Analysis
-
max time kernel
134s -
max time network
136s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 10:40
Static task
static1
Behavioral task
behavioral1
Sample
9179fc93ffe16ec56307bc20dd22bb64_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9179fc93ffe16ec56307bc20dd22bb64_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
9179fc93ffe16ec56307bc20dd22bb64_JaffaCakes118.html
-
Size
8KB
-
MD5
9179fc93ffe16ec56307bc20dd22bb64
-
SHA1
1e169e9a922c291039e40619e3c7c968ae9d02cb
-
SHA256
be723103b74af2a8831596aa28e4cded3b14c5b3ad794bb4f211d141601ef665
-
SHA512
f74838ca87180ed0a84a116e18c32f1dc772f2fbddd45779eced124cef81ac650bc253b1001564262473a653fa19a25e60398c27e05f17da37196b1328f67d01
-
SSDEEP
96:8Hd2ZC1AYjStXUIMfUiyU46ocV70/eqwp5t0niY90nn2XE7KpnvUotftFtNEEkdY:mdVjGpGoE0/eqgIZKnFu9FHPFkByv
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A3CEBF31-2195-11EF-82E1-DE62917EBCA6} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423573073" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2176 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2176 iexplore.exe 2176 iexplore.exe 2100 IEXPLORE.EXE 2100 IEXPLORE.EXE 2100 IEXPLORE.EXE 2100 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2176 wrote to memory of 2100 2176 iexplore.exe 28 PID 2176 wrote to memory of 2100 2176 iexplore.exe 28 PID 2176 wrote to memory of 2100 2176 iexplore.exe 28 PID 2176 wrote to memory of 2100 2176 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9179fc93ffe16ec56307bc20dd22bb64_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2176 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2176 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2100
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d9eeb678404cafbcb792dc12da958f17
SHA1e32ddf6fe7b47e361d67e74e819c2b94872f8074
SHA25609f18d82915d30dfd6192043967b2d98da660a3a0ed046ac2eae4cc527f475bb
SHA512d787ba0b429270ce25ca8d58c46fea486456f1edd175d3e7bcfd147a54e834b7076de43e68e38aeaaa18610cd5f48a1f59bc28a009da15d33d91f93fba35b979
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56709b1065b8ff5e713539c1fa9dba727
SHA17fce20466fa13de57ef0b31fdd43fcf69ca63e1e
SHA256486b4a017b34c97eae1224f866425a4fe175e5d0fcf81181e0a47eb2e9cbcbc2
SHA512dbe4e6ac7d18726dfab6d065c0dfa457e001940e85bd98ec72ffd870882a8242d882b77ef77d0fa5d86c8c2f9cbb3070b8011447cdf7de38078d36c03a293b7c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5089ec4592c1fe3a08f2c4b70d9e58b4c
SHA181184478ed138d985b4a0c294d2bdab3a5008b21
SHA256b2e3c40aa611e2a34745a5516a3688ac001284462618919950a0476732dd5842
SHA51234a6ca943795f74efc2993c445c7b5ab6a1dde51355e415959b88c4c0e9e61b44c5b74c42dba18ea5e1af52cc05ad14bb8bda187df1fef67579d50efe4ab44a9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50e604bc4b65076a5e896fa02eff88cc6
SHA1d8dbf2b8d992a58744227d69f3edbdc68a635b0c
SHA256392248a37e3d6af430dcb0d316429ec84ff4f358db45eb27fb7dc56edc426c30
SHA512ae716d0b822629ab60c514ff80707095a98d2957ffa8e53c377f89ead216b5ca4f95289d3e55d07d2fd93660c668e2a8cfbf946aea2fd96bb443d8ffb5631008
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bbf37fbfdd17446be6adba159f22057a
SHA1705e6ff06ab8a1999326da9c7e9e8aa3caf71e37
SHA2566acbb3f9aa2fe735e2e90f7671c9f01ed58a164b45cafb75d42ef7f5d3b3c72d
SHA512968ed721dd7db880748bf3b3cc68617ec0672de1fadfd555e7a514b416fdce1798fd85b3c598989e68b5039e56abe955b4296ceb291e9537abab5537af6a8931
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD510f609e22da2ecd02687feb9ae2f563f
SHA117ffb7ebe16cade52fecb54598164d96eb1cfd78
SHA2561bbe75aaa1bf2e6f32d9aa0b0a9fe28e6d1ee53aca14c1ca6d9145502eb4bb66
SHA512f0dab8287c108cbe5526a1351a0c25c783f442b88d9b134dc294ed3d764502373bbe0fb535664b2e148c6731e0038b7b2e64185b7ab05d9a9d7f6a55ef660845
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD509f8829e982b15b410ac25625d0021db
SHA1ad63d4b179c8c2e78003877870887f83dd8be805
SHA256b1b9faff0788efb3c5b98866dad92d80dc3184b7496199046de41415cd82338f
SHA51264c9e38a8a18eac9fe9eafa56db73fc1e8abf0242cf707717f3b36e391037f7b19430092be002759d26ca313575ee7dc8f556e4334ed6411c3229f2d97e21d12
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52073a422ebd5192ebcf09165630e1989
SHA168204c7d3379851ead1c94f4795e4970c3545bae
SHA2567003780f38246d783a37fc7560c78aa09cef0ffa3119e2289e223f6684ce3c7b
SHA512d4f8f2cfe881ce9c61d6d857310caaddc0b226cab19f1b003f7cf0b94f2b917d603fd6441d280a6a0b3ba664d3b180e68bc6bc3383d6e95f11ce048aa81990ed
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cbb238376d8da0fa71324ce01dec09be
SHA1abc9b4e46ceb62d09f32e595cbd66d53447f2cef
SHA256429f83853c64a1cb74d62f07582ec935ef49a65f5f0e9aa78163d362eed34ea3
SHA512e5f27590294af93eeb2c647ac0143432638b66c5959ea71f789c290edba27844d6c42960415ea5aa11020b63041bd1f717a9c5ba2abb4748c682d29e46f3a900
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5266af59ab4f5a686bc231d5265ca0d18
SHA1d2ef59dcffefcb658f67e7cda36a236050448035
SHA256c946fb7bda3c4b639d25b921f034162a80ad9efc4202e03636cf2a988dc3d315
SHA5129ae4dc214899294f7bae8854e74e43424f87a109eaf2f02e779ba1346aeafea99b94af63d744f9225d1fc8d2c5afb7f3bcd953d46b1a350fe81ab97bcfced6d2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50a6183bf22351637415284b6c0666a88
SHA1b75634398bd1f8185c17cb64e97c6b01dd722733
SHA256e9f7ba63ad3599ec9d26b206ae4da8faddeace41840f1af38973fcff9925d11f
SHA51257ddefd74b706f769d824f5aac90d95bd6585570bb0b19d66d671ab25f21d387f00d4bb66826f27ad1a204bd517098dddfbf7f99fe13997802c166befe7a2878
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fa6c6de683d0cbe06e889204f410dc44
SHA12dcde439429a9a0fb8514d4ef1b40f40e91986af
SHA256ab8c7c63d3e5de5d3448c9ba5d8e1d7ac9b40dec63b72552c6dcbc509c58adf7
SHA51253f728ec70354f500e2f4a1cb2a07574036ec4b2fa56239fff3b3f2dd9f8c456adc6077e7635e82d703d388b94715e6a43ff9ae457f04622678bdf624db51940
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD570c68c39de64a2a9ed2b060ad8ab82d2
SHA120e8a26891072e2d0b64977aed4c37afdc1b1e3e
SHA2568cffa9189ae82fe9b08d50d957e3c3c4f363554be10db6ad67df9e4e78475d0f
SHA512914db36f027a2553450de925773227b893651fb2fd03399da45750b136e5b36a64063be7bb17a12fadcaa570b7ff32aa9e087734ed056b5bb7c620a9a7da932d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d4b2acb7048c15748ef186e892169195
SHA12359c887e67a8af71eecb6fd1e2a3f859d10e974
SHA2560d41ae43f3d37bbc93aa478b11105d159ce9e86fe2c60135df6daffc216ad2dd
SHA512cdb9b3b3a962157b2d7ea98992735600bb200e18a0aedc6e778c7328136071263458e93999f2660eb6b5a4555eef33644dc7020b2532dc960a94aeb54eb63c12
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5015e5c32458bd54e9fa9d16d8a1b5122
SHA12670e5d0cc7a1a2060c2fbf513fe3b19cfa5ddb5
SHA256e543337db1a5f50c1c7588e6749865ae9bf6330d298827430cd890b9773c7863
SHA5124ef094e2b7814d23eb54d1c7a11ac66d277d17b613ac24f5bdf4622b507fc399c751e12bd0948bc77538d695b427130c290a562c7f78e0bdf7a17bd4de8d35a6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57347035c374d1e9a058c4d47e5bf3add
SHA18d2e2901fc3803b70fbbda7f663deab9e8800aec
SHA2565d1d68765b02f4c861187a7a785ddd9f4b60cbc43dac30dddb96041b294612ec
SHA512ba932b9bcd894cf53b8820874b6453a4d50c27124815f4d5dd8c95e3e0a326a98255f973fa2c393ff1e7ef98ba1acbccc916315e4519a97ddeb8a83af28121db
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b0010f392dafdd0d7b12aaadd60a0e0b
SHA14bcb87cb47491406cdb28b2fda145b042be7bd40
SHA25641015c2a737e52e9901e04b1c0554f52e181e2c380e519f36e00bf9b39e49e0b
SHA512c6a0aab537fe0a084399dca90f01d51ba45a4e8a2c903d66f491f77dd65bc7f604b940fb78c3685ded51039c33391af4898f45a01788d7fdc794093265691679
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59009fd413de9fc81c790654df21e67cc
SHA1425bdc8fff7975a1086cd277b434d2e02074b2ca
SHA2565c615a081a5ed8b8d5771b2d7c867858c98cb3b2bbe0094a544105359b21a59c
SHA512419cc523d02d3cc2db727dbd8358d45b6b529d703f8b4e615b25d6329cbfab7d652b1cdef4c3c9b30d7f9fc0d3b862df14e9bfe386a4b00bbec957bb02588426
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b