Analysis
-
max time kernel
133s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 08:08
Static task
static1
Behavioral task
behavioral1
Sample
911043424632f443dec6f44b5043d22b_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
911043424632f443dec6f44b5043d22b_JaffaCakes118.html
Resource
win10v2004-20240226-en
General
-
Target
911043424632f443dec6f44b5043d22b_JaffaCakes118.html
-
Size
11KB
-
MD5
911043424632f443dec6f44b5043d22b
-
SHA1
b4a2cc8d2a018fda3b2ff902e8000b161a87b083
-
SHA256
b24d0f0845119b8cbff2706941efe9fca7abbde78704330ca5fa3fa98ae6fa9d
-
SHA512
e504a5683bae4fca112feb508273f04f8f63fa6a3cf4637ad4863d76cf050575361185c84db80bbcd62eb946b3d02efa5dab5e497a14f158db4e9bfe93e62127
-
SSDEEP
192:icw6tEdvd0Jb8v2U65cNBMCn3cqs2OfUn5ZIsPnPQhMx5Kx5SvU7DQ1YXVK:icwwN0BM23cqs2OfUn5OSnPeG5Kx5Svj
Malware Config
Signatures
-
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10f1e05d8db5da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000b4df00bfbd04a9e52a552b12c5ef5cb388c8d410e90c4c8e5feeaebbb3ccd80f000000000e8000000002000020000000a04f5b547f68136004754556fb9ef498986244832a85ae2c9b6589301989379020000000c88f4f570c148fbbd16177cf1a41e6b8a72d4236fca998e7ad6e26347809b924400000005f361a5f9253d715f031ad4ce9e68a5c3b9faf7931f3ac1f05f21afee77f4d35ee8921f367e15743278b8046efc341ea7bad67e5d335f2b7add8689813fcc915 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423564002" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b0000000002000000000010660000000100002000000009706810cd7da5d7024f8a9a84d10cde9d8c02ea987b83870845202e9dd4f1f3000000000e800000000200002000000041189297e249b14c7be6c2a0adfb30cc27c8fbd80d887b7c5ca487898654d58c900000002c1715534f9f6bbb3026411d21a905a24704ec48d59bbd2769521151fd2f3bd137b882e8bf533454cd4c44fa1c6f2c1ce4b1544bacac9f74a7855badb6a468cae542b13cda2f5ddf2acd2ef44bd35fe1012d756354a205b6db07490f6712446549412b78779847abaa94b6ac0f22043455934b4b012349382035f912f81a24aa3200634a41e9a87dec9c82cdce23e23440000000adc18490af9e334a3f02f8d5ba252d4ebbcf529bdda6fa8abda8f3b9fe8844e07b3303f35f076f4c1749c422503f96cee40c28603619078e417dd980e5165b4d iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{85A14561-2180-11EF-BA28-C2931B856BB4} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1700 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1700 iexplore.exe 1700 iexplore.exe 2204 IEXPLORE.EXE 2204 IEXPLORE.EXE 2204 IEXPLORE.EXE 2204 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1700 wrote to memory of 2204 1700 iexplore.exe 29 PID 1700 wrote to memory of 2204 1700 iexplore.exe 29 PID 1700 wrote to memory of 2204 1700 iexplore.exe 29 PID 1700 wrote to memory of 2204 1700 iexplore.exe 29
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\911043424632f443dec6f44b5043d22b_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1700 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1700 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2204
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
717B
MD5822467b728b7a66b081c91795373789a
SHA1d8f2f02e1eef62485a9feffd59ce837511749865
SHA256af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9
SHA512bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6
-
Filesize
503B
MD53a0bef22f52367a540fc87c2f64a819f
SHA1c620d5e32400883ef0315cceecce71a7f036f5f9
SHA256cfd5b949b53fa973152777c6cbe2638a1215e0f0f706c9271b6d69095e137900
SHA512c7468854c103354bb753438b74e160fd9d9b9980000cc354bb5f1897f77f791a9d46d3870f642e4c498760f02163f2e7b03514dd310d2531e27e769ff5f421b4
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
Filesize192B
MD5ad79d92de5488b7c99db9c491d28889f
SHA1adec9a6920309164e650d0758f1db21f9dbc0373
SHA256b87f97aa7c6f2480370de42b943c0c28651e198bfc7af4040d59c4c6f4aefd2e
SHA5127f4fbb3e9210e55542772338b26bc3dfb41b3f3e9f2f9e8472ae77f10ff5500563a5a4dc30ff685ca5b8d61f852545b8f15a52f53bbe8fabbfddb41b51f7e15d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51482f7f578b29214aba9860a5d5d3599
SHA180bc8609f123a38bdbfc7333da373122d0d8fa68
SHA256218533d6b5d32e6180ee9e36100b4cbefca68ac4fc9488a0de3732575cba28cb
SHA512c000ae7a713a98003805dbfa60443a3beb308556265e2ce3f5a6324104c7dd390d55ef95f8109e1adaf7bd5bb531866e2037a4db5f165cd09f750f740f4ad688
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5899370fa2d434fe87d5eeae1b2435108
SHA1a79e984b19887c034c0fc3bc90a63b673f31f355
SHA2566844f63a41999415b5f1f155dadafc8a375cff23152850e9f899c2cd2ea5c743
SHA5127cd35f75df5f94e88712b1a5cb35bdaef54e7cb778f40202042ecb6d31b6de945fe79d944bd4e775a93bd2221f887700515041de48a5c7654e393d63bd477847
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5183c2fcd18df3f4b247979167c644418
SHA183ace39d146d22973f7b62824c60a7d8056e6062
SHA256763f9a4ae9fb03b6a2b32b4abe4717930ef3cae91633e0fae2fcc06cfed8e51e
SHA512488ff48fd9521a026091237480b891cd187f9ae868742b2c9a37a09d56779030c522e8e11b772bd534b7bf3f69a60072545bd6671e534c226f315b18c6f7400a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5897235b882301722f94af32b6e550240
SHA1a5f554bedd5e4e14fc6b29e813af55891e11e9d9
SHA2560adbfa4992820f9ff812a3dbc51e128c3849f3eda45f7dd79ed3a1743863ab65
SHA512cfb48c6d20937cfcfa2fada718602657e96c998743e26a89704d1595f5d09ed2950f7cff8bb7f13e7be3e652097fa09eb3c1bf52f6fc63b3a200a339a25d6169
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c2e48eecff71a9c75b6af94ba4b928fb
SHA19a1be082c5690c705e5a158e6d01aa0127920aab
SHA256bd07eb5f8f88304fda0ab17175cc559d981332e8ad17d5766a283f3ad9976df9
SHA51287c63aa2d27544b43ba7763900baec4d6d36cffaefab9e7b274b4c9f767f79b57ac2bebba5240daba7b045ce9e1714407210b5cdb210e5b41bd7701a7d31be7d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD509d9abb0e9febf48f36720f1f29d4393
SHA1139959a96a9309fec04b2be7846315cdf461d45e
SHA2560b76b2c775ebd0f5eff989e0c850f88f183652f38d7bfbe9137ab5a6f9f6680e
SHA51259410cee0dfa2eb972f0d51706705756a84fe18b9fe172570d92b84c19bce28252460e68f436f76a6d8e2160fe5b852b5943e5dee7724d8c6e27786288f915a6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52912087ccb5ade1b402216939ade785d
SHA19194582b7c72b11ac3bc47bc91ae95198ebcf465
SHA2564a315ec564590407565475c0241f8acb4097783393b27c500fd33af3a7aea67d
SHA512097dea30373eb16db0c1540e341cac2e4dbec432c7a971e39d790ad7a7ba5acf1f6437c29c29ae0480564730f09fba7e466f00790785dff6f7245acbd718d893
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e55463abe1e30b724b8ef45083c26063
SHA14f6a8dd8fcf603abdff494a1538aaa6f7a9a8f15
SHA256fdcf2aebdc18b4870c4e2e936e1cc85fb2daf2e3ae8bfe28cb4dd238d7da914f
SHA512f90a417a721c0f7d94a19ccd2390cc0aa03c56d30505343d85809b04eeafe551a52cd9a81d801422b2d12329aa6d050342cb311c8510c2d430303ef8fdaeca55
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a2adc17a27a6e213344811a58e082908
SHA15f6ecdf0f7cbbd50ec684a4c3e91ee5a469e4fd5
SHA256956a115020f3b4c475d67b9279ce6a62cf3c167704f7c6e66bdaa4e028551587
SHA512def8268345b47634a4584fbe239e341a45a36f4a72ac660ba7704cf1df8e4924425d5df0dba86b2d8ca9e6fcfc0aa0cb3daff33676326f4a96c2cc8fa4f59c00
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57134b54f601c8dd76fec2bd05d0233db
SHA16773076572cd05a5b0271e9737891915027a222f
SHA256698f8bcc160c045a62e525f649d9af6b8f5ed10effe43e81808abb6a99ec4430
SHA512bde784f8ed5e1140de7cb1a306230c7574bdcc8bb0622f2be176f73ad3ff2021dc1aceae842e700278abda9b2e1b046a5bfef8f6c12fa1c09cfe007d36257b17
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5336368205fc544bf686ec1571f427aa4
SHA189ce4ce5b7a10570001cad03c823258b99386d71
SHA2569a05aceff19b62d6d1bfcce4eb7c677bbb185a757ac081b4edf0e828c6301203
SHA5129c36130a1b155fd6d21b2e2c22dda786e86266863a17a0744874dca8d37e96a63d955951160366bb61f8a8996ce1a2b7c0d02a9310240d86dea5d315a351ff44
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5458118ec337fd035b43d911781f78d10
SHA1158178bb3bfc42fe664ec916f6a7e3fa3f6a9c7d
SHA256e5884b5f073e09ed454b22ff5cf3914297b53960793b10d08bdcd0521e5edf09
SHA512d1087c19a0c92d93ea91b51dca3784105d018dccedd32c6b4451ae3a1bfadd92d0f40b5b6c791a6f119b21dcd6a72174ce438a5242262edfe506fe4c3567a237
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b