Analysis
-
max time kernel
134s -
max time network
135s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 08:53
Static task
static1
Behavioral task
behavioral1
Sample
913109da2c9b1e5e78ea316f91e9d31d_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
913109da2c9b1e5e78ea316f91e9d31d_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
913109da2c9b1e5e78ea316f91e9d31d_JaffaCakes118.html
-
Size
220KB
-
MD5
913109da2c9b1e5e78ea316f91e9d31d
-
SHA1
50e79c81b67ee2d15d6656111360774c0321807f
-
SHA256
3a2fe1375850e0e608f3991562a78f968c406f5c2b4ffb4659705482841a4077
-
SHA512
f1939ef07b2bafe3188710188a6c72fc3657548d2bb105df5ec13be411f5d292a9a1b0402db6ba37783525d9981fde6245d4cf525da56a38e98d8f3985908e8b
-
SSDEEP
3072:SA4wQWTJ+bwvgryfkMY+BES09JXAnyrZalI+YQ:SAVc8bsMYod+X3oI+YQ
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C995A301-2186-11EF-8554-DE288D05BF47} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423566694" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1684 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1684 iexplore.exe 1684 iexplore.exe 2144 IEXPLORE.EXE 2144 IEXPLORE.EXE 2144 IEXPLORE.EXE 2144 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1684 wrote to memory of 2144 1684 iexplore.exe 28 PID 1684 wrote to memory of 2144 1684 iexplore.exe 28 PID 1684 wrote to memory of 2144 1684 iexplore.exe 28 PID 1684 wrote to memory of 2144 1684 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\913109da2c9b1e5e78ea316f91e9d31d_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1684 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1684 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2144
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5856f84c571c32f25e1db2981aa68193e
SHA14aaca6c77c71068bd360a467265dcf26a7426ab0
SHA2561df5e522fa3d05d28214b82ab00a16ec01f56d08b4e93609efb69b63bc899b27
SHA5129af1020d582b74eba3ada1be6f7cf71d8eb783fd45238619fdd31763e828d153445d61dc978353e792cad7e0ae45b9a3039c70aaa7503d9ecab3f80a6ebd4a25
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD556f1020075ea63fc537ac1827bfdc732
SHA1178a50c45114637ec9ae6b4bb5916c585919b876
SHA25624cda6f1ddb9889d04d12c245768fec4763a1d93e3ce9d32da43ea8bf9de5196
SHA5121bed8ec788cd31412a4901ab5a48599a159e6891b702323124a37341002c5c5fcf31779aa839bc28e6e2a687c29b724d40270c91c7e8c3db518c398a7343ea77
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD525d712d072656ac6d710858189aa71a8
SHA1a0810a6f528de78910c75149abe4041f039ca811
SHA2562c5c5d10381803aba5ccfeda56747a17d022ba0f50ca728faa00c45d80612022
SHA51260a44162c0b781170eea5140d7f62030b5e641f1451f61b576ae97f1badaa9694f0a645765c19a3f8260b761ca46d07e8344fed9203d4cacf437ea5c2b9e1356
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d03a637d2e8ff49732a306c4cb7e1082
SHA1279011c405e09a6e7e60e71140c820861539f642
SHA256a0b5f5211eec839955a2dbb8c69c036047824abdcb9a4a8f0a6c0e0d501eb54c
SHA5122460f8196da17c0f0fadc877e493d55d08001309b5c0c599761f963c92241b4cf1649b7bc6f7e79417d3894f0095d05a35531f8a6ef01db88993863aa695e562
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD563af8c6e74afe420dbc26fdca3b0e166
SHA12c29eb353daf8e45172b4abacdcd62488a970019
SHA256e5b973cf533630fda337be8be14b707504e1ce8d5a5d994cf26ff95a67c7cdc6
SHA512fa39728159029f1473785c36fa8202438665c362f06b2fb9008a3d1d21575db3bb54fceeab02a34b02e2a06f3c27069a4b85c01f929fba72affd2b5038bb30fa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b9db99fb8757391abd881bd33db03b43
SHA1805591fa7fcece808ceafbc50f2d69bf480f9c58
SHA256466c8d80acf6e380e5828e8bfced3c59346bfad10355db4fcb5965fad7e05cbf
SHA512a2c8f61bd8daab721423e12a91a674b12ce2771ff3b6c744cff93a2703891acd6b25f984d6b90252227c805b6626d9698ad8422cda535bb125acc3e48855f6e8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bc50754007a8b3c72fef040dd20131a9
SHA1989b16b568dc27d1374c7190d94b6399a4d8e13b
SHA256569bb01fe309b000d494cd6f56c9c5ebe25d50384935068daeb4921cd51c75c8
SHA512091fd60509392f29829aca2175f585b6da4f963ebfd326ad7191f10e44da8fead2ca3d0b021a7f8e9707f7849f51f02eb73793583ebd2684a95eede513b7bfa6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51e1bf2be135ce1a9182a2e5c31e912c9
SHA185922aae8a45f20cf4801a304a3a4b02a11962c2
SHA2566b7dd4e01d5cc3af0d5b106b37d48c5f4b8e9143caeb200ededb750fb6a9d2e5
SHA512845fa36b954d80ddc4c88ce44b3face54af8850324ef95f57f608adfcab60707be16a49fb316747680fd9cab3393d3a357b7ed1c7194458f017c95269609696a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cfade7d673260d392aa37ddff860ae5d
SHA1127a0b6bc389bb14b33bee3764924ba9efe91be9
SHA256721862b3dc6c97e1fe461d913c07dd0fd49f9eddbb9101fe63b823253677fc84
SHA5128ba64bd0464fa0a9153ef7651275e6d4b5e9c29bfe822936f0a45ce0b58718af2ef361e28948d7a82e5fd88223f141805abe5cf24c6ad4fe4a4cb53a6fe467dc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f554f208aae8bd93b5e611c29f10f41a
SHA17c6ee559fe63c8c30b44a91b26ed11aa86dc792a
SHA256135c3af7226245b1ad59b07b58d57a0741ba751078f6ad305fe0afef680bb429
SHA51254a79ffacc295b0814528682dc9c993ece6db64d355c34ffafa6cc68bcfe231c8de5e1f84e9b7c05feab821e8d2f954fa24a25c9b0be7dfccc98d79b54c9861e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5035b9d3bdeb4699eb9aa1598271f95f7
SHA18fe8edbab7902a6551c82450222b12e59c4ba811
SHA2567a5982cbbd186c9e19c0bd372da27e829854607b7dd657ba1fd6a3dfe058f4e4
SHA5120007c14f6ffc1d073d3097ea1ae9b768cc5656fd0a8f2e37b8e15591438529cd61540966f2d19ee8ed16883144a0204882d719e8127b5b32f4b18e4b248bb21d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54d19eb86a184d53ab08ce33d421ec8ac
SHA136cc675a472a89ed7b26e7a52aba06186c7ef454
SHA256144fe0a152cf513640f78fcdcd2fb125d2e115e70a0d410b2f4d736f6ac3e170
SHA512dd67484d480d34ed15182d74dc0693cbaf1b211cd7315116dcfc49be0285f9bb00faf941d7561623920ae6ca13c6c3154af7fd9cb2bd1b522636a00cbfcc67e8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b4530829b5ea5a7c560f54d58b11fc57
SHA1815f64bd149ca6e789814b592e6d25dd76b73688
SHA25694728e0df4e2e5c5f26fda1fca59ba0fa275c6f106d185720a27ce5cf69df8ff
SHA51206cfa1b4e09bd1adec1394216d2d326bd75d5a19a3f89357813fc3803dc2451d18a2d3adea19abd009c6d8a60546a4c2eab33cb3df8f6f9a0e48858d9d68f25d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58e2f3d71d651b8c8338ca3250ef5d2c5
SHA1df5856fb317bb2c55ef17f57d8b5db000681b071
SHA25659237106517e9712ee20fe004f6a383867932e1f42c5c103673cecd8fa6a7e90
SHA512992eba95444aa4a839376f7fdd0179af277fb187651440df262ebb98b5e21fe0d991dedc8ab62e718d6c781725c8e056e3a1096ef4314ebc660a127e296bad6b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5502146411422984360ce0f32caca8f19
SHA1dab3fa62896f76582d313c57d82c5611a5d991df
SHA2560f3398010d52f9eed819747be509d8e984fb0e06bd0c87694d40d3e93e50f4da
SHA512bb5badb5f945c7732ccecfff8ac99b11c914b296e6e131b28b88a781f005ad51a25671e2f6d4684e76b9d5b1283fbb54110482cdabd971100c4e65fb2d3c5e36
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56c5949b2468554f981723da31a84f568
SHA1d37a58bc95db323052cb1e216f4e1c662edd4dc7
SHA25638a71c64b8b1ce243f50143b9d150dd11d2fef6feac14387a57c0444d461a5d8
SHA512b843b1b0ddb4ea987efdabcff68e1498d8486855321fa6b05db4a60498522d4d3762d8798648fbcb8abfe27f5e5c74361861c45b9add536178d28ed08628d826
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f142a59360a44b116138f0737915def5
SHA1b8486ecd2dcfd8fb5473a28f088d270cf32834d0
SHA256386aa2be7296b0c458946631aede1038de755dd2015f524b0b6ed0219c9b7c8c
SHA512fa4143e6397a42119501f8e9feaef61a8cd842177553aa7a0d5a02a2e33952cef7c29c0e742afbd5f10860946cb89500487d148ba70754f4c5897f499becb62e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5457f533100e50237adb54822abb75a86
SHA1d095972a3f278e168de91331afb2db69973d0f64
SHA256bf813357047cf28bbab40234591184e224c68d2d5948266ae6192e2bda101ec7
SHA51228031a5d717d180bb08e84f99f211a3565cc76116590f6176a6b75fdc2af80f03e268ab6f6c7a54dca23c664d0d4f8c0f766932bb572cf49a78e30b83634383c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59e7a290f9a480a315e0306f06106ebdb
SHA1f16c489ea8129c723199f5c65abf927d7f38383b
SHA25650ed2b47fb92af2a3b94ec9dba4257e5ed6227861000c869926a59eef0ae5229
SHA512de43337681c5dbf6c892766090884684cf949b236605905b8548c9c6186831dd230d78ee66800bfacb50581c5073198bc4c5485d78374dfbb185230eaa35ef2b
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b