Analysis
-
max time kernel
117s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
30/05/2024, 01:22
Static task
static1
Behavioral task
behavioral1
Sample
82a2fad5a6723990c5443b9608325f30_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
82a2fad5a6723990c5443b9608325f30_JaffaCakes118.html
Resource
win10v2004-20240226-en
General
-
Target
82a2fad5a6723990c5443b9608325f30_JaffaCakes118.html
-
Size
950B
-
MD5
82a2fad5a6723990c5443b9608325f30
-
SHA1
d2cd2801638107a947da2e5c149121ced6d0e794
-
SHA256
6a1da360b26f19f95d48f56aa39fd69ebd376910dc0f13a8786d2ce384310c52
-
SHA512
566128ab9b6070248671b33771aff2909394e8a38ff4d57745ac1485fbaeb11d1105f6698c28441996aeabd56f069be6c007527cab308ae4298594b8adce8b68
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000b057b148f5b50c7a0e14295921f1b7267de80ece576f4d93297479be5658feb2000000000e8000000002000020000000af0ab5f5a130811174d46b2401dd462fc91c84f0ee793451bcdaf585c824734f90000000d002987c87047988c23d465c1530591b81323ea1b9a4625dfa2a259109942f1a26c7983730d288c5cce71aa6d9f8ac31c4642e09861ba8ad4132fe193bac574ad3efc9ec5bf4229686d2cd006b79ee1abeb699f718a78e584d55beccc983ba8839fec5831b27bf7d127b84c8a2d935f0f1874f4bf7e987a292375bebf14b6526405f4cb79fae1588e69bc4106b4a0ce640000000bd9eb02f7a1a039769c1d8df5a12210cdb8a013dd2d1b74fde4c0f3c16d217d780ae8723178a79df47f911c9d60cb99a9fd7dee62e5c22077f3a914f0a84972e iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000009b6f127977e511f2a7c10047439f11bb9a26a940bfac536dfba7d36bf8d28156000000000e8000000002000020000000c39c8f642b18a7d008737c63accab9c2ed6ee46a36f0bfee12e3d92874339612200000000a55a4958b416ec248ad7847566b8666f6ac67269520a97f66835e6d902933464000000087cfcfefc519affa4a31b73c0ac43f213a1cadbe74e628dad7f86f28f3a5e2079d0cddf5b66a718983a72460bfd5289949d57fb80f21fecac7b781286f56f555 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423194048" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 4065b6ea2fb2da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{27417A91-1E23-11EF-BE4D-CE57F181EBEB} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2120 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2120 iexplore.exe 2120 iexplore.exe 2092 IEXPLORE.EXE 2092 IEXPLORE.EXE 2092 IEXPLORE.EXE 2092 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2120 wrote to memory of 2092 2120 iexplore.exe 28 PID 2120 wrote to memory of 2092 2120 iexplore.exe 28 PID 2120 wrote to memory of 2092 2120 iexplore.exe 28 PID 2120 wrote to memory of 2092 2120 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\82a2fad5a6723990c5443b9608325f30_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2120 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2120 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2092
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5540479336e75931eae215b67af73d7b3
SHA1f2e74794f4589a4374ed8291a3a1f6cf373d198f
SHA25616e435433505322cb916888452ec93fc2389c6c2caf1664313339ee5a4419728
SHA5124113f4e701e58323f9f65bb10764ae1c565d2045c01e263dbfaf6e77559a26024e231c38238fff82e5a6cc768f8ed403ae16f4e09221cbfff6cda164a3f01dc0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57b3f97909850cf7f24a0f6785199f86e
SHA171cac4838123ccb7453bfcc5d28f9ba66d0e2bd3
SHA2566980d9538bf3bef2d75c3de05fa370ff23710f7d1fde9f657cd3eab1e2c54a63
SHA512c1c954214f9cf9dc9ca04e0a2214fb2c878a1ebad9849409bc85d21e49858e1e378b8622f2a0592d32a12f5a95fa8960e797f8962dcaf040f5fd928cb0074f61
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51a9933e5c2f57acb8680d2e1c545e718
SHA1bdedf7ff29f2eba9f69be08f11479a41cefc5b91
SHA256be0b1c42c1e46ed8586cc95d957389002baa7c77e2fb3e56d7e36a032f52eaad
SHA512076e4c327b37d792c6070a0bfda252b6042e9f8ed033e07e640d646d685009b5a457ccc2c61a2166020f1d1db88cdc9aa6577a81a73c634ada4c16b9624a2a9a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54050173de9038940348b2c953bafa017
SHA1f587f9bb8118e5d71262c36b15c1becdede38a32
SHA256f49d433539e8ab4ad40fe37a26de7ab216de2e44a9311b33dc63c8b672a317ef
SHA5122e278c661bff380f2fe3aa4f8f03e45a45fc5d1e4cdf0a95e1962553a2ed07de4865240566d63ce2e382f6a0b71a9d1da9f073d7a757cf509eefbb1f0737e288
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55aa0859e073328bc6f590886be79fe81
SHA1db6451c9c9ade2ff50e6c910988ab23697df294d
SHA256458db00c63f6e94e3b7211c19b3cfa808131e0a5173f16779bbd5660c0861ef8
SHA512057f05db31fb359c77001c70680d40e681858a2edde86b95ebae3eb3c3dcf6579575e0bb3a6bdd20b721c71adba4988fcc165fc9afdd961028745410290d8de2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c98cfbd363c99300c59e077a60b24e3a
SHA18aa7174d529f762e49cc54fbbb5cb83d3b329ba0
SHA25670bd89acc055d93b27fb3fb244461e834428e352d36345906f5f7a9d62f6924a
SHA512773ba2d7ab1971e2bf892f4ed587721229e4eadc8a3dfa60b68c073c9467b40e8c01174af5703e0f62123522e738348838a2ae9e77bee75b5cccc1535b6f6fb5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD502cbe4fc00c2b20b97e5f1bb93720fbc
SHA1869ad1a43e83b7334d3b328eb9499087a3b275ff
SHA256e99bedd761b610e8e93abcaa54021d6773942f746e9a92b326b6d6eb07ffe4bf
SHA51244f6f2534d622c5d6581892dc4cbbe01cf1ffa757de2df81f947132bb47a78cf4e3322875f78083453efa56fac19d0236138f8d0dacf7a114c007c0260adedde
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5af7f2959b16b1bbaf1345d7ae2788b2c
SHA14c02c0c9ec0f1cfc4f6ed59de987487e04806191
SHA256957b592065005bd0537182bc1827d9a6f571f1c81be7bac98f6b00478894c863
SHA512dcbab9091503620a5c3e2952326cbebbe9690e28b8f96e5057de0ae51966c697e4458517f006e99f7506a87cf1bd06234c9458a127c4da8d25b9970ae8e82575
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD541be34c96399ce0f4db2ba3e0ecaa0c9
SHA18de622982f83b913212553e184d7563e563c7b95
SHA256a3850757b7d2543e74b944331252ce76e0eea66296d1d45a1d3e69967d3f2d16
SHA512a3525d3f6158707e74e44cb40b33628e0a37adf6206a40d4308ad7b54113123d6b85e3dd7bfacfdc440b737d1be923ed4e0f97caa63d87ad22b47a8eedbadfb8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55b325c2f0b81496391d132a1d0cacf8e
SHA1bca61aa5c47c057de9ed3f68aad9ac2c7407db6e
SHA2565ca4d3c3b494316c0be4e58ef434d664ee144b26c1dc86a40db27f5e52d07183
SHA51291814562aa18076800e7dad296365f3b36d206ad53f9606e0857bb940046d0e4c0278845947b10743442b704176eb6cff9bbb7d4ab03f932d63c9144d4c28f39
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f19aa611c83ffaa18eb409de1a76b048
SHA161a12e96e93222cc16f50e1ee198acedfe339533
SHA256ed17fb3251cbef10e698d85db4f01fef4adc29c8b7e959cdf3c4be541e0711b7
SHA512ea295c4574747e5ecddab951caca9c2c9f99c7c134c978ef5319bf709c9823d82c571d17a710d0614c2eaf566c7c01ad8da4503efa25d0a95b2e4e9f562149a2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59b27f867ce50d8b25b70f6082bcff40b
SHA194ca25759a14ecdeff79706666083f2ee1e24026
SHA25662159d23813950f3396a339a0de63fb6c91abdc7dbfae11c464e98a427821ba0
SHA512d1dca68bc404428eda75ac5c6c188928183c380e05adc2a88243b1cbe6cd6d9b0c7e7dbaa3bbe11927c77df00ea264c95c50b4034f02c6675ae67908f3921612
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55e16faf7ffe377df42d291302b9558f8
SHA1d06c2a23833c993cf0abbe880814784938e2f96c
SHA256274bcf903b505e258fbbd7e0464197b9ba8f80ea67816a6afd0c3fa624f60cea
SHA512bcb436cf580abfe8d7f2f30e6623be4a22310f6cb952537f2280c2f5439d876c3073bd0546abffc1e636caa140dce4b66fb4f137927c569940e4e16ff51f8e74
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5533fa9dfe14038f34c81f1e7fc0ca835
SHA1c5ce043eb31e739ce13e3bde129efde649968212
SHA25632cb6e63b9bf5ab4ae28eb4f7cd6e1a39937ba63ae25fc6992c3b59ad464a34e
SHA51211726f67b1d3c740d4924b57e808e261b63e28765b1cfb7a95e348a1847c3cb943c9bfd2d755cfde209eba87fa2da96e51f9b2b0cfd5c1bcf79b6455ea682c1f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57ef943b051762b863b5f01b06140c48d
SHA111025e24cab29ae8799f4eaf1bfe7550ed11956d
SHA2565231f2bd57e674e9b8569a393888672cacd02dbf833d1dd2006d7620bb9230ed
SHA51266b65ac4b46aa9a962842c1a4175f1ac4dc3614e2df82ad480c2c7f4e9229124f77135c8348b0df29cc703d6b74b16b39d38b635c45e097038cd61400cef45b2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5074b5d276097f2d8cc577648761146dc
SHA13b849f2982df7098e6faa3fd9f2c17987a00181a
SHA256672be68bfffeb59bf7e18fd86f3cfdfca1bee6e749885eba8a9074ae95727912
SHA5123065a261b1879a050197e57def6c23d825ed4062a17619ca413093bb930873a3c364b1246f21621993ae3fc464f75ae27b04f9cff1a9e0c7bacaea3c0eced0a6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53378ee1d85b115e1b4ef78ba21581771
SHA1d9f454ed728210c85ab5ec225006ebb3de766e52
SHA2567a33619877fbc3066b7c254196fd9da53bb96c230a95cbfa7cf6c56c8df98bc6
SHA5120c73d59e9799ec413e8b82760f99fbdab777f48aae47de99640497bb09dddac6d7501e803048fa0954e14988caf73ad930b54a17f35860af391dce9b765d6c63
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b