Analysis
-
max time kernel
133s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 08:05
Static task
static1
Behavioral task
behavioral1
Sample
910d35a788cb6d5ba3048645cbb8c0ff_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
910d35a788cb6d5ba3048645cbb8c0ff_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
910d35a788cb6d5ba3048645cbb8c0ff_JaffaCakes118.html
-
Size
487B
-
MD5
910d35a788cb6d5ba3048645cbb8c0ff
-
SHA1
429632e1e9e4fdce1885f6539fa140ded14be761
-
SHA256
c1a84cc4eb3de0b8c5b3e5c1c7629f905df9fdeea8d286cc1605feda8bd2f915
-
SHA512
8dc95f6761c8e434f07dbc23761f080e838f15badfadf60acb23a95c71ab516a2f2c2711964d74f877e7a55d41dbb49c755bc5f26c69b78382a7d630edaa5a73
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423563784" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{03AEBB01-2180-11EF-8C71-D684AC6A5058} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000973ae51425778f3633dd97821b4e23f5e3d2daf1d9fd29b569b7ad37f7eb5225000000000e800000000200002000000097195bfd6c7954e1f69416c44629cc51ef649f464652541fe7ee7f7cff77d8dd20000000beb5a2c46c698851c256d93ecd2cc7509dd1f97bad1c9f67c8d77e4114437ae8400000003d407ce5d016d2cd8251cc9914ce3f61399b6b1ac41868e014fc58ae5aa5e2eb2a955ec27b1a6bf366f5bf7688949d813c1ff97c678fbfe75c28dea67510bfce iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000752594f40439581e504811983361391784993e9cc04284c41ad63ddefcc4dd4a000000000e8000000002000020000000411c9ddd80d4c6f34aadb6a3439e1f4783f949eb99475eb8568d0e150f9df61090000000f4172c94394b7cf55ec12dde1cbe7e22870d05ef742ad019c339ccbf4ae243928dcfdf1b30a135767aa09f59baf784aa15c30b99394a5a8b2b7dfd8cfe75550f677709e64a7ae5ee2e8f35a5284da51fc7efbd6fe4804179515ee7842dce74ffe9e219cc903698fc486771c0b6227810345420a59af43def8d37fb0b8a7fd3d9698a31e692cb4692dc1ca81a51d70360400000001e15f067b256705650e63c5f2632c478eee87ae01140b73c6a1aedfa343a7ca541e8fd07c255e3799278748cc9063ec51812e76acbc6d33e8380039c8db461d7 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a01f35d88cb5da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1932 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1932 iexplore.exe 1932 iexplore.exe 2916 IEXPLORE.EXE 2916 IEXPLORE.EXE 2916 IEXPLORE.EXE 2916 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1932 wrote to memory of 2916 1932 iexplore.exe 28 PID 1932 wrote to memory of 2916 1932 iexplore.exe 28 PID 1932 wrote to memory of 2916 1932 iexplore.exe 28 PID 1932 wrote to memory of 2916 1932 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\910d35a788cb6d5ba3048645cbb8c0ff_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1932 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1932 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2916
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f741a2e24c7be021f49dcc6da14f67d8
SHA120bd20386db274d058aab7e965973855795274ea
SHA25630c5ae68258e7d78ccbc91e6be3357ca185c8fa43ef59cfef0c47f6043789b07
SHA5126443a1102f57601121363a918b7fbcc0214a0b1f6e7ce1236ccc0f76d96cf13fe3a798c3df2d49764a7956a4096f2ce6922abf0688394112ee4077227d38caa8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55221cb128a707957e1c1f453f0329b73
SHA1c302bfcdeed77aaed2fb3592ffd748eca181fe05
SHA2566225615e347c5179e8c23a316b7bc581eefd8308eb6f136e6fb9534b2629cee1
SHA51288bc5f8ae6d8d04e749829fb42607b077db1d99df2f942ef90946d82bf284dbdfee1cb97518d07effb7f511a7d820b1b58bbaa38b3b70230339027b88af3acdc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD503d48762123e0bc643387570e26e0f07
SHA1495e62dc7244e91db21d7ee789108a676aada400
SHA25603db33e493906add9c5478ab90f8e025578b5fa4689379cca8b2359bd27c575e
SHA512eb1e5f1be0452b3061812d643a33c21a51ed689c97da76af5abb394a57715a856d5e6c4509f5ad5bbe164674fbe83432a0f052e056f925fc02588888e1b931ec
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dba3b2877ddb528bb7baea36a3d4bb42
SHA15c1add4786de7faf7f0fce2911018e790f03aa50
SHA256c106d987d408ae7031272b904b92a2e87a214fbdfd746cb67cef061862c37420
SHA51254bb9208b10ec1ec789630a0433621e15252fb8bd5ccf2e9d127be0f2ca60dcb94bc4b4463bbe356054f3f728d77531632bc4f14daf42d769052e6391be46798
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56d0aea6f35be5b4c2cc3cd39d0cdcd80
SHA1807cb22cace0ac0e214fb764b49cacf4bec80c3a
SHA256c718b80e4894fa33674e65536ccc3397ab0cc654b68a0ca4c941c4e5c5dc770c
SHA5128ca3469323c44b88f60ca0c967781569c59f707167d5ecb357d0795f31a79d10b8ef812905287460187b6f68a2bbad93ebefa8c432a6b5f65eaabd9bae8f35e2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5103ad343379425aa724cc9717dff582e
SHA1fb873ab05141a881d75c450ca43498f91725be46
SHA2560986b97805168b7012d6caf79b0fe75d4355dc1a76830630b0531c296a6f5382
SHA512acaa473e88393d83d0b2a7e07d616eab7eae7cf1dab8bc15302450b3ea2468a14991d895f90af966329da907f573a70b1e1018d89c528ff0048f3636e5297c76
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52a5550929318b9d7be4a45ebf6fd79d6
SHA10f281d62d0a35c17be121ef977eb8a28a5ff9700
SHA25641c44da85d390ede9d3286e1c58f53962b99d235859c86826e6abf5ac96fe3cb
SHA512c2a68d9d7dd0b3b8fead400d4175e453234f5738871552dc2ddba6e48043e0f4c28cbd2821b891ea2eda871eed07d8a1dd973d429d1aead6112dc192e0864c3b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5475aeaebd3d30002000cd07e52ad825b
SHA133a0d439c46816bf6aa2b358d7c924b8b3b67724
SHA2562426f180361fcad233340e3a6a98e75f1152c0fa2a9708a0f84a897ae1d50bf3
SHA5126cd698493b003cb5e9a1b47cbec4dbf92dd05f0fd8d3f7e91a5a40d9db86be5a9444f998c7998b1a34f2fe37bc83ba3d55e917940424832010efc92428a6dcc9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52787d813033c05f8ecd660a67e44867b
SHA161e0b22109fd3f1e61c691488179301ca35498a1
SHA2561d6e8874759005902516409a53d88c3e3c7aa31fdd2163f6ff40dc7cd949f4ee
SHA51289281ef3b06304ded0aaacdb903df399b72393d6ebe9077129cc8f7c77aa554ff3beb99c230dae719df2a02337845425301f4680c2aad71366c1e6beea711c76
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a465b10987f3e2c73fc4d71dbfb394d0
SHA12df1a8ac807eeb15a903ff6cd807be300a201a07
SHA256f00e43a5e07aea2bbe87c49b53e43d95c0cacc426f96d2a2b3ceb389e14d0ff2
SHA5128769b9c49b96b0f6e92e7219fb0f78bd06587a932e611f4718d7bf49c699c0d980c972406d9bd72d3ed305b90dc56cfe6d457924c2108d8a7982ae0bdbb2c705
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD597dd5b9fa408cee60efadafde02daba0
SHA1cf9abd27d4fd66a093bb905f6f96a18272168fbc
SHA256bb93449a67a8a5c3781705cc01f15a3ae9f4dd021bd08136fb9b682bc6fde6cd
SHA5122d8e408234886657936c5a38daf0cf884309f03ef978b846bce2cc2e0a7ea4ea3bcebcab7f5e7f860e6abe02584b4bc06369bb259eddf259928d1a47c9d61420
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51ab853a8eff7105e4933bc64bc968d4a
SHA1dbbad3c39273d3a9cc708d41d04ae0ee8152995a
SHA25664b74e24462460d671018481970553d686b5125a920e107b97329dbe27cb32dd
SHA512abed72d6b2faff9f831dc2bdab181eddbc1ea3187b6e9daf820c35970cd37ab755699c1327fe08d48853b784f808bac8e48d7259623ca53d98698537bf86f40a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5735f9c2c8098e997fe923eee9f807790
SHA12bfbbcacc2e6def17796964a2af7d6c562fafbe6
SHA256abec1d868143304c8e1da6d043a5efb126ac3460b019c8598ba75e2a2cd7721f
SHA5124c80966d8ce5ea088d3102fefa058ffca48cadf6757e48eae1f67895093b0ff862e9acce4475bc26485b56c27d4d2837345187cdd0a0a9f1c17120263eed1cf4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c521f2074ec3f48df11b0d15bc21d27a
SHA1b150dd9d72dd92cb42169ae5e8f832832bfa8625
SHA256e7a9ffc26f7ce78353252805314fee7596d31900842bae313aa245d106ae30ab
SHA5129b4f836a01ce1d7bbd6c6fcbb137e52c7061a7dd27a31ed0d29b4de973590a857e075a98da4d14192839ba2e8da33d60edfd310335967ead54abc94023452d05
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52b613a1ae11c7c08786128d51688c26d
SHA19cd6fe598e4ee7647477728b07add088939bd059
SHA25692d8b12c62e21868c86eae9695499ebf51159d3f4942c03651c071ea37c2917a
SHA51298da68b9583cc47e6e0ff69f5549cf3d50a193235843ca3a309be36e3c4eb15431e05386c93c9bc5af5d9dd4043634ed5cdb25bcb565b197725307be5a5709e4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c1fe86f11f903a4b2f58ff24c7b2df6f
SHA1cd2b89cbd892d277c4ca576350310c12a305f417
SHA2568f98741aa14ffbd95e64196d79c7f4ecee39e15e88dcd63b2d100610bfc2cd4d
SHA512f596a68100b7840b04566311aea3554635f45d84e1d688e2c187c4f4db22fe43203cd7cfd0f5ee680e2eebc78a32ac737ceefb9c22190e22285223de2d305f3e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD540a3c93bafc092449aea73b21eae8461
SHA148a0034439d3b2c070efca9ea10dd9631c98d754
SHA256e55c037649341bcfe6c053bbfb9b34347aacb4f0171f0c4b3655d82e97227ca3
SHA51293055eedd6d1db8961cb37506a1fd8ad1f73f80c4986d69849fafd2e5d1d8e53bc8b4d1dcf1654c4fde417e160a00c063d1038740d73c271621d5f389326ef27
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d2b424cd6f3f337244de9c995016e6b4
SHA1e6383e7975f053caba8a544f4619a8f50e64b63c
SHA256dd0bf21d86d74b9d50f7e5f86a9ef8e992a34f0058aa52055dfe5cc0712e505a
SHA512a9e37b789e84f6c8a671c62c3685b4a54e3a77dedd6cb99e9de4903a2ddf0ab8d22e275124e94784e301f65f309e7a1f0fb33dfb7876e29d9dd2d80854d4961f
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b