Analysis
-
max time kernel
140s -
max time network
141s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 08:04
Static task
static1
Behavioral task
behavioral1
Sample
910c7d19b50611be17e4c134a36e387c_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
910c7d19b50611be17e4c134a36e387c_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
910c7d19b50611be17e4c134a36e387c_JaffaCakes118.html
-
Size
143KB
-
MD5
910c7d19b50611be17e4c134a36e387c
-
SHA1
dae246a40677a822fdb77b8e43d3970997d2f2ab
-
SHA256
78bc8540b8ec41e76beca7097b4cb0fb862517c15f32dc45149c7f6fc7bb45ba
-
SHA512
a9fc7d18822b9c7114c4b79a6e52255d82f502a51259e70558e7207b0a8fcc9664fea791fc65e2bfe6437f3b07529569bf9797680daa66d969027dd7ab115911
-
SSDEEP
1536:ca6gVKWxkapWixynHf2xXBHD6tSZE7b+gG1nO0lnr/6nX+Nn4XHnlNlnlGrnzxvN:dxkapWixyn/2/E7bwmwwY
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423563728" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000072a99bd899c26747ae469d52e1cb2540000000000200000000001066000000010000200000006ca65788027e5892e3a7aadad9949a8085e0263f6cf593729d323c1ce6af0832000000000e8000000002000020000000833512d64e9078a28d5ba518ba12dcc24dd9cf2611c2610e8275bd78a373347820000000451781c465abbaa7229bc73b03cd954b6e66232ed0e32406c0f6492b2446df1a400000005bfe1173d8b7197d36cccb81c6858dbc4368d1cf6a014a048aefd4fff35d6365e3222152893b08e70790d6680fec0f2456801e16721dc96653d504fcd5a713d1 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E1BCB291-217F-11EF-BAF4-4AADDC6219DF} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000072a99bd899c26747ae469d52e1cb25400000000002000000000010660000000100002000000091132b16fcc1ebbee741b2c7e225d10cfdd5c6b572335f1cbb89fa7e049df275000000000e8000000002000020000000826bbbe1a52942ac2c7c5fcbb786039e974068b51342f8a212980c9799ca521e90000000e91263f26a74c67b3cad6836e7dfaa0184f7e169c63471d76b5b97f30ce39deb0b78101a86b8a39799af9f171b7445f5176c746ee8401f1657256da7f6057fd52325fc21a87dc0ff7fc1bec43879f58333771fa34be791ca8fa7fa7b7ecccb868ccb3d8e43e92901f2c0a960ee21845efd5c7b2f90dca7717dd31df8727fb97c43f1ddf661d28c0fb1043bb8aa0da9ea40000000f10457ab9653cf45321c40d387b9606f1e79b4b6ee7a038cb7af8ef523598882bc1d6208d79db2c2f14f34390119d5f4033564e5da211a5437f7b1f42d8b2800 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 2017b0c28cb5da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2868 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2868 iexplore.exe 2868 iexplore.exe 2564 IEXPLORE.EXE 2564 IEXPLORE.EXE 2564 IEXPLORE.EXE 2564 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2868 wrote to memory of 2564 2868 iexplore.exe 28 PID 2868 wrote to memory of 2564 2868 iexplore.exe 28 PID 2868 wrote to memory of 2564 2868 iexplore.exe 28 PID 2868 wrote to memory of 2564 2868 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\910c7d19b50611be17e4c134a36e387c_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2868 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2868 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2564
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD5d1153679f54894a52118133d79bbae60
SHA18183e9042991bda6c76b2f4a6b301f2bcde693b3
SHA256f9535a560bb1b9a83afd356e5e54cefca2739608909734fe941be8b1bafe037d
SHA51273c8c11a614666aa5c5df7405fc8dee39feeebe0f6d37cd5733d0d5b69e814d29bed8ddb290010a2119d8326bf26493a3933e7e1b0090e8d14905946ba55b505
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e16cd4d4b791fa77bdfd9beb297e6f0d
SHA1e2ade82859ede03aa026b31f6051b38d4e4237b2
SHA256321dda22358dd9a715a86eacde06a7fccea22ccbf25a29afad7aad12f467946f
SHA5126a6443921f25760204d429d1bffd95a403382615caccb83e81af041466e80e3c93a32a3df62ad95b835be77da94d4c201ee1c49e29c8442f424175e6c193eece
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58d72fdce198c704ae9abea6868790000
SHA13d6c9517544f789eadecbe35b5d89ddb6a147dd1
SHA25664a75f46fdbbee9439c097b16f70ab4afb36690a3e0eedc21a23429835ebcf08
SHA512d79edb3bd75b0829ef03d47e92456f05035aaeced347ed68fe0343caaead4c674a305f28d13b4b314a4a7ad3a583a79815d37776d5dda8b5a34c4fb0131f4df4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cdafb9240c5ac598fab42ad9ee18e547
SHA141eedff412c50bc36ab5db37f3e680ab8fc30ce2
SHA256b8b7d7b2bb5624909d6e96168a047c34649e5cce334b2ff7000f5c1c5149cba5
SHA5125fefa8b0d6011371f87d7bea990fa7fa6a7a339061fa99ff91e61095f0cd476885dbc18dee124c416160c75bc1b6ba6fa7f6a74434b38ec4f280e5050f6673d5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f948e1dd4c57185f93251cc0a2e9c5ef
SHA156f0fdca62af007c765249c816894de33eb70b79
SHA2568a08d7ca5639ba82c82ce34d90fdcc95cd47568d60f066ffa99b25a3d792279f
SHA51265083450047f4b64e053f6c60f44671ee46bf7b8c0fdebca555ad4bb9f0a181ed573e7274905a4ce650b0bdbec33e1ce5b1cc48bc8a175909367447c68604a7b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD594cf42234aa98ef87cec58fc9a449402
SHA12353420296607040bb16cacd72a7a2c85685d97c
SHA256295cb009cb65c788dabbb67fd98477805dc2a5d9b43b1203f8d1541bfd1efea3
SHA5125d7cb8b23f38170a15b87264b48338dba67c070a1834241c3e90356b0056321fc8e63ed60be26e01340dbfafe3de26142e98674c5cc0bc14265b845f482c4da9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD528cf89104ca41e24a0b3c2d0773e722b
SHA17830d92575539854ae5dd4055e03725612f3a562
SHA256b34f0dba87e6203fc609abc8f465d8e51f395598ba24ce8a23d4a0588b2154b4
SHA51216ca9ba4ae0083806d4b0c1ef48e0b664414f2d7032e765504e0ace9da8505cfa1c61401fcb95e2f382487888ce651c54bcf8995b04e1a945a61ac3b8c20a9b5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f914e523036625fcc89328d0e69cc6d5
SHA1bc87d063265544a298989df73102902d1c716819
SHA256b734e37b6e17bd40410b73326c419f65f151f0538b5f79fe09824674c27c7066
SHA5126444345fc3eea8fa8af1af9c1646134d333087dcf638ec53afe51c94a4660bf936c41100b92de882facacc7ade3e87b1d709b95980d4f349fcdb773d8a4fff6c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ae3fc3787ff3586b1d9224f5cc0bd3d5
SHA120a9cbe84b21b4d2a9352098ddd4aee460393243
SHA256b55d642c49ba8c62f77002eb8eeeb96658306f32e146cbed54a603017c9337a6
SHA5128bde40d37a5bbf555dce8c93a04716aff63f1d5aa582ab551879a1e44760d2ca7c64b4329ca4db0fa46d03f9e4c8cb758a9e95cc356484fab554cdd3b9c04e09
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5aaf3429f155d2002344064133cce4c39
SHA1875ad68b56dfc74312272cabf27945d3287eb0f6
SHA25622410b8d029018974a7199917c1f28b3ffc7aa6619c2f803e9846d7d2fffb4cd
SHA512202c5383a86154fb1d0a58e303234d3324ba17f77fad91e97716b0c8ca9b9a68925e8176035f74bffa7c0b9a799e534d606917ea88704a42cfdc9165adbfeff5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5417d0aa97fda380d90fc961ffa251dc3
SHA109409659fd85036bdbdf36a31ca1ccad988e384e
SHA256438c5bc37b0dd57da95aac94d768f9036dc18a4a29072df1cce4eeb47f7fab94
SHA51204c331e61f63336d399865a98c4de07fd7b41d100629472918c045bf58be4822c6f0405e148f4253fa2ffea0492133e3acf0c4e3e296f835cb918c548c399afc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59fe3150d8c90fca4e68febb735841d3c
SHA1339e0cf7b5df0830bcd179e8ca19f709de67bd78
SHA256786bb35d5c8877bcc2fdd439718bfde870cb62165247d360ecb1fa1ddec67244
SHA5127b7056fe8b3d74e630f0d8fed827057be5e855970dcdf0c0c6ca9815a2e32db5218b6cdb42f466677ef93328d74b7111a9c376d60741f6c221e53d005d78f4d8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f33271c6dd173d748d31c6aa9607963f
SHA1ef16b4bc0399683ca012979a3c6fd586465bd65e
SHA2564f26e0b052f2e7fd071c8ee4c82d81c202b754149bf9745b08a4077ab639bba7
SHA51235cfb80f065f244b3d10f18be0b88dac021cf96b8222d45158889b0e1de3251302d61c1f6ed1e963acccb65315713946d4c207a8d32f9d2e641686d6b76526da
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5af52c57f0b7ea9fd393efe5d974dcd62
SHA1c38ce29a63d055ac72782a5e4188c856d843dfc2
SHA25613b84b3f4bb80e5e82d4734b0a58dd27327680e553f63c21d9e014fc30a70431
SHA512a5ac239930bf9152a1928a5755e6f2bb3b5da043f599bf318e4f182179c7b3f43e2ebcaf0b9def4a9a3498acbddbfcc76eb20c52faf5cb7ce99d6f1593c3f238
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD5a20e153e5b05b3837cb580c0ba0d63fd
SHA1cab6e002dadb964b9f65ca43a1f8d72d7f527c51
SHA256f0bd15c6755a5cb7e9048a2ee15052db13c00fc9880285a04b1f430da6535e7c
SHA51214198179578ffc7a1d7e8fd9b7a71f9d738d6c73949d6182a2cc5791a5ab3b68464ee2a7eefbdb0491c6166546378f7088ec4d7d5c97db962c184c28efda3e76
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b