Analysis
-
max time kernel
133s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
30/05/2024, 13:56
Static task
static1
Behavioral task
behavioral1
Sample
84624011749b65457a6d8301ed528cd4_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
84624011749b65457a6d8301ed528cd4_JaffaCakes118.html
Resource
win10v2004-20240226-en
General
-
Target
84624011749b65457a6d8301ed528cd4_JaffaCakes118.html
-
Size
461KB
-
MD5
84624011749b65457a6d8301ed528cd4
-
SHA1
2cf7136b813fbeee06da227c5945cfc081baaf67
-
SHA256
acd60f63cefada6dd2749ba32caed934f04f9f1434c08d346d226a5ca3df487e
-
SHA512
7ffe8ebcef1b9970e7d74dcad8967fccbef576ee55fe519f9ff2c8a68d6d33c0a45e81c981d0f0be4fdd2e9b2e057ada604eec13b99747b776550b12d1033297
-
SSDEEP
6144:SusMYod+X3oI+YtsMYod+X3oI+YgsMYod+X3oI+YLsMYod+X3oI+YQ:r5d+X3P5d+X345d+X315d+X3+
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f81e96d11613734aa7086727dce7c14a00000000020000000000106600000001000020000000783445042473aaa181d0ee9f5ce9994cfb76a0a143cc810a207064152500caf9000000000e800000000200002000000096664cea93be84a02385b361370a64a5fd6b5d59e112065a165f720b03bac84120000000f0d6d79902061ba548ba78a026fc3abf60eead12821c56204b234a0232c5b939400000001b245478e54247bd03a39237b4a25b7d8a73e0e8442abc5283fe683de7b2c0fc82dbb39f0a8d7eee653f0c399918a32d36ef54b8f37af6120cbf768c7f911751 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c00b535499b2da01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7BCE19B1-1E8C-11EF-8E23-7EEA931DE775} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f81e96d11613734aa7086727dce7c14a000000000200000000001066000000010000200000008e6e8aa24d87110a7bbf90a42d77d7b10d21aff377069a8cdfe75ba72ce556fd000000000e800000000200002000000028d7e1eb9ee2904ee90107a05c442f6a2d03fc50a252eefd51c1cb6762dc0c7a9000000056f0dc1b226beb3dd1288ed2809830158fa43a4433eb44acbf60daa87aa3df42492a77a79935e1b62089ce8c2878d0b5e5049ecbe8eb9ad29b9bd6fe070393b43db24d04172fc9139dc1a04b31165841429ef30b243fb1d169d4ea1fc5c0b7b172eff40925550e206f2bc4b1a865c9852a4f19d893be8d07d4d63f77411406db4d4f7ecce9160bc078e8b61352a9d629400000005c6bba682bbc87eea3f417e0641d1ea5a61e5a423eb04875ad85f708b435b574b4dc0e6710a1076957ba365d5be19c5a93b62f16e3e99855daf29227a6c8b40b iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423239287" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2860 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2860 iexplore.exe 2860 iexplore.exe 2800 IEXPLORE.EXE 2800 IEXPLORE.EXE 2800 IEXPLORE.EXE 2800 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2860 wrote to memory of 2800 2860 iexplore.exe 28 PID 2860 wrote to memory of 2800 2860 iexplore.exe 28 PID 2860 wrote to memory of 2800 2860 iexplore.exe 28 PID 2860 wrote to memory of 2800 2860 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\84624011749b65457a6d8301ed528cd4_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2860 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2860 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2800
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50c05f030cf4d696ab67be560727bb063
SHA1a26f0e4a1aab5a87727cd4201305e315a636ff97
SHA256ac4a244475fa09b07b69d0aa1a85e82f671f7b77fd5ac02b759c3345fefd83b8
SHA512a2d21d996124185fadbc8c55d415a59dac07524f806c8dadd8c6ff4960f1bc3bd4de200dd9c14d2f9ebe0a0838be6289028be992401c1e4101c145450e5472da
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55e2b22761ec55102f6b2d73b1bdab664
SHA16a4edf7f937ca7661764d0453ceb35f0bcc4a8bf
SHA2567cb6a8fb6de8a0ccf24a2f702d16ae36d594a4f1d4fb3b70864aee96772ffc3a
SHA512889309c99808245ec2e04795a2782b0c4a36dc3b067df2f5fc515956a2e24b9a3721e4b26900323df16905a3bc379afb63caa81443063b8648e39a58b2b875d1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57f00ff5e8aebd78af3d8dfb98f28f12c
SHA188867b89633de466a7d029d23fbd3a27d0717647
SHA25694361c1423d7b09794acb800338d0aa5e6b2508f93af71af7272de2975943549
SHA512dedd06b6cbfdc59149ae86c72c3421444a08d592c65eff6a7e0c768bf1fb73b2baeccd3dd9c518571aa4f576be9628d8fe5ce120c44363728122379f182dbca9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5423a5a6d8398e6383166f0e905c80638
SHA17a2671928911a6a8da5604ca4d2035df77c862d1
SHA25640207f11433eccb3e2e2f0871405712c702197763c7376be6449aa39a63a207e
SHA512ff2770623353d27d8a1fd03851c7ebffd714459a45e95011de040059e522ed6818a706a8b99100353946117ca4a4bc82047b734e0a19f8c8710fc0d567476663
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53f8ff6fd73c69b24752da7a7b04d5922
SHA1a84ed2ac9beaad06d0d1c38d91b0032817bc1601
SHA256eb3b9fec398f9e5d85d6a09591026a102d263679b2c3748ad1f528c646ba84b5
SHA51297072a56f54622742551e98430ec4f3862c5936d0ef6d38d9370c9437f5d12fd6cbbc25e71732183eadd215412d4c2d1a33e31eec11a06367005925e459a8eae
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD513b7d10d33b02e61ce367207f3ad83aa
SHA129be25db4a812abf0c201c64e172f335e8eedf3d
SHA25625680003fe512c292e62fb3a794c5a7268f38f137b86bbf68f87d420d9854d43
SHA512ae487282b2b1578a970c661f4e0128de30cf9b3db968c154a26329f090a14a9b2397d76f6ce469c9992f0e79ee9ec38aa0e35c00855ee01d944d234dbd3d8097
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dc1eff57525470e37d019186b968a913
SHA1042feec9e4866d836947bf3acca331449f60daaf
SHA2563c62212bbbe660373fbc2cc6558383e4ff71f0a0d159104879491c5d1dae87e0
SHA512364fb324e7e87284b0de80f5844afcb6dc2b9aa57b51668e52ff7b7e4c8f9f23c34dc363f0ab81d4bc054e0c6e9224162e376fcd6592ca8fa18814c235ecfa64
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50120c7a0f1947e2972a0949b435580fb
SHA112ca0a42fa04f713b96817a75cae413fb499b17b
SHA256cadbd4e9eebfc000af38773dc5ad67ea0b71b8b3b3da46c542da5fcec932b087
SHA5125fdcba85873a41312c333f31e84063af0e25421539be26a687a3fc14a7f467f642b6908323242c02888ffbc00452ad4c600c1221f3a3448f6d8f5d03c52fddc0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53519f703c3f03a88dc37d06eaaea2e03
SHA1dea513580166201942639ca7888d066992f9b20c
SHA25692808a1b486f80f906cc104e33654880e8343b0935287e57adc35312d82047fe
SHA512501445ff20f5d0ec9c87be652a5340d9104dcb91de78a8755e34064db9c8b778560cebb8d4a85be1be45e88ebf357444d9aa31a10fafd1233c494db9e95ec935
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b9403e1b2fe0d805547e396b0fdbf40d
SHA1db8fff6cd5f2fbbde74fb63ce8ec275b6ae74afd
SHA256a249716e1f90898febc8d17010fbe8d55a2ea59e9248a840159f87fb2911941f
SHA51232761801c25e25b625b93f3e2074a0cf993a6dafb9496745e8e9c170fca560320bcb15a1f9878b7ff32f184f8d96269a64151473d8917a4135a3d5d421150320
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57a0a89b29c3f0ac86524b3353f1290c1
SHA1be74d2a558c2b7caa94de828d78841f1952ca5d5
SHA256afe88dc606d198fa34347ef7f4f31e2ef3b2ebbaa10b185c19c31cbc0a77e59b
SHA51241de47534b2ca7d9a952f93f5e29d7c903826149448fbf8307358a690a34a2c718c605363cfaaf03e26ff8186ca77eeaca7ffc064d84ebbcbeafe3abdfa93f28
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fbf8b88c4ad66a09b0543e3613a7ae49
SHA15c70cec0e0e710ea6df7cc2dc28117a26380944c
SHA256acd605e164f7c39424816b88e9a0d3c77f27da1249ac8a2d81219a70018d5bd2
SHA5122b2c0b9c9ff540b4b388a93d59e397eeaebc639c170dc449ac13a7fb0fa659d0c1b54163fa9fb9259d3db783b6f5d6bedc2213c64e02f95cbafd1a1cc67ee46c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a8d38f4a83f0e9af6b61b54cd0caa275
SHA103c745a393f5849a5f05aaa7b59262da23b37bc1
SHA256d2a7d7708d85a21813c73dae9baf683b8e725d99c643e704450c799b57a1e2c4
SHA5123eadd216c02b5e8dfaa8a542d6f030a9210d4af2e7810a02b0678645f084e89af30cd342f3cb897bc041e6733c7b55f6e4472a9e347b84d6d3888cf7112e7858
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55b82d2a4274d4dc358506e3982346532
SHA12363aa1eae3ff77926c7663938bc1ea919672ab9
SHA25657802cc00351d163b37908a78b6749c4fd8ecf9c2356583f07b9ced08fbf605d
SHA512ba52f87b87a22f5efabaac89f0aecd5a280edb8d8ac605f8d5bcf97093997cb7905a268912f0c317fedbd6dd05f05b2640bdfe3f9ea7852f61b6ff1851d1b323
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD582dd82d9cd9d7e2b2a86415aa56e6c30
SHA1065567092e56a4383ddbcece4389083e331bc583
SHA25603d2cf9f3be520c47d06ef0661f2d18c65b099d2c0b6cd0ebe1ca474d603f6c7
SHA51219c100e60fa84a4bd3fb5b96643a1afa525240e0fc9a20ca9b14e40883fc2f58136dbe59114528205d2624ab5364956e99301809c806f5c19186d642ca95e0aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bcf624cf8e5b810b1c04827fba0342c1
SHA19391b1ffeb27ecb68d56e94f326196831dc6a656
SHA256a2287969afb1210f237f40dfb4c245f6bd3273f87663ddf9ca3b736ebcba7ac7
SHA5121894449f1a2758f1e469ba1b62cbc7dbbd4e364cd628136d7c4a153d2e3f84be05c4e8933651627f5d38bd926cfdf99cde867719f39b446a2983ce690de7db33
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e43621e2b9806988e7f568130a1c6f14
SHA19f1f1c4ee96a1fbefabc669b755e93deca1e05da
SHA25651e5eecedb33fa8e8f10bf333987e998774c7b096e3a2558d78f097d9378efd0
SHA512c3a9b858393b73fc652f09c8313af83a56692314e74bda1491a082831aff3270219037e9fb93247a317e8bf29af1e653d6b88f9a75064e66d3f5c52a81e4997b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59807d9414bd189497f3e22b79a05a894
SHA1e0bb0e33d56ba479b115d1a635c9e32cfc50467e
SHA256e86607ae32f8eaf1484c2d29d12751967c6048d5acd5b513441be53740bcfe58
SHA5125045abc9b59c99e7b0d4dcd376432535306a853fa7ba960dbeb4ec5968b97c0b2132b2c120b825a15f5657781d067f11d4977c3f1d32f99dde10da17897c697d
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b