Analysis
-
max time kernel
136s -
max time network
140s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 07:57
Static task
static1
Behavioral task
behavioral1
Sample
9107ba5abbe6f6d53b726d5cd20888a6_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9107ba5abbe6f6d53b726d5cd20888a6_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
9107ba5abbe6f6d53b726d5cd20888a6_JaffaCakes118.html
-
Size
72KB
-
MD5
9107ba5abbe6f6d53b726d5cd20888a6
-
SHA1
d2f91f2a6a4ff33828731ee4cbcd3e1a3552c217
-
SHA256
e4a998a87bb93f11b0152fd03c598374b352d4927d2d597e8a2533afdcf38572
-
SHA512
61627218db73f1955e225aa763a2974b63a103c6d6f1cfb849a708ea0c17ef85a9800c5068820e22fcb0811b38e6df1d4fdcd2ea869b7e5404a89f10ec23adbc
-
SSDEEP
768:Ji7gcMiR3sI2PDDnX0g6s6Y6+xy3uUeloTyS1wCZkoTyMdtbBnfBgN8/lboi2hcc:J3GE/iTzNen0tbrga94hcuNnQC
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60f4c6c68bb5da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423563326" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F21DDCF1-217E-11EF-815A-6A55B5C6A64E} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004218c1b2c2c7d942a6b56509306abad8000000000200000000001066000000010000200000002e39dc31ca8d0312ca2b3b0f8182bd7ab68484a2990b9c6366894aefb05f9f0e000000000e8000000002000020000000ef4f4cdaba921f81d94497c5bcecdbf970ed9344e0bd711b230034e19b6ddca7900000000427a7b26feda668f6ad3921b055bbd2f68db551607d87662b95d35cdef68f98113d3c696ee16caaa0a515710627e15f71928b17ecf752ce8220e178b584e088e1b03740316202409850293b5e63ebbfb60c3c5c0e77fb5d246c9b4bbcbd3d836942d4857f988b5ea74b9c7ab4a94f2887a1b38ba45f31b2547ca9e5e16abbf693d4bcccf22e733e8c25b025732073c7400000008c9d880dd9f7ab709ea37deaa4783aace5f7f7d9d4c1d85a9cd2f0befdcfdaa120640a5b8b4bfcfaf0d489ee6f0fb4d8c4a8f404d422b1c607270f5a133de560 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004218c1b2c2c7d942a6b56509306abad8000000000200000000001066000000010000200000000187c604d81bfd75d946692eed3bdfa9c4543eeaaea221730f134581e72b3d4e000000000e80000000020000200000001be07948d8bd4e62cd785f15bae174da1f55a4735bdb772c5848fff596670521200000002abe659bc8cee7a8d32dce6ea58aacd78f38e1b1213c16910ab42eae4398524f40000000c8440345b15bd38d1c1201b8e23162d6cd8db3133011707bb1c00fe9cae8dab59d06bc7c7e4df9cd7dddd29cc200bde9cd5f57faf202f60b40a9b45dd7660853 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1132 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1132 iexplore.exe 1132 iexplore.exe 1952 IEXPLORE.EXE 1952 IEXPLORE.EXE 1952 IEXPLORE.EXE 1952 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1132 wrote to memory of 1952 1132 iexplore.exe 28 PID 1132 wrote to memory of 1952 1132 iexplore.exe 28 PID 1132 wrote to memory of 1952 1132 iexplore.exe 28 PID 1132 wrote to memory of 1952 1132 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9107ba5abbe6f6d53b726d5cd20888a6_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1132 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1132 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1952
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52b92fa54fd2636c7a6ea0bb3de150671
SHA15aba05cdb8de8512948f688b3bf3599590d7f342
SHA256847b928c4e424af1e3a1ae38e8af9ea4c19c5b6b6fff076bbda170582b437809
SHA512b0e489fc4c3cc3095ccf1aceb865421243dd5330fa8ce5f3d4686a8e160d88414d87eab6fcb2d992fdb0422e02cccebc5e77b355bca9a2a2af58e36cee687a79
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD514eabd43d51f6579742b7c1b79420cfe
SHA18c613502313f4e83bd3a30ccab7902791768e32e
SHA25685e9b22db14741b0db42e9f630eb1dbd7ddc61210bbbe4f05d12c70465fdf4c5
SHA5127de126160963cd12fce376c3ac2f31bb39a9329136ef3723f42b11986157930e0d8103a8cb7da769b4c9a2f49917347ff026ea822a768c31b798005d9214da37
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD582798c45bc1b257c6da268ecd1014a04
SHA14ebd94e2f449377b26f7358611185f5a16c3f4cf
SHA256605ab9cd16c6fc915d5fecd6fc8d12ca2fdbb63e30ace13e81f46106d315a576
SHA512394d576bd3b09d159b68f09fc49dd309ca55a3a566c432945c6e45fb91a9b6a2974e5d2046c060ce8d2f14b9d111fc51db100b072f422ee8d9471e2193ace3f1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c9873ccd51db6d24a1643db118364466
SHA1efb2b23257c08e743338c96b8c969b05cea1b6c1
SHA25606210e4ba7e4b9a6ec2c67ca99bf4505279dc5fbb8983a82da14ebfd285b327d
SHA512f747622216cc3d5575777cf41bc06ea0170b6acf18bba62ca4d5c8b75ca4eebec63f4089697a1e23c322a8f3bc9aae78246ba5f6462543c99f66dd26fb9f8b7a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cd094dd76fc449f5246dd6623fe6c2a3
SHA1f2591ff34cc78ed3a4f80972d162a8778006700e
SHA256b18be1d7b7e0910c38296a9fc9d2f920beac41a44f8a35c7d8cb1391dea43a57
SHA5122089e11de37abc9e6c6ab7ed376a20efbd097e1767552818e849131483dc7f5da247806d66cfc38964c5689023566a95bbe72a5424439fa0b4b43393af6e2f4c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53b876680ba388b5eaba0a325c5ebec90
SHA1a835de7145e996cf21e9e2506762949cf320ec99
SHA256163b5872c2ee2b2d9a963b136885cc3dbb7579b70c7967f970290c639dfbe26a
SHA5126c4b602d33c4a45375d5e0b62371f84128f02ace1848fd6429a08ec5d1c42b2e49fb23f5cd6230c8b5e26103f482fd6f16b6c28cab0508a7ffc5e8ad7c0f0847
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55ef04bbbfab0eda1fef1b109aa7bbdce
SHA162b5939bfb9ae392bab7418590a68a2961520a43
SHA25618b6744dea59fc561afb8bdc6cd52a7d9c06c074310a1ccc15ee746e0ce49b70
SHA512f663b2cfca95393b6512a96e8ce33002793090b2c2826deadfd97df128d8becfb1ee4f9f3c52fa6bf20470a6fa448b0671b56b736a1d2c5875c1d496015b4f7f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ebf60aaf942c5e59d659fc91ba095ee4
SHA1c1174fa22efe3e2c264412d77752cb3b0f7b6553
SHA2566d39922e192701e32486c4cb4fb382c03ac8c38a02b5d8e3d82cd7c819bf29dd
SHA512108e855e97039d14a1d15b14d23fed096eefcb4b1fb679c692630853e40136819eb2679e8a02e38ef3a600818f1dd9adfab4c13d46f778d837cebca8e098f2e6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5db73ba9f9a2641caa6802c48f8b99047
SHA1ea1772bba3722418a7a4b33415d1e9338e87d885
SHA2562f07e690384adac11ee1659965cf0772b1aca172876873a9e60a3ef94345106a
SHA5122bff7bbe1084b0d9f6e088af862167e7d1e464185434f52eb7c5aac2f2737fb63a0898b0050aca6f8826f49790b77343e72150051a8bc184b0829efb3bcded39
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5040bab1328eee54deda785e95648e2c4
SHA1250864e0cdd7b9ef89b33056944c131a70035b42
SHA2562a52ab9ddbcbafffa5649177cb212f7b6c2299d6c656b0a7682f950d17f3df96
SHA512e2d3fd35183bfe0fa3583179b8cfe1779bb5ffa1436bfbe2b7675918030e6365fceb9bfc337907887fe564b8436b85a15beaf87c7970964f361c110cda2bd393
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e62078005e4e91293545eb60845c787c
SHA10a2a7cf55ccd56178f0742987770e47dfb11dbdc
SHA25634eebf70b2c3a2432fa5862d29959d7e15578ad755c902181821d77d06d4a9b5
SHA512336c5e7ebdf9e1ea60ec60a9736e18beae76e7df0713cea581c889eb81eb5aa4f6f1ce54d2d0159b2942834eafd54f6b2bfc60bfcaad591e1f2e324414c32816
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58762c32c1861e4652c5492f4f1350023
SHA12b9743981db5f976f1ff0e51feb8782ad868bfa9
SHA256fb903c127691557d03db57ee8c5c098b95e6e124fc6cc7ec4556788c2f484a32
SHA5125e2fce0d9c9d393b33fdd5d14e96a6045505c074c9f97c6c409a90f430c9f220fddb5a8dd5a9b1ead5fffa0a677f2991903203f0023f9ae61634c43f128aad22
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a42d49d8e5f097b5eccd00212d2a267a
SHA1c7e8b0078df2ed758e6c054770025b9005279662
SHA256c7ef5e2cd22e4cbf2c1581fe86486ddc00cf3e5ee56b1c4c65bf619f5673d02b
SHA512933210e150ef00ddc52a4dd2f530d55cbaa349e46fa012326e41599bddbc04cf987d47f4a2fbf1af8b506523a55bfcbf69db7a86f7917d36fc8154c5d408da9f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b9a9770bc77e79b5158970f6442cd4d3
SHA1bb302e96b0ef440dee232b369a12bbbdbf159cae
SHA256701bd09da11107f2d817c6c52c4127e439bf7f57a04518f2ceccd106125c9bba
SHA5127487ab7c03a2dcbae2504bb0ed4d8a4e120f1ec7acc34f9cd9fd390297730eb721c5092f11342d48b3fa5d17642aae133f1e314f15a704de4806c369d4882830
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD576c7de581d63db4b1d667373b232f953
SHA19e50010696330303098b9b437a34b5b27e152020
SHA256f65e3b23f068ef382d1ea79d7ebf57cdb0df5d83da8c7af4376dc91495dc9d45
SHA5121c343a4fe502d96ecb2bf8c4bdd2eb98aab4ed8cb4f71b28df4891284a06bf4376ca68898c0ba7e51ef48034a32b273fd0212dee3feb8838d6fb89aa349d4744
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50c3c5ce882fec06d784f832e6a146b05
SHA1b193ef36d21aaa55c08a657d4b0e064336219249
SHA25684d4d46a2e4b77abd5660a938ba0e307237feffec9dd427c07173505ade83622
SHA512135070af5b4cee545bf9f3bc5c767a675e4f789e565344957bad2ef6bf996ead1d3a18c3e0d7b7bb861aef6a2879091a9f2cc04a38f9794d67f0edc7dad9b445
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57b27aca766f971a5bb209f2284e9f1a0
SHA154902e6f118ee95e2b8b1b38772f54d96df4ab97
SHA25628e11c9bf06ff406509cdc1e594ef9aecf057004ec470076c97486ed92957de2
SHA512fc273fdb2a636d449ca7442d956b27fea9b31fcfb6ee06fb56db65e358541a479dd06c3e8628ad9455afeadf06e340e37fef1f6c0c7c095bf504abb729bcd536
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52f2c253a43176bb59e83c1208263229d
SHA10ee62a96b60a69a6248578e7770374ff3c4bb5a0
SHA25632f6aac03dce36ef83f2272e06318efec9213d8ab4f17385cdf2b1382bffff29
SHA512a7b44ea946c198f2215e1e0c26374e688156ee5d78835a104408ef6277a7b9110b0b9d24c8f637fbccf58324600fca3c18399bebdbdc8c6ff1e5b4a8d78e827a
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b