Analysis
-
max time kernel
119s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
30/05/2024, 01:15
Static task
static1
Behavioral task
behavioral1
Sample
829e45f09e49aed90181b72e64095038_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
829e45f09e49aed90181b72e64095038_JaffaCakes118.html
Resource
win10v2004-20240226-en
General
-
Target
829e45f09e49aed90181b72e64095038_JaffaCakes118.html
-
Size
12KB
-
MD5
829e45f09e49aed90181b72e64095038
-
SHA1
fdc694d14416af814b92c548132b1aa7b901efcd
-
SHA256
8d738ef57dc4bf0a966ad829922833f87f78595d8282875237b5bcb4843195a2
-
SHA512
9a592f68fc58a0fd3fc86bb006082a733c372e0df3e8aa58f345316fa76767ff623abd2dd5da62991887b433d3d5ce90d871eec34c13fde0e17d3ad889ffdeaa
-
SSDEEP
384:9vHTPaTn/mf7hp9p7K/ENimU7lTG5h+dAJ9le0h9phg:9vHTiT/mzh3Y/ENimMTG7+qBe0vPg
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1C4092D1-1E22-11EF-A538-5630532AF2EE} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c05f68f12eb2da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000c48f8cfb5a3845b6aa9a2a368a19ec14ff5d8f54c30cd1f9192af15d0ae1f1fc000000000e80000000020000200000001a11c8e9c361b980d5cf6d739d59a9b8e2963f0ba3ca1f62869c621efbf3faf89000000081a06c6432d45f8fc8e1c3e26eac85d78e43d599f63b276fa99499c3f964a3e1101db4891e75f342476c3c6eb4d9a6167c3a849774ffe95ab7a690949837fe8dd61d9b3a5b4110c119443d47732df698bce34ce2911a2087b2173306113f553285c1f790bc7a9b9d30d4d4aa630b67e83902e4eccdd482d4e26a0019a30a47b16cfd8d77c804d5060a5fb98d388fbfc3400000003def429b2628d21b40de1a5a3c68a71401743f70952106c192e80cba408945f9c0efc69c3a05fa01f3e38997213fee3f99906012903dc19585a12040ca7c91ae iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000003520278173fc476966818ebec3297c05f3eb573676b407772b51d30caeb1740a000000000e80000000020000200000001e1016fc9c89a7e827bc86cae59e15e683fe9cb1f8faeaa748edc1152395d4fd200000005b74f9cd2ffe27b7cdac5565866dcd07b62b6dc59ac7761f593aa2a71fc8b2124000000075c22772a79a39b4e6e5cb8e5c48604e72380aa73e1272356eef967f5a0601cd9ae8e6395d1e7331566f3a4a792bae59cf8abd75dafed77fcee53207ad07c651 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423193600" iexplore.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3060 IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2148 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2148 iexplore.exe 2148 iexplore.exe 3060 IEXPLORE.EXE 3060 IEXPLORE.EXE 3060 IEXPLORE.EXE 3060 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2148 wrote to memory of 3060 2148 iexplore.exe 28 PID 2148 wrote to memory of 3060 2148 iexplore.exe 28 PID 2148 wrote to memory of 3060 2148 iexplore.exe 28 PID 2148 wrote to memory of 3060 2148 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\829e45f09e49aed90181b72e64095038_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2148 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2148 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3060
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e93085db3ff482e9421e3c9284236f08
SHA1faefdd08138522a4392153c8c017d4f29df24c7c
SHA256cf32474ad0d5ef9df5c1794121172dcb4ed35ca1f27e7090028c48b008d6963f
SHA51253ae88f60220bbc58b30d03348743a8029dc5258441906107d2032ecb4b3acf1b1d837a8d079217bd6d1b42079733e7b7d053c7627393a69a5bd3a3ad0f21efb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5036324cd90c504e1de99faa054df9de9
SHA146f98ab79b2ffc6c85dc4e41ec134898e3d217af
SHA2569024e0ee98cdc384a23dde6c9410536ef38174f77b35f83424e3c936fa9f8e87
SHA51228778686d0aad78567c30261c981e9e9bbe88c9ef3e88361559a81008f6a2c0746d8a1bef634f914309ae2abed08833302da9121622e3fbce6d41038543efb8b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57dd2efca840e899836b23a240d6700ac
SHA107e5d0694e7684648649162226f453aeaf6864be
SHA2568ccb7a8592d2bcd0e1cc3e1d40aa873c010c61b63b120421f29b38e68a09fa66
SHA512db588ad1be7d50f23411b241a2ffad53928537a2383895dd8a7cfa669364f8cf3622077c35bed97124977091b412fce6ba418aa134f6b3be3bbd3d1cffcdf284
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD566676f27dac546ed2a9de4143dbc8e8b
SHA16ab8c57d05863fc60c193628552ac8221eddfd6a
SHA256c063f483d5bfd24683a548dba73ea7ce1f1400ea27655a00dfcb09d1fdd76a56
SHA5122c3ff67d289aaac5fe809722554511c1f324f4c08036265d908f30fe15e2d96f5a1ed1befdade779942880b09535f6af2f1b64b8ef56308712f0935852876578
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56c9d3127ee79afe71b63bcecb7a59362
SHA1cb029a7173a1f713d033a0fdab232c142f4a6119
SHA256720151d445c13c727e1c069660633871cd13af46def1cd56a962902ae0447311
SHA5128c8c052c724078b60302bc7f2848a1fd21151b092e3be7fefeae184767e7ccf409493ae6e78e65887c860938a6fb7ac532dca71be57766f93cbb94820f33bda5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52894bbd4b0deecec80df17be24206beb
SHA144bdaec81afcf7c3f954486c1147c2b0e2a75d74
SHA256dadfe9eb363f03d5d92947311f6db919729e2bc43bda875bc4ccbee83aecaf63
SHA51256e29c2e10e4c62423e5aab2ccf23f80fcdc36501ba57eb099ee92c7e887eb4c3745d2492a0729dbbf1d87da909a70b1bba2d627fdcde63bdeba40cdda10ad8c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dfaefad41ac14bedf0dca83e7ecba0c4
SHA18bb7340b480241b195578676ce39b68c65df3bf0
SHA256d3f8db2ea5677a10c1a77db270f25b0c9541fa89397133290944ae67783c5abe
SHA51227f9e847c7c32bb56add132fc162bd24362b7cb143274fe087676cb90dd6605af1368726d0cf3dfee6b808af4af752fa47bea1dad2477699957ed3ecf466af86
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57da7de40d9c17e7a4f901c7cff79380e
SHA13da055630abc696fa2463f41dfe978c3e3648787
SHA256d2c6457c487d10dbbd465eafe3824760fe5c31973d9445d935fa6453195277b9
SHA512ddc259f3eac5a2a2f9525ec1d5189f5a56bd8e20a8d32f1c5fa327c22d063e6f4d9bc5a15cc581859a4548d07b0dbcf080d0929a7ac8fb4897edd5238e3681d1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c925fd3e0f18963fc7b0ecb9984c8ccb
SHA11af3db18c7a810db4b2cf1d76ac1573db546e54e
SHA256d73d78688d8d3726b4d738a4781e4e5a23844af29ccec526b0505b3e6a03da35
SHA51247e9417a7a079649661793c8d881f3a1b16a883d8e0c27e2d34506ec773f86111c1ea4cae7afdd94621fec3a3fee9093598f62ce197d99afff1775d20c192dc6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD562053e3d11eef9f7c1a9fd6aa0938e45
SHA10281889b390651d4a462a08bea1def153ee6f047
SHA2561baae247ffd5fa0b68db96e7ec1a42ecbe5ded9368b0a9f1af5dd2fbaa1c76b2
SHA512802334672f332a7318ab7c020398dbec6659e4abd37db6997d4d93c69946881e73273f6015cf0f5d7e8ea1c4f825a8a63ee34a61d6f5c2a50e883d6ccf582aae
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53ad2d0a48c0a3aef1e34402b2d5720fc
SHA17a55a2126f8db53699e47cfda927f20abb9f7e89
SHA256b6e719984b4052fd5849660a108b41a146c93f3eaae4ca897fa92cbb4f3082e3
SHA5127379fa64c74be9320a3d4d6ab8a9bd146bd2d104ba33693cb9fc1fd4dd84007f0f530f5ce74c37ebc430395d1c119729792b9ec15f3ef4284bcdd3df274147a6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58fa24e04f585c60904ec420c9a921603
SHA12c9e40266a0a2177ff687eb357ced58fdbffc230
SHA256e8455ecd63aebe61d1f21031723087c41666511a8ca6b88f2eaf755ed4b26539
SHA51243d40a343f2308ad083d04ce22904d3d2aad6d67a6d360764af718f1e06ab9a8b5ff3537d17d40879fe3dae0c5b74bd18ec1c55c4cac1dd81a5e453a4097b0e6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD546302c253dcfb94ed63b328aa3f6067a
SHA1f86bee7019ee870fe34184facf4a7f7119f88f8a
SHA256b674c179a7b3e8707b1bfaa1b6d28ea176b7fbaef47e7b69c28956985b18bfe2
SHA512cef55a40ecaa3cacde7fbf3736ba3fea985e21d29692d979f0c753a6d0a2b2f9427135b8da9a31992f490964c9cb7e43c5b945e5bf9c1347288e808701d0c842
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f6d781a86b57d56f3fe2dbfc4792d7a9
SHA1a809b268a82819f5a05a7dec008c593a03a6c78c
SHA2561c975b73a0c7237b7c1e8db4f233532687a2cd3f2fd9e6314fb2969b12207353
SHA51258304fe23e419073aace1a826031532d131cb94999b75f9c87300d48f8bbd3816ecd05823d1e63429c243fff08b8200d43af41fae4b36f7d833b2c074cc235bc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57c1c75dcd8d5a493ecdfba2458a6fba0
SHA188d721f11c2d576a788d6bd9b35f55296392cb5f
SHA256f02e5eeda3750a3b6635a5dd6854ddf42eefa0de9cc878de450e3f385ff31fab
SHA5128b4f434f49c01d5c6778f745b52c8fa0e5ac2051263a0e506564863b7112dd64374adaa93ae6db2f057a0d9cd2ae3c1ebbe819aefda422d20889bb2b51c645fb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53c01308e9765e91a225285db79b658e1
SHA17c9cd7e1e87ba84d73982d7e905cd94edd4ade1c
SHA2569f79fc173215fc6c3d2e10fca64c5ac50ce6f6f7f094a0c430ab16dfc6d0b131
SHA5126e4235534c4bbbc89d39233db3f2333cbcd589e24ba41160f63e1b4832bd6a28571dcc5c7a033f10e9c6cd301b056f757ec2d735d5899b352f503fec33a1eb7a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59ab8f44b3e1a0f6939cdf2c120caaaa0
SHA1531e225e2a4f9dd3a266df528597be10ff4bc196
SHA256716db2da4ac0fb5a840d785d8b780d5e9abe2a8caf5e2a6a2890cd333454a551
SHA5122a7027bfdd3e301401edeedeb3fab0ebda194e1490e266adce03f55d7f04280e6f8332f6400ea26f586ba5ccb2574d7a00a0136b3415ecebbfbc536b1224c0fb
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b