Analysis
-
max time kernel
117s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
31/05/2024, 15:30
Static task
static1
Behavioral task
behavioral1
Sample
877c265f1d4dc6a753c549c715a71a60_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
877c265f1d4dc6a753c549c715a71a60_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
877c265f1d4dc6a753c549c715a71a60_JaffaCakes118.html
-
Size
4KB
-
MD5
877c265f1d4dc6a753c549c715a71a60
-
SHA1
22ac52a7d3b2977f84613aeac0d115352552b53a
-
SHA256
06b66bfb0be3c011964b41e2c4b5bf9c47e4bcab963e757d7eec319bc55cc5d7
-
SHA512
af064da8e73d32e6c69b1f51a84eaa138296112fdeee86fd8c639527e877ed6971f1a435d3b1f8f0eefe15600f5ee43c74f4fc4fa85914520da68c951384669f
-
SSDEEP
96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8oXVKIJd:Pk7yY1aEFHVKtF37sNjtXATIQFM93pDu
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B1473281-1F62-11EF-B5E8-DE62917EBCA6} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 004ab8856fb3da01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423331289" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002b200e38de39fe48930369f4b2b3d31a00000000020000000000106600000001000020000000deb548f7c7e6e8f19aa4f19639219feca01e0d4997f604da1f47b1632821acfd000000000e80000000020000200000009df468fdf2e38389c1786135fb122ef1e3edc87a74880cf49cd9309dc869bc212000000031ddb6de8f142d167a4b288e956100c334679e01970984698e2ab59a6fe742594000000093fa7fddf9f90f5e8668503291e25eadb959b6c6c6ab69d6aac28167fafd93494f68c0c0ad589a29fb7fdc0c8f9133a64bd506f40c1afb8e31b72cda854d0946 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002b200e38de39fe48930369f4b2b3d31a0000000002000000000010660000000100002000000072eb83f0265f354d2ad61b8f7795881ec7e8c3954aed3f4b9df5978c4829e888000000000e80000000020000200000003b3fce9f28fcb057cb3a94a3e226a4ce1fd4cc82afa6241601a7b8408f6411539000000069218e94c2cc333b3e82b921030327bb09483e348e7ede85a773e516aa777653d6fa49a9cc63100e1aabba4dfa21eca326203aaf8cd99ebf6891ff11b9e2970dc4e6bc5911f7981280220a2eefbd2de29b943d01abbcc42e111237e7dd9cb588e31b8ac6f82639a0c2552640c0fda377285d42d4f2ae26482d727e4d272ccc28314eb1c737f3331c82fb7097736c723640000000b540fb215c4dd11d59ee133ed3946e8dd93dc9653ad6d8c944b13c182aae2e32cab2e40a3fce82e46e0bccead3fddcbdbd21a67e5107e101925b07ea1ce9c0e3 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 332 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 332 iexplore.exe 332 iexplore.exe 2972 IEXPLORE.EXE 2972 IEXPLORE.EXE 2972 IEXPLORE.EXE 2972 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 332 wrote to memory of 2972 332 iexplore.exe 28 PID 332 wrote to memory of 2972 332 iexplore.exe 28 PID 332 wrote to memory of 2972 332 iexplore.exe 28 PID 332 wrote to memory of 2972 332 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\877c265f1d4dc6a753c549c715a71a60_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:332 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:332 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2972
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d9f5640e841aabd2f87765af81f6ed08
SHA185f92df9ca45f82982b3064d7694800622487000
SHA2560388b826ad68c3a0830bb585f43273698f2ef8ff0e16309ffe833c69d6556295
SHA512ecf8ee795eed8c60de3bd2976b3ab309bef9c0dd46f7947090f90a4a782c98d9dbc0819553845bd9f84993307b184b16439930e2bd89939058b8f0106be49139
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5049324d379dd136d1642a7e9ea8ab17f
SHA1a77a14600a781c7115387df09be3afd39678ae58
SHA2565a638d5b04c3c707a85d963cfed6bae565bb04ec81b21d53ca218349e516ad62
SHA512f37c46aa36271f6fb744c59ae42358abbbf67bfee99d50edcbcbc7edeaecc3deb221558263ff4936e5e229a3665b11ffbb097639c055a863148c774ea2861bed
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cc6464c6ed18e804bb9bac973b118ab3
SHA15654a288ea653a6af35d3b84157c57511183c7b7
SHA256e9a0d3ee9e646b059785638d4ea2bdd2b1b8e1d18e145c33a7496ade45967604
SHA5125a4709160cd92c0ce9cd741f677ab730390cfa7ebc459d90b8940ffed80c1ba094d30e17c623be6f4ea443f16df32face3804848b0e157756c8429a0a9fa8cfd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50d5232128740aac61d6d297b4d2d35b7
SHA1359c60f0cb0fa4e530c2cd0d55475455cb27e75c
SHA2565332fb151a8fe401ac7780f170a7f7ccc123a40db5ab36d6eabb454ab0ce343c
SHA51211becea819f268bd3adb1e9f5e960d6bd53363306921529fadfd5d805dba853dbda115f9f87ad64ea235d2fe02e8f40426489ffb4a9f98db3eef4792d5d7db96
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e302963cb635c71971bc553256ad3626
SHA112dff292218c5e569ff99b7aa524fe40d302e515
SHA2565c6453a2fa9554292020832ee73c71643d886ae0d2b3732a4b9a54b7bf5a8370
SHA5126fc752e2b571f723ba0fc7b20cdd2662d20d6d53b78b6c153aae80ddf68f3873b8aed675bfdea57c15967d01d21d97421063178c3a0cf39b7195c8b309db5691
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c43ac36cf654e7fe17e8df37205025da
SHA18e12d8daf753763f7e10fc9f94d673eadb4567ec
SHA25631ccc08008d85adec9811ae0901966c366e7f4ea6014909e9d953e2fe989f11a
SHA512099ead76f0d1532f04c07cc99b26f9c86c61a8abdda265c8fee94ec246ce03470530f1aedd94007059fd35cd721b4f404c64e92189fba27ad2102e2f237d545a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5229e15346679843682f4a3fd7659ef07
SHA19047004fa60874bdcd2e23eade6e4ab84d3188ca
SHA2567f95eda43af9e6c086349f3c44153163ece59523ead54f8b48069a639d2b612e
SHA512e0aa5154fc68d3654601e9f9b75e040afe8deb47b9730da8488b365667df997a9e2df9a76fc31fd665c5eb6bdb3e7c1961dcde9b620fc1013004863d7621fe04
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD576dffde9e27ba5d3dae9b2438cdb8e97
SHA164535e9db8232986b3d5fa0099b251865e2ea510
SHA256c0cade484c31518680e01cf5c4a895da8c3e0f5db2fb8d3ee5ef9a1600f2bae8
SHA51272bcc484ce22ce73fef5a060e7bb2b64bd680ee4a97a76f664925f44f1be06d6f5fca0d05c11f12c059af2ef18173cfffa34f691b8b3070ab1393d0ccc14eca3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5563a48e49ad9d3c26d3db6d3e8df59d9
SHA191615ffb9269407bf0725ff2bd3585034d66d496
SHA25608b89feb423e595cf14ffc211117bd88a254899939777682f74257abab841ea2
SHA51231c100f1b2081a7204308b75dcdd1e632735280e66e966881c3996999325eb9c4eab63b89550073b2adbcd693a905d34edad9bc062ae62e7e1b3da8733cb17ce
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50570d86fd3d2ec19ecd5e8ecb03fcd78
SHA124f1351731d4829397846c289e382102294f4ea0
SHA2566d4ed5b8a9542f739efa6a1d1cbaeecd126b9059f354b2e61c224284c5d5c7f8
SHA5120a4c25c86107f4d7127fd0a67ff814062fd498e2e35112befa32e06dbfdbb635bc31bdb8cdb8f6c9383c190c962a2db8c298fb18faef78bc229025d50d53480c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD582d9f47dffd007dd381be890f4788d81
SHA1add412ef8a0a3b105980d67160f329b03efe02ab
SHA256774a3b18a328287fb5b70ccff9952e31cbb6041bf09c59bcf926d17b941a2e4d
SHA5129dad824dc7c5dd80c3d3879a90170d3f3d88e0247698c939414da385b4bf58528e083f7b3e75fd81a093d9b2862f833b24d93300c401d562154bcaf2f726d6eb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD556f109aeaf19074faf63c988d64b0d3d
SHA18049b052534217f498a417db2fdd71fd560bcbd2
SHA256c831a054a2d131a0eb8a44eb366014f86819b3f541112b00f7bd4efb3ac59825
SHA5127bdf0516bec7314a8e390b8bcfe468210c6248c64e6ff6299453250a5da94bf8da9de8c0854046b780250729885cb2b1af78d8fd8494339ce774899b7b7e0e7f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b8e0d07e5f8dadf6b9f1b67756eac2c2
SHA1601186f8912505f03ca92addd13bbe97a6616edf
SHA256ba57a7c2ad468901b09c4e15704d1485b9358b1a3d7c127d1e393ac111db6e29
SHA5124646574a4bfc830871f98a6fae4f4a96fdd1e19d80d622bb82ccf262cf1bed139f7af521967750b15f73378a9bce1493e48e940456764f13f78fb511f341eee5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5635ec7901540c3df121a9ea664ddaeac
SHA13b02fd08e017be49aa89f7183a92f413b25ff82b
SHA2568be6183e7affbbbc420e745b7344ef312a4a67073ab51b002e2ae94ba68c1b6e
SHA512129bf8028a06dbcab0111dcb9e18d0dac0691e820d4896b6f8fc316182481c3f6fc8a76f44267eb34f6b68db8a2bbd04d73deccbdac92e0fd74d9ad67e0b1a73
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bd10af180728d3ed4f4c0466e8fa411e
SHA172fb7ac76a7ca68270a622176c16f06d78b13db8
SHA25659a99381557efce4e3775930b2cfd0022e04bef49c920147f410f0ec83e0868a
SHA512191e36add14263eb65d177f41ca5cf470ce414eb32954db3c56a4b1c96f5a6db7ce9fb1b30c560d03165d0b0c33a328c7d05333b68035018b471505f5773a122
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b