Analysis
-
max time kernel
135s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
31/05/2024, 22:26
Static task
static1
Behavioral task
behavioral1
Sample
88916490126595f6c5bdc43795b4f1f7_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
88916490126595f6c5bdc43795b4f1f7_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
88916490126595f6c5bdc43795b4f1f7_JaffaCakes118.html
-
Size
460KB
-
MD5
88916490126595f6c5bdc43795b4f1f7
-
SHA1
be7dc5bf431d7dbb5592693b673c59b65a14cb15
-
SHA256
03da3097ba5d58d80782685117f403a736d8050891b9e29c2b47b5166463ad08
-
SHA512
fe4d42fd00cbb3db4815aaa8901b4d5cbf37794e2878a50aa80f9c393b08d68dae07c75bf4e10a4b4068ec7800d58605ba49aca737bf31a180edc818e4527d02
-
SSDEEP
6144:S0sMYod+X3oI+YSQ+sMYod+X3oI+YosMYod+X3oI+YLsMYod+X3oI+YQ:l5d+X3E5d+X3Y5d+X315d+X3+
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002cc6d62bf101fb49aba32b9fd44b3d6f00000000020000000000106600000001000020000000730517ddb5209d09070cebfd825608c2d2528fd8ddffc4f2270567f4dbdd22a7000000000e8000000002000020000000cd1af3bc7573f35341578334f016bf8714c274bd7df3d4ba7adac42823017ff290000000b5afb42b95dcd7054be40be53a3070f1254495e7fa10ae04468a163cea9d655083e59d70d147cd25202fe8a5897f661685fc7af410fee9de9c89047b026e7c119f76094a9cf254f5e0b8eb25be4a4039d533ad231bc39069d36d0ab97d042cbcbd0e08dba112b2280fbb1d492812f8ef8b08b5137920c9a87959753da4f75e5f02e493ffa63c06464f7aa5fd5a50c4ee4000000077cdb997e48ee563bf0b7e34b72c17891898793bba0ba1aba894a52a005d8e58af2f084de8455b3904732fdb4ed29a1ec377041d3ab42e6ef3f716c79244c245 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002cc6d62bf101fb49aba32b9fd44b3d6f0000000002000000000010660000000100002000000011f7bfcdedfe7a750862cba597aec8a818302f34ed0a8a143128e6f98988fdc9000000000e80000000020000200000009c1318b94beaf11638e0a9064554afc0699dbddd0ef783a7b18732c933dbecda200000005a007f97b74a3463a934ae21db39a529cec5bd5f9fd3ca72c5d9f946eccb6cf540000000db3497745980d955fe7e564afcc93e54f10458bfae0212a2aaab4ce5f46206307cbd28cbd0296b4a8679a062810638cc92a7aeb77d8c254b5c864769e23ae5fc iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423356251" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 400eb2a7a9b3da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CF306021-1F9C-11EF-92E0-EA483E0BCDAF} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2236 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2236 iexplore.exe 2236 iexplore.exe 2680 IEXPLORE.EXE 2680 IEXPLORE.EXE 2680 IEXPLORE.EXE 2680 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2236 wrote to memory of 2680 2236 iexplore.exe 28 PID 2236 wrote to memory of 2680 2236 iexplore.exe 28 PID 2236 wrote to memory of 2680 2236 iexplore.exe 28 PID 2236 wrote to memory of 2680 2236 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\88916490126595f6c5bdc43795b4f1f7_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2236 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2236 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2680
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59c9791dfd943a70c0f5bf00c1ca8387d
SHA115c16505d402ff378d69bbc4b3ae305609cb0e66
SHA256b49c4dde83d082b4a37ab3c76083be28f13bc0626b672bcf27ca44a22b7ead46
SHA512b09d416c619d44c7ab3ec56356584b323fdb90a0036ccb8a20be7aa16ddfcacae35b2aa6ca55293cc4332f553f4cb60fcf1a8bd11263020a183f69ba87d0bfa3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58c55f7afc20c3359464421f3dc49ef19
SHA1d50112d37605ca0ba71228f4c0e9a4e5a2f83b4b
SHA256c941d376f8c7752e03c20741b25188eac6fbde72990ef4a7ce5c60287c83f1ac
SHA512f0a13fa3f507cea5fa1baf87c7ecf8beb403daf27d20f415553acc5e0c3688e659109f9279081872a2d898e2a9d5a800de40c204a26f4186a088d1febc188d07
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51646d14e7a1d556a04ad614bf5ff4c4f
SHA13ef0df73d019facc49ee5bd89437023ffb76ede2
SHA2566253f34e303139278e130125cea9cae2088324916a593133746acb095a367305
SHA512ec950a148cea8d7f213b104150a7dc9076a2b2d60d080d570873347b482224d893d82e08a47b2fa73e1c21ff847af87efe0d496ed4904d3b73f553e1ed187c42
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f2e85e82a0d2f8523d2e536618fd6538
SHA1956fc8f7cd2eba3ead508a2c54aa6790f690a874
SHA256990a19a196f013fc5424a68c12446ce4f423749a3d365642ac47f1f80a727f9d
SHA5127e783bf9d6e5624b8dbdcb08d5c4b5923caa1649a65a05e44a063f9698b521be71c3e44651ed49b425d73b78b497de4acc7d2f7e9b93c97c49b2571ea565a30b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f2add1aafbe7ee357326027e085ca283
SHA154402e15508bee61aa9baa68f933fd2f7c334480
SHA25692fe8f668bcc93825a1ef1f819040028de6127eaa349cdf11bc68fa377661476
SHA5120bf559d1a0c75ee162eef5678ed957a56cce416a47a26dd11aca2cbf75c1fae49a7e29e697fb52e802ea4389ff74bc15c3ea8a195af9a41bc04325161a0674e1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f59db9bbba5fdd38b4694e350f601334
SHA1a31aea27216cb05cd2dd427743722bf5e7aecaec
SHA2560d3994ff606b0d70555a64ad22bd29417a90e0d33cd833a7886ac3ef9e1251a0
SHA512e0ff4611863b5946c79813b24e5271b84ba181d3d99efd78a9717e400001d5e70b454b0b15f376f8e0d7ce21504e3c1d6305857cbd613d01847180c2fbafd928
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b1b44dd74e7ea16ba482e954dbef9fd0
SHA1b75f9cd83082134e6a22476d090a8a9959a44b85
SHA256be9c4146752b8b757ee09e004230718ab7a07b43a625a319773ea72403d90bb2
SHA512ae63bd32b0aae4a5e1d4e4032e0147889436ed0f5692d6a8ae818605dde36e0a50f9a71650987b182ad9e709173c87a7917bb4acfe683c9a8ab09fe0867bef5c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5600a03bd460060f6d0997338af4f64a2
SHA148eadc20326e20bd4b09d81f57bc7b570a02bdd6
SHA2561f8eed041e6aa2cbc403fd453028a9392d0ce586db15122db28ff2758edb687f
SHA512c740945d949efa8e97a8dfbe1b92104880827627957d6cd9fb5c11eebecb8694357322415ca5e94669c8e0cbf533fec73e65c5d3ab9986282e71ef7b4a87bd22
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59ac373d45d42c4843bf39c56895e710e
SHA143c2ab0302de49adf91edf6e38ca720cefd14f8f
SHA256e7a2264bb6c209cb623a49bc35727d52f89f59c16c6beafc50a8685e3afbd306
SHA512414dbd4d53f919dd304cf514f1929cfc78988eff828bdcaedc5c410a9a57fa89627412d459ae6a50bb4b39f449587af323cbfe841f2fede8fb35d779992e4c4a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d7e5624a60f73d5f3d2faa4545f3b3e2
SHA10c5d1cbab68d1b50a550bbb813d507957c996a37
SHA25638f45eeb4e7f63f46456a131799dca5b52a0ca27937e6c7a7a015b082a3d7060
SHA5126fed014df8b3f22cd7b9796e5ac63dfebcb580f51b784692d491da5ffb2b0bb560ec934fc786da78dc81db4c43380586163a0687ef400937f59c8f5ae381f260
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58c82e23b982ed5ecfd7cba0acb78fbe9
SHA13c34f5fffe7c3ed01d504cf8f02caba5a9d1c7bf
SHA256ba93a9ceca5fa76ed0ef6acb477cbd87b20d490e382b3eefcb638d281140b2d4
SHA5126442244681e48933d1fb8ffe4b8af1d6343cceedad012b5c8dbbd1ca6b417782a62ebe73f059566d4ef122f78f078c564f73603a3edf65435095c3d3139e997c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d6bba54b550b6677258fdf1ed5738437
SHA1cff4d3e2fdcd7e56427569dbb8bc157626b910e8
SHA25623fbd0e5dfee8843b402b37a29367bda1501403e3bd1fa9181be59ed7d2faac7
SHA51222a1d9fe03d8ed9bc7047b8754f0ee67e428f7797d80006185ec2eb36b0c5cb162597cc2c1eb22b138ea02288565b333d152309d127fb8ad553049267f64abb4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c3b8f950690ac322500fe21ec2a2ced1
SHA1b28c24bffca43630a6cb96404d312c17978d2f6d
SHA2564fab2ad01706527dcdd4549ff11d8d30954c7e9963b53cfe611e966ed13a0636
SHA5124a598c6393cfd8c220dacf78eba62a35a8d215886cd8342dfe229099a0ec1caca495f6cad84f8e4a0cafbde9cd8ecdb185571a1423bfb36a67c4dbb342d1803c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58266f7a5196cbb3f4e0fbb1eab3b2fcd
SHA1c02792cc5be8154bd14e9b2bb8e26409f39dc2f5
SHA2561b02e517696b05a2446bd890a5a4f9726bd51c04469b2619a47bffb43743fc58
SHA51258e2ba790bc49b99c8bf85462a0036a5986b6fae1a870a3651df7d630cf09616f87d051bcbfbaff766368849b5f79073c3121b120c21b64b2bb1c05b201b92b4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5342bfb241644929f9786f92deb68a08d
SHA1a3a14679a8a212c1b444840cec809a9b7276935d
SHA256ea358c53a14b7e3960c04d4ee4133c4b804f14faf289cac8d5fd67c7ae866e8a
SHA5120cc70742f30c37228aa448d97b0d6b2455a80f51f20da2b1fe8ae3a809770fed88dcaaf31a505c81d00493334ce21c88ce489658efd7baca0fea5b3e754bcfdd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57b5aa01ebeda5628d576eb261d09f41d
SHA1750394bbf365781c7abd7d8b3aa184da17c64785
SHA25608a2a9efa92e616d853fd54d8bb6d368002d765e5f6c1970457b9594aa2c81e8
SHA512836a8152351ba79dd0a2f0a28faa89afee8e159c50d69d12c9d4efe21854c2b397654454c928957b1eccf4250eef44fbd0a5778b5e2137787776f489e553b8f4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5104e717e4c006ca14a6299e07c01de0d
SHA16103db139ade6731f7009af983e34366368fe6f3
SHA25627bbddccefe785aafd56f68c5bacdfecd2e558edd1fe5a18c5cae50f6e3c7bb5
SHA5125e881f402dcfa7b3c3263b56cae954b1938d48030fce51c4f63916cbf63171f6029510194881e9cc58798cadc0d37d9455cde577aa15d36ab6ec3513254c4335
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b