Analysis
-
max time kernel
120s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 08:54
Static task
static1
Behavioral task
behavioral1
Sample
91316b87c854967211add47e5e4b80d2_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
91316b87c854967211add47e5e4b80d2_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
91316b87c854967211add47e5e4b80d2_JaffaCakes118.html
-
Size
460KB
-
MD5
91316b87c854967211add47e5e4b80d2
-
SHA1
81f575a2f6faf3c202c9282cf55c13e1332b5c35
-
SHA256
9b06e5491c2b40b8c4887d9d3b3aa6a88addd2db1a3a53edc1b12aeb9ec4f9c0
-
SHA512
405329331af871ef11690ca555b7cebeac1776adf03caeea78914d8a9a50fb14a7142a3b2cc586b65ec69717dbad767df7bed48d03331361cbe91468bb797d2b
-
SSDEEP
6144:SGsMYod+X3oI+YSQzsMYod+X3oI+Y1sMYod+X3oI+YLsMYod+X3oI+YQ:Z5d+X3f5d+X3f5d+X315d+X3+
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D44CF411-2186-11EF-8A7C-66DD11CD6629} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082db810be0e12c4bb7ba3829a47066aa00000000020000000000106600000001000020000000a231368cb5cbcf6873d30636ceef55ee6249fa013979de0467eaaf9aa0a722c5000000000e8000000002000020000000c8c69f98eff5c3562eb8bb374e7e2a8f306122e094170e76e35e55c310659aa520000000413d65202e870e3e900a489395556a08eaa2d2e72abdaedba260273edec92d41400000003a4834cf51bd0fa6636f75f260495d8d56125508b2d5d0677d6cdf417e3bd52e806eae5c9defe0fdec2057b7d94388f8ce8843f99d463a497c945642fcfd632e iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082db810be0e12c4bb7ba3829a47066aa000000000200000000001066000000010000200000008576d0fd0562b078a957e6515fc517ecb4ecfe40adb46d93cec352000143e959000000000e8000000002000020000000c34e41e1220c43bfe0652f41b9395a186e8c6acf5cb92f4e9accbbb1b428897c9000000013c80e97e734cd882e4b78088909bf99a424f873f9eb58dc927e0aea01896105ca4865f1e6692fc1ea1684749852bb6afe9ea6cb907b45f760e474d968d1aca20dc82a371420d3fe5bb575daec2d76e26fe1cd3c9cd6ce6ee9eb588017960dc3947765da0cc91bb1d2ecf3cbc48b46c98fa06f660fb80ce16b51fc5c2ef4a4ac9396f35828dc23e9433d779f734851e040000000f6cbac658908851338eaa0ba198bd2587dc7d9e2cefe6d13537d8710f05d938ff91a019e4a668239865b1bddd7edfa33f845d88209de6a2feb6e76a75a193b9b iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423566712" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50f6cdac93b5da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1740 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1740 iexplore.exe 1740 iexplore.exe 2868 IEXPLORE.EXE 2868 IEXPLORE.EXE 2868 IEXPLORE.EXE 2868 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1740 wrote to memory of 2868 1740 iexplore.exe 28 PID 1740 wrote to memory of 2868 1740 iexplore.exe 28 PID 1740 wrote to memory of 2868 1740 iexplore.exe 28 PID 1740 wrote to memory of 2868 1740 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91316b87c854967211add47e5e4b80d2_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1740 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1740 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2868
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52e0c68d3397eeeada74eb06d8c203d86
SHA1051254cbe7c6e1920f139af89680d1257edb65f7
SHA2565bdeef85a18ac19a17b45adb623a8ed6be6882f8c35661d326f3bca2cc64defe
SHA5125d7efc60350855bcbe43388cc5558a4e265188ef6ba4224b7e196ad24ec42410e7318d589e35e6ca1d4e2f1d7bc7f0a039611853abc2b46f491295b6045862a0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5935fc2bafa71c1c0f4b557eb227d45f7
SHA1102b25124ec14a3ef285723cf53ad0500f40fe47
SHA2563625af4a90773a3049e0a9bf5f6a13fe0677f8732de1bd2acb9926df2ef6fbdb
SHA5129aacf7044dfa3c81ab20f0df34f6aea3a30c86bf16deab7f499418ca871a3c896ac9314382e7e48ad7793277a0f11d72196ba25f49ed7ffd1bd48504a9f31549
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5942caa64ec02b34d2066c639d4c09200
SHA13d9ce03f1cdc512f94b9d67724a1dde00c7c0938
SHA25629a36d5f92630e10c0b6df9d0e06099a804dc9ed8658979f84537a4f38185356
SHA512e382d10ac02a8ce936fc7879550199ded4fc5cbdb4a326175606dde3b0c2e73dbb6d91dd93f725f8ab965c0fbcdde45d93f2391558e0d2fbe72650a83c7a2e62
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53932b7aa7b36ee29ab0a97c30d1b0e38
SHA17865dcf3ac674dca37682d74f3b54699ee8f1e05
SHA2561ea82c9d7db859e9162d6d3427030a2f6cd6de35344d7ec07af1513b7ad76350
SHA512c1006d64beb6f138fc6f57fbe856d62433d0c50d4fe0138b1d2e893c3de5dfdd0e763e71b7d651848be4842e4cd12aec81678169fe936df3e7b205377922bc11
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5535cb5a5fea573f69e6f085c90e2e116
SHA1d4f3335793b00200aa3b7c67d1c8a0303ddbfa19
SHA256b1e5843c1b105a5bc186ae30b1001b52fd4d4ba2e32020c8cef97a0add3fb3dc
SHA512462305305bcb995c3d9b41aa180239c15701cd2497acec8da90be63a9dd3aaae1169fa359f61e8ad9152e036df5d4a0679ee690c0f71e6ab360dbf685a537662
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5554124f41f70ed27d149bbcd7dee2178
SHA1a741ac502c8f0718355992f5dc3fd8290ff16306
SHA256d9b6098972539fb2a060ed8ad2809e1242ffb02589eb837b16ee046c5046c4aa
SHA51208170777e928de5c069babf9ab9925cd7113f32311abbc3c57dd4efda8156ae9c4510448d9d834c0a49b09bf4f29ee8ee4e51fac3c19eaa16191d8f47829dab2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fba87b4fe9353b9e0e5044429db14ad8
SHA1c7cfe7607aec544c95f52245fef86d7b38fd528a
SHA256370b73c308fb21ad567400586e07ba2bd024f58657aee7a38a62e50b37c9ffa6
SHA512426afad61716cd9b468e04f462ee423e6ac10f7183bcec16ed7636af631a5831908595903738f89dacc03c6f971a178dac50bfa20f12bd0845f4c9f928e74c35
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59d6b858ec9598cc34950bd4b7b821e4d
SHA1be58975fba86e6f0b2d1bf1a8af8a55a6022f21b
SHA256f39a8af139a0c661621399a94a71c46374da1f12be6875c27c841c3033f8c62c
SHA5124dc77117d375acbdcb59e410e7973817c29b99ebee49fb61be11a9ba9f35824b429a269482c23d30f6a78c478c79b7774c7e250fbd50cc965bfd6c4b8c8739e2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD511e2816c475afcb125021a6b23944677
SHA13f0fea90b98df1f1ea87ec125700f7d16f9c9d7f
SHA2563e08951d5499a4efa7ed4c352b6c1a39848877ab4ccb267aaeaeec1efc69e9ce
SHA51214065155bcc2e0a98568412100c72bc2c72da4dbb87a528bf48cf05355c3763b9facef22c486b00310dccc590dd1f0bbec1c202ff27e0d1f7b252bab2bf19759
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58f51480ca0b0ca656eae1df572afbb0e
SHA14f3a51967f7bc305ad86147b8ab5cf22ddb18269
SHA256071f407ddd371e87209cad4f7ad79ab593b9c0febf7c34815245c1c8213e099c
SHA51239373df31000ca85dc21d240dac1587f4c658223c814997265cd1b3bdc829a2d08be832cd692074943a3449ff3f9e7ee79bd06cc7a4f4b4434685aba66a7337b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53af285a7d5af6640c5229cadc908f97b
SHA1892caf8b8ad2be6443d118746e32d801b8b0af98
SHA2560e36045743c1eea0940899984138d9faa49bbdece05fdc9d1c87cf074ed02e68
SHA51240b0787c53491a98999cd48a042da9af94b88c0003e355ad35c190b78b283620907e49981408719cf4ecd2380bdc49b4805b702be3562aec34378ba3c9c5591c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55ff49908a79723c4367fc4668a73eb15
SHA1825af28b89df68a84a863f0bde56948e6b988d4b
SHA256a9edf8c3be5cf087ddf2993dc8df719d4fada0d207e6c43c2094757e3b519913
SHA512cbdd4c14ff9b0688774bbe77d37bc803c9871332c23d8ecc1a419d45f1577588cd7f1d94fb8cb7a6fc0716dc0838976f089e9459b10eb913e4f32bcee0db4410
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fd63cf32774c72ee88a5efebb4b780a6
SHA1f58f74cbdbddd86ebe52ce1dd215d3321f93407c
SHA256b98e745bc861ae68fff5748d12d6bf8a872a6b8e680dacf398cfa828da46a1e7
SHA5125a30e10efaee634781e9f7cfa4098042bc94f595c01960a3c4567135ac11c9fe88b31e889e7d176262f7c02dbe0e3a3762f21bdb2e5a35a6241b6339ddd7b4a0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54305ec2d50b0c1a773c6c293ffc7c2c6
SHA137c378b196a000b21f992e377dbd2f281d9e56b0
SHA2562b425181ead2038954dde45d36b91ff16d90ea1f6d1e7fee1ae778f12de4ecda
SHA51276b6ceb419f1d8a95b6d848183d1e752d27a0ebe48652db0e60fa654d32042851fe31c520849ad217d64fd0292914507feabf7509034166321461c218f8844e4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5157650e36ff843fffe5741c7113b411a
SHA1ee63da2cd29fd28610771e7c89ef0e01ebd69144
SHA2564a133cb17049accc547aaba196f9ffcbe8a878880c381aa963e9e4e36f789e31
SHA51291e63f4c9002f15f11354a54698f74b9be3b6bb140df4b6e32e7c589b5ed5346146784b0c27f91ae1b4d4b96c13409caafb02ac7884171ceec5532ddcc9319cc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5de43e08748f24d503e346290991906be
SHA12eef09613828b2ec7090ce270cf2600473543217
SHA256ddafa212c24e2e7cf09cb130deab2e9b6fa1a3f6c80c15e6c43e4ffae44f39af
SHA51256d023223bffd24d963171295784275a80b7d72f9f5d700f6842461f572bf5323523791962bfdc4f21482ae2a0aa884bc53fdd15776611fe68c9368c3af0c02b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d484a9e9a1cefd1f88f26bd1d687c03f
SHA192eaaf7c5b7c54ce86b9652d98a6deeb44927e9d
SHA256d50394e9f6f30c10365afa72e63b62e1fc55b3425cd24e13574637513b32082a
SHA512ee3180a038bfe79222309afa52084136f3b911bd8564b3778d343aa4ef48398a2feeea97414b916215daab4d8d9d029674a60e9194e08c029d30003e270eaeef
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52672eb17a1a30d9c0aeb207a9a28c9de
SHA12706c2c7d57d779db0c4a9b68bfb09cc4a26b90b
SHA2569bec60b96cc79e127cd99c4ae9f8a816508b2e104fe8490961a7c41687423a83
SHA5121fea29b6774f7575a942f222790cfd19e295ec0e858b794b32fd22e48d8cb6cc18970820577d7b510002f3c067c6fd26f5b77086fed3eaa1236ee65b16c43ea3
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b