Analysis
-
max time kernel
133s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
30/05/2024, 14:07
Static task
static1
Behavioral task
behavioral1
Sample
846a53081f138244db86e75b6d5b098e_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
846a53081f138244db86e75b6d5b098e_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
846a53081f138244db86e75b6d5b098e_JaffaCakes118.html
-
Size
452KB
-
MD5
846a53081f138244db86e75b6d5b098e
-
SHA1
46a50107716c3bbcb845ac9f9d40a5e301f684c8
-
SHA256
1a27947c79cc0d9dc060e8c30a5cafa499233723c0ac9e3463be06f7fc8cb9e2
-
SHA512
382ec63f7d65b47416c9643b86f16900aab9474e5cf54c1b13d773153185bef6dc851d69456b9d32f1ba4c29d480a6b3c294ae52824d88c667fb70834291bee1
-
SSDEEP
6144:osMYod+X3oI+YtdsMYod+X3oI+YWsMYod+X3oI+YwsMYod+X3oI+YQ:25d+X3Xp5d+X3O5d+X3g5d+X3+
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EE8F4721-1E8D-11EF-91D8-D6B84878A518} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e93610000000002000000000010660000000100002000000027ba8fcbc4bb2be3d67174641607ff844ab4de47aadef531b96a1ea4e721bba3000000000e8000000002000020000000a64132c51c600b6f0bd0f054903427636da48b47f14184ace6c3278a6e2faaba20000000369fa59ad6b9b9fc7bcddd127da26e6971ec4f25b457f43829da92cd1124f8b740000000204830aaf49a11ac78b6223bea7cf462f1599acaaaf4fd0ae8c7d26a42fe83467bb4011d648551baa45379e440b62130acfef8124768bbf14dda36e342244514 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000a169560fcb6f46be254e31ebfe4850cd52aa48bc6e8613d3424ca79c315a9098000000000e80000000020000200000004ddffbd6f83154b240a23d63d69ed2e43017371d3a2ace041b0473fad3fb059c90000000f22f75420a42f9e1358a8a36d19375e69874d380052614fb0a38f5e3d3ff8e13afff5b536625ece7d78d78eea8e2eaeb12aa85eae48c9a9e22ad4e0a6a9a3735c1a2c9cd5410c39539a2e4133d733951b7f74d206bdf23e11615fd4b9b1cd565cd8ea62c402ba8290b621d98b8546298311dcb071e51268340d4c15c7d839778ad1300929beb00076d35519afe28a57340000000c1b732d9a0bac3ed9e8b8428d80d0df5c9a0ef1892dcc17d0a5272c2e98c10f979273bf80d0e13c9f080dd87378dc0e09360ac1d56f49de5e29ab2a805855dd3 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0601bc39ab2da01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423239909" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2140 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2140 iexplore.exe 2140 iexplore.exe 2440 IEXPLORE.EXE 2440 IEXPLORE.EXE 2440 IEXPLORE.EXE 2440 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2140 wrote to memory of 2440 2140 iexplore.exe 28 PID 2140 wrote to memory of 2440 2140 iexplore.exe 28 PID 2140 wrote to memory of 2440 2140 iexplore.exe 28 PID 2140 wrote to memory of 2440 2140 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\846a53081f138244db86e75b6d5b098e_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2140 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2140 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2440
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ff6162e73110f426ad05827b71ea822b
SHA1a6f091abceec108f4a572e9f32a5eabea1e9308a
SHA256e38e48efcf970fa0925817d38d7d7131c6d8b39881abbec5defa251bd65b7c9b
SHA512a08b8f3aa038de084c1779b072addda22d370e3eaa3d372a1abadf39e60b964e48f60861505f2d3cbc9838279128ebaf7cf39fe3d89d33db1ece1018cf215f0b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58e7418ee3400e2d406b0e8f7604ed550
SHA11c8ae0544c2cbb9c45dc28495b15620936d6a79f
SHA2560997f9dad624ca39c67931fa29e47f7da8c8c2f8b25e4818bf60e5c4b089485a
SHA512f8b505ba067e62920456a510ca0df6a46d6007fe961872339f186439e64f49dbaf217f8d86890d0045aa950cc5db2348d7dccbb5e789c5e99eef44e26b000ca1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ad61c492ce0f9508facfcb72efb9392f
SHA1967b0dd86e8d62a2e1d21e6be7328becbf9180b3
SHA256cb47377b069576ffe386f639e1def5f55740b40068a0c32a460cca20e8e7096d
SHA512e972ef9a5dd4e5e4987b4d1c8f972ec63e7373ab4e713c3dc174f2c4d9c51f7f74e2d15abb4a7efa55804e9df2c90e071e5905fdf1adaaeb2e1921d739e0c358
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f3ddf77e525ca64be859fd904aecfa62
SHA15597308c3decaa41182d9fcaf0704a71c0d23b2f
SHA256d5aa6a6eda12d9402cf7b3510ee03b9bb000c9550b1bd6be8d392961ac177b65
SHA512ca85500649f7f9ddb045ff40f97298d74081fb102c0e8fcc6152ffdcddb3923927eb029fc84e6a132055cbd0e80613b9039bdab81676bc0a1a392b77166e1dc5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56b559780d56b2fbbe9cee697dc786e54
SHA184ad8e53151a6761fa2d4a4c7ec71840660855cf
SHA2560d2446f706686810043332f50df772dd90e9f9f6da7efcd962eea83b5c6916e0
SHA5128fe8bc021b94b2c24c85d4bc991be9c868b15fd5793a7f6b64f44a816c9e1582563134b9f47701a4ae034f9d9a91d8d844d16b53a4ebdd35f1280fa667bc0e38
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f3e4d1a79c4ccbd925b7be882f97df16
SHA1d50717c696074f5069e5e69a55d8525e094cae47
SHA2565997a2d58649f3150e9ee7a60fdd7104ba36423f274abf95870e43a42af140d4
SHA512330e0c235f80031bd72fd657dc20e5ba41db9b4bfb10a431238dcbb2e37816e584382d88a1acefe8959326cdeafe2a732d1d26b5b8f6937c671542deb9a60bb2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b25b62f62a92b230a1e426dd59dec703
SHA1976ac67f59a3daab5c3c8317eb324fa0439abf73
SHA256e50b8c7c56a34f320fbff1e4d97ac6813ad6d4946ea43cfcc88ab2c5ca101054
SHA512ce3c72c7d3e3276a6f537022e9b9a127d522710bce9db720bdc06781372d42da7d52148bece378ca7cb190132245dad6667f749e066a51825e8b939c3166a403
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55bdc968918b29fc987e6e590f3a1e35e
SHA1df417a95d3599d0667a61b5122b8f39d83217c3f
SHA256ad4a8dcc3c1730cbae883281e2f3e596c9fff7c0510ad88e54fae0456c8080c2
SHA512441642d83001a3313ca8be6000310147cbfdfa48e6364111650b4f12a3835bbc7082bcca37ea1f03aa05da030720a2e7709e02c2c1a2f854053df74f12a1851b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53fb5b15853c58931bd9fbf7b3bc2536a
SHA1db9f2408b066717fdb8adf24a37c0a8d09b7e793
SHA256f7d7d347fb860a109fb42270f489342c7dd55ba98897ee32bae3d874997bdd7b
SHA51240cc7ccb2fd1c1255a1af298c539f21e985cf394ac99fe2109b671de22ba4485dccc387c68f780b72b656a7020e5d82ca2516b18a34604d163621f2fe163ad2b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f8b79de36ae4da9aab3d60fd934b1927
SHA14b061939b63a2f2618c7ba7942b32ac94f1efd50
SHA2562c8faeb99b6fe8be4f8340d0a097acf66cc63dba7a53ff59e6449ddb34d95d87
SHA512f6f9676a049372bcea650696400e120e5b74c39ff3a84a7b309c0171a73217352fdb07e989ae5a47f21370b2e00aa0413cf632e0ffe5dea939e1ade244ad5afd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5918de2443a31399fcdf4c2fa0ca7d80e
SHA1611fe411d16f17882324607afe38ab79f86450ee
SHA256b9d44897ea6fba100153d046ddf272ee651af33cc96e016954db65f8977bd558
SHA5129fa539481fd0db287dc92bb77b72a20772c3ff37f40239a9fbc651da4b4df7cbdbab8cf31d19aec461f5fb97a9c2ad2d5117dfc7c7ce229a9481acf261822102
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD505c3f9b52c62a97cba72337ee410b13a
SHA1886ca7da8ae719f3332035d12ce4260f1210783d
SHA2563606c8e4c2f8fbf691eb7f9aaf58f4f41088f0cef8dfedaa6e12a66032bf7f85
SHA5128ec847f0ad605dd42ac3c3d0885d02a175712350c5a3fb2e51899c4a317331c231bb9a41a63eaad74fb3b47c570a26c279c47805c9b82aa017b9ff7045aec7c7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD543a88121a8626f43c31789533de0176f
SHA1035d7c643e964290988d06d74d07320b7bf80ef0
SHA256c983ab734756369adebe4e59dbd66c36ba5527ebf49d2640f523a7734ad403a5
SHA51232c907b9b930150dab30fe393d2cf15dc49de107a7c32664641d68fed09bccc0e87ae762a457f611c79666b5874aa88c59a57961efcf535f7397af63e08c779b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5470d06bac33b7e1ba9b40de84e474c21
SHA1fdd8a43b2859dbc247415c9d06d970818361bc1b
SHA2561128982792857d5a21d6d5bd1d3302ddf432b5f3606c468fb235f388de025a7d
SHA512a807134637209c4cb914f89ad3cfea2ddcd2e7f45291e66b76c10c378332adb74c8aad6a836f21fef8100644451a429207377680d5235a0a5bbf39e56b3fc84b
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b