Analysis
-
max time kernel
133s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 10:40
Static task
static1
Behavioral task
behavioral1
Sample
917a4ac5524179cfc4aedcb379357a49_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
917a4ac5524179cfc4aedcb379357a49_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
917a4ac5524179cfc4aedcb379357a49_JaffaCakes118.html
-
Size
51KB
-
MD5
917a4ac5524179cfc4aedcb379357a49
-
SHA1
2367e09802189641aec456ea6ecf5e95224e17e7
-
SHA256
1c25bea1ce839f4e714b105e73b1f402479312fcca62dab13575f39039972563
-
SHA512
ba16dcaa915065e4e31aefe0973280e355ad292f27276ec1a8610d2055dadafb1f2f0ff393f736bd903a43926f212fc0d806fecda8a883f95061eaccc1648609
-
SSDEEP
768:SAYR49z3ZNh7YsxuaFvG/Es7nmu4eyTP9BzTJwLY6uwjg:SAl9bfisxu8kmu4eSPfiM6uwjg
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0675878a2b5da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a23000000000200000000001066000000010000200000002669851cc16d11c76c8ae8bde9520faa9f79d18907224d96915ec9efd88f7851000000000e800000000200002000000031ce177de5e10d1f7f776c97817c10a542e37b3596eaebc262d6a551b9377bfc20000000d1ed34a78631c780e78ba59127c4c220db777fa5b1da64cc2de167b2ce8ca65e4000000073b911332a835cf492f103f913c11ca7731b845ab085d0faedb8f2c662c6b87ee57c8f24b9b7b746f77c9f4a110dcb52957f767a9be4e19148a522a52d663b7d iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B2B7F251-2195-11EF-99EB-F2F7F00EEB0D} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a23000000000200000000001066000000010000200000002cccd4ecc8d2bc3ef6327f25d118cb3fb12d9944f5a4a62b066530cdfce71a8d000000000e8000000002000020000000a8d19b87add9defe77211ac8bf7939d3b0b14f0d7374f56d8e42a7515c8e824b90000000d177743eb2426e1ab001af8636afa16669696b4e7da9d1ecef8f91491257f793b8cf9985376f9551ee0e10dae565346cefa9e84853ca52994590e599fb997b79202ec7dc4a5625e2f1a4ac86917f2f1c54cccb77f0bdbfa6c543b42002acade49634d9e0c748087e40a966af11ea6f73752705b9abb0ffb8b73cbf06bd7c77c735d097b3cdd72f9189ff2d6e581ab29740000000c5848387ea051c2e9fb1aa01da91ea0b03c573d3a7c598d0dda7914a3576f895474f4b1a901c859041acb2ae034bffc49b8b3f97cdd9735ca461fa75018dc6b1 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423573098" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2124 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2124 iexplore.exe 2124 iexplore.exe 2460 IEXPLORE.EXE 2460 IEXPLORE.EXE 2460 IEXPLORE.EXE 2460 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2124 wrote to memory of 2460 2124 iexplore.exe 28 PID 2124 wrote to memory of 2460 2124 iexplore.exe 28 PID 2124 wrote to memory of 2460 2124 iexplore.exe 28 PID 2124 wrote to memory of 2460 2124 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\917a4ac5524179cfc4aedcb379357a49_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2124 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2124 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2460
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51ec238ea280a0f7b98662eb317adfefb
SHA19b438e4a5bae0c17e651df288aa9efbd1d364831
SHA2569b3669fae1a1cf0a0a680d97584501a6adb84b94088ef2ff23f3fa6ec5901e34
SHA5125eb4a25f312ac706ed1b497f448f06ee2258111c9efc7fab30773d102efa14c37f6d3f7958618aaf196a1abf80908c16142ba5c0faf41f637f9d1c93073b5d6f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD599bdcd12e7ed7fb3a6347cf89261f444
SHA19c40fd4e5418fcd173f571197c17af9a05bd8614
SHA256c80a7b1e5b321152b0ae1f5d9ca0d20006e745f52e239d509ee29d0498ab4ce2
SHA512a8b1af9240c92ae29926b9af6142b601f563f576420a97a5deb92fb974fe62057d832da86913c580ebcd4e22d408a32ce5701f63f2f10db6756765df1a6dbded
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD501facb7cd3af1256d21fa292cd560352
SHA16356ce2805e39acc25cd310ec86d249c2080619c
SHA2560758ef1da429cbe269d549f784de3ddb99472219dc73ad3fb5b6b2482a4fb779
SHA512f349df63e7d60aef82843dcc190fd1e064675c3b296b0586e16d3d3d8fdd7d8902a43620297bacef851ccf083fb8d3731783aec5926df6c5eeef18ee2adc3311
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD578c98b63a6b3375b82561f44c043594c
SHA19ab9d20974466c6d3341d95e8febc5bdd11830d0
SHA2567c1a3b4f6b99174e854f084fd49250b258520f981e7267c3a20bbc69b3f77189
SHA512afc63b07c7fbf12f48c35a6aef8b20f528991b70b7e97c34d5b14580be266dfe277196c8a609442e411312a6305490e5155b8258ded66083e71109c0ebc6cab1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bfb5fc3efccd5ded564893f861154f50
SHA1e57e5365051e81c3e7c426fe5947756ebc6c93e6
SHA2560ea825bc3597113a465e6b7928da4b82dfc8dd8a7468bd664e8b63089a5c0422
SHA512377bc883a00524d20ef8c2ca8227944daf1c3cd47333d38464ffef2b421e955157e9ca0e55a5988f3feb433fca42e520f722cf796d81f1f60f37d5e3e61f0da5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e00bbcd363f369dd976553fc20294053
SHA1f9f7183d5f84e8c4ed931cf84bdaf75b013fbafb
SHA256734d3bf97b970245aeb8ef75053eca27469eb9f52a5f70a2bb4b4e897e1c1bae
SHA51293939f1689e11637b7cd7eab7dc850cdc55d004f17deaee837dc21fb7ae274d9d53889d76275d58a018b7db665a87c3c2cc54c6c606ca5ec5d24143f239b29b6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e0cba052dc8aafba844bb404942c6697
SHA1a0db7800b1178ea3a97c2bdd77a366cf50d1cc0c
SHA256dbc9a6ca7402ad9437e5c16fdd78813abd8e06e3bd9ecab24efd9fdd9861fe41
SHA512eb181166c045f920477ac25a48e33ddbcfb9dc45b16afa8deb38fd2b8025175d4930757b9274c7faa8c674cb41b849632d4c7a9709c8c3408d7b935fc1962f0a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50ab028276b361e74024750a18135ae97
SHA1704fcb8217afa75695ce7c689d419be518c7e34b
SHA25604c6b461903fa163297ed8ae547033b276f88aa33fb6263e6bf26cb852ea2eb1
SHA51202ab22be3f4e0b03815fa098e99304960a0e7c8116b8cbca7373729a169732927c33c9718c3775e25f9e843f823dbf4c2e1cd849b18802036ff7a6344bb466d7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57eb6e24ada166aaffc53acde2419d98f
SHA1c2b03556a7a1e822a47f206a5154ba5cc0ec7f05
SHA2566c9e01bc426e0924d9ab4da993b4c5b2eefc457abdc477def1fe2b1809e44261
SHA5129ada016a974b03fa23f16d43c5fe6a89ee0d136292104e70b15c60b2d86727a5388c35af256dace5b3e13f2f33ce4701613b7a678a7a9503ef069cd0cd124b67
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50bf9c022cb1971749338121994c71baf
SHA10f9c31ee791393b70a7d7aa08c95a64896f59ab0
SHA2560f07f8c730acf5836dc23513f7cf0eb376a3735aab21bb894da96e03fe10083f
SHA5126d086030b224581380efacbb5e9bcc0a0dc749d9a4c6f6fcff9e18c632b9fc6a3103175d82341e98c61c8d4a2c5cb7707f20c43e5e0bf3a01f4156d6cb28b965
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59366f8392f4dd2da558dd2087ff76652
SHA110d67562bcf80758755ece08488fe443fe6fd972
SHA25675b98dcd70ed8daec6729c574eb706310996e0b1b56a09bc6667f9a0ce4044a1
SHA51254d34a1e487a924a9ee9971de1bce311c11648becc1c25d77f84d5213afad0c824d64fbf25e4b3effe519f242b7201254b229ab4f87720d253204a747ae4d84d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a77beb7ce3a3dc57eb1339ac2868a097
SHA1e73459d0ada425f1aebea2b95bdc15ed6a59188d
SHA256fe8d87bd29a705898f2d80d941fefb96b9861711c0d6a6bb654045e18c9cfd1a
SHA512b742a4459a5935625f39d74988259fda95569cfe06670a088c18a97b25001ff2456bbbb732b517012f39c35a9921c68ab5599e3c33f9ea62c10ef2b67e9bff14
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fe8da4eba1405c9d8200f5a1a8acba8f
SHA1b0a242ba90c45dfd52ecf2474bcddfe6c92a7ef9
SHA256b46a8bb485bcd0b60f60698b77903492f8b651eca714d33272ca2017ec136ad8
SHA51234ac1b5add3264152f6503b295ebc3df088ad3a5ef27a2d56db5aeeaa360864152be1c9a23ffd3605cc55ba034e44ab06a65693341491b39acf12ba91aa3dce8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5816f73b7ad90613692c81e48cab0376f
SHA16abdf52465cd72712efeb2589473ce2fb7f383f8
SHA2568f67516ec85417f771fef43dfc598b172c8ab62044f6eae6edede8061a62b9a6
SHA512858a2aab8d4547d82304ed9a9542bf139624d41c57df1ff5ca937f9fc8f34925f48695a749df02b2ec01590aff2bcf9233b82b3aa886ab7294a82fd7a5a88628
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD508073a1e7b9d5844e470216d469cbab2
SHA1e5b793c9d59e280824647c7c8f5e13c401aad94f
SHA2561ff2c4adb59c6b7b115b187c64ffc5a11be3f3a9db947cc515ad9cc08dce333a
SHA512e009e507061edfbab670f841cb519b2236e4b8dee0fbef2d478e47e2c0daa6d76631937029fbb3132dc4f62c3f1dc753d3f426214c9bebd259adba317d2409c0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50189b93c1b1040a73517fd182273db1f
SHA11763124c54523a03daa660deafa6ee8679a13121
SHA256daef6d8fa8376abb67b4aa8d9b0c9dd5321af8e949a9466b5d25be2b59ab80a7
SHA51245fe10cb6226c880d28dbcc0567151cb9ba885abf0f56a29ee9c83e90006a9439f6e0d971568771cd7c18efb3cfa4a5e1ddb32b6ccaf97709d26401b73651cf4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD566e028f2c40a4e13fef855c867f8d69e
SHA1db54085f3d871368fc2e7468f1c1914a53af4f9d
SHA256595e66e02d60564730c72c40d7ab263a2c6873ba2858c180969eed982cd22384
SHA5123e397546fb74d80ccf733ae6994e315a96ae093dee50ba5f4b80cae0dd3632fa871b5bb348e61356f7a7a6d6730d5e315abbc0c8a558a9ddbeee992552c8ffdf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD541efd0eb5ad5ecd637fa372cfbbe6d70
SHA19756b682c05220d30d3906e658b9b14cce375165
SHA256535b9e0947a39ef156573bc6343b6fcfb0c5800365be14493b4116e32ef9c9b1
SHA512b36a25ce82a3429e651436f4b7d107ed4fa8d8413f5cd5b3a086230bd79f3b237c8884d44e307d93330dce1eebd72254747421933d6f0ca7f3392ccb14fa19c6
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b