Analysis
-
max time kernel
139s -
max time network
143s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 08:01
Static task
static1
Behavioral task
behavioral1
Sample
9109bc83547fdb313a8c1ee3aa9b6d41_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9109bc83547fdb313a8c1ee3aa9b6d41_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
9109bc83547fdb313a8c1ee3aa9b6d41_JaffaCakes118.html
-
Size
362KB
-
MD5
9109bc83547fdb313a8c1ee3aa9b6d41
-
SHA1
eff4369b31df99119a4a5ca07b56bcc3608109d7
-
SHA256
9968b3f8fdf11968e38bb48dc65d062ce28bddedc6c61a7784871ba229bfc268
-
SHA512
aa9d6b24883d257641c3dbe2836ad26823816a439c1fa59e7ecf84ab509e3b6f898b180d9c361f60b76e632063da9427c00ca6e5fdb422997ce9f0829c22efc5
-
SSDEEP
6144:SgsMYod+X3oI+Y+h89OsMYod+X3oI+Y2sMYod+X3oI+YQ:b5d+X3ch8+5d+X3i5d+X3+
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{71AA15B1-217F-11EF-B937-729E5AF85804} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000caa31ac1b4dc444f81adfef7f30ad5d2000000000200000000001066000000010000200000008b7555afb86e3ddfea112c651529fc3fbeb719b075fe892d4eb63c59d003494b000000000e800000000200002000000074cc56933f745b4d4b0360b7dad6cbc2a6dce8b4813323d148b952e6ed7eef922000000055a764ccd6f77c04fc3f815400de7264b8dae19e5ec494eacad184ea84535282400000001dc3fb7319c464c55cb2d18430dcff164e16310fafdedf1bb7ba1a379dfbcd99bfcd73f84a6576d09c7df20069192df904e2384023a7792abef9f18b917001df iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0bd86858cb5da01 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000caa31ac1b4dc444f81adfef7f30ad5d200000000020000000000106600000001000020000000c0736c76028043ea1553aa8004a602c34d9541b6d5762d87389359ba859b121f000000000e80000000020000200000008e0d3576bb61e6e859cdaa101af199e2f268e522dbbbfd2909b11abb4f85407e90000000d7e782d8f5822681b1dc242735fee84c38b86ba0fea8b043e42c6b2fa232dbf5e9fe6349bf912f565651ea963c942505d206f989c1efbbee69d7e50f7229b0dacc44187de9fdeaf87249c554c8338296f3fb3314b4b9923874ad18bdb674bd8b550400f892670cfe834e218eb30b5b4bc92d3fb0b250406e829a2396fe4bbb7031f44afdc6fd2b62fa870954b63573dc40000000b5fda9e69c5e8a547220bdd141e5e3968e2254dc3f20b9fae543e1ad5a647009b9cc0f41953e46d75efd98df25fc7a7d1e8d035a074b16e9834519c975688957 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423563541" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1720 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1720 iexplore.exe 1720 iexplore.exe 1832 IEXPLORE.EXE 1832 IEXPLORE.EXE 1832 IEXPLORE.EXE 1832 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1720 wrote to memory of 1832 1720 iexplore.exe 28 PID 1720 wrote to memory of 1832 1720 iexplore.exe 28 PID 1720 wrote to memory of 1832 1720 iexplore.exe 28 PID 1720 wrote to memory of 1832 1720 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9109bc83547fdb313a8c1ee3aa9b6d41_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1720 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1720 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1832
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5de1c4f6c8fe40d899b30d1be5e845800
SHA1912784bf65021c3e5474944f92cc606479fb1690
SHA256c8a8fdd511e423fa3f67b4b0a463b22dec724510e2b690c9418f9bce2190da8e
SHA5129034401c037827a4ce16283abb3d8542bdac14aa7993bee7e3d231116f2b7958785c4ebe2d3782527448d42ff9487374e27b84653e7d7ffecdda074599d9f388
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5644938ee5f0fb2cf44f585cd362a4bcd
SHA126fbaf0a6f6d90233a07038993c079d6bc1b0828
SHA2569651cd05cfa928a359680a9bd699f9a18c352d883bd5d3ccbae44b2cbf694f6a
SHA512f9401b0dd82fc4c52e23d01bd6b40dcdba9df26457c9a36871551d9477b09b18ba8501075d7450c04f92dc764ffc57ec2a46ac43ee80fc6c1e2630c33ff84fe1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52c6cd1a4274b83ec1d77a9112a2a85ed
SHA1bc24acc66cfbcdeb4c5045e4fead0a5e836e5696
SHA256eb0f7a6751e8dbc92fbae813a5961efd0f391c9cdafd8dc436027a3ae82cc9dd
SHA5123393d4e3cc87cd5fb25db61c4a3f8eaef9b24075c32ca034b18d1502dd54d57ba8624fdaa31414cf5788d502f9138c335973ef03152ec9607910c8ae91f98674
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50067a91c469a742a54e5a03593d9d7d3
SHA1937ba1a10aebc7a8127cb293230e32b22b1daa94
SHA2567555087f28e5c2a880d736d8752369991c98e55d5b44343c5504f50bb6ceeaa7
SHA512a2acc92ee9d1059452b6172e0b826ed00fe854fba2bfa12ee806a5452ce9204ab8e08e56e455c8686d18cab97eaffeb2540a6f1e4f867ba1f28d10836d5547ab
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56f5951e07899894048602641ef5facd4
SHA1523e7f9cfbc01d7b45db92ab88e08503aeb00269
SHA2561b5c42e95a8e33838f0ee80d5a838fcde64da4cba629b4c263e3358eae51fef6
SHA5128efc6bf5cd2eee6638314c2a88c8ad2119e2d777a88191eee0eb308c8752b125ea8dab00c39a804f22c3f2e810c1e2ddc4ccc29de2819e1cc8551f022ba5efb2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD530c432671d33fabb8da8744bc18b0b84
SHA14ed9efab9ab49f80cb5b81882a8d2e2845c062be
SHA2564d73bfd18aa85d811ec88a1775c00b75825267e77b4f82c059e33b7ab96d8dd8
SHA5129990e536d70935910ac9e760b9207bdab8f79904a22c6c2821213fb202d3e2466a1a17dfd44738682fdd036de888317c5b643dded468bc17456c3fc0a5c9b8e5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51da70d6d32976f042e265a651fc547b1
SHA1a920f698217f8d78c1001b20946bb27a56dd71ff
SHA2562f7a1c7fc1cd2de11ee98c97cefa3400f16c5656b7d7c4fb578b15f8ec15fdf2
SHA512f8653a377a4e7a4634c09ebc881627f456e6922cde08e82045773c93b33afd81701dd8b32c387717a2af755820b646706b07899146b1b4c75be260ce894e5909
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53cf51aafaa44ee4c63b1c3d0f529b4de
SHA1a5cf6480201229334d234749c8e1ac72a72944db
SHA256a3c2c83b5034ea1a695f8248929fd37379f257c10e2f95df461a1e0204cc8e00
SHA5121e347c2910fda2fd38d3983038748f495de2068044c2bee4ea0e55101e7133449edc84d07983856bdf06d821c29f4225253150ad4cf8bbc3bae183365900dd25
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e76ae9ec4664f92ba3a053f70f83837a
SHA17e806edcc2e0399f0a13a0e2479588d88ec6ac09
SHA2569f7de60ec6d49b7116dd30b030b851cb45f6b16e3b226130760d8b3df9ff1653
SHA512b9b1217fd0579f62a84f829e05991d1a783a1898c18a4ce2acfcd397472d4c76e38ab68a798a8bd0528adabdd73c3fd6bf15e22c7dbb6b3b037935582172180d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD509ccffe491f151c4a40e2c5aaea8e5a8
SHA1dd30fbfe7e0040d2df3ddefd3bac373aa066d783
SHA256d2df2b396c725c51a9d6afad4309b87819fea2d6edd0ac1aa1fb5318ddd1ad1d
SHA51289bb7bf73f4e2a53c88cf1e6dd4d998368970d4f2d192d44e2200d29b5f078f1bacccb919a62a78be263fe1cc86b7b03563aeb056ff7743be23b5da700846f6c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56b59432b4dac3658c4564ac3d40f4ba1
SHA1872fa2beb1366a615eea389598f185f69e559045
SHA256b3a77267d6f2cda7ea95bd5021fc2154b66583f98cbdead8270e5d9f0629bd4e
SHA512c73cc2d7ac5281d28c2633371fef5a0de7a5c863065d871031b75a8af8c9c802aedc77543b664016e79b0708e8cc7186c7a52528e5c5ba2fa3693b13b1c8c5e3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5427491891b21feacfa66360066a144e3
SHA19353ede26b7feb051b5aa1e608839c9d8d4b9f25
SHA2562a75a81789f6bbb59e4ad543c8865101e0db5d420cde6094bdc9cc265a020772
SHA512870b8bc7829695164adf35ce789eea34ab7ede438c4a9e037c3e46ea0bd70385650503d1bea121ac0bb8b206bf568f0fd5479b65cbe3ecea9fce6d85481d9c3e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD528f63c4a3e2744b57a900cd522714c52
SHA151d6c6ab57fc2276169316c839ad6eca89117bc9
SHA25662f110893baebeed489360bcc429121f3fcc6855dd92e9a3c32261f76d8fd199
SHA51258fc09f61f5238508aecb30ae5d3cee3fabf1522155c1c6e500b0b8f87d9fec3c736951c542d87dc1522ff1bd186191cf75f76d8230f391248f68fa626552727
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5313f3795710d3eddbc33eaa20e3ce208
SHA147faa83cf68acb8eb60b6ee60f48729ec23db5a6
SHA25687c9e9001cb4940856752fc12eff2b51ac98cd4c743d528eac27041e73ac2ed5
SHA512147d470b04e2ff22d7637af2749aa0623e4b65853e9e529d8abca27389187a3e86069a1c4c03bbf05f82c2a8fa7b48347a77c61aae686a7d7383bda578bb5e7c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d7fe05c7df679e0f6dc7f6e76b618495
SHA1ea336309a0b285cfc49f518e91b7e4621e283ded
SHA2569797e549b5b7ac64955662aaed87f4d288a16c70e033ecf27411b98f27ba5cd1
SHA512de8386f99bffced7021e089d36cd55253802a21870b9d100c234cedd6a24aceeee1f00bc62fa10aa1572334a75b2ced2e0e7d85a6c10cd67a7c1178af675d7f7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD595a1114df1debf7cd954a53aa6dc8990
SHA1eeaeb6038b1467ce42d861cf13676adc5d49e3e1
SHA256b59c4dd7d5569eb9fb14c99762465047eae30a4201ebf7f0c61184f55ce070f5
SHA51290d512dd4c0aa8e4912b92cbad22741b0a73ed10a94818f2851842d6c3d3c98d4ad7244675b764d235ba695d1bc16ce59c97f86eb3395205d187ecc06514db06
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5176c52bedbf976519a37647405349c99
SHA191fc9560b23e238ba5035402be1ee4c654114177
SHA25638f19e4462071ac66896258288f317b9dfb654619f405e82acde85a7b9d186d1
SHA5123ca22a2dccca172a493497f8c35d510814d8ef2d39ad4711fca0c18384047e096e89b0bfdfe0d56a791b80bc68ffb0a9bf3c21634e0566e9eada2c444a6e57a9
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b