Analysis
-
max time kernel
141s -
max time network
141s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 07:56
Static task
static1
Behavioral task
behavioral1
Sample
9106efea1b7a3985812c44556fbc39de_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
9106efea1b7a3985812c44556fbc39de_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
9106efea1b7a3985812c44556fbc39de_JaffaCakes118.html
-
Size
69KB
-
MD5
9106efea1b7a3985812c44556fbc39de
-
SHA1
abd6c22f04d253c754d973003b9440e7fdd14691
-
SHA256
912e59a8c6a732b1d2587717d41b76bb8185e71abe76f9f98ac7e325486c2da8
-
SHA512
36712461904391fab0e217d8d1fc76e1efe3225850c8b3f1e2c386f0b53b0709149290313f6e9f0235c9f591ea9f44ddc176f24c937f81a7b9eab72325cb644e
-
SSDEEP
768:Ji7gcMiR3sI2PDDnX0g6sS66HGrjBreoTyS1wCZkoTyMdtbBnfBgN8/lboi2hcpq:J3HxjTzNen0tbrga94hcuNnQC
Malware Config
Signatures
-
description ioc Process Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b09a8fa38bb5da01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423563266" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d10000000002000000000010660000000100002000000015a24bf67fce5928b4d473ac7718a782b6aafc37fdd9815e35ef7a12d413b983000000000e8000000002000020000000b185dda226ad8a1a9ada1c566d2785a484b0d8c234c21713f9953726aef6be3720000000cc4152fa6ba78f7859a5d25ef0bf4fa83c0b58281a09fc6fc482e15039d04625400000006b69b89fe33e2032622a0798a5e24bbaf7fdff8233d1d7f3dec01e1205eb25968a78fd430b8426a5a04f0983406723ae262aa3a052c48daccab4ab848062d74c iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CEE8D501-217E-11EF-B904-5A22F41CCA2C} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000b3885e1112678ca2bb1665ff42c79384793e7370aabb5a3c3d9d4b8d03d68005000000000e8000000002000020000000949270187dc0b4d28999330eeb8a513b683c3909bceec362cc0f7a8d5ee43059900000001c4b8603b18f5f015e9367574abd1b4732aca32e1c76201fab50623e4d3beb682569badeb69896365375c776aaed969b5c88e8ff1b86a0d102c8b971b1f1c7a4e6a9ed02750ef83964bcec80f3224754b2798bdadf5ba2046368239aa99b602736e3ec537699e898e61649234fb5582730334743a96eb1c4472c43a23aa2c68c47a539ff96f108baac5f45ca3e05da3c400000003a88d59af6b0a35eb7aec6ff75ccf89b77b537a48c4b1a7873acf224298e3fb5a96af84c13bbcb802e311cd4df61d4886774ba4f4307de545b93c916e2b3613d iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1996 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1996 iexplore.exe 1996 iexplore.exe 3052 IEXPLORE.EXE 3052 IEXPLORE.EXE 3052 IEXPLORE.EXE 3052 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1996 wrote to memory of 3052 1996 iexplore.exe 28 PID 1996 wrote to memory of 3052 1996 iexplore.exe 28 PID 1996 wrote to memory of 3052 1996 iexplore.exe 28 PID 1996 wrote to memory of 3052 1996 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9106efea1b7a3985812c44556fbc39de_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1996 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1996 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3052
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5792630a908e4433751b738531036e8a7
SHA13cf0bc34fb487873ac9c9d7dc547e4471794cd15
SHA25667889a8eb49b9d88d469b542fcaf51edb82ccce7726637e6aaad619a9b77b137
SHA512ba4d1cbad76120b21ea4c5955afef900f9f14c6b6242fa3a9ceb7e7db6f75a5652de3bd68ca1ad7c7bd684987a6c371b01066b9d92803b955d00e748f9643d3f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5275c42d86e6a89432ff8990c941180dc
SHA19b3ec5b7e492761710bf480724387f88ce905708
SHA256d58e4668128959b477a1aadf307fdbc25c01b6a15ef0b88587bf21fe3d4f448d
SHA512dee11d72cc48a52cb181669b426bdde982fee82b938706c7213592b23636154b749c98bef77ae4df3127fa82228cc9907b7a5702777d42ae9db4e18af7b00765
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD503ea18cb403b0caa3dd55243ea5a8e45
SHA1d02fa6b505e1953f047edb7791cdf7adc3f59c43
SHA2561a945f25c1f8ec9704cffcc54c160caffa70288abfa29a8ee139119b4474dae2
SHA512e575c85ce475e45a89fd53c5aaf24ceae31a8628d92655329d9072a2d6be22c96be841c5494947cf01af0b4733692297071d604f0ca75af5eea23f88004ecb40
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55b5633d7b0c17c827c0a7d77c3b96df3
SHA1d3602fb28aba3e52a5b07288df89471e85211b87
SHA256aaf5de02786d00a502fdfa521f6b0ad2f142fadba785db88544e76402c6a7c8f
SHA512ab7896d60507483c1bf455d7e12d50a7269ead6ba8bc50df9bbc57d84f9415c1befb30efbfbe17870fec4e5ed209e4a8d7030da806f8155bd117b17f57a95ca3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52e4b3e7b979183ddb848582a95d7e175
SHA1335b2eb3d06160b7fd318d4139231ece9876e34e
SHA256dc4fa3f398977a102f77e39a5ddde040de9c645852076b6007d82e470e976f76
SHA512a698d60d9d7fa575876b6ca9b8f60476461bcf1d7597ac23859d41e38a24f1c2c25f3cd957ab975e4689d88efa0c4b865c6026d1ecf4418dad3fd4d32198f49b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c552c4f517f0ce34328d12c72dc4f923
SHA1ac87cf164dc54f1c5cf7beb5598d489b6a07c019
SHA2563c5b4e9e89938ec5ff47e350f44b8bc2202635064fb94ca73d6b12e58c1af072
SHA51242e938bd887a707e7485aa6b564109c6089d08d2bebd9302816f10cf8dc69b4ddc72b2f0b715449bbc6b00c225f7aa25db24bb3dc7b2cef6caae35227d82a173
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5da88f7f0830607e3524e9c1b1bd9c62e
SHA171c0d46106172e7394b1266024c30da5456ba56f
SHA2560665790c08424ed60ef7a86c11e0be923e005ebf67d2697dd5242e62fee535a2
SHA512a67ba1680cca9df3fe0c43251df87aa624c4eba243dd2884ff087cd43948a4d1b8975a67864fe441700f0646767a9172c5a1846fe4699d6357bbe8649c8aaf14
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e8c990e0f0fa366e24bcdbffc072803e
SHA1e61c817eb7fa1d05b14d342292e6652ed91983aa
SHA2569b2d722abdd28c53c88982d02f330aae315820a22cba89c40fc9446e41135359
SHA5120a16a990ea08ed089eb59b66ef88d5827ad47b9b49aa0d072771c544b569b4aaa475b7aaafd9498219bd743f694571fe4e8dc76f5c0cf6a55627386e2be4d2cf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5641cf109900dbe45db9d387bb333e466
SHA18efed2679c7d94fe92e12c8320385fbb82ae0fdd
SHA256d2ed59a526277120b137aea6f6cac98079198ea47fbfc1c46fd7d5964ef8593a
SHA512a3ed01a58d9ee7b46eb3b3fbef69c9db7638bb8e2a2e8f93024d8a997b9eaa8dfdd800f8a8db421e6ea7ccc22deeee00cd1243e9aea10294d34173c6f8e825bb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c34f258f03f5aa249025896bc8f2c879
SHA1794edba0658567a21882e4d690a914d4737044a5
SHA256ef7855a27d2f69601fbbd1db010e344b571522ca47fcc59a6470fa7d9811072f
SHA512880955a61e97113ca92f93aa697f368feff24b752321623bbaac00197ac44c3c5548293e6a36604615d3c92efc1e89b29ea7b60bf762ace8828c29bc16a90ce0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cc3a26aabd8dab6fdcb35b1e133d7cf0
SHA12dd06acfbbe912cbc86c2a63f0ab216faa8c728d
SHA256dbd1fb5cc64c6b1f67892b8789370316027b2cc17d6bca2146f6a430c8b745f3
SHA5124c3c7d1080366dfdb189fb1c0d9a322ad0ccc4c42815dddc9b7fac437e9023fd0b1a81a6c7ebd75b19528d64cd21c92ba60754f60fab20fe30a7eda135c5f614
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f85bd279b8d9813caff6ca59763e4133
SHA1eef398c75328673de1a2ba4fd01a39304b18620e
SHA256db4d0cad70bcbd07b98358ff4a5afb7597fddc14c6225fa5351e6a1500739dc7
SHA512acfe849305cf53057c03e8863c2ab5bb90d944769fa9d6b3279cc303e213d00bfff82a83f4896e059dd7ac9967e1288698172ce6038cd903aa51e0e5199065e7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c5f99d2b5745b5477b89477d268209d9
SHA15c38c3eed9fdbf234b264feb495645d95525d9b4
SHA2560aeb83e484b2ac16d3d722fbf1d5504fe7c0b44ae45f31d50b37383f788a7ca6
SHA51270ea1422bb7deef2214a1e20329ae1941882170e8811c21871e38980d3741b5009c981a21c530240a131c23af5f9cf85cffcf0d549e33a0eff6d260c9c93fef5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b75fb9ca740a418fa85c39add57db10c
SHA136f42929834c2aa07f66c7f06377768eb8e63bfb
SHA2564eb2977476935e4030d335986de23514528b41239e3cf505ea5b2bfe77c06560
SHA512c21c54ddb0465069515733eaab87ebedacc6f114c8ff4634286fe61095821a7e82422420086cc2b5bd79a12b0e1f1fc1581c6e35bd358cb4b1dbcfe710eda903
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59ab725d1e44e79112d359e846ad5b1c5
SHA1a68fea9c4869a30a9e7b131edcf5edb923fcf095
SHA256a5c0c5a4f431d6b303c7e9fcb40b0e31055cc4e588505ea84e1f56703141368e
SHA512ebbb944863b814cbb86dff8fd21e758397052ec2e3c99345258392a7ed089f0c997367fc6dacf7a223278ea0ceae95cd2c28f7ac66b116dfafbc01f642a8f797
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51df3ad38330ce3d5e1e57fa7e981b1ed
SHA1152a7facbcecfc40c1872a9c86d282f6f883d76e
SHA25672c8850035b927403c0312db0a9e062e7051b8af277b9d8065b238694da26b47
SHA512221d05c9b3ab5026f894c5d8bd66447f379440306398c710aa2fc5364aee2224bfeff4888ab9b94c1f20de114f46675b75e4c7ce684a1c65632feecec356046e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD546d7b640d7d765de25b03e29ad7ace35
SHA16ff8d3f3a5799528697878a45a67b5459a846a2a
SHA256ae2562b34d69cd16b3ea9d189007c67a93a3bc9b7a7e01fc209e575853473d40
SHA51293dcdd32253d8224755853a14e011bc6a615de91a681f68fb307085d1aa198b4ad6c158adfafafd0269607c5131ef5a0850fc503d3918b0da533670681acd44a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54df67d068b24915064145ecbf962a477
SHA15c1969f856f6e9d97b11c0c5c76c5cf96c50c4db
SHA25615ee77102a3d9d6c4a579dc16bd011d9a8b33f2eed5ec52933a1051f6891b511
SHA5128a251a4f1a854d1e8de0145146e751076736c329045290801c75dd913a3ee37ddca65ab503b465bd22ea0706e3555d3309c7256fca3b57f72e66a1a835769e1b
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b