Analysis
-
max time kernel
136s -
max time network
140s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 08:50
Static task
static1
Behavioral task
behavioral1
Sample
912e48c31df36763637d73f52626528b_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
912e48c31df36763637d73f52626528b_JaffaCakes118.html
Resource
win10v2004-20240226-en
General
-
Target
912e48c31df36763637d73f52626528b_JaffaCakes118.html
-
Size
63KB
-
MD5
912e48c31df36763637d73f52626528b
-
SHA1
d7cbde95fe578eda87bdd0a714e4bfac371e582d
-
SHA256
4c40b7cd9b8eb9c91dce1b72d9aecc38d5ceebf2dc3c6565707bb32a1ea5c628
-
SHA512
8958314178f55d112ca9172f3f8c410699dfb2f98c3de8e8d2534bbd28ca650e00b8514709e7c3f47a13b3913ace175777150ecee798fcc2f401fc4036ed1c4c
-
SSDEEP
768:Ji5gcMiz3sI2PDDZf0glue9xuE0oTykyCZkoTnMdtbBnfBgN8/oi2c8QFVGys//b:JZxrvJTTFec0tbrgaMc7NndC
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000026ca9cd530a769408950b93016a2e9fd000000000200000000001066000000010000200000009c698457a11fa7a4bdc36ce4054d18cb16b2456ec85ff5eadf56196227b618e4000000000e80000000020000200000001d687db1ec4c1e17b04579af14a9b6feb8df62f9dfc80e228b1abee42f0b8e6290000000944a3624277a3b83be44fb1502a9697de6e1a9cd5734748e1c8d84f2db86a7f2a1648ce44aa3b62025e4ac890dbac14d19eadfeff7ee23fd60dc32937ba476bebf1af64725455f7bb7d644b2f93b7ab5203450b99a26e81fd0d142a941123a20d8de5ab49edda6cdb7c712f3821bbd8e050661f7836cce45e6049b5fa6a1150d636ae1c1f30302c11fdb5a9f624b5a7a4000000056d75b169f0d31fd53c8ba4534d1db7b6437ea6effdc879bf58817c3464e6b17c4a1bb920b41316cf9c890f38b4c94e0364eb6b7f6fc2c62433dc83cc9581d79 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20ee532893b5da01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423566497" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{539BA411-2186-11EF-92D3-66DD11CD6629} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000026ca9cd530a769408950b93016a2e9fd00000000020000000000106600000001000020000000c27fdc700ba266dc8fb81e5652d6aed66d1ceb1dcb275c628155ea3929aea24c000000000e80000000020000200000006d745d8abe437159678d6049fadd6a79144e13ece96201c2faeb1bc5d3e11c2a20000000cd9ff6185f9d27ef587c48223a62f6ba21ee40e2821f7584ce51e4a5d93f42b9400000000f6715d38c0d1214265d1888b8609cc3d1aa49a56673f26b250fe781384d093c00ab459b79463cc7643bbfdf0213ca2c922c46412509e4472fb5e1a1253a040b iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1420 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1420 iexplore.exe 1420 iexplore.exe 2916 IEXPLORE.EXE 2916 IEXPLORE.EXE 2916 IEXPLORE.EXE 2916 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1420 wrote to memory of 2916 1420 iexplore.exe 28 PID 1420 wrote to memory of 2916 1420 iexplore.exe 28 PID 1420 wrote to memory of 2916 1420 iexplore.exe 28 PID 1420 wrote to memory of 2916 1420 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\912e48c31df36763637d73f52626528b_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1420 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1420 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2916
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a585332d61f9046732cb1c108503b932
SHA1cd3f64e31bf4309b6b57c0e1d129f18d84f9b35e
SHA256d0af94b1a3d5b8ba5c90cfc700aefdc33413baf7f5bd694279a215c466451c61
SHA5126c861204279252837a0c7afc9756a76494aaccd10c19020778f7a36cc308bffe03e54178a1e4c8af5c0ad48a6b130ee5d284d92f071cf312b4f42bcc4f9f83e3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bb2efae17f5853146c460e9297b76128
SHA14b4823afb0909fd378c1c25c075ff2b419467bbc
SHA256b9e75b6d3010c62e89c81d8351c737ca16111c608058453432fe5f53d7e35fed
SHA5122c9921193fe631ce15b943662a18d7a15db81e3bbb1a0ac421012a23ddb4e5c48b9d3dee5a9f66441ee33db6935dedd2a9531ba312921038c4ef92cd344b6861
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d4ae04a443aba51b8b39f775d7a79451
SHA1cbee32a58fbd95ad3d7e1cff3cc8b2eae1028126
SHA25621e92147601f33b889b4cebf64e6048ef937f79b07c9d81e0ea9cac9a38d72e5
SHA51210f1e8218d7d770cfe6aa6afd9944d0553b79f1d20fc3f6174ac80a8bf27563bb55cd4449e2577972b9781a325557d0515a3d80e65a17f7f4c5556fc3ec06278
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f3bc940192cc341353c4c66fdb07156b
SHA18ed920b09b4a8056a9bd2031790acb0382db0fa8
SHA256d7ed1193055597cc219449b0a8cdd09216227b080accf4133c044a3057b1212d
SHA512e6ac95735f89d2148b25f48a9e73912b4becc7410966e01dd399e48b4dddb2c5e00b14e8c7dd14eb89b471c3ab11d72a1a7c30415386b08ed1d6016c09feb331
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD544be46a1066dc96c561b403ecd460232
SHA14af9b62290595da06b1eedb7fc907a498ad37c78
SHA256a1a220e965af924ceb1d2a26880a3eb9559e94c288dac8fce6c0ee2ac92114c2
SHA5120546495a843614393351a3cec05c8f58eb92e51421dd87c2b05c1faa49a70c28b09d54778031cefa4cdf3ca522f60def12d29b0ccb4270b38df7dce4ad89b936
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a052ba6b16b9d3da2677065d7069cffc
SHA184a031997542ef6ef07f6a4f424ecdb9a69ce555
SHA256fcafff6fcb89ed9ca792c18d707ac4ac511690f134f65e5c98147e7622b5a35b
SHA512a89482c40584b53d71fc65651a4ff82177dfc7f21d8de80ca3c0b50ab79a093c573c7db187a058c557320235d6769f7c2303458d5c99ec45e76e650f0cd12216
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57b38a1c366904d36a68120f9362b44d4
SHA14fa1ad93d4fe7be50932a755016a2b33e601f9c6
SHA256a15e0e988ceed659368f1ecb2d67d131494335657baa21e9ae8d048c44104205
SHA51243179dfeb17429227fdf21fc34aa5d2c1b9f543ed29efff87a62a6a048dd6aee68454056b9b284e4b8af46869ba60dcc06400760af49e507c0f3d47ac312c5f4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57706cb7272542729383c88e49a323f49
SHA1eb802fd3a540a4972083165e9f3d3fd97e9c60d9
SHA25641c30ab425b9552e59232b5844a47f0c6ff7ab0b267d0486ed9c94876455bb7d
SHA512e8a37a8ad8c7c983ed1a745d1c3c441a7ad71f55f934fc9cf25c0fa67368508d47349f486d24093b26af8752f25996ebaf3da2cbc78e5409f6479cd50ff6b34c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5da8d7467492ba7797426690bade37f89
SHA11d2896e97aa0dd3c7baf9fbc58514dcf5f00c057
SHA2561268f862bf3ca3bdabcc24f81f0cd7916c84c059a2aec2772f4f4036c0701593
SHA512fdebcc4059c0082be6fc9c482c63e6732883784b4004d3a979693f3b62083e20639575bffe7e5a9790014a2f54910ca658c4aafa66f91cac7667e157ed1627ae
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD551676739d4b7e2ea9ae52f573722e32e
SHA1e1fe8387886dea88fd39822481ac8792443a72c1
SHA25630acf56eff1f0274e10341896717481950f5f464db29d2dddd1bb6b567b92eb8
SHA512e37ce5d63f7527da9fdcae1007815aba6b0a1a81537e815fbc6f174f9a00e56bcbd44d6249646c445aab30b938df8a906c2ce895cecefd7b340b1ecee1a2ce04
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a2bbfc2cc59de19cb9cd14c179b2285a
SHA10bf461df40596440cec9a92e68be39c2e5ae0097
SHA256dcd203a8e2273f70adf632423cc89c0d83dd49c830bdc24999879509c79e2a78
SHA51273e6cd2dd645c2084172b7cee0899fffb9919aceddaadafbca8931d1ad4704b865fd9f15564541f30449f19aa92cedc4c1e4599ce0a94463ed953ce891e46e9f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5941d5fe368966dd43877771eef45a68a
SHA19abf369773f347ccd5c0a66524e42cf5f1b53f7d
SHA2569dc212046b54b8e7d903e42c8f5c98266a0ee3f5b17a6932d493a38af6757ded
SHA512b9f95dc8b6ea941a4a51e897734ea031a5ba422da40bb7887a43817daeb4b45778abc000404d037a150b4c619035ec3787ac0405e6b24690f694d5d7abdbd1fe
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56fd0c548dd355538ce49f84a313182ad
SHA11f13253a1393c71dd9ca962c0b77124bfb8b7cc9
SHA256bd74152565e54a1a079b5892408e8ca8556a4e11f5c1f8d1f728953436a38eed
SHA5129aaedce144f744e93468bc4880bed4b99c79e337fb2b4293711c34f218a1f797383b0cf598f8c2b64ba40c9fb30bdb8fa7171fbcaa3fbcfdd4f62f0dacedf8c1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD546740844a41fcd19c77f87c66d5bb4be
SHA12d85dfa54fed3fcecc0950b0f4a736237993b513
SHA256d4d509fa545c169cf8f9e85b0ef54c26bff4a0a02b074c2e9f48b36067641915
SHA512210df2f58d7925adf8f7a1ab7c6d18210e1f25427eb64041ac01f598c88e5d34f886fbf353123b1b1789be72621656658284761a03fa5932716c77a70e66fbb4
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b