Analysis
-
max time kernel
148s -
max time network
140s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 10:34
Static task
static1
Behavioral task
behavioral1
Sample
91767d347b10695d39408d9e43cef4d2_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
91767d347b10695d39408d9e43cef4d2_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
91767d347b10695d39408d9e43cef4d2_JaffaCakes118.html
-
Size
64KB
-
MD5
91767d347b10695d39408d9e43cef4d2
-
SHA1
3a243627e8642950e6404e815c5101422b3cdb87
-
SHA256
04514dd7f9bc57caba4006f5b35a9a8b2578247280408090245e08f42fddb331
-
SHA512
82b34d2295f786527cc49f240db1d4443b5088805375d9f2a0da6ca865d30dcb3b1ad71e8081bae26891f3056c48e4fc2de5f36ad45b17e9fbef53f1ae5147f1
-
SSDEEP
1536:S+KL1jSUr+vL5d+0isKojT67SrH8YVHAedOCX+Xt/JcSshv7Nx9tqRVAtR69DB6z:SKTEjLfEbNI/7BWALi
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D75CDB31-2194-11EF-B8F6-D6B84878A518} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423572729" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2928 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2928 iexplore.exe 2928 iexplore.exe 2932 IEXPLORE.EXE 2932 IEXPLORE.EXE 2932 IEXPLORE.EXE 2932 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2928 wrote to memory of 2932 2928 iexplore.exe 28 PID 2928 wrote to memory of 2932 2928 iexplore.exe 28 PID 2928 wrote to memory of 2932 2928 iexplore.exe 28 PID 2928 wrote to memory of 2932 2928 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91767d347b10695d39408d9e43cef4d2_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2928 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2928 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2932
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ab603ae3e76f5a85f0486a592542349f
SHA179b1e0449c22e0787fe26c0c65f483073fd909e7
SHA256362c1e34aaace888adb4c0cdde62d74a896382681d1a42dc7a765e9f0b08bcc2
SHA512d44555f4f818cc4261f042c034d4a60eb243abeb6b42a8b27a9bdc4bdf7a3ad8621b4b18f7782606cba774e991fe73df78f152e2ab634366c2ccb4acb3ae43c7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bda1697b268eaf8f082346be4a38b204
SHA1582fde88e7d1b06c09400320fe53fa19a6815e5a
SHA256ed21b558b1400eb3ac628abcfe60dc5e8a5be51f390508c285b7dbbeb991a1b8
SHA512e8b6cad671acf9056fb7c928b763faf2cd40bb327e3e869af7f9c9f1bad1b41bffa4504134e18482f7cc8fffb4fccb45ea31d3f83badc6b34c0565169455ea13
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5540a0dab3353340a34fdae295d50a192
SHA14eb69136746c711c47154742050b4deaa16a7fdd
SHA256ac47308ccf2f4668c50dc09d8336f2ff78d8b2527171c38600c0f7c00837c582
SHA512ab952cbbbd0abf62848e7801afc3f1d470e49364038a871ab2afc53b7ac98e26c3a515de37e2f6c644c99fb66ed8c7ac6e1cf3ecac5d37e0ef5031175b988e84
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f00c3ccf30079995e533080008f6d802
SHA14697d93a840bd5cc66d45b0b9892f96ed9606d68
SHA2568183b5442e62527a163313d388c9f2d2aa7efce5c523a7269262c1b7d3f7e14f
SHA512072de29a646574c9ae19a63f19155d7c175ff914ffc5fd753b0f1fda8ac48fb0a8c4953c218fd01e3b06531213d98c02598f5c3e0bc59917201fae0b5d42c4f9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52ced3df462a0db505b55f476562f34cf
SHA198f913a5bdd9ffbb3f57671a192eae28470d5a70
SHA25666a35330855cc3c3f18c52c6e597825750b2611f2a31560eb45be1c861f224cf
SHA512748d03862c88ba549fc4e3e68da11eab05a8f8f982e6fdf71d2020db90c9b0ce1e53ed65b8fd104ee02e3acfb7237ab98ab235dfe893123cbe9a96a46f507a07
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD573cb654a42fa7df1f32c7a970c68e079
SHA126d4b9fe69e4c7f3992a6469da2fedc009e7e62c
SHA256e33ffb91345d8b01f279e8f05488d6fb047629cf04c6d566c790aec56608a6cc
SHA512e764f1da32536511e0c1d5587ce35417b0bbf5cbe3598a5dab3186ff5100a59d5b2a9b183ca16770ddb25232af618f8f9cee82e648caf5468e552854c76a5545
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a9d7ec6c59df69075b46a8d47888cc38
SHA1ef735104a23cb14dc76c0337e72e522b2356dafe
SHA256022f89716d1f51475bf1449860832e1406014c2542dff401a26cee8f40edec50
SHA512b135a0ccb856866d0f742e0aaa6fefd0b3194a210972b5b15393a1f23ac2441ba0b0702a7ee67fe1362e2f8a57a65af0ab4c602d17234656d21a130b64d8f709
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD553f05b0eabd03d66df4629d2a6b0fc2b
SHA13357ccf1b7e86a8728ea1c50cbdff27542f9ee52
SHA256ba8a84275ca0b1ab2605b33f61dd92c62adf9b3e24f38dfac0027e987b0b60da
SHA512c34cf5b4c5ddb5ea1999e20ba008edbbcee4e52b48828917d84c8a9794cb85e37a667b8d6020b5779e3ef07895fe52b5526ea457f0280b316d1db65073528fcb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5390519da4ab504d6e4d438e3da12e0df
SHA1fd6645a80089dff9ae399b8b5902ae5398c11621
SHA2562d7abe3bce60b4f154b39bd4cc8d9d9756059f1a35222d120955f877ca92d187
SHA5127a1356c32624c7e5a4e8760d131527000a2e605704af89ad29d0e721e6b97fc74ba64086c6143c5bab7725497a8b2812bc81b8343cc0aa5e9e402214e7c0bc31
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fdb061fca15bd22cfaf866712f47ae9a
SHA123930c38505d7406f1369372ab89eb0d67547306
SHA256448c1975a60d1f7fb78a12722b181b57d8acf67082e75ed117a7d2123a6ee067
SHA5127556fc2d551a8a7591a46055ef8fe38d0070e92b14aaf97066d6f43ef4c1ffcc33d9677a647a1419c505a71c0e33c9aae07c0a58cc2e08aa4e5e215c3c15bef4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD510174b89515d82137c8649e5dd510373
SHA16a6b85d34ac29157a98b7a8d42156e7aa64e7407
SHA256477bcbce53bb8c2101594d161bea0c9c724c67c6fb0dd09f57b15bacd622acd7
SHA512fbcba38a6a7f7f82a910cd096eb6b1f67fc0c394b6213a1f295a97b14a9be3e77f592f6d71bbcf85ae4b34ee3470bc27b43e21b5ebe5d54c7661cee7360862f3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5be43cdcbac114caf15dc42bfe267cf7a
SHA186ca2458457ce819a0f31e4e340df9604e06c3a7
SHA256356652a0bd41b15e48b1a619ca3ff44100a6c4ae45c88b0266f367dd24855347
SHA5121073e5f15ebc5526e6d0b2abb2f410b84931c9b88f3714006b3473462b2a63f74da1ac56c2aea0bd15b3ff81745452f003d010a7d1a8f66b950c2830b66b5f46
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD568a0ebfa62a9c1968230b1388425e4a1
SHA190b3807d566399631558d2558d19813a6e30b59c
SHA2565bf2975655be4097df3889363127747d813befc12b420b638c86ae3e397bf99b
SHA51249113bf4f06909761edbc470570750c0a4fb71b10585aa3970caed1e85d94fea4c2be2fad9b13a9eb41280d53bb8e9b9ff8df63a1dd3d8a74a51731486331158
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f0ee50b24cf0daed5bbdc1594cb0cf1e
SHA1bec39392263c8519e3e0a8b84af7d5528992619e
SHA25648132ff5822bd91ebc1df9cdfff191a4b703b56769e62dd2c15088bef1813f47
SHA512c2798ebde1429bbc67751199edd34b5db943bba5b613e93b6e5aa7d0abb752bccf395d90ac1eacdc33ca5b34b91c1eaff0a9390ebdafb94706d4b7ad9807293f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55a8308f3b9cdbb622869df186ed3872c
SHA115dee88f08de1c6cea55e555103ec1fd7f3b07ff
SHA256002d41d5febb4bca9339fcc768834e3095de751825609f65b95cf21488755002
SHA512a0ae02bc87279ccd7b9acc7396ce2c0dca8838d6435fdba055682d4d0b989d84faf9f0590af5f96bb3869628500b88f3f9529f3c16b721727a73c98673e3adbc
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2XHJXO3H\ga[1].js
Filesize45KB
MD5e9372f0ebbcf71f851e3d321ef2a8e5a
SHA12c7d19d1af7d97085c977d1b69dcb8b84483d87c
SHA2561259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
SHA512c3a1c74ac968fc2fa366d9c25442162773db9af1289adfb165fc71e7750a7e62bd22f424f241730f3c2427afff8a540c214b3b97219a360a231d4875e6ddee6f
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b