Analysis
-
max time kernel
120s -
max time network
134s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 08:53
Static task
static1
Behavioral task
behavioral1
Sample
9130ec6a178deb0aae12ab6a1336de6a_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9130ec6a178deb0aae12ab6a1336de6a_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
9130ec6a178deb0aae12ab6a1336de6a_JaffaCakes118.html
-
Size
462KB
-
MD5
9130ec6a178deb0aae12ab6a1336de6a
-
SHA1
d1e7e341d6a32aa4022478734bfbd021c9596625
-
SHA256
fa5f913963a74667b5faea44c6ca3e44f841f7eba107f893864d35cfdbc8a179
-
SHA512
5ce27081b27c65b06fb8eb230a51c1ead3924fab098d097ca0cc45837cb3a15ecaebb51db44922890cead0f9fc699ba03b07330d1a3c81f4faca11ba8cebe85c
-
SSDEEP
6144:SJsMYod+X3oI+YNHsMYod+X3oI+YWsMYod+X3oI+YLsMYod+X3oI+YQ:c5d+X335d+X3e5d+X315d+X3+
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423566680" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005060df3a49d8b043b1ea9a038c94b650000000000200000000001066000000010000200000003c898c6c2a7e11563f1422b4e16482b49d88ef2c8306060c3baad0165e0dd54d000000000e8000000002000020000000058545bb680180eda079caab7ed9d8f6a8cda50ad3146b228e059b2f9e46e9da900000008fd00c33ac5b2f88070ced30e3ef75ea27d7d689e4306e04c87fe5d872daa5cced7c655a02972ef0d19946856764f4dd4b474d42a5f07bc60c7ef6c24ec321faa2bb3d022c573ef12c66be48c1ee623775b0608203e73057149f15e3795c245315c12a0caafc5e3e2595fa87ae8b6cf9c21742f3f64a17c659b7dce0056e266eee8dbd5693ead364ba5f6524ae79c072400000008a728e7d721f03569299e936b5af193e9297954f8fcc92169e2b829c0432c4545cbc4806e602aed295f1929bc8b325e92dbbabb0fd29a4dc6a586093271135f4 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005060df3a49d8b043b1ea9a038c94b65000000000020000000000106600000001000020000000174927101b6bd12809493e952a14c7c50f280cebad39f05f615084504d31cde1000000000e8000000002000020000000fbefca440c8d2522e085f2903197dc4ede212f0c4540b5b75c3fa7deaef0f346200000008c99c2035e61c6731a668d980c3c106acdd27a7c434b5440ea4797ee4a4a61384000000026fba37327cd52addd728d28538a1292f5c033ccf3c30d359fbbfef976f856fc6c97072c8f824e7dee35ab152cde449e35b83bbc61b84f9753805bc82700b4e7 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7060ee9893b5da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BFF8AB31-2186-11EF-9A09-E25BC60B6402} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2656 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2656 iexplore.exe 2656 iexplore.exe 2560 IEXPLORE.EXE 2560 IEXPLORE.EXE 2560 IEXPLORE.EXE 2560 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2656 wrote to memory of 2560 2656 iexplore.exe 28 PID 2656 wrote to memory of 2560 2656 iexplore.exe 28 PID 2656 wrote to memory of 2560 2656 iexplore.exe 28 PID 2656 wrote to memory of 2560 2656 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9130ec6a178deb0aae12ab6a1336de6a_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2656 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2656 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2560
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD521ebf565a2fadd70ab0b8ac264cbf19e
SHA13f56f8052a716da11af25b3381d657192d92d73a
SHA256658c4a706d4dc930f06b1ca64c6e930b3c36c4a982df4860411c7bf0d43dc18d
SHA5121e15c8c0b44ae8ea8441114291b93045e483b661a7a51e3fa2d9c8e08c42d740a42522caca445144c086636460a2b16baca1514013f2954e4bd508270e3dd605
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55b0054cceb4b176953f90cf4828afdcc
SHA1080840964d2b228d0422de2cd627e1f02ed6692c
SHA256871443073c2b0c60eede441ae0e7519c47d76cf715a26138d5650811c0e28c96
SHA5121f5217775bd8b4807423a29a8637d100a1645e4dbd73eae33dd3d65e60ff9a80f3c0f32ba719684eae2fad1224b522477259d25a9920a9f5e14cccf13ecf9c60
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a81e0337f2188c55930b722bea5580db
SHA1aa60c9eb46ac184350e6f9ab3d4cf7378c3b02cc
SHA2564e53856190395ddc28bbef9e35bbd6aa7f99c9a4847a815269177fb4bd8faba2
SHA51281e8a0fb6a6e28a2b5c1b8eb07f17bb4d92ee230c2027a03115997e9a904b4e34db6d7d408d6c6a22dd4c322e11bbcb27d660246707136a6ba3914aa6d4ce39d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d2a717c58c2994bc79ea707b8c77bd32
SHA15676c790420a85062fa446dfda5d2d0926bf9840
SHA2567762a5818d7f8cf750e3523338e1d6f3448d37565fbd3a2b7c8ccead84f66775
SHA51286390d85c69b1c2c6b68029a21e26dd29dde32b390d008e2495149841690655a33f70917d0b7b0056ffa5c49e3f8b490970e8de862eb0389f87277d6920999b3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD531c78aff2d42bdf106f4d99452ae2621
SHA1202d600fe54efa8cb468a0752ee829c59372e7fc
SHA25674c9c21bee5f20378dcfccbe4f47bcea1f241f2caee3ae1270ba4f7a70d45119
SHA5122dbb8dfe0fd20f56d5f2f58cecc08346553504d33facdfc01af6f36a2f7b60fe51f52a0343a7606b78f905937c0496c10d0c83b07a98132941fdbcc0df42e3f6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fbd58dd6cbe5c7be6dfffb0051cfb049
SHA13160540902b7f8ad05c7a73a886c7978d7d5955e
SHA2568b2a458fda4f022b7e3e535c113469129aa419e67b1fba8f069e0ffd15f308f5
SHA512349a91aab50fd9b9f44299e1abaa45ffe3e15df68d0597a1484c27d1ff66876811bafa9e7171bb3f4a8688e2bcfefcb9bf6446339fde4e8c1367d85103af8626
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c84b13afbbd751dffb99a14a7a4d63bf
SHA1f3324dcd7a13d944d19c3d5b9a04231396d3c989
SHA25607b3eef606cc12d68dbaab966aa8bf132eba6f2f142366bd3f5ae06282605bf5
SHA51264aa0c3d221bb7ee23ba67b78982247d1d6be150a21a167db7d5163e02cb3c559c3d15d47dd6cbb49afdc376d909332ccbe5356cd1031e53017241c6d1c84aae
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cc614d49ec9c540d65727f23f64b13e3
SHA113fce5c09d2e8f44b855ee5b9bd2c9f7a9060a94
SHA2569c73b950f41491af6f409872d135019179fb826d4078ce4a06f085723bce03be
SHA512b02798ea66fc5ff7f7be154d794891d9f4c341cb0724d6fafeeef6d219394c11de47b0a40904a5e19825f01041af4f7b00bc1f46b177a6e66fb55c5946482067
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d083acd8f7d26084763da7a2f192b010
SHA10ce13bf8f387b2cff1857c160fa71551224bf786
SHA2563a96b6e65f4cb07986fb36f88bd20fde3ee287f303fd4316c600ba9eec8984df
SHA5125e79f64b7c1c49b51f8096f566c415c80907622998d355c8dcde2c8a698c07cfd3f634a06b689816b64cee6ce3d6b6c1c29a68573868ec219f1b2c3642608958
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b32afab5ae7f1fd911ecba78c2d92d1f
SHA1b0e8aa3e61ad0a409882a8d908cd93a022a39bfe
SHA2567fd66c57c66943f9dcbed5a8d9856f79a9c4264b22dd5274a7f087c557b98302
SHA51212ce63cac1995a8afe02a028e669eae0828ab61014e38862b273025e39a2c28a2653629f3bb41f0b0a35756e9a413675691d4dc096ab5c7f60526bfc1f1a9144
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD590a840c1dd27bb43cf778d2692dc5305
SHA142ccce2f8dbf39e4cf21332aeab7e042df48037c
SHA2565586d4c5897032c16bb47a1d8ef991e23d7a6de9541da554c93dbcfa6b28f748
SHA512cd7e1b92cd67d6e8eac86f5144ea259f611c48b61bed32adb96fc5e3d3608e3e5eb40410e2a487b746d86c9c6d5970ac4883bfdc187d09ba386b487ca44e1632
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD514867585904b3fb4517c0b6e4408a398
SHA18e89fc4f29535fbe09d2926e980c9f1bb1c022fc
SHA256e70598e6030f20ebbf047f26d26217e6f242f286aae30340cd2060a4a94a525a
SHA5120b1006d76a15b24a3a0a74d5edd6bb9dffe91a927a95ab12569704552147711f218f58c9a818223c63c60980de208178f96907936c582f1ba8e223bd4ecd5cd3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD523ca405e35a56b836938fd458fe72ce9
SHA153e43e612a4a36491af71401e45ba9bad367f79a
SHA256028916ef11b1d05d9a324ac69c60945a7a76148a8f47613053718dba163313e7
SHA512284f2c971ca70c3d4d292698dfd2017d2ec4a7d24826c29e8132bc15ab375077671b22b60bc19d0cc0412374591142db35c74e5a7d01ed154fcbe91832efa20d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a25086de8015916254a9731919521da7
SHA1d5aa761fa19fa3d83981f31fddff7e0c9deba652
SHA256b2c71025b659e63081ea83e1a2594b281f267eb907952dbd431b9b385808115f
SHA5127668842e9523ebe32368307425bf2f46145fc6db8b6d228cc7c3a79b2239d8c393ac76d351af2566d3bda941dd15ab530681adc75ca7d7d61aae6b70b81d1ce9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54cb8d76fc08d6063bdb6693349d18550
SHA117cd15eddf23e61c76805d855985fb891d48261f
SHA256536269b2cef05cedd05975b7bac92cc1a7c1a42a8ddb808c4a7c570835e82b26
SHA51216fda97dbf8efe14d52ab56ec5de18ab02f579dc9a83307d83749eeaf8a4a165fb5a8bd536fed70dc124166120abfac0067a4ab2cc733c8605fa5ff7696ad050
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5af9c457aec3a8c0a9c3fb803e9d014a4
SHA1b668296a761b9029e8c6587c60af4e160ba29ca5
SHA256ba9e3d3dc7377d33cb4487cf7370d75378512cb4bca6fa82faa3fb160b0f36a9
SHA51247555a063b1a0de402dc3ff363a4fb475dbe9faaae10237c1d58d30fed903781a942ef413d0f6e98ba4eb39a4f21e259b62e4971561dda6a8e620b12e29aa18d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a6e2850b44ff7c710aa11d65d97d9887
SHA15fce248c58e7cb136feade00581cfa6e0d0f7974
SHA256a5ba2dcaabb88fadd8fe95e784498a7f78405e4b687ed045dd03530ae34cc629
SHA51231dc910e6d6436f0890304971dff50a44f45e31ab4cde84fefb55a1508c080827ebbac3f876c1a339c98c072b01f284a2d7914a3b2e963c253d8f05cf4f983c1
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b