Analysis
-
max time kernel
134s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 08:50
Static task
static1
Behavioral task
behavioral1
Sample
912e9c144cefc40df8002a863a8ea237_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
912e9c144cefc40df8002a863a8ea237_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
912e9c144cefc40df8002a863a8ea237_JaffaCakes118.html
-
Size
17KB
-
MD5
912e9c144cefc40df8002a863a8ea237
-
SHA1
400664cfd1ac982cff14e815027f6d01a4eeeb10
-
SHA256
20479ed47a62399e5992e8866deb7f7a8400d453a078bee39a9f9be00962516d
-
SHA512
b730b57856740d606767a100df1b6c684e5a123873bc9e4b2a117f2c210971aa9a11f0f19035f6a41126b49082a2a6b0af944f589bd139af3a3c87120f8136d8
-
SSDEEP
384:xvyO6P5gsb8ySXEkCp9li5aOZ4f+JhCrSXS27QLKo:xvyh5gsb8ySXEkCrli5aOZ4JCk
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d00c6f3993b5da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d10000000002000000000010660000000100002000000049ce2ebb7bfa259d434c5d90a28b105595dcac80eeffec8d670fa5a04b95e6a7000000000e8000000002000020000000f2007c54aaf3aa4495c42fc92017622c1fdacf02f77a91b2e48bf396ad97346f200000009392578ef004b9c63cf393f28ff23e252ec88dd55ae9432c37a6fd9d4308566d400000007d0732b7e13da148336263107e16333294049edd547337f20562cf71e846a85ec58b5775cb12a73092caeee79b327e89528b3a3b67b098973257fe0e96b1ff54 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000004a5d318765f329c70c9320e0b0bef3f1446f20c64bc7a7371c794089da87ee3d000000000e80000000020000200000001765b42c098b4d2aa18482ebe49ef0d921e470ee03a999fa884e79d229e43310900000002ad9d40e1c8137722ab79a553e1f8d588f9dc224ca9f82289e3ce3b120f44746d3a1e6dd216d3c0bdf432c77bdcb892998a84ee0b462222e82408931ba7a2879e0c0cd7553f9a3ab58fbf190c64dbc4ddbaa8427ab6e5827e4d8b54e53d59e383f0ffbe9007e951632f277832274ea3867617e1d1f002ef43bf87d0fc03182ab4b20a7c8a189f5442ab33a1a808ff3e34000000062ab153d2146d5d3d98ecbb1349f74017d05dc00daf892525f819642167c2dd6ea0331fe058fa935856f0bd54d0e133937ca5aeb7c2988ab91b0893cfe556c8f iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423566526" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{64E10EE1-2186-11EF-9BF3-52E878ACFAD8} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1044 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1044 iexplore.exe 1044 iexplore.exe 2728 IEXPLORE.EXE 2728 IEXPLORE.EXE 2728 IEXPLORE.EXE 2728 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1044 wrote to memory of 2728 1044 iexplore.exe 28 PID 1044 wrote to memory of 2728 1044 iexplore.exe 28 PID 1044 wrote to memory of 2728 1044 iexplore.exe 28 PID 1044 wrote to memory of 2728 1044 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\912e9c144cefc40df8002a863a8ea237_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1044 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1044 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2728
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5147c1d4bf261e93091483c58d1388e62
SHA1630d8f32e86e0954fee31caf15d407feddcd4d16
SHA256410cc7c47036cfeffafd74541b4fde6c748dd7334f2974c0340cbcf987680ede
SHA512a60ee9c731961b6d6c5ea53fcc61d8c70f1c423bfc02eac3a281ece422767063262b96348db2eb8318f3ecf695e1e216bd08915fb8819834fb67010eccf0c6b5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d266cbca8325b89327d543a60a0ebf1d
SHA1bc9875510e57eb192374d573f33fa230dd860786
SHA2569d49fdd17b0af4db27665dfedc3f1ff20e0921f507d3545f11dc9b4de358ba13
SHA512215c9697462e60830c5d6f85d384867dacba3edf3f738d743188aec6c01e46f4ac02d9ed2a3c53dee5ead85dbf774569d2d797b9c72849c1e95404bf08563570
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD500cf10c4cd92b561286738fabda43a15
SHA1bf2018c04c4f5e0a4046e3e6c8f44b81e461c45c
SHA256f05ef06ad84f7deee4fabdbeba40d25437947222b10417131e83c15179ed3a9f
SHA512ed20096a27200cfd3d61d9a120046f4b119d552e7afd7b933c4b0b9c898c2df31e3fe5f8b3969e1500198aad850e71b4620a893674a5891bcee56c898fa5a513
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d1d472526627bea444ca1cdf1e3421b3
SHA1d8f0b4ad95b18b67afb142a96e3e145997945a02
SHA256dacab8e7d6f954c99e16ea845a2292d6d08f63927c453dc5171e19ffd7bcbadb
SHA5129bae24a1508b3231300d3528a0218ab24bf5a8ebf297cbc77ed210b735aa769f35073b6b6fdea4429a0c98ad844b27c7b64191cc00d3f4cb83be98299be4d9cb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cc8bf1c9f3cecfacf3d45d91e6f044e1
SHA1e3182c10fc9b63943247c6e4ef1e151f2ea6d5f9
SHA256114aacddc9a936d22310b638f3ab947c1862a3127356a1e6bc33c82d3cf71878
SHA5126443a841949f31629c290efcac91f8e921266f3b2bf868d53c68c76389a540c2bf9ecf9d6b0a87e2cd03261d7ee9cb0e2c35d8ef9910b3e22e659cc083d75baa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55266d3c908a72ee19c82a65d3b3663df
SHA1e9e6eb0a42dc211a956c34f11ece837ca678de66
SHA25600a3081b26cbf97350c4522dc106953d61ef5ef7a6a494ac0876d3001c8ea9be
SHA512c2aeae1eb6c2441c77e760f8db124e4b0557e47560a35c4e8bad6acce29af9b61f72cdf0eafabc98e7682faa091c6da681b25703fce11dec6ccd2a56b0d6c483
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD510a4ccd43a4f119807d1971fa38639a8
SHA1962e971ff6c5f1ec79820b50015b7ef67a9031a7
SHA256a64873f4065ecc5ea360eeacbc3267546d1f65e089e9bac75d5234cfb0c57ac0
SHA51274f8495eeffc8a04fb297996cbfa4bfcc03bc2c260aad703b2b316e3b1468ba2bf20b7f0242b17de8595eb26561ce16fecbe1c26e68e8be24230215dcfde171b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59a655002acee7ecb6ca5664a422429a5
SHA1ef77811db8e47373b948aa360831e63ecfa19820
SHA2568f88959efdaf1a356489128940ceb99824d42c6c6b99ef3b50e28e61050a75c5
SHA51257517b353a9994e24f15c5542070dfcab611ce129e143321c7edd2e816345bb477606966c54f389b907c6c977e1bfe0974726754be233ece9fb3b28d97ce6150
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f0031bfb9aa98590b284bfb804c9f1cf
SHA146ced847a097db5d79b4327ac87317ff56d70b22
SHA2561fedbefedadb84e4e0e13827aac4e6b9602e0f2c512fd325b7e07f2b39f49dd4
SHA512823032e9006f5e94ef2c11a6b265ae89bc1bf7faf1c954fce096994efe56ecd2840b1e7b69cbe8baac9e00362c52fc0112ae3896bf1f986b3b8dc67e1aaa18ca
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD544d149c48153add3dd5b4472c4371257
SHA1b0f94ad71ef3259e1f29299e04fef75227b58ef6
SHA2569ac7ee568835eea76b5813e4251eba4d3f48ffee354aa93c75de07980c97e61c
SHA51210925ddac1df546204ac393a94671ec95e3df3f51eb373a755c53e67a724942171a7a21ff2c9c4296deb09bbf9e8630415021ebe7addb1a629d16d2f1a4fe92d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5421f2a6c3b6066f5525a9f7d3569ad04
SHA1d5a6a387b81127e2b60f312fb1fc0f2a901f445a
SHA256fd2e7fa263dbfa35a3af62f2855974d0d8ae35030e3da59d9c60f6524b5a80ae
SHA512a942afd77146629921e9aad06477ab4d42699e30753ef94423c3d84a0ab77fcbd161dbcc42d064100b9c883d1a362a04eb0b8299b3e6d8cb4f93c95f22d515de
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59d366c95ea25dbc4f773bd680647a3bb
SHA1c6fc31220217c9754f3a2e5e3678e345b59bfdbd
SHA2568ef72dad92811fb8420980ac58f2b0d6481feb820091bae800453ab4d0bea3a7
SHA512fb3f603c795e7825abee1ff18a1a829922ec687059cbbed5bc76007096657d708e888cdb499565a32ab4a1c9fe68a30a3951f563e84e4a7211e7619f9b366293
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54c454ffc0c821356c2f96199b641f848
SHA148cdc0e59948d6526a87890193041241c8bc9a06
SHA256bc587ea1f9e9cd6c8a4e60f9231394fb3c92680a3d5542ad4b34fc4eef1a0a90
SHA512a643f53ea83b84304fb281a8c4848360bd4c13626897cbd4ffd1947a93dbfa9d3575d03941ed681c325d1ed1ed060aa58db2bb2a5950d5ac959e0014bc10c221
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD538566372a49d44088129185863194882
SHA1341759b96ea8532747090f5f8b4bdbbce139c5fe
SHA256e74735f96bb8fc22195f7539daf89b1280d87debe63506e8c897f190478c6333
SHA512fff8cf755f5a761498b199ecddcdb1ae491d738e0402591656acbc5c3049ff421e8e96317bf8a921914410f7ec79886dcee37f35260377b4dd54a9d7a46bcac2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5de12ee4a59eb968432b1499e025094f8
SHA15ad2e931a16a5f73c67ff37fcc0c6f4bc3685c61
SHA2569556164ad44aae1bca316b33d1bc77d55475c9cac6abcb2dae6daaafb15a0893
SHA5124f1cb922cdb2e019732ad2f913cfc837d93fa29c3777f70f28b287337907b06ac149513f6a5fc4e3fb90e1ddf3f43357173e6a297638658800669154579a13fd
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b