Analysis
-
max time kernel
137s -
max time network
141s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
30/05/2024, 13:57
Static task
static1
Behavioral task
behavioral1
Sample
8462603fa3f96a411e80730f6e75b245_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
8462603fa3f96a411e80730f6e75b245_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
8462603fa3f96a411e80730f6e75b245_JaffaCakes118.html
-
Size
21KB
-
MD5
8462603fa3f96a411e80730f6e75b245
-
SHA1
4b39ee94c514e82ce5fe853a27f3be840f133635
-
SHA256
85c3fcea1956666fcf675f2711d943ebb67a841b7d159370d6f56d65bdaffc76
-
SHA512
67cc0e5be14ba823b4de0590cd0bdcbbeff5eaddf4aef2ba02ef69f83d68b9039a22ce5d3c016d58c1b466055c1538e2ae2eed5b3eccc461fdf54ed31915ffe2
-
SSDEEP
384:ziiKhJefGVBD8cG3RRxihrImEfP4ycbp57LzVcr/DJZTOsuo:ziYfGgcG3nxerImGP4yoHiJZTOsr
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0b4c05a99b2da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{85F55FC1-1E8C-11EF-A596-F62ADD16694A} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423239304" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cf650828d24f824196a6e2a87d53cf79000000000200000000001066000000010000200000008bac5c7352cbc2bf2f9be5f5f565e05f9600e74aeab92d201edfa7dfd037182f000000000e80000000020000200000009c05c9bfa0752fd120735fb2444f4daafe30b6e986b7e87ce1400bc2642cc2129000000056770ee15ea204c30ca999d59420fe12f70cf5e81dbbe61896487c3a755cdfe7fddeff691f62cc11501441c039787f94c680d031550d4f4541959f8bece4cde7c97c0c1aa9b3c84bb73601eefbfe7b74d26533769fd2b51903c74330737f5d8823d80dc922b3db51e594a8930804742934fdf5b05bc158c81e07288bce33b0847bb7002be831df78f8eec12022b874f0400000008dbaa72a6c74b16891ef8dc8e3608e351c5823ad049a2d3b54c2ef5a857af52825f0c22723e756461cf85f7daba4031014f67beb82e50aec49addc13ad1f6406 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cf650828d24f824196a6e2a87d53cf7900000000020000000000106600000001000020000000d37f1b383792c7b092698960b6014a5e99d27fa7729db4d2e814c37853bcefef000000000e800000000200002000000065529b70c424af35a12d0bf2b0298db760c1244b401366f41c5dacd9971eb2c5200000000a17921cef10cb6b65da7cdfd38793c994d68f617264f370319eeeb504937374400000008f41f5418725678e31cec1b5d1eaa1ba70cc9f91d810b6b1b4047cd6607468776df7a4cf2aa6083084837394bb8359ebe4b0529a63fac4d4bdd9a82195c47ada iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2356 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2356 iexplore.exe 2356 iexplore.exe 2584 IEXPLORE.EXE 2584 IEXPLORE.EXE 2584 IEXPLORE.EXE 2584 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2356 wrote to memory of 2584 2356 iexplore.exe 28 PID 2356 wrote to memory of 2584 2356 iexplore.exe 28 PID 2356 wrote to memory of 2584 2356 iexplore.exe 28 PID 2356 wrote to memory of 2584 2356 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8462603fa3f96a411e80730f6e75b245_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2356 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2356 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2584
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD508cf48627d4c8666ee70a5ee1b98da08
SHA1465dda1d6a5424f16795a834906b42418ec01b0a
SHA256f9e3d0194ad22b258ca50032cc32917f283f13053fd239c65711a333de9246ab
SHA51270670f2600482297db5dc43a6e36b0c9ef26071be51647cac71a9dafda55aa69e29d3b3d2b1e646f4591cddb114385d321d25541d54ccebb0418a42c94f061d6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56f7e7ccbb777e91bac31a4bfbc0e1756
SHA1cdda98c4b75ed7577d5aa6246660605c7ec5d9af
SHA2564cabb84489e4d0d7d9340ad12ffef514b9f12badbda004982ed1664d456a91c8
SHA512f40cc5c745e8fe4fb562edc41cf384374e550d193ea8197baa7fbbb69aa972a1c78bfeded3bafaab05f169779b3bbb774636e711d50a4e51c74b146e6a688981
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54400d797461aec7ee1fe966b6423e3bb
SHA1a3e6c6759bd8a447c9e3c10ee9c93de0d6866cc8
SHA256460ac1d886885af12eba08678d1bd1c5f1cba5661f04a6673118cecb5e6dda8c
SHA512f0009fe577c85166e8f8204354862c0a45144145e87aa119b1a80744fc839087ff4fe7bcede6aa6221bd2a7c601ffc9ad06561525f442c1d4de737ce62dc1ef3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55e659efd911df499e7f274a1f241f5fe
SHA1534e6ff93f5bc623fb209a01ee070c99ea17ae56
SHA256a7e8cc6d4b1fb75dd0b98c6c5e998a722e742f1afab1a30854dd288b777811b4
SHA51289874550226611c093df69df5b15d2fa07d28c9f2834301e94e60b58c78ffba807d99e1f978a224b603287ce8dc440f541dc19fd0ea27e08d200b9859edbaa6f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD591e74438f5fc55523eeac03b4e83fdf3
SHA1409a5eb06d92b676cbebbe3cd9c18e3e41a7686f
SHA25664612b6e95ade240dafc58a715c9d8699f15d6a1b47479000fe6f5bd72db517c
SHA5123055a5663f8240fbc0cc902f77fd3318ad5a90a0c675a7f19f6c9569844f64e383bb73552e6632ad9b105f46edebbb2db5f8c0e12b4caed616224d26b0d62319
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55bfad7e6014c24ee427e9552c1e4cdd2
SHA1049bfb91061502edd50f93e9f87ee7f2b7dd2ba4
SHA2569277dcacdf79507327b4995300c4eeaad4e9381bef7b235e16c186de3003a03b
SHA512eb2e5d46b85446b5672eb3b9140e80dde0e646bfd7fe1200d4c884a0eb203e5dd9206620582f348021f342b68beded681d863b0e40448e71bcbc438f4c4b5a4f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD551ca15c894f0aa2e28450e7effb6c7c5
SHA1a402ca0a2eb43127b6dfacb911dd1bfc22eeff65
SHA25685d1568dcc54e2b0100804728bd8de7addd4504794590a9ff82e0a285c32ff6c
SHA512a5ce53e6160a9df91b3947487ca841822e498921a11f9a9613a64667c8a90aa599ea18da75c5529bbf16fe1c0a07076bd43f7f9cc5bed0b4777c57c8650f00e9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cc021256e7ac6a45aaa73039fc588047
SHA1939f17090fce4a69ad7ef69db61b7d8c6d464b6d
SHA2569018aa1338902cb789f92b611282832771109041738c929a1eecdbf1301a42a3
SHA5123b5ab199a337d931c86387ef8585427bf82c7074328daeceda912f665bb9a62b32a702c6cad210c3025bcab4714ce05492a4062b46c3201edd743e37f1b7d1f1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59060fc231ccb661589507efa63fa44ff
SHA19c0f9c076e6fc76e0d99a27ce50114a2e873a733
SHA256ea62103325c267fccfd8fb9bb79b1c4cc351ca932109a88236ffa987bc999ab9
SHA51264d3df49c8c87545ba28625d1eadb7e1a7d0f0328a1d57c331df61cab18c9619a0678369e239ed6315f749138fd8afd065ca61c098f3b4344c31946e96606f24
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD527fc2df89db4e6d9e03fedfd4fbdaaeb
SHA1495c416cdc4daee0f7e9f3613eb818bf615d3928
SHA256635f917e130924b723e9f392da0c193293186873b9119da1cfcfecaeaef8ba83
SHA512ad09653f96a808fe08eac03ba0b7c1f23655884dab3c8f63a66bc1172625cceb6e1cd37d55a092dd402222f16671fbba0f699ad7f4944f58f122151c37ba1f7d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51bfc12d4bf51722845f49b3804e5e05d
SHA1f53e93378b4fec661ddfc7b99e084693606a0a76
SHA2566ddb7cc7d270317d1ae9ca14ce9cdc32d1bc9e3a34637d2c0bff44b623593b56
SHA512deae88ca1b89de96227c494d3cfa68a638d3294bc37e1981943654fe27ef0acf1759058bb3971fff70f10d61ed03148579da780fcdc88f38ed0107b9f1be3028
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c21d62725defb8bd812c61c78b80101e
SHA1e1ac26ae49e36457a69bf20a4b7e6cd84dbc4b3f
SHA25638d8b59a867bac1b48951593058311c4482e1636335051c02f0611088cdd933c
SHA512ce5d2bac32db01da9df044acf154dc8ce60e34efef142da33f2152d224e67157fd986ee0d85a93ec098f72674c0721ade1074dc3431ac3090eb3b52e66180f7e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d85310f6d78eec51721e45e51c606a97
SHA109865d87736fdcf1cdd9c7f3c47b10d464107e7f
SHA256492e975a7627bab25396a531f52924bcd086e217c9b6e91c37412850d5c96d04
SHA512c00015f40d5a98c3d34530105c95aa31f8907423c00e0904927aed681d3c1b40832baa7fd7ca00c3ca40f2e51300e106e3bf8535f59344deeb507a26dab90fb0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a4163e21e5074638b64eaaad26a3891a
SHA1f7fc73dea0294f226860787784a8d08aaa010ca6
SHA256da0f44a2ad70169ae93784a9c6fc0b4763032e5b97cf75dba83a31f15f15a17a
SHA512d367eddd916f0d5ea3954e9f649356fb272c05065059174b0a8d9878ea014f64dc4c6227de7f22298c8281afbb5e9a78cba647edb8c317d7e0493839f237ebac
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56cb5b981ba778112ff87d9312dd2c2ff
SHA1cda9a967fd5ddb1e028e27e4675c2b97a66d5b47
SHA25682ea57464ff628b04065217a340e04a1e822e05ac28b48140b7206afcd87afae
SHA51290c506027ca3e17e149dcae856ac3047163e86ba200f06d67215dd2753bc855da56bb404926aa813fb94adab78b9c18700ea00336feca3fa53a5c697c242d87b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59265e1ab0ea1b4efdcdc453dda8839ae
SHA12221d23d7c22330826fc5b388c59d3e627988695
SHA256a760f1bbf272cc052bb8be665ee3a650d830da73dbb8a63865545578c9931636
SHA51296d1341578fa8bbadc4ecf2890c52a9331b75d8e8542b76afac2d24e38b5fb1d5474f132a95553413c626d4bf0efef6712c1a5e1b7b29a08d2dde0780dd7e5b0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55ffd353ca36e69fa365d57f97c209709
SHA14b90983ad802e57ced5166396cf05de373341417
SHA256c629c12b4a9efd8c0cfe29104d9dfffda18b06eacddf34be57b3484dbda786a1
SHA5127363b2ce0d86cedfa2150f0cc7f117fd0911776f7a9b022465761aa2369f416de961b8f017080efeb2ecb07f800f6053ca0e43a9adaa55f4777277e7e8948be0
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b