Analysis
-
max time kernel
122s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 07:56
Static task
static1
Behavioral task
behavioral1
Sample
91070745b78d5dfbc08721a339cf8e6d_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
91070745b78d5dfbc08721a339cf8e6d_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
91070745b78d5dfbc08721a339cf8e6d_JaffaCakes118.html
-
Size
2KB
-
MD5
91070745b78d5dfbc08721a339cf8e6d
-
SHA1
02cd14050d928f539a5fc7411267f104df11b86b
-
SHA256
1dbb32d97ec49c90e8a29ffeef0fab14df4b625ed3def01869363f08c4e7d1b4
-
SHA512
5dcc7d0af530915c02977c9fb61a53a9e8c9e8c143d66417a645279d6f6f8cc882635bd86bc73e3724990d1ad5c9945f54193ec80e772b7cb327e5581248a3aa
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423563272" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000051336c8476909d40a7004f76da76f9b400000000020000000000106600000001000020000000d12963c1f0b5d865fbb5b820240c874e1a9ae07a56e50e529e1fbbd054b8187a000000000e8000000002000020000000c4ae9270163260be8d380dbf3f74daa25679c769b3ef65e57da50f986c4a9eb82000000083cd791d1f0ec9a566e3c1e88388e882fe9e1fc44ba319f7f03923d7d3b1a9ad40000000c27a0029f20a25306c7bc32b29137eebd75e8bb6eda000399a9ec540983fd8066e32ad645249741fdc209fea83153016a20997ec72109470a6ca4425ddb77b2d iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000051336c8476909d40a7004f76da76f9b400000000020000000000106600000001000020000000c34ba3417884e36d55d882b766732581c6bb1ac8bc64f7b99c59f224a2d72acb000000000e8000000002000020000000db6c75b318d8d9c9ff0bd6ba55e2f153743d4032b81e0b06ca8d9c2746241793900000005958098dac5e7769973c37fb14027a18a58686eca098363c45686a385c9e03688481d45c01ce2e553cb12c00f03fc4ff3c3f73c109151ee3bc722758cd52b7e43c6dbcc92bc8cb7683b116fda642bdaf04b8f15aa86e987d3af9570b5c485ccd96d5d53d8af30c976128e26ffa5ba5001c0f8869ecb8502b0561d9ae04b3b53781b8c73dd44d9066ed0639ee48f578d340000000def98e54e6a25c95f9fdab697546be73256a2374459c3599297a5c15f31190ad2f2bdafd1bd8d18d84bcd75580bff6fd7f7ce72dd6fc67db2b0870f0f9a006bf iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D1E47931-217E-11EF-9267-5267BFD3BAD1} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e05343a78bb5da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2936 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2936 iexplore.exe 2936 iexplore.exe 1032 IEXPLORE.EXE 1032 IEXPLORE.EXE 1032 IEXPLORE.EXE 1032 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2936 wrote to memory of 1032 2936 iexplore.exe 28 PID 2936 wrote to memory of 1032 2936 iexplore.exe 28 PID 2936 wrote to memory of 1032 2936 iexplore.exe 28 PID 2936 wrote to memory of 1032 2936 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91070745b78d5dfbc08721a339cf8e6d_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2936 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2936 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1032
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD5dff10e40f34f88254bb309a25fc1cfdd
SHA13bd3ddf3f1d78235c241ade80218a1cf779c53e4
SHA256f1afdd7f50e6d50eab7ee9fd50ef0c0952f7efdc4918da33237846ba53f8b24f
SHA512e6d04b573b1d7a115dd87ed4168880a1b95cbda50cf68a3a75a534b387d72c42c1cec8cca6861540dbfb7d84256297edfe40caf5910bbbefd97649c45af5560f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD588910a26fbc2228a05a9cce2589ed97a
SHA17779a58ff65986c90da370bd41b37905d880b935
SHA256948669c67cd9f57fe3c368cd2215bf05667dfa40dff18dcf2bdc2337f2cae038
SHA5121db49b6570841699060eda8116a0d0690e264f25e5152fa4fd4c90e3633771816a8381e406088820374440e62ee45b1b9273acb952d5c24ad607bac1f02c22bd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51eeacb6e49fda58d1b77fa89e30598d5
SHA14d7028b504eddf4c91a2371d9ebd3464ec122e50
SHA256545e96152dc93f7bfba3340415b1d48754e6400552ee84152b33abbc4728e37d
SHA512c8294f02da67931572068916a24f15792d1006dca4abc5573e1e705f3d73431c25160c0877b98d5c2a8aff8e2e149169ac8a0b6b1693d91a2f3f387dd1252671
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f708064fa752457d0ac2caeabd5ceedb
SHA187dabfb780b5123a6b3cf2fdaba7fde01ad0f37f
SHA2561b36f6df56cdfce9829360806098e65f0abdb376975750584036627de13b2250
SHA51282ce6144031d3c2462fc4506afc6e443cdd24a20f8b46f3ba7928fabe33f2c51185528790d0b085e76e6fa063f5f430625a9381d55422daa881dbd3df6f1a0f1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57af64e993687802c696595ad9c37e8d9
SHA15a50252ed563ee95c5f6b0d56c36c0ba00ad99c6
SHA25640e5153659a02ca1896dd6b6c0e26f0ebd6233e8e57b7673804aeed013ac2615
SHA512bef07b56d6728ed7d1df4ac211b347424e3e3de4101608d7ca45caba574f79e9f5503575580cc4a60f189f3d8effaad11e4fae6318c6c8d0aa0621a7c3a54056
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5815a9e0cab73768b181c19190e6984f5
SHA1b42a3fc77c57bee9a6ea25fe45b1ad345d100f6d
SHA2563da024d9a03ad696e6be3dd5b108f7f1bd816ba9296a937ed48dfc56127e8e43
SHA512b429189f8ea454769553821e1eaf645aff22184dc8ec81328213ec78e54855873f86eb6be512fd44845ab1ba5b1b42e6e375100454c59da7a955c76270f171c3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50653f106dd4e41ae150564d15253e8ed
SHA1a63f6cafe7c07dffd270ed2276784a5f9d81c852
SHA256877c32ea6e1ae76357c14b0d624d43bda0dfe7d771979023e2832185e26dfbf4
SHA512cecd367a5ada717d72ea1a72db58e053b2e0259ad634db26d4b17292ede247abedfd7544bcc952cb0abbc8190be0286afb3ec843e5cb4800da21b3e92cf7e4c4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ddb6b1e9004d0fdc2d0577d64bc374eb
SHA18588cb6d15cebc77df9815126420099cbf79e1b2
SHA25623566edd702d3282230e1816f98f8e8d2ee2275e6f8c27e80f39eaa2dd9fac25
SHA5127734848f30f9e8b74d2fc0b4865b6d843d483e0e24bc59d75b1a6798045ca2bd654435132244dc4965dd7adc868625a0c60f3a1e8d802824b3ced8a47e7eeb24
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e1ef4f5aa7354632506a7f403ecdd958
SHA1c90b97ff09029308ec99226d90a8ed768a2df62c
SHA2563a1a0f2fd7c25e40c7c22ef425b314fd42b074b35e30e265d2b06a8322533b5d
SHA512b1f81b3fdd79ce71bc384cab1a5521156f01b3b2c6bcc9b0846f9b9396cf8c0d0ed2501aca1e40035ea23c3d2701ea885ca87f79741f7d234a463f2f15dd3bd4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5af04ede02222b2e982d240a0d83ac1ce
SHA10f542450f4b4768d14367763a2b6f188323ff613
SHA25665d7d14633daeb12ee7270db97a6758e64baebf7e7e104f6e183cdc87d2d2040
SHA512a06efd59bdadb413f2ff782410c1dd5b0a352eef38a9ef0e6e54e70a36a6f0b8d3f08ca95b56bf1c89c5e568c656eef61406c78beef306936d58bff3dfca060c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5959c01394256ed90464b2fec42c89132
SHA19e964461fe0c6aa247c60e4e76924751758f26e4
SHA2566e4e94bfb4b8a80375e0b34a410996e4325d3c36764cada5b608471da89b5c58
SHA512e655d49ce995aa0ce2372484fb615a6578affe18c500a12f125a77a06b9f57a009babb8f6d2ef247f14b22e4911c17a881098c75b7fac14ff0a5e1db63da9e87
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c946b3605a11b0c2aa53dde816709acf
SHA1f439bcde6a74bca30ec55219b74c9bef85f9d650
SHA25643106df4c2c9dbafd52c2f69cf98523b4f2613278490bfb2b382dc88ef6c1305
SHA512d53eb3315eeec39e382a6d65d7acd7cde9442217da691de543897f2105d20002ff54f230f33229eb7634497f508df671bea2b239792c49b57c3036ba8436e934
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD5a1014dee733b377efec5f2eed2618147
SHA1d44eebfd812c9ab82ecbbd88ef307586f870728f
SHA2567317293e6b4d8d0da90582de662be77d192862146055c2ffc5d56dbfc66f240f
SHA512bcd441c7aa3947bcba67e683e3f69ce92a5769b04750404b4fde38faa436cd4bf60323dcfd469d59e42b0d1d6cfd6960b0e836a5063d27c511d3d537e6c38867
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b