Analysis
-
max time kernel
147s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 07:57
Static task
static1
Behavioral task
behavioral1
Sample
9107944a268244fd542e2e8a328a757d_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9107944a268244fd542e2e8a328a757d_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
9107944a268244fd542e2e8a328a757d_JaffaCakes118.html
-
Size
61KB
-
MD5
9107944a268244fd542e2e8a328a757d
-
SHA1
d3e8e986b4892f01fb2eec1949b2a6daf36ef6fe
-
SHA256
4b3c553f5bbdc195fb95232c03d9a58d119b1781d46b3fe10e163e7eb07aad69
-
SHA512
dc88929ceebf5c75f80f4d427e2f3aa66592807e7e57068bf16b1bef217cb629e524082bf7a20213896342b943ca40f5893864fadf405bf3f4c9c5e53af5a913
-
SSDEEP
768:JiSgcMYUcXGeCSXuhnu7HoTyZCZkoTnMdtbBnfBgN8/uQcc8QFVG8sP/Ijkk5nnt:Jk2RWTbec0tbrgamchNnWC
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423563302" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E3CC0001-217E-11EF-83FC-5267BFD3BAD1} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003dee429083fda0458ed356c6a979e65f00000000020000000000106600000001000020000000fc0e008fd66b7cd139b8ceaab2484d886efcbe11b5c4176b8a11561d685cfcac000000000e8000000002000020000000726fbd438ca0417861459546be0ec3ac73d469f69c1deb8048783a8565791ebf20000000cc68dcd24ea6e6f8cab939663355aa07744fe4e8cb999efc1f80102601caa2bb400000000cbd12c36a0141673ef2eab8b0889ba855d321d1c6f3ce37b1c3dec02b7d5ecf337697b6621e3104660d50c3bb9d39e2b0d9137fd1493197ec4f85cc74c5c05e iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003dee429083fda0458ed356c6a979e65f0000000002000000000010660000000100002000000017fd1446624dd4d9c78c228541c710054269d2d3547d3dc5da84758c0e742d7e000000000e8000000002000020000000ba59e3b33583a87204d3d48c32ce7854e007ba7e511319d7fd0e2666c93aa43b900000005b917b0639da6a89fbed7af686d8f4d28e5b8090af8ae19ea529438cb644ce2a99512d03c5eb74f16d3ee5e65312ae756a170fc1b35cefa9de01bde804677e57791860e02a5f0076228b4887ced5637aea59fd69836467d34f967d812d19ed78dde49419913f514e629a958e06270b9c8bc3001ae95b09267344640fd184f2e7aa6b3f3ff4d403f9185e137651d4607b400000007c9d41b75ec85e86bed8fa83445f017906b2154a8b0a194d277ef87d510df64881b06dc2e38e91f6bd4cd31f78ab2fdf64f279348840233838b9e33d9a09557c iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3019aeb88bb5da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2696 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2696 iexplore.exe 2696 iexplore.exe 2216 IEXPLORE.EXE 2216 IEXPLORE.EXE 2216 IEXPLORE.EXE 2216 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2696 wrote to memory of 2216 2696 iexplore.exe 28 PID 2696 wrote to memory of 2216 2696 iexplore.exe 28 PID 2696 wrote to memory of 2216 2696 iexplore.exe 28 PID 2696 wrote to memory of 2216 2696 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9107944a268244fd542e2e8a328a757d_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2696 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2696 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2216
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e6243ebb9d55e6825fb3c3f58aa1dcc5
SHA1e37d94e59a7a625fdcb6a93f3a88c8c08e5ddc2e
SHA2567ca335c9df1115697c4ed816eb515b439ace88521fe12dbbaafc7ff5bd242635
SHA512396c74e572a3d511fb1096a3affc27a8788df5485238f95eb418dc83591d0cceeaac0d8535266b3799459bce264fc965404f4d2303722775e18ef755b6c923a3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD568b427baf1d19d4ec6cff04eef466ef2
SHA11105ad4f170801eaa8ace85c752decb5225c359b
SHA2564cef1e3c3fdeb0634306b5feaada827009de46927b6e07d7e1cf30f8ffaad419
SHA512e41e58e8680ada2e240d77f833bcaccf8649d4e6325ec1b80bad1df562b9f7925911775598dbc85d635eb75e91952e94eef205f7fe82c7d8698a609282549812
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59c004158a6515aa6a40196435e098e21
SHA1550606a4d62fa7ca5874ff20bdf6a5ae3a44ea2c
SHA256421f7252c93be3433ef1b121560b2df6f7ef4139144a8b243595e07be05ee4ae
SHA51281aaf5acde70a08b7d7de4c02fac26e05fd9a99bde3c5fc243b2d1b9e2a5ee0286f2742597b27d152d9e73c9e8204e2835eba8b64ad827e3100fed98ae287a26
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ff7b32eb94ea11d0e12ba4901588ba31
SHA103055f7315adf225c57dfde064873f46b24834e2
SHA2562f2050b3f6af99308624e984913ed5fbb765d5ee3b2cdb42498361b6712514f1
SHA512b1effc893135f2720c370c34b30376833be9091e9c1e8f94c5a366f59b5fab56834d461c330f1e18ca150e3b3ebf2a18b4258bd9709d4bdbd7a526495ce27a41
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51edc12206dc5691c1a379205dc154b1a
SHA1425f666bda77fe32357ece6b0ba93650d7fdc8af
SHA25630aae96e37c21f56060b9ee5c10378dae6852a50efad630573eac63da07283df
SHA512ac78caf6f90423162002207d3f6a6a6fefa752ab5a21a4a9c2a4fb424248f62d047294bbf1b0d491e827f800a55121b8b48157714c8f5763fd397eb1cf33cb30
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50301998b954abf698b3bbcf93259565b
SHA15e7eb65bea6ea72b55ea62ec9674e1594f035001
SHA256c8d52f7dffa20c6fde53e25b697595b18b081f4b555a14076dbb005bde2eae54
SHA512212ec1ee565332cde233f5230aa18d2258ee86ebd685093ff9bad38eb3811b74660091837a1ccfca730c6f4077f626169f416a4ab3075df5a959548bdcd6780f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5beed80b84ba9dd35a37659272fe7adca
SHA1e965097cc66ebf65c4314a46d8165e397c921b76
SHA2566c326180f2fc06d5806141580283c157427fcb6e6e8073bf7a8839eeb1fea8d5
SHA512f7d158167a8d3848c0ad2ae230302a7ce45ad7069da3db803a2ea164391c845b62ebca478c1c19263926972d6ff780ea930fc48cb9c5073d95c764369c9b3850
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d58e7745d90162cdc29d42d6d85aa12f
SHA1df108b80797a518d3874644e1848b575ae5e1f4b
SHA256f7d85fe8cc0fdc5fc8e9fab62ce7a81392b7d9b61ab51490a0dfb6ba01e05729
SHA512ee4d9b98cf9ab78e24099377779f248445e274149042a7aaf8ad595a9da7f7484f7dd7d0f90974553eaef22b0cbe951fd977962b943e4ebefb1a1b4ea372cdd1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d170b4baca9ebf8c31578ab23c6621dc
SHA139a97ebf79e9f119b46c2117f5b93535bfbe4759
SHA2566f4beb12edf32ade04666d21ac2677168198a6ad7f35c5ee45ef7b4315adf778
SHA512c11a541c0d7d5fafbb7adaf74b17c5a8aa02e2cd01f73b86cdc980dd3a6fac800a95c24161a149a28a033bd7aaee43842ea3f50155001887d2fe84546977d884
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD508944d13a137e2ece325de3e99344745
SHA186c79f098687f7e5bf03db0ae0773069d077eb70
SHA256f03d0e33b764977b20215d8c921efa7be44b7bcb5c0fcfb49b3865bf4da9e544
SHA5129341f610fd2ef34d53d326fdfc75d8760c4dfd9f55d27e8bc04a8e43c04a4ee517640e920ec66346cb7f230b12aabd4ba3b327c329de98fcd78d66a89933b282
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5242553a75766903e38d3df02382890fa
SHA1a8ba058e49987a2dbf7c94d9f86053aedeeadb87
SHA256b6334e4167efc02360486416b78c4f144c1a46743d72b3c838c3bb21654cb2e5
SHA512237c252e178c67f550e239ab090d7b83e104eae0021cd1ffc8ab60a85d51c560a8009102ff17667ff513a2ba8bbe7d6f5ccd8618b151f9460a40a8fb0d543448
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD578db0dfb72aec66b9c0ce62a2114bc2e
SHA134a483768a82ee93202ccb71f8ca1f1db17bc187
SHA25637e4a7b2ce470bed9cb7397c770d003d0433b24e467c3c66e6a58e65ae6d7915
SHA512dc29ba79f4ab205e06ea990f714fe6fe13f732752f390f6fccecd975538140230f4273d58e31ef9817ec041357f0fb60a0a6b69bdad286ca8899c4c938819844
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5544d7a02450de8b29e7a7fa21544f48f
SHA153e47c766e72744e6e811597d5dfad2b586cedb2
SHA256c902e36041395e01ad0a6accb7e341c8e8216865b839e40eb43e118f71188731
SHA512b93a9f1c49d698c306fe009fd170e9155f92acb208550bb79e9b2d7c06fed4263b7e35bec9eea79ea228181065ae89411394c6207603f927160d6426da54cc04
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5458adb45625b6389766b81ecc982a29d
SHA1c003224950c4c5bbeb3ea4498dd04549fcd61999
SHA25674738cfb787d2676565cfece34f3e96cf0cd45b1cc2ebb0a8ee5f6e10eb58dd2
SHA512de9a01665eec6e6784b0a50ae4481078b3fbb3c32f4fb45bbdfd970af344ca130d609ab6a258ff0e0733b304537101b1519d899f03090705e6b0af29523d0ec7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5abe928a8a73397f5ac7b252bfeffd393
SHA1650ed69ea5b60a077d5abe0d8ea96f003668549e
SHA256005634af977e405f74a71f839ab341a83a69fe1c57bc08b7e8746c2dd54544d6
SHA512af1a16da9a58df305945510415cb8ad3432bee679678d910d08c3297dad32b9ac17f84ecc7a6f15340f1901075b9cd43ee51261b1ef4a1a1395018cfdafacb8c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d9435eb39c37de1ccc72c2cb0cc5c92a
SHA1176f5fc7292ba53854de6f1c01f8e1496df84e1d
SHA256e5c1e452a36f2599719127e99b4223327023d22d005c5849f453371bb9527f0a
SHA512d7fc4b53274b62be936d9d4da338b8e99af9ba51698d74b99d02bdff0e2504f1334d6192a41a2f14979b06263c9b5e87415cf1fa33fde7bb6eb2da222183b7de
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5baca507b0da5d311840982afd0cf353c
SHA14972bca02ab902f3603dc8b7db7808d8e002ae92
SHA256b8bbf6f0eb6a81aa513c90238f836d48435c216903ee74854e852d734dee23ac
SHA512f9ffdd5956f276809b555424664cb2286481afab4be16ff9d4ff3814b438bd3b696b7cd26e516b18e4629fcbadd6237f494daf49450e5fc76c60ecc35e21e380
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD599e7a2083182937c9a9ec5a9cd20e7f2
SHA189a72a3ad0a3998794d449d2a6497f13cbb24bfe
SHA25613ff460965e0d6d0a943d2cd005390ea1c07226ad20a150cda0dfb6b08b0c8f4
SHA51207bf457f926439f9a09d794da3532b6659db16e100742a44701951dd80dd309aea89ea24f0da231043ca7b51bb6338e015fc25cc0fd33ce4107212c39b0f2f7a
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b