Analysis
-
max time kernel
133s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 08:02
Static task
static1
Behavioral task
behavioral1
Sample
910add793df19380606d61710decfd96_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
910add793df19380606d61710decfd96_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
910add793df19380606d61710decfd96_JaffaCakes118.html
-
Size
4KB
-
MD5
910add793df19380606d61710decfd96
-
SHA1
ebc010c7643fd396180646ced136dc1cfc8772b3
-
SHA256
f0d422c3e76e3fda66e2d77ba5f0a806ed5ca0b53a2a9c6e024a657294273633
-
SHA512
09eb451832f6cdb4839c14a6466aacbbe3cefe6eb3aab14c6157156b6e5267082d58b2d1ca09de4c3d5cd95281c5d3a80424e335586ff2f86ca7872660e0ee7f
-
SSDEEP
96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8ooX/HIYA:Pk7yY1aEFHVKtF37sNjtXATIQFM93pDE
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a230000000002000000000010660000000100002000000065e0664500280a274181e731ad0da9dd893be9709b1c18d12e82d2b3bdbd88c8000000000e8000000002000020000000d8a8fdd6752770f56f8c2e4767e16494e238e4fabad0b35515992de0ec00cb6c20000000049bb24db79f2db1929aff63d8d38daa4d0e4ed8e6945a0cc443c49a10972b3940000000dab697069c741ff92f38a0ed682512c2e5dd799054149123cf3be5b1e430e6804c2419885c62d3a668406ad4e83dc69daf549b01527c920a18081b8c4e5b8ee0 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423563604" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000787830401666013e1cf7d26147b57861861f0d1214d91950343bae267454b055000000000e800000000200002000000017b87e3d6f9f5b9256f20961bdb744c6f2e68f93bf0eb265f5d510fe4480c66590000000153608371b94fed7f406f483cb7f94059c040600b5947ac49109353c03b0a0d913203ec4edf6a9dd93ce36f675ada858d9f1e5ff8ffb84191d022688951d82a53463e26f5d55f2ee9c9c4d340db604e407e3558b31455d645913d7410fe12159e1892ea4bec68d51a5dbcffc52ce7df59d5bf5de27e97b7164ab590f9faee4b9885c53002b8dc1de30e01026bf12059440000000b67191715d738ac8cf1851923195801fd8d9219201d9ed0974cec16aef8c0ca5b09a4576f093224e775d2bd49f0910204e7ce5ab95e7df0f64cca91ba8c21f84 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{98666001-217F-11EF-8C92-6A2211F10352} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e043dd6c8cb5da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1368 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1368 iexplore.exe 1368 iexplore.exe 3040 IEXPLORE.EXE 3040 IEXPLORE.EXE 3040 IEXPLORE.EXE 3040 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1368 wrote to memory of 3040 1368 iexplore.exe 28 PID 1368 wrote to memory of 3040 1368 iexplore.exe 28 PID 1368 wrote to memory of 3040 1368 iexplore.exe 28 PID 1368 wrote to memory of 3040 1368 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\910add793df19380606d61710decfd96_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1368 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1368 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3040
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD558da5b7113c2d4a886af8c68de6e5fb9
SHA1946c9cde290a49c82a2fdebe1e37d306cf0052c3
SHA2568426ab06b1b399a9258e8a643422548de9e0452a9189de511194500aa866acad
SHA512a3ac055f5f5da02f8814456302d07dc3c87148c14e4d34824096cefb2594b38e1bb5e51b276ddb23c4ecc484c458731b81fcd67484792268304e887c13b87cad
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD507f3c9a5021462ca6f8a67b5d1d251d3
SHA16440f7e1bcac202ccd7c2a770057c6189342d470
SHA2561fef212540a9fce11fc057f59c94a4a1b1fdf1c69ec9138735cfeee2f5370098
SHA512d077add4d45378b7d9fd36f424b515842fa9d4b345efb60f67d827a5383f8035e4220c2301a2dc5c920f2f0e96aa065b81add286d539a163c977f1174f2e295e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5595824e7a4a82e9a7df29fa511bef7f3
SHA1133af6be747d583d467d69714957b629eb054251
SHA256b380764c996a95427a0bad74eb366bbc46b729bfae13696c9372c842ea24319c
SHA5122beb3b629e5a4c932a9ad2be1308c1932b3339936796fcc0a124e6a0429c54e12dc77dd28f5d7d8bd30ee6cb77dd623f531e947b2d7854de1fa1648218d93b39
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50edff2aab4f475a9e257ec8e0f0bbf93
SHA18754fcb9e9a85feca535d7edcc2106ab550eeaf4
SHA256350977b6baae3646510e4e936a743c108a393841e3956933f351fefe3d974ddb
SHA51212dbf3814f43dcd6537d105dede6c16a34042a31bc5ccf258b05c4e752fe75ac2fba8bfb88b5c5b5f3803b77727d75ffd944fd2d770f057034b0aeb8b3b9e525
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51f4aecee005b0ddaaa93bf9480ae478f
SHA1da6a49301b8885a367a057c7d65e2bbeed0e6aeb
SHA2562be9207012682707306b573d716f4170cbca88df16e93880086b07be58f39e2a
SHA5122a15421882b23cdeae63e9812dc52379bbc09f3057bcba8c0e926f56d177c9fbc4942170ee9e9a397c19d51400be454d6abad6d249f4653970139e1e322e9958
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e4197e2ac61cf2ecefcb44644b56d501
SHA156b5aa3ee702e8bcca38685e5ca4b014181dce5f
SHA256d574976a0024ad410f1354c97a03187d5b69a72a2bef8d4416c28cd73b548465
SHA51220b91c43db9c1397a978d4d697c1f30436f6e13b0d8a9110baa94d6ca3b57b31c01bc611aff057b15afd4e4d074e779bf1a03010336c5f7195254ea03873a021
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5893a2f3f86d48249307a4d9ceb73fd75
SHA12e6f32f8b36960da187d246e07f615944afb5c81
SHA256b169d5227a7fc7d4da5bfe875aecae91aa1d509d1f78b3a3468ed59a8496e83d
SHA512c67d6abcf6841a89184feae202a0ce867c0a92eca06dd1756c4688fbeddc42137cc9fef746eda06010e5a86fec4dd8e3f1017064660c849a47cf7f1cad353259
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e753c24c6fdbb7bbe5526ab84465b03c
SHA11c02b58d2ddbac3b37d0d3e3a9523e9428821f5a
SHA2560d95e20ab6babd07b5981f1ca658235fc321cdd7e81a38aecd5e605896b89522
SHA512380e6328c5ce5e0f6c3b0dc9102bc634a820dec06fbb3979464db9d9cdf0977daff5ef5aea84b914cd3dc8616ef515b0788cab8174139cf787f2f0f55edc173c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD529d739b5737ca5c15e08c990ed03df2a
SHA139e0518d88fedfa76f94800474d54fdf6e9aaafb
SHA2568227599d018cc6e3f4d1c5e9e2572a7e0225417a48114ee7d13036e597a52998
SHA512f36e3ebefeea270846ff6b87d305c8d4df2cde5b2e8dee002bbcfb78946df4e7ba987926ec8f89113c98bbc7e91a18c6f64ec699b87d426a53ff2846fa825138
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59c7e325d785e02043f2e35ad1071ee7a
SHA1d302304d3efc866a43356f15035b387ac159b69b
SHA2566af82042fee6a3889900c3d068e72d6ad50080f28fb79f8bd27ecde2e6094a38
SHA512e58fe8749cfb8dafc8ada0a5bb2e9ad798b79d6aed03215c03436cba357de2baf29f719542db7bdead5e55c5032180c9782038ee01861886101da9b0a2d24a91
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5945f433f9df61181be77ead09e1f9a98
SHA1027dcf67ffb097205b6f1a4b33035ee7dab73837
SHA25614f8b6a0ecda298e23b143c6f94780a4ef97cc8290f12b5859c56247a2853864
SHA5122b0a4bdc030fd6c43abd9d02a30c4b388ae0d4170610b36b10f559fc1cdcaa8470a3c62bde06fde7d406c8bd63bde69dc8ccaf25d9e37f929befe30e96ea0ebd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55c06f8a13b710dee50580db687edd00b
SHA161729ae456b976c7b2923eb1691e6e62c04de95d
SHA256c08d46655b0d00f6a82bdb09376ccc16708c3cb41f8aedcf8b58faa019b095a5
SHA51296ecd4fcb3040c1d2b2e15c701cbc8b4dfd2587f8eb5c4891cccc3c2ad712d7fc85aa4f951d5b46594621003fe063118baa0393c0d7d3f7803a22beb6091ae93
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b2a3c320840464edda37119b7ec181e1
SHA1d406073913c0ec1a023cd8825d3036e8c59f21dd
SHA256e254af9f1adf73d5cfdd5b49866bf2df872d3f267d3a1fe2750b7414ce476978
SHA51274cc81098fa25ce5e361bc76e49d706821fa185d3d1b30d04acfbbf01c93dca6d733ced13bd239fb621fe4b2d483d70c11a3e3412cde6ce2a635822b145a5bd2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e1a3f4c9f3d4bc97a6c972914b452b8d
SHA1af8ec8fb7ca74b552d174718b00cad20d1f445e5
SHA256f5ceca9243394ff085cb2a78453cfd794374b681f2e0f672ef3a9320d4a60e35
SHA512d37bd1816f14fc8dd35953a5852d3de7899c0471aa7555ac4c0c1fe0962f9e6cd536d660881b94eb75bfe8f2b5fbeb4a00891daa3e7d7def9531a0d75d5ca3a6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5897aa056a331846e306460af04c9cb37
SHA1e172a3b7c5f9d578d980128a72046555ce3a227b
SHA2560e50833e3e67247548834a540b149d5fc590e849e956642ecb14cd90c0a16cd3
SHA512444d93915b2de77bb1196a3f95dfadf21a575c891080cf4a2b6d81cc8160a164d6b70a40fc21588ed1a84ec3576fd35f95f5a4a9703ce69a71832cb9f1e95c69
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b