Analysis
-
max time kernel
133s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 08:00
Static task
static1
Behavioral task
behavioral1
Sample
91096345138bee235bb7c70621cae9e3_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
91096345138bee235bb7c70621cae9e3_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
91096345138bee235bb7c70621cae9e3_JaffaCakes118.html
-
Size
802B
-
MD5
91096345138bee235bb7c70621cae9e3
-
SHA1
22d804767988619f66b9235d40fb07d87840b54c
-
SHA256
ba5b9e522fc50fb1bb9b0e83385c03da7781290bb0e5a18dc28b87e2a75616ef
-
SHA512
df6d3f9c03fa01c2d75ecb78fd3a8824b30581ab171e6511599471a8f7bf2f1e54780b8c6a92a20f4f37e00b479c34f170f7ef9f2244580f2394614becd9e6ad
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000c49dfd9d5c4d219461d201a702d0210468215de9676e714d859c85a5ac0c78cd000000000e80000000020000200000002a9a2dfd392fa2608ae592e1e147ad5b80f5085b31bb66e46d599831fd6f0aa2200000004c0ad1b244eab0f83575de4d43200d916e0e8737507109bdb1e3dc284589bf4d4000000064eee3cb576b2f146c2a0894f51775ba34536382b015d017f390ba5cc28fe9e6c4e0e6de6f18c821d8e4155d6f137fc218929e96d6756288c5a4f575dca78e25 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000b2095430baffdc5cc7a2ba18c3816bd3ec8c1d1c30e006b543b50607657eb08e000000000e800000000200002000000056f0ec2efd3de5ec8a80655b8d6d57940648b715b4ce9f53751d7b9842f2eaea900000002b16d30dd69aa4f97c38559a172fc20a2ba06f15d34a181add600a8dccda116325c7ec586a636b94b83c2d243f00776dffc8c7a42c5022f7c81a163c9c2873e81f89ecf5a774607f0fe8915200ade0aef0638544f5b7a73537308a0eb79f23300c33fc99c6732fed8bf5445137c1847374a0f3571e8745ffeaa471d21e5281a4ffecf315487ba36383d26f88b2de85f040000000d4c0267fff1045f6077eacd322f676cdd6cd94fff36a8db7a6afae4d5f6fd4eb930f3cc00498f7ba2035d53a839af80ec9c26cff7f123d6a2ffff793ccd6ef03 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423563518" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6524C331-217F-11EF-9DB4-7A4B76010719} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40638e288cb5da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1244 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1244 iexplore.exe 1244 iexplore.exe 1924 IEXPLORE.EXE 1924 IEXPLORE.EXE 1924 IEXPLORE.EXE 1924 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1244 wrote to memory of 1924 1244 iexplore.exe 28 PID 1244 wrote to memory of 1924 1244 iexplore.exe 28 PID 1244 wrote to memory of 1924 1244 iexplore.exe 28 PID 1244 wrote to memory of 1924 1244 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91096345138bee235bb7c70621cae9e3_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1244 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1244 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1924
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD594d04e2854b3c5164bb6b4e298dd12f6
SHA1aeddf0c89ae7075656da37b44ae4a7101ea4e15e
SHA2560b99b07ffb235061c19a43979375a82a72f88ab1a7af3c49c12c59576a046ced
SHA51258c19c78a680146d13bd301a6e22a5b5e9283236dd5ea793c7a9a01dce944ede50eed35fb5e557ca9ae7952167c5508b3d0a752f528bc4cc0fdf01cf4de32f15
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f3882fe13a50c230d1d98737cc5b4fb4
SHA1fb2a970a955b9a09441165d5f12e23bc5d6ebd91
SHA25653ac1e552aaa96681d0ac8cf83153a5a6d5fdf412aec47169f7f7f8c7787ad9a
SHA512b9cdc2e3c2f33dc566355b2f1fe6e1994c8b2a7dc6df53c082405a37ab4599661cbe1481bcfd18f8b7af517c022f7fb3b641006d615169fa2b16386d1aa6d6ef
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e87549393d862dc19ab7221e346aa183
SHA1a76e660019a8a47cd233a3131928045fadd61d3c
SHA256e884068be043a38286699cd36f7652e4dba0214f3cb7980d89f42a24810ab116
SHA5129db66473722a6b6e96ab3efa0f494422da8dad239f1c0be26c4d8f110887d542f7ce731e963dafb5bcd0cae06eab08fbc5794ca607bcf965abbecece61f69578
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53ed98802612df3074dbfbb48c0d39890
SHA18b0f4b5f9f8e623643064ae5b3d8cca33db5b0fa
SHA256e2871b613273f80b7b7cd6076efd308c10e680a38ba8f5fb29ef8f2ee4341426
SHA512410be772d7b43af8ad916d875c0baea0b6dcbfcd8b1a9a7ec244d034764e65e81fc5e798749ad1393f85190bc6423c448bcfb8716a90dd928eb7ab0f87690613
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b67ae6a5ff20c95f8b9cc37907d95ec1
SHA1bebe6646239a120af0c964352f1e2fc6d433934b
SHA256d19872c603a247b9925840761472eb59a2cbc3b203fcf52c2e4f6de8b2cc31b4
SHA512daf82612e9b1edafb74037ae1d455e8ffdb396f2a76ccd4d71fdedd8924854570a95cb419a1827d2b8be5a091d23a8b1e114e95c7c7194a599f234cc697bd756
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58eb17c794387b443653cf704b0ad3f60
SHA1e55e4dc2868dbcd26e715eb012735ef7c9b7adb2
SHA25642698d8aa84e6721ed24b468f2970027d825c20c12090ae58364ef41ab2a1185
SHA5126a311e537538284bac26c2d50bcdaf650e432c047683a984de6f6e26bc4bfa52548a4654416b5113d28f9c71919f0ca1ae367adab9d21eaf9257e1c1ec9fb0d5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD594c832151434900e30e82f09a3b3da66
SHA1efff43490ba0b4e56821d258caec76e6c1b38088
SHA25661b4aef3057aa3ce3b08626feec24a486affd10032b726926a1856b146a87cfa
SHA512ecca3001d7eac8d687f963e3ee546d1f10158c03cc030997dbe168fd09abcaeaabc4f053bdc6d4b55eb708465f1fc2699f2659bcd01a5b1f769ac6e1c7ef81fd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e59fbc311480e16aea3bc13fd0121b00
SHA104dfb52a433247eda92b519dec6c1e02b86e8b97
SHA256fda8edebd579b52ccdc1b33768f95ac8acf668ad6cbd3788a97663fdcdc5a7ad
SHA5121e3b732ace3b1ef6e021e1039180d109bf9f89270a4640fea2305b6be5758e24bbfa18505796437351aee212354bb2d441c7018c721348cef6b372bd7ebce061
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59cdddbac0c53817017e4a7c110fb85d2
SHA1be81c41bec52627b8af766ab7d2d97b939e36fdc
SHA256a548c3370051f05db4c55dc9a8574c89ca32ad139ea63af4de7ed71dab360180
SHA51208c13dc4268744f7ac7dee49b12a7dbae311f01656d2d4c93edd749541dbcad7ad1ade34d35b7fbe02cd448f37e5cdd8019d897442097351986e1e09ed6e2901
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dacbbfb0d76ad897a075e3331d74973f
SHA1fde23858e85a6dbec0acc534c65c165eea92fe71
SHA256438e47fc0c817cc73fe920e70701ec86dc8435da507a084584d963cc4347455e
SHA5123cd7d213779b65f639af490b55f0f22c1e0045594efe90af599baf00ede8b8f124b5a8bfea01e1469ba543678388f3f5d5b34f8585688e0b9146500b52c29491
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD580ccd1a6dcd0b6131c7670bc0b6f6162
SHA173dc1d74c5b839d13c4c5052e04d0027809eacc0
SHA2569f5c79174fa8b88ffa6553a1895abe92a5bf72dcc3ad6c11d939b594867161ff
SHA512c8d1dcf4643863383dd61f8b4b530e177632cb26a778668b2b6dd4e11484b2213e2236b10b9276cb3300ab68ab1a0baf08ccc7a2812b039ee6256e408e138102
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD544512231e819c8aa04e2b9199503ae0f
SHA1090759d5b54945e5b5ee3a00be838b8990e197af
SHA256117ee59d959bf23cc18c0dd2839c5cc30d1cb4db8901aa58ab3a7e380ca0c867
SHA512f37aac7166b8e4ca7b11e27ce740e6be6a9a69aa8e3ea244d14403f01bcde4b9e3ac06d2a25fb756eab67153c4c080ad3e54a4d35df6340b0d2bc75dd8cb66cc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c813d91d6151ad6a8fadd71e18a1059b
SHA18899b5ae2a45ba0f1e86d3df88b37138837ced29
SHA256ed45c9c56f986fc42cb105362ffb0bb86fedac6df29aa4c9beee28421a6e8bcd
SHA512c814a563a8dcd0ee27a9eeb2c22eb7cb01be366f93872ef06851c1e7136f23fdd39ca83840c18de20fffc57a6ed2a381459a9340849b3403a54258e75ed27d40
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51276d9dc710157806e28701b0712b4aa
SHA149fa43f15732751b0a6b0135fdafb7ff8e4ad1be
SHA256e55b2e1789793092cb691e901ab725ed67001545dc98576a3d4064a16a2494a6
SHA512d61ec1819d77d503f441786829ef38dbae6b5c73ba9619827536693f566925020a28f517dd95c5431cc055c62601fc43f001833691ae74dede15ee44bdbfd315
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b3d0b95f03855452c909067eec01953c
SHA11b85a94f9333f8284f1bf0dd4e031019efb1e78e
SHA25659147ee843cfeb4497aa831d79aaefcf06098a19c41a333f09b0ffd7f26136d8
SHA51225604fc4b99fe497fc7614b085087bd34dd6e6b4ce5e32889f28338d84e7f8dcf0dcf8f3382b52aa648feaf2e609f1ebbab511c8ccd937e6541f30c7babc2b02
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52acb1ae4ca2c7adbcb2a561875caafc9
SHA1a06804dd900d71943ec857b40b29812c095d216c
SHA2568b589e8d94918dd919a764ad6da073124d7d48fcfa157aedbafc329122b77faa
SHA5123c5dd0a7d9497f04a03a68db232cce6a6460afb9144eda825ea1b3b779747a09910afb61607094d52e0dd1e5c1ae32baa496797341f9155e049e9fae37f1ef2c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b56a99f9f6f0baf170281e10b080ee4b
SHA16673036d6b7ef190771ab341a3a6cbb0a7c610aa
SHA2566dcedda7bdf015626820625b2eed5725efa7c350a43bdd514bd66245e98bc2bd
SHA5124a6752888174dd08db249cc042c292decc2bf2f5ae0bad71bf541c09373626e1efbe6b588d7023c4b2919f4d9bac88a557e4e2c05cf39c193d750a940654a555
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50adfb1bf0570f901b1c8d754193759a1
SHA158ece8bda234f248c65aeaa78543f9804505cc2e
SHA256beb38a31256440a99b0236a0f29549b6fb4bc271fc36c190838343be1df4e998
SHA51271256af444cfa40f36f9145a1b0d1359c167ddbce3bd7d942bc1491ef0a1e73df3d6b3d933aaa04429918faa369309a636d4065f3b39541b0137ec0e4ff1e428
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b