Analysis
-
max time kernel
118s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 08:05
Static task
static1
Behavioral task
behavioral1
Sample
910dc6d76801cf27fb6f7cb537736260_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
910dc6d76801cf27fb6f7cb537736260_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
910dc6d76801cf27fb6f7cb537736260_JaffaCakes118.html
-
Size
65KB
-
MD5
910dc6d76801cf27fb6f7cb537736260
-
SHA1
40f505d7033b989ff1f62dc18df4315c1932dc2b
-
SHA256
b8546bf491dbbd369e32cf24859de7adc412720add1bda9cc02fcdb50bea7adb
-
SHA512
8126dd141570c7595f6b80f6e20b635bfce7a35953dbc4b9cbd24ed95ca5cd408b24ab46b85026456c8a7b4e0ce90a38cbd0dc9ac2eaca882470e2b9b239d0db
-
SSDEEP
1536:ZbHJusMFV9od89d8id8kX8ud89DuvNO4lnY79x:7avNOiG
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423563822" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d10000000002000000000010660000000100002000000046e5e1a0651e3cdb147d12df47e5b1ca203cc386e00aae6a8954f83f388771cd000000000e800000000200002000000034e576d1699ab254af1d6194e3ceafc7314f7d57da7612d9750352129033e55d20000000c0c0cd59ff54ddd966b0f05824f820e869f2c9403ea9b84a812564761479d1d0400000007f8c11b755fe12db932258fab41c304a99e9db2da2de2132bfd75cf5fe2c201acd65debcae30204d874eb2d7163af1fb1540072059eb0244ece92de8a74e94dc iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d10000000002000000000010660000000100002000000083f7bc2443967357a0b5006fbd2326620c5607a517a24c2a07ec4e55be0b9125000000000e80000000020000200000003b7c9576ab15a470315c0f3654aefb71e0fffb6150b09fd75624f12b0bcaa3959000000008a90206feb3950538a67b324171e998d1abd77deafdfb642de847c37aacffae2a36d5a3876210bb6063defc0290b81c9e76e0a0d8730065212fa4303e5a49ff06607caa549a75b8a9491871bb3c1f916f0f1f33016842d82417637b7e159bf770d92a7b469355e2ec2921480dd869a91c801852df3b88abe2a5ba2417f283d4ebdd27b0385cb0752e0c4098b2e3e6154000000057e0612894a8d8de3382f6f8e3e8e974acf594f755ef9f670bc550c56a085f16c99c87ba6772579d8634df9bab81607889c4aeaa46968ca76e9c8880e44c8f67 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60d887ee8cb5da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{19C0FFC1-2180-11EF-B781-461900256DFE} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3020 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 3020 iexplore.exe 3020 iexplore.exe 2244 IEXPLORE.EXE 2244 IEXPLORE.EXE 2244 IEXPLORE.EXE 2244 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3020 wrote to memory of 2244 3020 iexplore.exe 28 PID 3020 wrote to memory of 2244 3020 iexplore.exe 28 PID 3020 wrote to memory of 2244 3020 iexplore.exe 28 PID 3020 wrote to memory of 2244 3020 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\910dc6d76801cf27fb6f7cb537736260_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3020 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3020 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2244
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54179909bdac5cdd8adfb952a3262602e
SHA124ccbb02e8cf15f91496594b54c438e193c9a687
SHA25674c3486d201fc7be80bbf23e26a7e121af830c76bc9360665720db6df9009b09
SHA51285b712f16eaa46218ebb9adc18d49e4e13edfa1342024036ec1be430dfd602e2346ed7abd5f6d8707b0f503d50b6478879edcdd50f0c27aa6d45f8c1f13e3816
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56343a6de4d49c9095764bf66c2652ddd
SHA1d5d9cbcf49eef54c32dee6633f5a5d21f9769720
SHA2566a3c270fbf03b558a22b545108f986c9a84d6ccd0bb2b8b501c9a8601fb9d4ff
SHA51291ab51f5960f7eb7e2779ce1b5f7cebfac71326199fdd8990609c6bf8cb30daec301b7dafc3878060c1d1919ffe5d2d629e5605cc49780cd9ff0f8ff2ca0efa6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5957936d2774f6677719bd63d87338737
SHA183adb263ccb0a3869ce394c5b156830d55947c28
SHA256d8808b61c341d1c51588a72033f88a084ac159d1ffbd58c697286dca405a29d2
SHA5128db0dc953c2de86043c49b6840a2f218f2e363d9f49bc474fae3446b0fe32f9a0e5fa37f7224d3a84ca734ac9e90d0de0d5ab4f6948e43671d4931e6387985c9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59ddd8b82f96d0f34eb9eeca01311a1af
SHA1de4679526fa98322f7b772589b1fbbe0c21a53b2
SHA25655151583922fd68b7a7463171a793408e7fe1a757406749a9442333587006d6d
SHA5122bd43c9a854d698f711ff1dcbf5335a99bf548d929cff848f03b450fa05efae3254cf93adf757ddb02248b7e90028dff02d820ccd8416d0fa661e6cb0da6b79e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bd433a4ebb7563d058e3ba13fd07c765
SHA1df989ad3b85920c93a96f19cc8a374847d820049
SHA256008faf7baa72e12b396cdaf7ba9b251a17fece7fbe68140071adc4f8a05a7d38
SHA512f682dc28ecdb4ac39b66c309e607fe87ea0abb46fec313773941258b4d7c5b0bae27dd376551b673f3b6c338e16cae95eafddacd9637d725af0aa719605607b4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51fcae42792d712526665996a04f6913f
SHA16e4998d307b8912695d27ef3074eda292428ab00
SHA2569ffe9c618a68383b7af5ba0681d3a4a15a0e09fc38a3e70dbbaac0e3096953ce
SHA512345321ccaec79de0d08d85a937d99e252a537e64ee96d268ea1b1532690b62414bea1584be51e4a055d635e0471635238a78c98426552d6c5357027a94b2675b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54bc25b2dfaec91097ea7ac2fd275974d
SHA1b9ba7c10abd3fecb73d11331dcb0e0db43948f16
SHA2566a8704d4051e63067cd3921d0542e5587b67dc28569c370e84ca57fd2ffb5d48
SHA512b7eb70191fb9f45e05003f8a4ae08babe5cf50961b252f521dfc369db8b240a2a4a576a583ac87722d732833a2b32e06eb293a71be1440a31572ab84243dd85b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59b3b5c173ecdd931e6b17677ebf28858
SHA1f69e3505c0591d6ad3697cbe0451ebd64fd573aa
SHA25634a19e08cab96c2a37cece602f4222bc4d01d995c179c3e3f750d50bc21eec78
SHA51285b4f24abe8ff6f9b81eda94381b8e13406e166b54cb4d0d4c1ead8bdd2e751ba04dfe440ae3ea8d8498b2a080bb4e9ae07b7e2ba26af09e53ab058cc0b792c2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54f8bebb2cc79351b7fe3eae8fd52e273
SHA152ed486bfa3fda3c08ff879e84aabb253f4b9404
SHA256d6c3a4a203a3b03e729d9e979cc9ab994288604556a9a48737a72d7a240adc14
SHA512a661f694f3922d3d47a2cca97da0bf8dd63fa8cc2f5c644aeb4ff5bb6ac0ca3836131ffb9c7d2ad3f32890cc8f81d7c2c047d33fa828f98a01e0e6f3de9c4aed
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e3574ae8d1ee6cbe42d30668b98cc0eb
SHA1b0d1e93cbaaf8575856391212f727aa65fb3ae7d
SHA256fa707a10cb9a19dfbca9b0cc533e73296b80a910ad60e7d65554d38a9a82e5af
SHA5120cdc64a9ab872e6d175a17dbc38b9ac33fe929f13599974ba20928f4157c53c0cbcbc55a78ca2ea43e9a4b8e923260257284180cfa04f17833a0192b2e2f044c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD542d928ccb37cf00d4905d39d8ef1caa7
SHA1483a7787f942a95295c0d25a87276db7b7477f19
SHA256103ac2e535fa94a1bcbab0ab4a53d95be003dfff60ecf1a3ab09d7ff9148787a
SHA5124fdc5febf409226f2fbe14be14544e4dc7dd0e1143251014e090393b1626fb4c6ff729819445ebd5dd4d3efd53bcfd1582e886f4d7f6c1d9f389af0428fc56b4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5793e8a2717e496429c859b4a0dbbcdbc
SHA14273802d2b215aebbadd76bdc6b7374964392e23
SHA256958b940ade200ec164faebb8b4f06b5324aa967e40f0d051123c0165b8d61b70
SHA512ccf3f36196600cf32f27285e3176a971bfdb5536d40043e41033453558b9dd10e7fc1032eec7081bb960e1fa4628a9f8641d35035f9933ebb4cc874cf2d1effc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD573c51329997fc750d1cc8d353b70bdb1
SHA12496ff086d79e5dd3249f916a18e015a495ba48b
SHA256c248482064a0d76b51316ad97ad535b34ece01a65af3f0e76bacc35c85fe6261
SHA51270081abe08bbb59b7e34114440748ff397c3e2a3a12d4e9b536c7366373e734b487000e51d4753991a113d71e986893745e2646f9c7acea128bb2b4f91876a4d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c2eb6422c33f962d80e64990cd3781a6
SHA19f70f7f8a1c0eac67a32a2c0a43b3a02a338f46d
SHA2561a9440b8cd3a19aaf9fcd7e29d729585acae2bde17d746e658de07fed295dd81
SHA512d400a285dccb81bef84c44e975b275eddfbdc691a918953b25ba5dd06f97aac61768074f4a9c6eb2edabe246e15b133ecc5c3843fb507a0edea1d309360e3615
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f6085fbfe1f78d761b8517ba2031b52e
SHA1a8c0dd8c4202be1e56b85b30b026ceb7c601dca5
SHA256d22729f3cd251ccdbeac07f4dcf66d7453ce4fa9c90391705619e0cf1d1c2c32
SHA5124d48f35cacc5868ead9e01faf5a21070d231ac040eb949e0b8fd841b23e1b8b9e6fe2c9c57c74106f752076d8ae168116c1a1f03f446b9eb65879506049330ab
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d7719f091dcd3858c70da0f216927615
SHA12e999144887b2acc495a2a224956d19aeeced7ee
SHA256132f29a0abd9465d0fd8f4263e3d3119a80c42a63657d502fa3048504437a677
SHA512186c2a93ba03a7f349300dd9851706ef95b04338a8fdfbcc09a7a80bed4c4b2a295c3209adbecc81d220916bc1d775c5cfbdac00283859a7df752f794996a55c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58ffd7120ba65e4ab4fd63b9b2f1ce03c
SHA15549b5fd905ddc0739b7f237477190e606c975f1
SHA2561dd0625a2ab3590c0a1fc18a755863c89b57ebb101e80c161ddc038c24fc638a
SHA51252302600ea084848e02b95af5c8b15e80a1b98e7c617d1faee2bf4ed6c757eb28560b5fad6620d8e8ccf053985be28c3584a213748ed2ed26224c496d176ca82
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD536d000840d294c53e9f57edd3071b171
SHA1056af51dca6899fdd0ea985f45a3164f646a425f
SHA256bd9bada8590c870e0d00e634406aca66d9973f7fe88d9ad91f4a860947740be5
SHA512c717d3da18b56d54a0ede5a0cfa7a99a2b2d4475a81630940fae86e5140fc141617ad4316f7567cd9c6becb2c02e703cf8a49b634e42fa195294f6e996ff3bed
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b