Analysis
-
max time kernel
122s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 08:52
Static task
static1
Behavioral task
behavioral1
Sample
912f3f0eef4796771ffe373cf4a587f1_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
912f3f0eef4796771ffe373cf4a587f1_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
912f3f0eef4796771ffe373cf4a587f1_JaffaCakes118.html
-
Size
31KB
-
MD5
912f3f0eef4796771ffe373cf4a587f1
-
SHA1
a2b961f8ebcf4654b9f0ff8225d30983fde47bda
-
SHA256
62e37e335de7fa71255413ef26215ef860fc77bda372f1d8b8957db041d7f774
-
SHA512
f8710f40ef5646e8730dcd074dfb2019d4c21aebc7c032edfdb7ad24674f84b4781777e865aa4acb796f01310ff2c77aa79da8e39ebbf1748d1e96165df97d29
-
SSDEEP
768:REwN4kjOvjAqbVCRq+1dYvgQ2dST4WlP0fjjUCLs:RzN4kjOvj7CRr2N0vDs
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{922D1101-2186-11EF-AD38-76E827BE66E5} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423566601" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000456e5b7754ccad6fbf93361dfade2d1c7a81b90bbd95b4e6081409075778d0dc000000000e80000000020000200000000a79f01a73877986f8d6b300d2905b8e83da0fca73048e19e9aa5f370bf3f53e90000000c80f0b76f00d5e0d4d7b981ae45df7710872a075baaa71940dc326f5cccb704d20ed518cfb24f230396b4efab623c67febaf0f52d75477521af214beabace3ef9b4b67e2e70f5da105cc8e7a5a5d6e8d1b14f028f6b416604e88596949ce4c46994d91ec03a457d5614cbd7c7e0eb460aa689aa4e08436dba39f7a22fd10dbe760246924de0b841b7d25e96743c6702d400000000b52210284e58a17a8ef8b884a4c9bba28e0a0d2ba70517934d7d3aded29759b4b58073ac0a098c0fa8b70f8bf2defbd2f81e3718baed459f42e5b254b6a80bc iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000c9cd5a0d3e87b8073802e80a9ac9b629f5dfd662ebf75dd4cde4b0775960aaa4000000000e8000000002000020000000d485333f944f69909ce48d0c05360d55a9461d0c99bb69273c386268fcc91dca20000000766c5b3a57c413ea294c6b4025478678a862c412a88f48f6b98779a695578dc4400000005cb84e6923c62e6550b85c336e361a8e8fd9a0b500aa505b3ca2cd0cc1a2201432abcfc2c11b265b2d1785285700e22898c15439a7bb07ccd09ce10586f6bf4d iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 2060c16693b5da01 iexplore.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2548 IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1860 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1860 iexplore.exe 1860 iexplore.exe 2548 IEXPLORE.EXE 2548 IEXPLORE.EXE 2548 IEXPLORE.EXE 2548 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1860 wrote to memory of 2548 1860 iexplore.exe 28 PID 1860 wrote to memory of 2548 1860 iexplore.exe 28 PID 1860 wrote to memory of 2548 1860 iexplore.exe 28 PID 1860 wrote to memory of 2548 1860 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\912f3f0eef4796771ffe373cf4a587f1_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1860 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1860 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2548
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD566b632a811bd4f20d75b465bfe935d3c
SHA139f7637ec6242c565a8fd293a8adf4f31ca5a5ac
SHA256b482419bdde07a8b6cdac1f673c29553b0a74a17e45254cbdbf0feecd636b260
SHA512f2dfe19f2d2fc63fdd285cc77201102fd60d35ea025cf4a75f6c14ec47e0bc3feca04fa4f76b46c302683ce2ae7095dc8f571ad454fafcb5332340f7c6f7bd03
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD519d8e2f76d16c73fd221c0e2b3bb62f2
SHA18be0aa34665d8bf61e3c8c3d81ebb0e71a1aa6d1
SHA25617374502c8692a43f0d9011ae2e113aa9365e4ddd3659d4b6ce6f3414fc23389
SHA5127044989009e31c260143908026d81caf5dd643fc15688de170b118ddfcaf26512e43392745e89cc2cd239e232b37f9b47602dc9710f617983a330305f3ce3bd7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD510fa96efc4119304c4a58e3aa9e1a576
SHA1d11a983898a5b04586db57a421155be14068eaa8
SHA2566dbe5266489fbb0e46d2eff3befad58fe4b1c8bce769f7df164a274cb302a8ca
SHA512a1a6ff07bf320a0057eb77fbf6f81ebdda21c2fa180d939670e5c6946702d7f5b87e78eadb54ede973f8c3b473a7944f665e48affd1d1c27fb727e7de6386e78
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ea4699c3d4deff1e7b467df6344d5015
SHA1e1dceb149a892bf1a408ea77a0165c939756932f
SHA2569cf7c7bc120bbf8cd5c8a48eb1be36d35f29be4d64c61084403c3ea4cc470b09
SHA512407603a7954bb5f558a3b5a3b8ba9337cfa6b2a6cf9063f600f6c13bc3d1285c23e51f56509cfaf29ae790e3d10bd320c88662f22557e40bde119b40f1d80384
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5506efd08b9da774d0b240bae6233bee1
SHA1d58d80c103c91ae94719d9cb83b69305c2a084a8
SHA25673bdf27935daad90a8cfb7393ff3a39282de91a5166790d6629ed649c69a8320
SHA51262eae1a45c7576e1492af3e802d15c32f94dc05d61add509f988dc1a709ae0841f0352b0b2227292d1a2685bd943bdfe9a017c4a1d8f12c7bfbc35cd4bcb3262
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52051547cc03f8975ffbe01511744ebee
SHA1d25334b81e15fc904d4b56949ed69b8a12c28244
SHA25602561a9c2de85a89d15b7436538d805cee7acd710beeaa237aa7071b8106ab6c
SHA5129fdf774d3db93f3348bae9f2476d09b948dca0a54e2692498c5fa65795c69312f44c6c92246f71b72cff0ae59845303340bc7069a2263d0afd4066452365e06b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5aa63304521888f10bb85d5d403e128c1
SHA1a6ef5e1b5ac13f7f000696fe2ae4ec5df86a9170
SHA256c7a2dd1a315c5406ef03ea658efb89a0ab55bbcb270780bfc36f862dd7d2e53e
SHA51290e9b2bf563c1f0b2b9b99c2c8e8fe22ed4cf04305810bbb8a70e07fbed7a2bb8c6b063a9ac6dc0c6ffc68e8031880bf6c0835255685aedd93614f86eff66a61
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD509b893cec9f4829dd63c77f2ea0e90ae
SHA1b5a2bc4114538469f06352d16c1b5beedf1949da
SHA256772d020c5885c2fb73240ea12dee225baf350e2c9e9292bba6a226bf88121c7a
SHA5121ba410f79d0595609a62512bfb6128871510dcd53f55d815805a7f1aa44064a3b769ab6d8c891275b019faeb90f4898cce637637c4afa74f9f84550b5bf325c1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e35e9491e01090ec2143210d0fea03db
SHA1983fd65e56c2549c830cc17c14e7e69b217d6700
SHA25670ece48b3279935067c6acbc52bdc8924d53a1e753c6c5e69289f06491a22e95
SHA5129919d37867179a98edac7f174464ce71a87998b2510c3039d191789f879a27478d655aeda90144d129b047661cb6285cce2b1e37f9d61e926f16065e016409e6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD583acad2b6b2755f128b75b2938216d96
SHA131842777a2832258b9834cc4b6d59de5ed454535
SHA256a7dc8d4ce18b3d7b88f6407dcfba26e4b3bb6cddc9ec5a5312c503f44fa6af86
SHA512dc986a5ddd89561ad3584030a9086aa229925b3dd5a4c2e32e0c55e876002f4584acbc73171cbeac8480320817a84886010607e37308d0a91721c0d4645a1387
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54bf70cebccd1bfd5833b6a2ee1026f69
SHA1d184ae14cbc3274da613780a19b17e8b5662a281
SHA2561fb7417c30936c511229dfed281d6697278348141519779c19698323b240ed19
SHA5126f31930b7ddf527cfbcc95fa4ce1ebbc7cf4f0d3500965b800a68a4d92bfa98b4c7c0407c72f159680287be2b74bffac2bcf59974ea86df5306b775cc069b12e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5feb3c694e4517a32cf05ec691c65445a
SHA1ddfb79b831847eca901675538425d9a4cd298f48
SHA256a09df6858dd28057cec5373bff798fc7dff4a178f8f4fdee396aa1331ffc92fe
SHA5129998b62c5f009f3b3014346228907ce780df6297765d94a66bc8edee213fb4b47a983a2a5e1293d6d9d4b4b21c2442e94bba3cbefa1846ac8e45b2796dc4dcf6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD506e85cd3a899095490631150e3520772
SHA194e53a19288f3500227d172fd1d99b5f856fa808
SHA2565d2b55a6a2ce82138a3de55db8d46b05ea470d311e11e3e3bde16a04ddf84831
SHA5124f607b01cd638b5d9142bc2272e299f738f88760d0a59063049fab820950ddb5e798b7dc192abf039b93a4dc1ae6db0c106577de1e4f9507768a043f78d72ad5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52903522bc3927f76b80fca5e0b4df98e
SHA1cbaba19fb261e70bdc06ff0dc81fbb4edefb171e
SHA256e8d0794f33b1ea3574bf0d0841eefef4d0295506cddc20b776764eb170790280
SHA512c40418a46ecceef57cdadd201b5c094cfe8228967716daa8d799a8ec3d663b51b78969a68c458bafe7a43c6e22349bb5fcc6f596eb57fd770bef360ae1c2546b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f744602a7ff8127f2ed57e47e3f00557
SHA1e7afd2bb3d60052badd084e979195bb0ef6f6368
SHA256a180db4073d8f12f527ecc30a30cbfe17ac457107dfb52f72bc37c34adf9d000
SHA51281a8eef997b6916307fbdd1599fc14a591483446917787ead75b5e711b9ce2a14c0e7cfdc297cc411c583bcff76104c4e5850634ccb30953fa362ba20dd57a1b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53880a6cd7644cc90e443fcd58bf0c290
SHA1f97c24313631d6191029d39bab5c04a86b190a10
SHA2568b6d22e765ffd35e2946740d8972ff06abd2c5a252cfcedbd8e15550e0448d72
SHA512eec35727d3d80a173cbe297c38e59c61f3767e08c135f6494cbaa8335fe4057319420d0519821b9274a606c423f5a1f185e9642ef2fe7640791685c668f06350
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a635983791c8613401d3126b49ab8e90
SHA1ada5d5cf76b25420fe05de53a77da2884aaa8eb4
SHA256890f2e67fafc20b9c9a5cc23df5eb02bba649b7614a52a81ca59b111dfa0ad09
SHA51215fbe098d2a2385f0239a9830c5d0cc6faf13e885a47fc31d498ff8a6d81436dd1112509349fa76b4ce11886630d3d682f5ab7fb03cdab9d326dc30af3113c4e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e3b4ab8174154f31d64e66293831925b
SHA122c3e178d883bd266543844501cd92b299b6e050
SHA2568b4a21225a4d8680b69edc3c9d60d8f832e1dcc1a27b534cf09c1a1757b88e7c
SHA512e58768ea43bb74b5bde3e13e258948778c99e948595072a335aa98331dc616276a578e53107951987f16f429f3a8a878ea7c0b210e74a9183119224834a678af
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b