Analysis
-
max time kernel
135s -
max time network
134s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 07:45
Static task
static1
Behavioral task
behavioral1
Sample
90fe09b1874bcfa7346d13861451c480_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
90fe09b1874bcfa7346d13861451c480_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
90fe09b1874bcfa7346d13861451c480_JaffaCakes118.html
-
Size
16KB
-
MD5
90fe09b1874bcfa7346d13861451c480
-
SHA1
bc76e680afd5f4dac4447893cb5c77528671a987
-
SHA256
7b390459f44dfb62839c0abd4805cb7815cdad9987b3b1c3c0536ea70618cc66
-
SHA512
cf37ab3108dde01014af717397d9118ec979abd8bd5be3f963c5c18a0331353e28c4f0b80754be166297dbd17c4eed423fe5b8a8fe055014cb920fef0746ba8b
-
SSDEEP
192:hMtCWmljavCneE7lYes6yneAqENnQ+vcBnj/nxnQ+v4aE8Qw6EnwM:hEC9CM7lrUOCw6EwM
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000202ad8644e9b5e4196fd2da23ff04569000000000200000000001066000000010000200000005a7041292268edf2c8ec1441a8697efdfba6924047915e501e815e108d9833e7000000000e8000000002000020000000def119cc3e11cd57e17b7aaed31ba71725f4a394b275088b489d58132d48971d90000000f4fc6f822b6b21064c322e76332d48bc78df98c899284b859edb3cdc331d952ed65b5b761618374c551b8b130c6433dceb107f55abaae45f7a63e05b9fa069fdda16b9b96209121f6eeb28cb55f04494ae793c2f4298fcf4129e9d8acbe2ec74f6511a76a394e68b3eef421f5f915bd4c314a3b5b0c901bd020ea7222026fc027bc09618f2420cbbcec7e3f4f4e0ff184000000007a07b3c5d76b674bc4acc20a849aa09baa9f2eebb5148a057c411e52b70e1d8b87524be76001339fba537f3e95ff0de3354291c8de44cf5202e7d54b8712061 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423562586" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40e841108ab5da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{385D5CB1-217D-11EF-97FB-6A55B5C6A64E} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000202ad8644e9b5e4196fd2da23ff0456900000000020000000000106600000001000020000000dbc1ce7af59866ea084c85f652fb37bda1cc3daddf86669d3c605b0d046e9ea3000000000e800000000200002000000031d39d1da5eac85e233276734ec15e561b5cc00034880486e9522c92c38ce4a42000000051a6ffe71ee705478003a40296b9ee7a224321cd2f8abfb0748340bec802fe1040000000fc16ef3b4139991bb6c67e9dc30b20e73f1cc45f53841c13fbe76d66f9c519252a1a59493a8bf7305d783e1770e94036e76ca82d46ef72a75f5d84ff3c1b134b iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2956 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2956 iexplore.exe 2956 iexplore.exe 3008 IEXPLORE.EXE 3008 IEXPLORE.EXE 3008 IEXPLORE.EXE 3008 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2956 wrote to memory of 3008 2956 iexplore.exe 28 PID 2956 wrote to memory of 3008 2956 iexplore.exe 28 PID 2956 wrote to memory of 3008 2956 iexplore.exe 28 PID 2956 wrote to memory of 3008 2956 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\90fe09b1874bcfa7346d13861451c480_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2956 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2956 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3008
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5900de8aa19bad57634b82229b0337d5f
SHA18c0a534668418b0d86e95db06c67eaf0fc62719f
SHA256b5348ed0597208ba177a94340aa5a19d2587701df88a7486f253d5437325ef2b
SHA5128c634880e9a1aa9fe0b6d19c314d0beb9eb44b20d4ecff8653d3b7745311b93c07d0fc168abd207826f1b32b15387e2906a6768e38fab99f59b7f3c3e42438aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d002118e2b6091c06f139fc3f84e0a9d
SHA1d3937d962aebbdc4ecc83bed1636e2456b0189b7
SHA256d689c81113aa311eb6ba44aa11e18aa408f567e2e75086eb7af18f78ea04ac1f
SHA512f789a0375eed8d47cbaf2c01babb2ba103b71de2c99fbba25e679498f1fcec06e0ae7e400e704bb1e1e03282ad8e30485eae2b28a248a85ac0b71004584c3714
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f88a6f0c0b53aea97b65cc8ecbbb41cf
SHA1cd0393abd1b2037ce813d19579c01387173f996e
SHA256244be68dc1f2bfc1a8f1d3ad8686263f9c457ee8d27d228d899680d827560dd8
SHA512e94024f7270229d64b1dca4332362b07b7d4585e0853c0a1f3fa6ee951e3779401d4ab4fc5f4af0d624d94caa9daa3e61061f8c108aa70112e09f8137c25f8ca
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD512b01ca1e851d4d4b24f9737e8e13bf1
SHA1d554cff809ccb5933a3e02bc61a1270f63e9cf34
SHA256cdd9ee0a52596f08b597cd494fbf6bc1714101e60345d7df80791f6160ee6afa
SHA512b5298a38f49243066e55425425a56ae653dd83effc92320d09439c3dfd9b828cee79780227ce26ecc46f43730bdd7e9f5459afa8d4ac71500bdc7bce81ba179f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f1ca358777bb8707e7f6562de98ce125
SHA1d5f02909ab50580f866cf4dbceb7353d171ade36
SHA256055cc8a8908a198ab3c82b9f2100578abfd5ad6c551d5a37859c8f95f347e7ac
SHA5128dc4fc8744cdb9f93b92e751aa0d1e23d31abf69c1b482d1b6cff5ffeba2a9931bf2e716f3f60fdb5a01556379dc8e72ad940ca506ac509b01d7483438136e52
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD559b8f4a661098acdfad9cdaad44d10e0
SHA13efb53f138532ec5e7a862641515eb9ca6a9d898
SHA25658790383d541e12cfc41a5cd7d469b486965d5084b6a9214b95be7c6c50bb47e
SHA512244d3d6a3f98bca5bfe48b66a70f731daa9163028649e7f4ce3dd09eb1994d79f4f3c389a5da59e038105df9a0351a367c6214feed7a6dcace5ba3a88d46cda8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD501a66c32e661f0311b39c3b60a971a51
SHA116ad37350977b1ea4bf27c06326b84e63e9b23a3
SHA2564c5bce214b2af091a0837398c6b2061f8aa140991d01b316472506e74225473c
SHA51215c07c4b8ed9c36b3ad2baf31823ce4e03030ed3838b2ae89d56ab50e4f02c91fc66bead5e87a6d5181ccfef1a6fa1020018079ad9c924265d996b724a5b8c4d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d851b0d6f9c89c795eb7b2e50bc29479
SHA17b731832856dc78f2a1410c2871921a2f987ea8f
SHA25616f346df1eefaf9cca14facd67aa50913d7a6365e6761f20a61c402f0848e2b5
SHA512bf01325331acb141f52f0ac7239dd265c39945b9e7965a85ee6d200b5d1a586a03225f46587943a38f78618d14ecf897acdc69d71783f2c3d796e6eb45845f8d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ce46c953157e3e773f0535f85eb73426
SHA1b4626ec50a3a6a044a2dac39dbe862ada9add3d6
SHA2567c923fc5104cad14c2f2f212f621056c2423053f38bf52c49d8eb99f529b247a
SHA512b59277afd2f3d4ddfbee93f0189f18165db9489fc9682aafa6185077b37d4e31c8e7a421ba0dcebaee542e340f5ff98192dcc127599b6313e0405b15e83a9815
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b241ab8d9707b8dfb3453152b266722a
SHA14be52293f1a65254b6cc006943db472c60946393
SHA256a386b1380c6c62c7fef5a493627a3e59d9999868875bff7a0cceb5ce78b4c3dd
SHA512f97c935a8a2694080c2bd3fb67fbb03139beb9287621f898a0e72a65261db06d212a6f7c2e1b32bd738f182a030ec1422ae89afa44844dc213fd6130ccb82479
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59fb0e750f988b8b6bc5b3b298c94db24
SHA1f58047db29ac516d6462c2e5f95faf838c3621b8
SHA256f3b7c56ba533c31ca806ef6b0d394faf8e6d79d736ec4ebf981ba6ff738c2ccc
SHA512a2252a65b77195f6c692d938eb5a244b77f5f79131a424aae72427a7ca3ee5a1eb7f9ac2ef31c0a781be31bffe7f69aee4ae64c9d48b8d1d293eff0e5ddd4d4e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57e6b4f9b4639036ce513dbf1149bb867
SHA14097805eb43c22151c2bfd979e9c9fd417da5af7
SHA2568baf9b2043663560b877b8b6038901e3efcbd839d10680cbd61689d046dc1793
SHA512da4c9172410bd81e12378e99213690b39272ccfac21c72f935560a688567153c1fa8701c12cd853dd6ed98b9f74417446e348644a7f1ff9476aef7a7411ae8de
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5abf45fb394a3edc1f8858d28e0bdfe08
SHA19cc7f18ae2c79553cec88d7a462b557b71d92d09
SHA2565b5ffeb106d46ba7fc24c903862b248186ef32e4c0a0e98b6fd13a437c9cc4e4
SHA512833f093fe525e319d2a56f32a2724849de7d366c334526168676bdee57268523e29409099f8a559a8ad4cbfb7d2489f4760a6a671d923b066b2cd7078a1425a9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55568a0c20135af1d70b692fd7bc93fab
SHA11e2cce44a464d1aa1130e69a6123e5ec85a2b695
SHA256ac34950cc9f7e1730d5c6678ccb6124ef0858ce09da9a1b03c70635fad21d464
SHA5122a10c447bd22fea49618313bc3b4fae18b531ec0df4d15735d8582dc8ded5eb778806c7fd67e584b7801737897668821016b6c5c754fbec72b303ef5bbb3db65
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ba589269302f63825fbff931fa538610
SHA104a0fd75022130d345d89d38a8c64aa17489a8bd
SHA2563ef4812c9eaf59df686b95786ebf93414ac2e63ead08ffbd3d35794359f995d9
SHA512c0395ff88f4e55fc7a7263ad0c7da8fddc9a4e5ea73655f6afe4d522b9a154d6f2f39514f6cc10b09d0603a0c22df8cf24029f7948a1c20babf939d1ff23e24f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d259f089343bb41bc120585ae7090bd6
SHA1c77ec9c32a2d7fc9dd14954bf253299c707ead3a
SHA256f6bf40233358185fbb46ceb508fdcbe5095611972e8f222027b214f73d38999b
SHA512fcd7d73d2a3adcc5bbcec5a95e37c9fe0bcbc4f66f838c812c0ae3e5ae128f097bd5d8ab9677f8367c31567539a8c11fc86b1fe3a16762b54455fcec10389824
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b