Analysis
-
max time kernel
121s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 08:02
Static task
static1
Behavioral task
behavioral1
Sample
910a9b7cb96aadddd24a0bee0deaaf27_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
910a9b7cb96aadddd24a0bee0deaaf27_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
910a9b7cb96aadddd24a0bee0deaaf27_JaffaCakes118.html
-
Size
461KB
-
MD5
910a9b7cb96aadddd24a0bee0deaaf27
-
SHA1
673ac7a557fad02a01c115861356ec0d18721611
-
SHA256
793c0e210a6e47ad4923b36d949740856ef6fd4f5ee7c810fdb48693b4a17e83
-
SHA512
5c0c5250b9beda5837674ac31d65d85abc32e42fbaecab9a8c2dd23d04dd8462b14bae214f429d31ed9f81800245f00ee6cb692310ec5797a617797badc284b4
-
SSDEEP
6144:SusMYod+X3oI+YbsMYod+X3oI+YssMYod+X3oI+YLsMYod+X3oI+YQ:X5d+X3Z5d+X3g5d+X315d+X3+
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a2bcfa8083b6454f9962c543b3076f8a000000000200000000001066000000010000200000005281c264a2b44cda32179c50b7b5d3d0fe42a8c5720116cdb6542c4595866dc4000000000e800000000200002000000002a757f26cc0e242cdd4ed95f549c35ce8f562201218ebd6b1a147b90a3c50a02000000033a08e3717fe857f3ac6c3f3ab790d02ef36bff7e31b4fda19279534e60d779440000000961a666653f6913eb654676e252813c5c5cb144bbaeb106e917ba025da58f7ae36f0c7d2e362f801695de8de2fb5f74e0e307791c58a1c19a3eb49f02996f804 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60b8636a8cb5da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423563594" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{91E02DB1-217F-11EF-A1AD-46837A41B3D6} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a2bcfa8083b6454f9962c543b3076f8a00000000020000000000106600000001000020000000888ee8124be9d96771c9e586d97daefc51d9b061cc0e7e2ead7169948adf3598000000000e80000000020000200000004240d622c061af5d80e8b1a89f57405884ab6733454b3266c1804ac559a97c7190000000729ee0ee6b90b53a5cf6ecd2bddf76b182a6ffbda480366858ec085a5269bce021cf6cf24140e2c3ad46b01f2a711d4c711c7fe0712174c24853a5120c69b56e36b1dd9ac8bc4ae6bfdb2a10a7041bd4fe4048ba8aa18838be72cda2229b801f2c9fe79bedc7877e6625f437db756d6e4dc09082e30da3b3e9498ee5133c863ca90c25d071c80b083437752c90d76e1540000000e202533d690b5465d178840af69b2f6b7f83a2467401aa163e65b7c33db44289ee59ffe61d52e59f4aa4cf64ef2a403e0a49e8b5a28d8ffc9dd43f76f4d8e29e iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2060 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2060 iexplore.exe 2060 iexplore.exe 1804 IEXPLORE.EXE 1804 IEXPLORE.EXE 1804 IEXPLORE.EXE 1804 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2060 wrote to memory of 1804 2060 iexplore.exe 28 PID 2060 wrote to memory of 1804 2060 iexplore.exe 28 PID 2060 wrote to memory of 1804 2060 iexplore.exe 28 PID 2060 wrote to memory of 1804 2060 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\910a9b7cb96aadddd24a0bee0deaaf27_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2060 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2060 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1804
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5233dcfd3e68c03e8c4bbd2c7a269294b
SHA17d058837db63fa665462b20ce2c907af96c00794
SHA256788c1a3730dab26777794dad35d8f7ee440bc6357ceaf41c12e5d951f0a5c770
SHA51232bb557962bade8cffe9dd318ca859f4eb813fb71aeab0d5e9fbcaf3bcc86ba224c2cd1f25e985b430b1168a3e59572eb48ec89d6e7d1069e1ef29ead2f4649e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5fc53c6a89d7cd18d16a2bdb8c0365178
SHA159b4796e94603787167aeff1477296f2d3b49785
SHA25673c237c55b02b5e18cc0b56140d88d8152ec96aa58a8d532b2dcf7fed107eb53
SHA512c7319bc1e14450459385fc2e6bab71120e8678aee0c17eacb7941f2166fbd2852f31e1881395809011dad9db89028da00b14b06cbf19b75d39f26ce2f13d919c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD53f3c5f1b137d9e0a33216c962645a8d9
SHA1b0498bda2cd2e945e6b8980825951db349e6d88e
SHA2565369f62f43a5711eec347bd8767a1fcd073c4a78a67056b9773df1f27bfe6ed9
SHA512ea6b3c4e7b3125820a2edd0b1c4f8aa0aaa8a5fe9023c6cb0168a138df0410d3ff93535c73825702a28021aa2653bb7580cbbc0dd831a7450dfc4d893ff078e5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5a2fb753190e7acbb11e92cc130d3b12b
SHA119586e054ac3609ae43698093b2fccc841dd1837
SHA256e48e17433694d19a41ecb3f3776618cbc90dda2b1391b7185b96f766ec4bbf41
SHA512d22ed63c82e39d4c7125b6e324fce5a4bfb03a31da2a1e7f675031de5cc23e75b30f942c0a587234aef5c5714fd05e292b77bd18fb29db3522dd38fcb74eac0b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD54938704d0bc2c02a8c63c0328dc2810a
SHA1242a83d2f00b3b9ec6be795ce02cf2b0ce521443
SHA256483fb757083f93346af367394983c726798ff4ced8b8b3b60610e61c7dff5369
SHA512a4f6b052e61d6f8885504e2a0ba5672b94f24f1f37f2799ec2dc57e2497052bf96b1eebb90c6b45423f8795cbd60ce9d3eb6a246ddf0d36222e81ea31a99cf0b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD515ca02679683a22ed86217475e687cca
SHA112527b6ab63b925b115ab7c171d87656e07f5ff2
SHA25684b880bab368f8dec587ac1ac99c5f2ad71e658ff9d5ec31687f2dff9c2aaef2
SHA512d9dff40c88fea43193eb497db4795e3f62c8174fbcee8514bb00745ec75f333c67e2afce0fa810c8ebe2d498bc108ca832cb2567baa7fd0f4fcb5946926b26af
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD51dec414384e9ecfbf33fe59caf1201a7
SHA12d1344434b5a1cccafb4e63446e8c8d66145a56a
SHA2563aeb181555ee33c7b94269ed4ca480024be16800e06c4324e0c8c6953eb97b06
SHA5124330c8810421a662884dc12e9100b7729ef116589ba8eee5f19da07d16cad316a958f4b8b1deb05551f4cf35f5a5db7bfa6a9bca31cdfbf5453c301bef6a3308
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD587ad13f029eb248a7b03c42cc9c9e9ec
SHA1fbd500505cc012c6205f6e9f607d8fb981bbc8fd
SHA25667a781477865ba25ceb1ec4fe1130e50f60ae3c9151c58e3450981c8310bc640
SHA5122c0d580c86a93d01f9e721ae5b19100398dc8718a1cfcaaa16c80b2fd4b50f41ea5e3f41adb8f1ee9d96458c546bdc50189818cb3c002f3d7c15c56d5b4c29f6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5eaa1b32a0471245b39caf370b30a828f
SHA10d61f45fc10794278a8fc19a588c237e5e839cd0
SHA256a3d96aa2637dc4045ae255012a0d8e4d613a370a8c346d370d41c93f1d61cc38
SHA51263b9465146976a4b5bcce7216a01f1ea3da44d52f9cf246c688f0b6945b90f058366f52940c1494da3e1672ec5b549030cd57b66ad984a899fa983165cd503a7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD594663ff57ae35e8fbee30144aa19da8e
SHA14ae6da0d25d7a2b0584f891e95cfa8047adbb0cc
SHA2561905476a07577fae3c38bc7fc54041ded48b493b93fae6795af40685a11c143f
SHA5128d0f4d4afe14beaf391c3e2455e1db83f86fc7d4b9d1bf43f8ca81bd147a95554a6271276945758a3b3977985ab48220f9a70ae034ab63798c695b5ec7109c37
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD55f1e6140b5d8e7f8cd3b98820d06fb58
SHA15049f42046cde5bceff16932c7176d90c9b88877
SHA256db3fb54bd3caac45ea11245aedec4b02ac58b80a254b7cf9dfe9141613cbb294
SHA5129a0d3fd07671a93b6b669ec5054f75c5ffbed4db79d3e8e8a5d614bb0efbbc6013caa53172f4dab4d6ce2d800a590ea0d9536d4858cf03a7cf12fecd1a78acc7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD554a2dc5f375f6097e2094285c84d8610
SHA1ca4f21290ed89d305636c54014531db2e0d4eb45
SHA256c9befce4cc479c7a4f2c01cc92c45ed948013e3886894786c9cda915cae92d44
SHA512b1715d7cecb77b0b883209c8c94bc623f743eda7e619ab9f677d245fcebe7b85281092baeb59cd079f99fb22178920753480b0d2855f222cf33a46d8616b4544
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD588d9ed5435cbc5e1de86173fafad4d58
SHA120ab9376adfbbe389ce0357fb041f8e4751f8e7b
SHA256137b611e2793283241ce21c39141f4b32e92c1711c6e35071e552f74fd668461
SHA51271aba9033f4c8dc8a537211b413401f4f335eaf4049c6c424f5ca3c9d3d4d9336fc456496da9f11bf83e5835358af7e5d92b283e86143499fee8fc515cdbc491
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD57b013d0ab9845b91f417b1f4a9dbbb70
SHA193f1a94eb9e0da1ed4250d3ceb37a52cb6f52507
SHA256b4ef95b447751ff6d3c1aa6f73a9cae6caa13e671d4969758fb83202997155c6
SHA5127dee7ceee9dffda32cb111ba018bc4c2a3033880d70ce0a7c502854543f5a3d043d150b6ceef60810dea30accd00c7bbb88783938931e8ebdb37543d91a29fe7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5b0f9cac6bef90a568833a04f6c0d09f2
SHA14f9fefbce64a3163dd31982482f3f95b5d3758b8
SHA256e11c596e5f1c59b5cefcb4ccd9e1a8d9f41b43ef9bc8e7ac08991dd445199da8
SHA512f4df44cd6762121a68441363ea245b4176176343dcc05003784166c6abfb3ce3a1f329a39f1d1d572d9f19c849ab0a6166742702e32bb74fe613af82d9a9b863
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD55cbbcb4c130c45c21e2beb5d16ab36b9
SHA1db98ba38ced727e45c20df4537ee1935ee30e64a
SHA256293dd7a41457f5431ceca3571e757c21f26764d1a3223c1e05693730f758bd8d
SHA512720ce5d28dab5f894bb81831d9986fc3b2b47799f32effd4db5653cef010f5740a0aebb33b2ba508e7d0624fa414d1c4fff22f84ca1130258e843b566fb8b744
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD57147d6faeba8b74c12810cc29c49b4d4
SHA171af20733508f8994c242835cdc111d225d5e63f
SHA25618b6b9d230998776b087f34dda49f70a21aa69853d75b6e777e4766dd15d405e
SHA51273193edb80f4725cde35592da78c9cd746f10048af6edb3eef92cea159064c8e7c3ecf23fef102f19a3bbd25b7b0a411ed70c7f36f29765da89f7ae80fee659c
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b