Analysis
-
max time kernel
118s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 07:58
Static task
static1
Behavioral task
behavioral1
Sample
9108047639ffd2b1cf51b7055e7f966d_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
9108047639ffd2b1cf51b7055e7f966d_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
9108047639ffd2b1cf51b7055e7f966d_JaffaCakes118.html
-
Size
89KB
-
MD5
9108047639ffd2b1cf51b7055e7f966d
-
SHA1
bb17d47dab5ce61caa13faa90268d25a63a9e200
-
SHA256
d9db610f3ee680456a5523d706c1fa3d657962573241249dc51279c02fe6a8d0
-
SHA512
466248a25e8a431d993dd40d4fdf3ffbc900b64d612d66a741922205f868cd02142426dc9a27c3743150382678109c160c349cef81f5881880d5fd15d85f3131
-
SSDEEP
1536:n6kcl0aNe8/ob4QjhAhTJ8yZfjL45t+OTw47ho9rCX7CesAKsGCnINYZhh56ubP7:6kclLNsSTbJG+gw47K9rCX7CessGyICJ
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0B24D0A1-217F-11EF-B27B-DA219DA76A91} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423563368" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1636 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1636 iexplore.exe 1636 iexplore.exe 2748 IEXPLORE.EXE 2748 IEXPLORE.EXE 2748 IEXPLORE.EXE 2748 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1636 wrote to memory of 2748 1636 iexplore.exe 28 PID 1636 wrote to memory of 2748 1636 iexplore.exe 28 PID 1636 wrote to memory of 2748 1636 iexplore.exe 28 PID 1636 wrote to memory of 2748 1636 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9108047639ffd2b1cf51b7055e7f966d_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1636 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1636 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2748
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize1KB
MD52a267c8371f84045236028d9d98b0988
SHA1689e34bfc1f5b0d068c4ee62baca3e32f2a8e2f8
SHA2563e6148f5d2f700962e4ca856d369cf61329d27095aab4081997a69c337194f4a
SHA5127da74e5c2144e31887d70c62f623a0271b33153f0be825828f006ecec9fcb7d1f006249171b2b6746953cec27ce3ef159f980919e2b7ac996ae64d2519938e5c
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize724B
MD5ac89a852c2aaa3d389b2d2dd312ad367
SHA18f421dd6493c61dbda6b839e2debb7b50a20c930
SHA2560b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize410B
MD537328a6c21e09b698db608728c6f2a02
SHA1da01f6b832a7756abb1b5e87fbc360f414349ce0
SHA256a4ec69c7eacf005105c88e0483e325a6b263aae9ec97f5bc9fe1393ef2e06cdf
SHA512a3c9f5bf01f6e92b5752c4ed03a35c7e9c2b2b718ceb511e51183b0f9316a301b95e58d3401047e1c5e2afeb8cecf826e4213c05cbd5776177fa4334aafd2447
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e48798ca3aee493a2c38779d9d2c82c7
SHA1125dcb09eba03272bcf30956f1707286ff45db43
SHA2565e44ac000e6ef273034d60b7cd002c2775ae7a975434be6d98a3a1de9814f163
SHA512a29dde2e9c23b0a9ec1bcc840d4208d937b3f455404fe7ec12e25a5114bb4ffb32b9da8a6f87ae9560fe4f904fce29cee00bb8eaf5b344f1162c4bae53b76ac3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58986c2113e91e7a268cd5035db592964
SHA16980cfe8a2a1fe7c1adb55bde7fcbd0deafea486
SHA256b7423497bea94822c902b5c1327c0b7744c086812d1be16cad8317c1653adeb3
SHA51255c168ad7d93c5d0d755f465f4179e5574102d777507e8e10a1effa00ab2d635882bef4c73f157515f056e8801ee9aa285c4203ac3f0d85cf11a0e9369f66e9f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5086a91b64d95979ee9db2fdbffbec79a
SHA13050d0f422570baf19b112cd79750f73b233b261
SHA2562c5b95c6519efcc6c5402ef14a8476e236f74f81461dc320dfec104559e872ca
SHA51266753d079246d8c3e0e04336068bd0769e14816b3726f6ca201c650ed0f26824754f3c56325715ba98211a205404653292c4aa89952c2d9808e76f7728292925
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ff1beda26e35f47703b30fcc50f103e0
SHA1f5a0ed53ae19269e0ebbbcb4823d87dad725e57a
SHA256c9dfd9b3506f6232467a4a21491aefe62b4d7685027e43deb48709b97a2cc8a6
SHA51295289c037f0d5ce732abb054908515bb9323e113523e6f55fed3fd073a51490f2255c6f82806cf9d7453674eb47798dff2f606bcfc94cba81bd1b69eaf633241
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e199a164184c304fa37c6eadf27decda
SHA1dc6b89b50c33226b362545df8956b8fab8aaa2dd
SHA2565e9bbc6d6cd38bbf7bf67184fe08a49d3628f82e71dbdb9fbf758b7cd69547e6
SHA512652144018e84ea2dba10a103082fefb842c7bad768b0c2f74b45f861ee78352484bbe5dbdb8af5bfc601778eb1e667445898350851c63d21b61d937db2e94374
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a7172a92dc080723661b592e3d8c0c29
SHA134add74224dd1109d689ef3ceffda50ff1b18695
SHA256d9a86bfc10d29618548f5c86336e4d4cac5e309487dd906b90201cf79d1ec8a1
SHA512c11fb5ba3a58008a963e75b5ffafe316a2f30afbea69af6bc93354d360e8a3aaaf7dec946a297999cc6f17b1c5af9f5cd8d19469f00d075f0bcbb485b27492e0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b433f0615d720871e14b84570619a046
SHA1c9d892a9b091bcb06b1365ce253e4ec64f598d07
SHA2564ebbdd33144975e167fe343861f59a037910dc8291f72085ccd2dcd845f2662c
SHA5127db7dcc73c065f67b31a750d3b62f6eeee8dd63ae3f27337329b565c78ce9e0c843e07f5fa25a19c0ab667e825d2a544ab60f41a1a05ddb940dcb9543d421a68
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56780fa8645d008ec44d672a909e4a760
SHA1d4ce55c2fbdbff29bbbcfbf4eb829c7781a0a7a8
SHA256ba1ae0ca4465136de35a96e95c4deec573b2cfd25b762282ab991f847fd798ce
SHA512f25d1489bdad6a133b58e157316b484fe62681597f291425395620d53e866f0e0463b441beb781c5541b48411381bf6eae2ba6861a908872e284132ebf81f7e5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a2d8fabfad670543d7eef717026cdc48
SHA151bd546d83b94db1a0f1af7fa713c4f92948c803
SHA256ee04716deeae0fb4f730c4576ca953d3368addea936e818865f2cfc2b9e44cce
SHA51289cd686d01ebae803c071a4673b13eb7edb0a862280ccd3b565a3cb06141bd4578ef9ea66486267449560434da377068bf8822656223666419303dcaf848d4b8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e466fc78e8c6ec7ee82ce696d83e94fe
SHA12431a842147e28ff136f9f5c80e753317b8f3109
SHA25651c4ccfb07cc6eb439144609f7d5d750577c6a772e9e4137363270d97db4633d
SHA512b27dd7ca20d5c26420663c3cd38d45bdfb2c5dfe5c2d1c093bbb6df654e06f30abc1f7a6a9843ef6b130bfc172c12e58f72134b96ecfe541ae9fda295373f7af
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize392B
MD5ed5ea707bb027129e2ed5c06cd15c8ae
SHA118c879b96388826b5bea4d5db713fd7d2d1a7146
SHA256d2618bb0edeadfc43aa568a315f7bc367759e1b97d6d89c33c27fbaf2069fedb
SHA512c5f92665852756b45b9560c345f4df205cf832b546a649ba622c7b09f2b6ff0d0fa0518ed9e2f6f3f2a689744fa9821b3d6b00f8723858d619266519f905f377
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_827A2BD464611B5891D523F77B43FEB1
Filesize406B
MD5c60df2cdb9f5947f68f9178d367857d2
SHA1abddb306ffb0974fe688dcdffc46fc1df03ba3d1
SHA25617b52e9c7c8a07bef9aef7d3c2408d6e7941ad67f5bc21ea7f361d6fd3c5a264
SHA5126624cc8d6fb06415231d66a6f65aa5568e159c156d1d9a9cc926ad22035445e5a60d52d1a5f1d0f933b9d60dfb19613c9eda95eecaff8aa8bc5c81496e981b80
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b