Analysis
-
max time kernel
136s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
31/05/2024, 15:45
Static task
static1
Behavioral task
behavioral1
Sample
8786dc639e1f6878158c04ca3263dc5d_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8786dc639e1f6878158c04ca3263dc5d_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
8786dc639e1f6878158c04ca3263dc5d_JaffaCakes118.html
-
Size
351KB
-
MD5
8786dc639e1f6878158c04ca3263dc5d
-
SHA1
8995e3bc69d8afcf2692843b4474781bcb6ef219
-
SHA256
ac826472eeaa85444b6f573a739d0c13bc3d298400a61f3b5fbeb642e9021da6
-
SHA512
a63308dbc5767de7aa73ef1e69dc57e66fe09dcbe6c5500bdc8c3503680f8259d0ee4d581d6afa704cd8b74ffd9911ffc118e3131215c70da622c249930247fb
-
SSDEEP
6144:SWsMYod+X3oI+YEosMYod+X3oI+YAsMYod+X3oI+YQ:F5d+X375d+X3Y5d+X3+
Malware Config
Signatures
-
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50770ded71b3da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f6037ceeb8eef94d81e0d516bebde40c000000000200000000001066000000010000200000008e75596676e6f673b870849699c4346fd2d627690223200eddaee33401efc904000000000e8000000002000020000000bdfd34294eef78ee6f6df0ce65faf3038bb04df21a87febcc55b13c46deca23c90000000b841a7010fc21ebfdb960cb19265daf969b6c6682ecde9a4735e7f792915e3db4d970a1c04c04eb99962a7d3bd1f7706da8ff1f3e3629603203682781c885d05e8f8cdfe48a9d353bcff5c66e5f920c1943b41acd9b769879ee0e77958cd5038d19cfec4bc712a893e6e6f7a545970f73d2042ea8974d0815d04254b9beb3e5fecd069c645d54153f5c609c59717b954400000008a67ee98602dff7188575364f298965d35c0b8fb0739453788f2ee829cdcfb8f936eab8ffb8d993d7af0b7dbce189b5b5b750bde029a415553b0249f62b1ff15 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f6037ceeb8eef94d81e0d516bebde40c00000000020000000000106600000001000020000000b136805e8754863aab37bab49c7b5e9beb216bcb81e2f0622f4fe8fc15d61e2c000000000e80000000020000200000005e312152b3dedd374f78720d12ba6f3a4128049ee7514273749f67f49c69397d20000000a170e74be664ba8eed9ea187b64d541c732f77af9893f547e2cb8c92729b0e6a4000000000941b91281b7b5c23675987c16a3aefa6cdb8852b8701d94de6cab07c8a5f1e2a20f2b7f301505a0074f3afc9df7cd05fab083d81e54450db5cbff0333e8279 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D9C70C11-1F64-11EF-92E0-EA483E0BCDAF} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423332216" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1740 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1740 iexplore.exe 1740 iexplore.exe 2432 IEXPLORE.EXE 2432 IEXPLORE.EXE 2432 IEXPLORE.EXE 2432 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1740 wrote to memory of 2432 1740 iexplore.exe 28 PID 1740 wrote to memory of 2432 1740 iexplore.exe 28 PID 1740 wrote to memory of 2432 1740 iexplore.exe 28 PID 1740 wrote to memory of 2432 1740 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8786dc639e1f6878158c04ca3263dc5d_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1740 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1740 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2432
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b2bb9718acc3f74f8bf56c3dbce79a92
SHA1b10a20a605b670dae827bbb259834647207243d2
SHA256a099c5b2c99bbb2408f4dbeeddea316ee3d1143f56db961984426f503d2d4da4
SHA512555a7efc25ce6cffcbb2cef6784d7d267e466f50dd3b30068cca435be42e2a569e8cf1572ccf6ecb4590b357be9f308b7b8705ce73969ff9f1be2c937a818724
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58a7ede4164ffba6b149f6a8339437b10
SHA1b391071f58e39e874e2bd95567a3e2461b841e1a
SHA25656d92fcfc92983b8cefd8112b522d6c7b21553b9c054917f85116929f40ff8bd
SHA51289e86845ddee473e99f3dfcd3d99fbfa68e86a6b05c962283c09d7b08d3b82625fb45cd67cdc0cb6d9388f0efbb414210785c02878a14f8d1461b8554dfecb12
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5963cc9391e55a232e1a3ff0bf630b5bf
SHA1528fc5af4065efb41c356776f39d0589f6d5ed1b
SHA256c3713c4dd7957fc0a3059743ddf8e4635ba50b64ed3a641268851111c57ce0be
SHA512f18aed12a50cab8b987fe1f0a22ac0753c8157dc9b5e5d1180c78e000a4d13c2b30c101e11b504022e65e3d2824e29339fa3f38ca7b05ce366c71144a1ef7596
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5daf0ff3e989651ce9cb1f6d701add09d
SHA1ba01002145c6e2e23d5737cfe5f0afc111817236
SHA2568464d36bd15e4146b14430b77a7764d8da3cf371b2275114088d625905024d28
SHA512a0982f2811c7061bd9825fb0a2a03b60f6bbf66bc499d75fffa5f42800a1f2dad6327c7c2821175a55454af6c61c385e4621f0c3ef9efe603e2120ba653fa4d0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5eaaa00ac20702b77a6cfc2db4a7f26ac
SHA1d5a41b364975f86d755c94a8ea59c18e1d3557e8
SHA25678997bf8189a56c39f99c2a7fb97ff7c43dcf98ecd41c02eaedb962d9c52686c
SHA51269e803f012ebd08044b10f6e64745b4ca6c20bffcc19892130dfb23e2b3a741fdf1845137b7c02a9a6689661cbb79d3b02d1fabe4996ee8f8da96ad701b99bf5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5accc1bce7b103e0057d669d030cc3527
SHA1bc0041ef03d6a756f660924a5e9edaab609a3fb6
SHA256310ec43bf5a53fef81d9f1477b9b52f78387fa3ab514211cafc2a7cb9adcbaea
SHA512f6bcb5da1225c23a275bafb24fcd0f4907308bb46bde1630b4b74c0f1072bf3f56fc510df4d8da0ca3e8fc83b4dbb7b8be0bd22ef550af38207d37fd61f458c3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58668d6655dea9347cc809cf815bd4674
SHA1c0d2ee88a77f997939b685d72861cbb4b12b34fa
SHA256f05df8fb35bfbb365f367867ade6e12f7f81db47fea5212eea4654adf35dda0c
SHA512e8f09f942a1174f586e11f4d2eeee8fa2daff03418924e94c1952f55ab9f361c7cfd5f0b6ed9bfdde29d756abedcd6eef74f42056ca52caeadbfb75d9966019d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56ae68430ac8a020b67acb0ec0a65179f
SHA1240e25c1555164a6b1b1bd9155d09a5fc7ff3286
SHA256e78cf3c41004b8d0ed44fb4a843b27616ab6a871c4190fbfbf13bd981fa88aa4
SHA51291dd31d2251dec37de46ebfe862cb14dd16d9d7a6a4de495b7e9360b784a1bd676bf474ae549804e1bccc05b5e37518149677ae5e9012247ffcb96834f9f350d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c38f7833da41e3866c49b744c46547d4
SHA1f3057ee93bccc697ddcaadf8b3cbc51f062df9c6
SHA256a80e164d56c2c546db15eb6f5f5d3fe0e09882a6d99a7c06b33a7ef5d5bf7bb6
SHA5122985e729a5483bb020243e0dc63f2268a5a810884f1a28e10e42ca20df59f4b18dff6ae39030b5868f18507a89b6b2eff0baf2d49c5d4aa9ad1570ca504b1b06
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f46a110cc5a2c1e43e35127dde0ab86e
SHA10acaf61c91c20b6f27e8c140ee85a0ab5f53ac66
SHA2565e99b51ed96b349c78d23a8a3f1d86d7bda4d5b3002715125a5ffdaa28345649
SHA512cd1c3480dc41df2ab9afd224170f2badc19b3380dda8babb207abdf0217695846b4a1a72e9f4eac07c36272019e378a16048fb6d93b5b3cd03e2892249ad22fc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52656873dc8201d0b4d86d075749a28cd
SHA1b59017f246e3a0d8fb1f9bf1c48f520ed4cbc20a
SHA25667c4477df3dd25215a6d762b3bcb09c56a3e29bb96262cc6917cec0e0ed3c2b2
SHA5127832082503402748b4d731f1fcca1a957202df827157d3b1c826d21d965edfb715967c5df2f1f3174399eaba50de8247e6837e3a525eeebc71175ca198106740
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f2dc74416ba78455b82841be7244190d
SHA1cf8d69df5c95708a1c06010659b707424e88843f
SHA256d735a1b8887b3158d2a59e11dd11bb37f3d1b859f651e1940e33678bdf806324
SHA512eb326d06d22d752c39ae64c22d5000dc9a81f63c8e726d4ead0e633b67f618130513d1dd1a26443dbf8c076bd2ec1ac909deca34ec2e6b6555bf6ccc5079ceae
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57fa7bd6c8ffe32fe0df2084a7970beac
SHA1851d0f1a26b274b653e094345add556281945b6d
SHA25653fb2fcaeb7eb78aa52e49a27a14112c7ef5180dce7ba86fc4f062e4020603f5
SHA51248acfef735f5f90f1cc0ed60dbbc7098a2203db7a615aa12e015b2430071255da04fc861f5f913043bd1d3204eb58ff4cf5af3194417d7368824f87b035f9d1a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD545eaedf7a0507c446c1c042e1d30edd4
SHA194be3ef4dbfa02482fa7f0c091ad5a3411684e1a
SHA256c5bdf6e2493711ebd6911ac13edb74d1b3aa0f71fc682e726d23ba4e879385ff
SHA512919dd60879c4914c86533741241f70eeb60056a3c438b7da01ce1e86191adf2b793a1bbeb054bfb58b246a15749707147c52a4189d49bc4ee5ea62b6350c3aea
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b21c33a57627fdd47c23a8193e81621e
SHA1a2a44fab9c3a6451b5f88f37eba0f60dd0bc5c68
SHA2567a0debbbd98b821473d45183bf04c03a4418996219a9b604f32590be2cde7031
SHA5126baf12ecfd1e35cc30cb9576795cecd35afe4e29634401988ef8c6525e918e93b8ed8716c943435436506535a256ac7872d62e21e18685f342d4040095346bee
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f8ee020e818f1a7097e91354ceca0e4f
SHA19d492c178284f916346f77fe4a7bd94f21264844
SHA2566f8de8e0e943f300cc6035019fc44aa6111178a821cafafd303b1f3b07de6949
SHA512a76bd586bd9e2107a4eb4cd412e0cf94bf1ec664dd3f7686cf7bddc031a2c5e795c9b0571222848bb591c8a35da1ea26ff7527d3cee239e48ff20b66baa1c527
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54244e59c870000948ebeffc74dd6ce9d
SHA1ccd10c33cb1ba89385bca54183479b2af1ff91a8
SHA256dff12abb5f97fcaa4e200b4ba931698bdfe16f44a88571a0d2a13ad6fd52eeea
SHA512d7583b577d4ada36005bdef5c61c9ec396570038ad56c2fd257bbe54ab88694f42b13054def8266eb0998d1fd3aa9cf8d650a12cf824c753f0094ef7cbd2a719
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bf0469091a3a7279a94185b3ed912b6b
SHA124b9001f54692a75459200d93c38b75314ece18f
SHA256a62651b2219c4ac1939db70ca4a210ce4ab8aa3685ce6bebf36f9250a17fc813
SHA512b669ccaeb7ab267126fefa98192d8c97ac778258bb37d245907297eb00328781e9da1ca61b845018dc40be5c57d89ba909db6b2ecfd97d950835e277c80e12cc
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b