Analysis
-
max time kernel
118s -
max time network
135s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 08:49
Static task
static1
Behavioral task
behavioral1
Sample
912d6382eabcd6ad9db6524ad8e7a6a3_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
912d6382eabcd6ad9db6524ad8e7a6a3_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
912d6382eabcd6ad9db6524ad8e7a6a3_JaffaCakes118.html
-
Size
43KB
-
MD5
912d6382eabcd6ad9db6524ad8e7a6a3
-
SHA1
bff8fd987efcc7a355d3f68ed8f933e18b9dfbdb
-
SHA256
f275b243eff3964ee66a0c3e8735cf83ff6d205fb8e0ce0d77b833e03af72359
-
SHA512
873f33b6af78a971df3286cad2b57d70bfacbdf4a9e49c768b179bc682bfc6bedc19265422c6817f6b0f31a058213386c919753a474e61919c85ec654e3a683c
-
SSDEEP
768:SNyDxbbqkFO4N1COgNzSKGWsmhU0fScFd6I6vnq:SNYBbqO71Yr6I6vnq
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423566436" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80439a1d93b5da01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2F1C7881-2186-11EF-9C59-EAAAC4CFEF2E} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a574d9e83c82324a95400a6e8cb7e66b00000000020000000000106600000001000020000000e4196b7fd5687d1f96d8df5e897c9a88cfce741e322d270537cdb799ada94aa4000000000e800000000200002000000048376e7ca44c94687583264f9dccbfc4f570df32f79b14d7842029ce1626aabd9000000005c15c60df3f33b90b6ce9246eb625426bb6575429ccd2600934604ed810edb878f94138505d7d165419889b078d4d044ca8641c6e26230b903b7916cde259b0fd551cce985f5d1e1cc6cee719a1898f8344573f02dec0e87720d6f39b13b7f698821bb7d3785ca80e5bef5bdc9f44367a95df925b25f05b2eaf38e249eb4e648344e796587c134ffca5d7a78d9e0c0440000000bd0d6030f130ff321d9ad2c66cb3551eb78d21277a51c8fd622ed5b76ecfcfb2845512e7f12b93cd5c3483d35048bd45c3e826cc2306d18e6db9bb827cea2d49 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a574d9e83c82324a95400a6e8cb7e66b00000000020000000000106600000001000020000000f23f2526b8109d026a703923aaacd97286eb236df7ee88b3bcaf3baa92ee452b000000000e80000000020000200000006ed840d5365371d0ffaa277cdc84f6f57280745e5f7fc905659ed90e024f3e6c20000000ee4303d52eed4e939ae336e5047a63daffd942a6cfe659f6dbbf1c4d52c8cfea400000004ccb94aed07103c30cb38c318716d7b1d3d5424395d563f69587d2eaee0e2091a1276a19c047cd1ce8e23f8268418ee077f78f4e95af9db73488d0bc34e071b5 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1136 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1136 iexplore.exe 1136 iexplore.exe 2256 IEXPLORE.EXE 2256 IEXPLORE.EXE 2256 IEXPLORE.EXE 2256 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1136 wrote to memory of 2256 1136 iexplore.exe 28 PID 1136 wrote to memory of 2256 1136 iexplore.exe 28 PID 1136 wrote to memory of 2256 1136 iexplore.exe 28 PID 1136 wrote to memory of 2256 1136 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\912d6382eabcd6ad9db6524ad8e7a6a3_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1136 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1136 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2256
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56253eb1754386bd591155d32b31bf3c1
SHA19b894b637caef8b5732e43959a9802feac41d4c3
SHA2561e391ec8d6c316bb338e3923e5e0d626155d328984fbb4e03e28fbdef4bf3627
SHA51208a2bfccef16174fcd90e4cb17a38906f387c713ab4dc5b587289c0856cd8b51ec4e89b570a0c9abcbaec585e657868e202337bfbbc26da92352b5cf22147342
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59e7d95401a25e5a0790f120679cda9cd
SHA1a1e535f1c00260d77e416fc163846c86d591d41c
SHA2564666597a2c4978c2ed35b3e8c2d05f96940aff02ac16f3d5e165e0b8d30317de
SHA512e6a27ea0ad62a175b68e7ac14e5055e666d8a7db13a357daffc1f9c0e6c06a1e2b70cc215e972919e6ce8437450d180f2afe0df047fef1d5a6ebbef7785a9021
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58d27d08135b15ab4582debc4280de69b
SHA15643a2bd86d1b6edc37b97ee4025fd4d45d6d4f6
SHA2568adec7327c6e47970765bf8ccacaca5b5dfc6e83de8e76192f718fa1cd3aafe7
SHA51283499eaaa3c5f0b5c164cff1da29f32681b8ceb78ea6dab00856dd71b525ed2d5589a62c3bdff2cd851703a0c68665753cc9ebfe9ed4d6355075b4982941b464
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5496403d5671b4b97d3a1779d7de9c41c
SHA1ed02ea14ac885fd5ddd1768e09871a7ecd7bb04e
SHA256fe346bdfcc14024f87e903890e4fd463f8502e1d9fbd3b094e4cb57ee7151be1
SHA512be504cad9d92b98f778fb54aa87ea26a5770a3b76e90d27fd3f3b734db5fe08448e414668b5c81c98e1ad7efd2070797735eeb872335bd13ee100e4f8c7fb799
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f5c267d05f9f4c7b29cb67ff5157694c
SHA1f625e691d48c68eeefbb8ede5b4f93096a6ea17c
SHA2562bbf4af1d34e414b682c3d09997c2537324fa9be6441235262e0ff747794a719
SHA512371d377e6a318183a50a395ee0d1f934576e7640934963cd9b45d77dee739fa3f209390aacef0134a2897d634db9eb035d983ea213a3d93363f252ee3a075354
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD505150960b0e6d4c3a4e1f323f3a2da60
SHA10a26f901a8dbf28158f7c2f6b7dd68d644c889bd
SHA25602f6fcd21e11e6cdbcd89ac9bef6460032435696a3bb19aa967765de34e3d701
SHA5123270fdbe33dbf23e3f0c4c52c8b7d74f7e3443fa661dedf7c7ad81b905c214a463678ce7187e2ef70858ad3c2a5b0d82145b34632f623ee3bf1a923585cd17f4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a181e36d101ac7fc609c1f416f74eb72
SHA1222c224941991102351536f288bb70cae33913bc
SHA256a4465cf58b17bc0ca077c193c83fce1f780e8bafb6a51dd40901a1f5fc9f4c70
SHA512670f361eea67a4ca294d864379bd0bc34d085c5c446dac04d9bd063fa19f7722ed30a89ba3ded0a244db78bd90708eccde6ce029f690cfa8d197aed4d5124774
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b0c3d21d80b79e0c542866c7809b2506
SHA18866db3e38601d002bdb52b18117a2b052b7b08b
SHA25685623fcd75727cfdf0657d8902ae5380a8f5eeb9897aa8cdb4dde63954e56e6f
SHA512bcebd557f6d5ff6c48b20eda9f8cc524ecf55300d00e7dc7a32fbd965f41f379257ec14dcff3001fcfc51ff8684b2ad492c7919ef38ac0d7bd26e53f3874be61
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD598faa56546ab866f92492122d0f4d12d
SHA176f80ccd213ade41b1369757155d5cc2cb1dc8d1
SHA256a3d1d62761a67363f35165101a3039e4a4921ba81f0449efed6c195c6ed2fb85
SHA512eeb380b9900de714bc74a0fabee23cb80d417e441fdf047c0d5829347943bdbe53c9be6c347eb8dc848d53eb8881592d7d2b845dbd2ad39e372b306041aec1d9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD577a9dd6d65d5a6a3bbdddc9b76512531
SHA1618be3b8609ba6e5e4058d774ebd4fd96627ff48
SHA256eeba085c962afdcab958a1890a13849b836c20c6006fa16dd2ca6d32000b45f8
SHA5122129038f3cbf60196185570f627c0ad066ed6f09a1cd0cc2af3897d2c1bbc990badd6fa2d2249bb37b428d0189ab54ba96885439b3067fc20fc0572e87a917d7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5028dc9817ea3994be35f476c66c2fdff
SHA14b26470926299aa90125406c5cfe43f900f5cced
SHA25680daa27ba2ff19fbef19219aee7abf2cff5a3d0d44bf153f5e54e6c3fc31558d
SHA512eb54b12333cadb0401110bffc445286fe2232372a5fabef621c650c33678cfe02202feb9db0f87f4f57cac6a986214781b371802564396ad6d5b62224240f7e4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5212fa94e93d472e99e630b9a1c540ba6
SHA12d7e71c0d7c760c4b8a170355c6e76e5d534ea06
SHA25656107526b074216bd9a558a4bea3955805937d59cc79acdd97e963bd6d214aea
SHA51203f172a4225e463e59db9b040af0d4b2ebffac94943d1943dc490f937be10bd15565ac11d6ee212930359dc9d884e68c0c840c13708baed41b387f7bd6d2e564
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53475a2a0b20510a5091e7d9e1c095ff0
SHA1193d6bc2b7ae2971219b7137019270c449981928
SHA256e77a72b87329fb4fefdcbf59b5ae9095fcb5dee2c35fc9c8c965c28f32ab02c5
SHA5125cea30e813928db728e217aed93f79c2e117617c4f13c31ea7c6b5e8e3d20a958fc70a0b041f83c71b6f0d5c555ae1e417c131b0b58c064a7726bb264fae4366
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51a95b707a9b3fd34df6d8984a277d93d
SHA1d3f7e2e144ea8fc1f1cb099476a3f9d1ec418918
SHA256717981830752feb2a61f332f889a69ee7226408a88c6f0c465fbd461e5a0e6f0
SHA5120e92f938bc7e0287ffb6795d8d9433b3a3d67e4aad5cd89b82bcbacccad5c71aa654e92405b85ea7186e21f0a596960c77e48d9c001b62716bdd15d8a392261d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ea2397bb6cbe4909aa2e762d996cc426
SHA189c7eb10c292d287b7c62afb8864ed440237ef98
SHA256cf855776c7aa5c720c4c49b236df47eea9ff3de6cebf7bc85b58b8867ebfd836
SHA512f3ef2f6491db421d817fc57d396e284715bf2cff27588aa7ce85a0cd3a644abda6ce944abbd1055ba2fd512bcbd1b1344ea68cfb4250a338eb35726cc050615f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD589135e67193877bde30e029822b1b489
SHA11766bd591b5965eca46ebc807cfa5436d1a9cf34
SHA256dc8fd97277abe3ccc6a3139910af5e8bd10763cc51ff6070a558420234641975
SHA512110da23470833800e8acfd5e26f6fa1edd987a6c8773d03eb57dbea4c1fbf92bfbb5a46a0033c151381aeeac359a62e026069238c0ece9cb8ec1c3d72d7aee36
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD519c1c8e56f61cf08bd0ca16da60818ab
SHA1884c595d546f469f0346602a6bf02a0d2fb8c901
SHA25601e460d83b8749727dd7a771e0ceaa38249351bb6c774f581d393edb5ac589a3
SHA512f82f5a5e7184e29a5f86d189ef012c5d0342c5fd25a173957578199f6cb33a3c111f5e6c9d245121a5b79c44d829839f2021bb97d553106209b0747e8a71351b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5445673f745b0b67212ddea01ba10f1b6
SHA153910efceaa930823495f2fc539f7e4229d13f0a
SHA256655583d605f47bc1d5382a4bf87538350f6f0f691408012f13de584c2093e26e
SHA512659aa8afbec25091a5291f94907b8997ab7ac6dd916ac84fe478bdafc5596ddb251011f8a73438415087c257354694bbed6bbf1eda74bdf8f9f3c531ef843433
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b