ba1387f496
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423157340" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000001751e895dabc59b738a2d01205fe343e2f2b82c2773e4cefb234115dc205aa5f000000000e8000000002000020000000e4ad5338c600db1d3bcedfec0aae3bfd625d71f9596a913f8dfed3ad369ef8b890000000d62f38eebfca812ff4eb085df9c3394584a9a01251e900f5d0882a07320ce8bc93b377ba0c36038a36a56ea9436ade94ac1d293948bb319ed066cd5deea51cc853cf5872639af3036fd1b2970b72beabf90899748b152a9cf8f97005b5128995a942b3002e6f2982b0e4906ca5f6b1715fe0789d4d6d6c23acd4dbe4f10bf6f23ecba17afa25a960c40b7a3bc80b447240000000e59ed28eac110876884bf8d282ebf8609a409ad1298c8ac52ed427ac8cc546dc436c095d6b65f5ed29c318af24af19a34967706a89270bac6e7b4ac689e4cfc2 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AF9DCBB1-1DCD-11EF-BD9C-4E559C6B32B6} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90a22b84dab1da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000000516c74902bcafdbbd2a040aad0ed6c564314f5e59e37d15841b7b402e71dd42000000000e8000000002000020000000ebf99ec409c371f0c7aeed0c6ab20689fb49e2ee0e78bfc0549f34dd902c96f2200000000de8d1cc981eafde8d5ec4d606734199b7095190ce0eb48e152293a227906731400000004c9ba936b3dd94017505afc74d168c49ebc9163b2980ccf65eeb18d32bfa5e1ee44066734fb118afc6403698b8815a0d0f9784a8647e5593594cedd5ebf1de00 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2896 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2896 iexplore.exe 2896 iexplore.exe 1828 IEXPLORE.EXE 1828 IEXPLORE.EXE 1828 IEXPLORE.EXE 1828 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2896 wrote to memory of 1828 2896 iexplore.exe 29 PID 2896 wrote to memory of 1828 2896 iexplore.exe 29 PID 2896 wrote to memory of 1828 2896 iexplore.exe 29 PID 2896 wrote to memory of 1828 2896 iexplore.exe 29
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\812969125110e52e864ec033007ece3f_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2896 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2896 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1828
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d008f8b50a4fa96ab19ebb66b7f8ceed
SHA1db553c9ea496ee92b32d700cdb79eb229c9db3ae
SHA256112a6df4006bd863eb2d737511eb0b9f7c3bdada49ca62fbc77fbf6458b43dc6
SHA512daaeb51c795d0221857705a970ca3f9784a2080031744d7bf0d650566e7ce783d2414c87013db1e5e3abb9719d44b5e94c1e0cafc18045f73b6f2232db18b5cf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59c74c82460e079d84ada44738f3a94b8
SHA179e5fcf8f0cb3b36baf9d79627c25bcd66158f9a
SHA25609ec125f49d14ffbfaca7815555de240459cd2582ff02271cdb7fc1834732c5b
SHA5129ba33b62589126dc300cf1093a503a80b64ee252c866df1134c5eeb7e59c808af0e3864e06d62f786e13dd837194aa99f67fef455eb12e60bc74b7c716c90973
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d551c0d9c30c0874506cdaa6aacd0c4a
SHA1d05c9a99a8c29bf0490cd269278020a0493c0ed6
SHA2566e455674ae1262914684e67bbb02f3ada692c40ed60d199780d711512200efc6
SHA512e00e935ccb8320b613898a0ad9361190bd449172ad508f5b06946f8e7aa43e76504b6f4b0c840374b48e3ede71a8e00c69d991a26544e80437b390b8c5170594
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ee1b6098a2eb2abe468aea4d98bf57aa
SHA145476edd2f4dde7144064e3e1e9bd2af5e3ef003
SHA256ae0685e5dadf5c166e4c065619c4d46caa69e81855991bcc3f8d4997e494475d
SHA512223864a29730b1942079166e2a30559b45a7b8d97ba79c8579866a6092c1a7433d92a9985d3f5c83d9351080c3f46632f763a0d37a1012d66ae483e1665b8ccf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50ad93e70ed2bcab154c64cb0b199b987
SHA1eb270df323e124b570a811944ce13550444e9ce0
SHA256fe18fb0d5cc6458a29b97f1dae0fbbf956f0d9d8c05f133c90fb1b329d4f4c4c
SHA512db52465ada1016751e0b5b5e3ff58874613fa340ede550ef341fa6a23de5482d7ae75fc6744b8e0bebbf59e77839c42589df66b12d3e5a48c98ca5b5a3074d77
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD597e5f046ba08d6992cb909cd1e6a5f79
SHA1edfe9b0d7559d07c61862165e4ecb143748d4e28
SHA256773c1b508876719973dcba1dcbbc77e9608e8737d0283c87a7e8176b9489adb2
SHA512a51786390500bfb99fa94bd64d0d306093f065d4c58d4df64d7ffc327a61b425686dda7d9d9b9df84941cfdd16df8a32570e55e52521bd2143b942b580191e3e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD536f9eff22a8488407d63067d9881d374
SHA196a02bf54848aee8a7d83411a0d8436809dff4ad
SHA256fefc780619bb3d15d425fbc79247256c1ae368e0fbd3cae20ee2f85ae94671ed
SHA512b5fc761a9f2b62b067666d2a8f2261bd9f7c4c132480077a7d29de0b402f362a12756d511068a01cf24fb8dc343b943dea62ee53ed80da2a074e3915d43e3d76
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51c396d7066e002f43d26456b3b256065
SHA16e948abf73e7acf5cc6526d87bd51a0f6390229e
SHA2561f6858b18015969dbcf4e41a543def2f7a5486cfe08f2715899315468859a009
SHA51296ea41e87650a4966aefee63e9f8e0516e3ef9560676f90b736c33d4d4c4984d53427708efd27db3155be899b655128316a5509cef8f0e777ddd7f3473aaf416
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5816017f06f91a162bf39a86741b83192
SHA164d4cae2f2f4eadd914bf1a6332dcf3bfd818b3b
SHA2568b2cbb0aa57786608809f2b75055131ea038ab990c9ea39b0de886a1e7de6730
SHA5120a5258689220c653bef8433c35de4079182beddfa4218ab0f37fc2899cfff3f35db641a4f6b79981fcc790665d9698168434281ef3f921ed8bd13f04d817267b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fcb0893008f4f52fc7735d978eac180b
SHA1d37a6e77321421e39e40fec66f59c562c33f049e
SHA2567ce07d93031907137144ca0fe9f82a05edb792b465385e87ad4cd0f06ce730ff
SHA5121d43c712698c51a3445c5d923a9367baa5958b985213f304f6e0fd8bf1347b3c6c43950ea1808afea401a1a6887312cf314ad908a07191f458b9e3176bc73551
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d348041371b0a12c9466a6893acabcfc
SHA108b5c521a3535dc6f342b8aad11a61731805fae1
SHA256c260beac312b6aa7d9881cf8ac2021b5aa6cb791333c4520ffabf5a9d75790f7
SHA512f4006fa7b810aac4c7b87b8ed4330c6ae8f4d6c60297d41040ea692adfb1de58dd91c64e3c3d7a933e6a1e72ba2766be9a6e0c8ceafdbaea273a9a6229fda3a6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5648fbcee5820d2b2a543847db708c75c
SHA1f4dedf17d3e0c69d732c063c378c97438da0477a
SHA256462aad2a305e747ac869c18734fa955cf5024269e7e6d98647e6d8ae2db18bce
SHA5125988497682bad6a437041b016b139eff4e5acc6c529a8254981f5c42c790270f03a5b125dc7deb560439f8308bbdaad4bd1a88e92febcfe004ecae7f4f823c26
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57220a1b0f8a6e8c8d623d50c9fc72194
SHA16e71a89984c2faac135c56d5d4c77eafe3a0aad8
SHA2566951bfd8f38e180411c4cae16d49502e153017e9f4da409e6fff5efef78a2f84
SHA512fcc6ed27c1b827f1fbf4c2372d511e933877eae2663f81cd6110ca9e8c13cf185ff476c710196a4cfd9cd6598334b6086d3a0eb51862e38890b134eeafc3356b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52ce6567656175068b98e746d3e8e003f
SHA19e9446e502eebbfd0313b3f090048618bc4b52e4
SHA2565861b852c9efb5b160e8a92a1948c56a86239ed5a9ff8f2a8fbc9cadcdf8f00d
SHA5127d8354c80640ad5c28ce6abd55e036c43bffaaf82de66e01b7e026320d8fcd42e51ed75c3333ecbfba274b4019798bb33e6495a8dc319dc2edb4ccc3752be5aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cde5318b173b3d68bd6850c012958c5e
SHA110fdd950be95b0ce7dd33a16be0c17820dbaa030
SHA256e9bcc78ea16f389296ee13f129afea6dd8d4715acdc952d5b36809e8ee624cd4
SHA512db1ffa8e9b718fdd0f83455ef20bfba1880aa5da134785f46f242a6cf1f09c220c364aabf6748e3515d00b7070c5581d30ed1b0025fe414657dd426b0a08882c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f574bec5267fd540e45028d2213a3a15
SHA12619bd0ddd4ddb2e8ad8459e028860187e49daf0
SHA2564fadff38f365e623d5f06a9bd075425ab081de22a257426ef07d705d827f5fc1
SHA512a6dd4d6504e041c6443656a8a5d21c5941f8681e1c116aeff07cfbb474ca2b5289a0a8ad723e4c7b24bf4cba24e829ff32f3e0d0416ed3c1609e2ed0c36fd940
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD591194b095f62f20abe5609676e0abebf
SHA12b4bd6382091a0458d20884e24195e73a23c0580
SHA256a52309cbff439dedfc8c41138e73b35d8df8110aa820f3a848e8aa70ec9e0e2f
SHA5125dd28fe64b20122b5d5747e5f59cd1e9d4c2b9576b569540d7cd494fb8ed00b3289745499aaaaef05d7333419bf86b35cf70340387c8e18b14ab272f80a9a6e7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD589b0db0d41795600fad79bb3c0f557b7
SHA19646eee665a6432a7496ec01548c9d038f483bae
SHA256b1eee43831a4abc37cd8d7ecc94237dad342a1587df160d010fd115353992636
SHA512b2e67b15ba10201eb3efe700b9114e4d921a4956e3932644d8c6f5d0af5bc74b00e1ffc44172405cfc375c8b4acb9a832a5d4d86d3ea7a7c79d8d44b305937cb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55903899a1ffbae075b22976479d1ef8f
SHA1254cbbe9bc50b2fdb06bf4c86c9e110728c982ad
SHA2567c7d3bf31a5f336a28336058fbe930f32b0e6afdc3042df4b57adb2d408d98a8
SHA512b61e9c57bbe64a428d9163ce69fe9cb0b3f4e366ae0f4ffa1faf2824150a0fdf851ac63d7be575b1d158a66cd972807be0efed1043016f572a3eb6010228e526
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b