Analysis
-
max time kernel
118s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
31/05/2024, 15:46
Static task
static1
Behavioral task
behavioral1
Sample
878723d1c4876e1557c46efb8311424a_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
878723d1c4876e1557c46efb8311424a_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
878723d1c4876e1557c46efb8311424a_JaffaCakes118.html
-
Size
3KB
-
MD5
878723d1c4876e1557c46efb8311424a
-
SHA1
4c1b9b804791ad600cbb6cfc49857bb9feda7b73
-
SHA256
d40daffec9698efbb6c5f929cd1bb017e11d3fa786e676017a197c16cc788473
-
SHA512
3c8fd217d3f754f9950d5a9854aba7c5f505ca36782466622ad2e99d4e166dad5044620fffff15a46315c880d51b82dfd71c781857648d49842b914e31091d81
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000b64cf10f336c607b981e7bee3de9513586d84071ce5effe9ebbb7809d3ec8de9000000000e8000000002000020000000f47ceeceb7f4a192ee27734c7cd4020def10aab061d3b62aac641cfd3dd30f1d900000002468e904fab1713d0f5a3422a6be50adaa6e048c4ea30199025afeccf923c8b71dbc1586a3b512d249fb29d798696dcef4fb53a491178170bc370f12ee27cb51b41bc12cbe72fe51366a077652af78d55ac5574103fd66776bfa7b28f09f75bc215aea137717666fa022eba84d5cb8a35ef4b70e1f248935d5de881895474c74cd2d80f7d8058dcfa52cf1d9e7351b33400000003b02e13c410600f1f8c9675fb909bb991a1b1283f60c5ce19bb6f0b7b559376ab0d25603bfdc93d57650b3c048c29cd43f6f522441aab4d10e17c4d037bee6b2 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000f88855bcb6448cba9765bf86037767a337d6d0b4de843bb0c1389034cc754edc000000000e8000000002000020000000e884bf86dc84b7432f590daa55b6a078c0bae28c1995e8f2b0d449dc0a1c34ed20000000ee8f565ff9f81914bd4920448157821538bbbd2649b33faa746a3ca6e0521ad740000000c23f17b522d88a2459948a683af2e45f4f42b9401da80157e47ceba162b5c1f296279e6e8b68436e4873f542adec7197728d47f1a2f7fc850bb97715c33077a9 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a09105b871b3da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E35CD021-1F64-11EF-BD6B-4E7248FDA7F2} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423332232" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2100 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2100 iexplore.exe 2100 iexplore.exe 2840 IEXPLORE.EXE 2840 IEXPLORE.EXE 2840 IEXPLORE.EXE 2840 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2100 wrote to memory of 2840 2100 iexplore.exe 28 PID 2100 wrote to memory of 2840 2100 iexplore.exe 28 PID 2100 wrote to memory of 2840 2100 iexplore.exe 28 PID 2100 wrote to memory of 2840 2100 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\878723d1c4876e1557c46efb8311424a_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2100 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2100 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2840
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57ccd5447de5d8d6a0d6011215c307e02
SHA1308e0005bdd9460c70bf539a7fa2d98307110f98
SHA25663a1ce538ae9ce24e000cf68aee3e3e8e3894930a5f0d370525b380d71ea1c6a
SHA512fe4281e3e6bba4171ffa5088e38451e4e62dff1d6f3628739639de42644d294a084bfc071b99eecd6cdac1db10a0d3a574ecb95db9ffd2c7fe99f0f0518847cf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5778e8f3a2b6ada4d187bfcbffaac0f8c
SHA1b4efdeb3ba8ff930b4f872ea3e75a417df6d51b2
SHA256959048564ebfdc4258c49d6166ae6c403809264171b769e4019c6c0efc2ead1f
SHA512b2026c9f29956acc4d038ed681236e1315c2c40a6d9e7ecbee21956bb83dccaf228fe700f9dc824551e9dd133f914ef497b9163e45440c86169e2e12eb8a9213
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a5f667443295ea537a6c5c417c39e18e
SHA19b36422d514a40aa359f464da3b09349fb33915b
SHA2569353c6eec074cd94577b08d7ddf5f4ee2a967145a8e8c75abc2cea1549f47faa
SHA51275d64adb872458d155f7ecc6039a9c910fca7c5a927b5ef10c97aabbc404e4c14bedf83b29c668d8c655beca19d08c744b67ff31fd79ce792bc58d4e484be767
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59e855b47d0c71e8d2d9846b2d9b499a8
SHA1097f4be2fc69719e3a4a218301d659e45117dcb9
SHA256bda205282ee4654537a2df06e56e8c5a51b2e0262e038eb48cbed1c1efdd2093
SHA512eefabb424c366310b7614550b3c6d108b07220a93d0aae0ea68e2e2dbb8fd26e3a0bd96f2a657ee56301cb9dda024a2a427fe4d53580aba1638317a70b466afd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56915a4a1a39b7da8ffc21a7bb013699c
SHA1078cf42e4f2d8b27bb5bfdaac22da8d617e308e0
SHA2563b09f0363bb7b2c3315098b0e6f9c23dd8be32d50c60943c01fe777c9c8a7b31
SHA512348c1c5263ef7f45571fa32ee0f8cdd50075611c313925de6c5f61a70de4d7627c59618aee7007f809477289da4916346de6ed04607859dd4e0f59c1fe85e321
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ae34cbbcfb05f8bd5c9926df2dcbe544
SHA1145e4924879d4bb038ae2a2e4c446f01abb4fa9b
SHA2566f7541e534fd23dedd2a06b7b573b2f90755c03c42d2719c0204f5026f958bb6
SHA5120b3565aacc3e1c99617af8da3d1df31cf5941055056d568238be5b382bc1646f7ca68e426b4bb9c0c2a12425fa61e015224571445c931c527a37c6fe5daeae8f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c08e791a216ea2b8c1c129240fb0d7b9
SHA1362096adb88e13821804e4c90f00e47ce5501404
SHA256eb496d15caf29238c95465166f6095ea143e3df73a5b88d93a358a103c6a51b0
SHA51207e9099c911a910c504ced9934c496f495121f196c532d01c6d383368ea4f384b81f2fe1be2019f95d8c1f68a46cc07c738c404be41fb95b3697c0afb978f643
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5664773e215beae50a1fe319524f2bd55
SHA194758805161ece8ac38406fd2ebad4ad77b82ccd
SHA2569306fcc4e22c5b1e97942db14335ce1a9c4d645492c54bf08b3e52839a519246
SHA5125dd3f118a6650aa2fbee4c2a65390d6040eb7676701243ebcf551c04e21ac8c13ad65a62aed5be3548e88505afa95bc95f826c146df4e6c1a1cd8a4a0e089985
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54951150abd0179703993b81ab6b7e283
SHA126d68d085c8a4bc5e5d113436fcf6ed0293982ea
SHA256ddf7f111128442fe4ea5c898c03f0fcec4f14bda2fe4b65a866d5b455d7e3b04
SHA512842f4f8d65a479bfa066b43d30488791bdfffba4827b727231268129d355276a144e3853a705dd3c74645c9783cad0b39960380664a68030fc83a6f0f5ab7611
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50218624c6af9f9aadd96852717d1021c
SHA1a5589d21118708fed03754c068da25369b09b959
SHA25685a38e46e9ccb4ed0993007889a6c405d3b162e72761bfb0419616246f5c5adf
SHA5120e1a7f18b91221b62e492f6469383ac01ccd9b2a1acde634feab530fd9d6e80c6ded01ed6769be26e02dcfd1d90b6d247dd83818710889eb02cd447c7c031f68
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5685c9ffcbfb30bcb5ae79d3f4437a059
SHA188de3506afe65e151e3bd159a4f040f0e1af509b
SHA256ecefd4cb26f6cd9fe2e482e69803db0488de533de35971b46c66f16ccd99b725
SHA5123e1e9f3f82abd27e147e3400f0ad3f346ca2b1b2ce6a735b58b88069d4ec7c36a1ff22b9ad5d59bcb8a55e8bbf2ca4c7972cb47854f956ebdab992cd1afa62aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58546e5863083d631dd66115c57dbba1b
SHA13a114360d4d28a52e48ba203d392846aed2a9036
SHA25623dfcce4fa354c11667efd8cc92d2eb2beb761b8de7428b880b788fe2f9db661
SHA51243d80ec8debeefd99ce9da3be5dfc5fe9a1d8f3c001b54c68bed57288f38e592ab21d68593a62cb8f3e45c905ec66df1636c9438912b727ee4e66cf7cc608d07
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50ff3f2f43f82fce61f515194ca3692cf
SHA17840534ad3466e135aa95f0c883119a28d302693
SHA2568c7175c77fd5b101c1866eb8d70f57c8ff28a0cee76e4d6ff75dca2e69577b36
SHA512736f930209ce18b9c1be2c1fa84b8547b517c19aa4498cc63d212e9acd236b1a3953b72384c7c81d518f997f556caf72a983dae000c50d956e601d62cebd4efe
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53a87c111da74cdc97e4a05fb798df800
SHA1f631d5b0d5ac81831a683eb5a6c837b202ed7308
SHA2567e8962b7741f1eea71676e29902184bd72742ac372ce2ecc2436e1cde27dff03
SHA512dd86c4ba9e77782df2773e44aacf1aa405a0c242c5ec6c12cf81498a51592bd736c9831836d8c38bcf12e9407c187ff5e4e23a90a06008ecb611d46457077812
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD528abf29e7c93a2c3b129276afcfef17f
SHA1e3adabe3d53c2225a4e93364b5ea14ab7c359ba6
SHA256ee105a466cdc2013c14cba94c761e49cafb8ec67ef528cb1f54c47a1291c2f23
SHA512b5fb73132295bc0f42766a7406a87c5ec167fcccea959f0e5862c535b26fbe4db9a1e7215c0534bfbaa07cb06566af717d0e182298f5737562627973afdaa7dc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c673c0e766fc1d53751c5d0ccfdc78c1
SHA1e4109fdcf06d2adc7391fe2d1be06b228bf07215
SHA256de7bc79f686f77692313bcf35b2056520b70ba6ab9d070173172e91bfc355506
SHA512302edeb412e2c954cf95cf7ce04544f23cb85a8eafc70470c70723bb3e1a15eccb230ffdd76813d73601f9015284ec703d81c73a9c7fd33d4e820a8ed3944a98
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bdfc774957cf0811804857ddd9fe1d44
SHA15011bf17ba9d398247c3119aa8ea4399991a04fe
SHA2564bc25357c8ea5083fe61cc17198d98c02d5e8bd8020e1a00bd787980a696f690
SHA512c29d40c7a5f576d8cd1738ed96c3cdab3b007482f95e14e67e6afda64728dc345d5ff88698a748344b7f7ab64988ceb58664b6cdff6761504ecc4ed48546d5de
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58c640e47dc79fade1191fa1ad701d262
SHA18a2eff1f2dce976e543f0981c90f64edbca6987d
SHA2568d5fcb674d560f24a293c5cf64db571c22c8419997b40931adaf8e5ad258315b
SHA512f3b1804f7cb96cb67d443ca76c704f5bf626111866ad8aa7aa206cb3af8befe8f9d774612052f135e860e0e8fd6a92fc9feed203d064c2e70160a9512142a2a3
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b