Analysis
-
max time kernel
118s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
03-06-2024 11:59
Static task
static1
Behavioral task
behavioral1
Sample
91b52c129bef3e3ba8bfb2c703ec695b_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
91b52c129bef3e3ba8bfb2c703ec695b_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
91b52c129bef3e3ba8bfb2c703ec695b_JaffaCakes118.html
-
Size
461KB
-
MD5
91b52c129bef3e3ba8bfb2c703ec695b
-
SHA1
23eac7338501dc0713b3a1d35ae67b2cd4110401
-
SHA256
6dabc404baf5c785eeb49a5aca04d377763b5be7c0eb2bc42a8f713bf871c914
-
SHA512
4c44f4bc1b97c15b1ff12adba130246ee400c6130d878de4ae9e14fee2f3fb986941e8032a6c9c51d0d1f7bcfea32da5be12c4f43c2479bc892f5c70d487691e
-
SSDEEP
6144:SasMYod+X3oI+YdCsMYod+X3oI+YpsMYod+X3oI+YLsMYod+X3oI+YQ:z5d+X3nA5d+X3P5d+X315d+X3+
Malware Config
Signatures
-
description ioc Process Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000ace804967ff210215284a46745e74b8fe7eabc6a3f578e396723849cceae5d3f000000000e80000000020000200000002dc32cc0333ee45f22dc6d63fa7f1559893b09da810bbafbe5c1748f13ffcf7020000000e3a7b41024b9f0d6ab0311398fc3a1504db727ca15e222d8c2c10222bfb0c3844000000082e7b887cead8bc0d9042b2dab4dcf4d70bb551242c1fa146104510e78a3c6caaa432dc8d2b35ebec42b9d29f71942a0e10b9379c0b366ba9bee8e60bb5292c1 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423577844" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000005420b6193598b7cd192b14ceae4a8933e92fbd3414c5177aa072b61558931c78000000000e8000000002000020000000d622de8075a54aca9f6ccc2a81d0abfc7856194a8dcf5fba0e1e9f1d879a741a90000000ac8236fba8fbc78f5c67920bf84f0317a40462fc2ea6a940ea8f2496963e5f6706c941e6a0e3425e4d07083655e6fb6ef39f9902968eb7a7f13766def20cf5c1f2f24388b0aa8f4ca75838b955ab24797f4743bf981542769af4af24a8f583c63cf66a263afebdce52136f4aac092ac556fa8c0c7720370353d8f0e0301ecf7946bad2c21df9526b4aaee88f77f0eb62400000005a0cb6cd5f17f8776cd63f20281e87b5abcfa5e5b8c187c74664ba651c2efb8b6899aa13975ad535b987aed3c4ac45038a80d7233dc154f181bfd85303f00e57 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e01a8897adb5da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BEEFA8A1-21A0-11EF-ADEA-C2931B856BB4} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1304 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1304 iexplore.exe 1304 iexplore.exe 2924 IEXPLORE.EXE 2924 IEXPLORE.EXE 2924 IEXPLORE.EXE 2924 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1304 wrote to memory of 2924 1304 iexplore.exe 28 PID 1304 wrote to memory of 2924 1304 iexplore.exe 28 PID 1304 wrote to memory of 2924 1304 iexplore.exe 28 PID 1304 wrote to memory of 2924 1304 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91b52c129bef3e3ba8bfb2c703ec695b_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1304 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1304 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2924
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD536c449a48c5cba34374309dec2f866e5
SHA1c4ccfa7af8d476da43c922a64dedbddb90ae326e
SHA25630ae79f66e70e428489a728b6476b9130aae1832049845fd6aa26adcd4b0a323
SHA51241cbdee0c59911d8da868da4f0e6b2e5c98946007e458101586325aca514a9f1e95afdd16c8bcbc9eda25ea6a4bebdcf53478a57b6b0da089cb2fd81326695f3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c413133a0173740b8bb7b8964c03b08b
SHA1807b3f979f38161fbb7e750d9a3bc6d37fa33c60
SHA256527cad5b63c6339fbc1912821e74bf71994ce25d1f48afa5eace5d3336124732
SHA5120dd200822bcb5d6ded9ea549168b8a0ca821afbc633df5895b43995b04e84da69ce75f9ff0cb5a572c93864fc3068a51c19c0e7455499950d54637daf5a36bfe
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD596be0c215ed8da2e207cf59ace89abfa
SHA1d71c893a428b7d4ac7060e6a47d183a887f75001
SHA256ffb960bc739cfcc9838a960f9e9fcc8569e5d002c6f7f8e5c09586968b3e1ca3
SHA51254b25cd085b6eeb12400335a0bfcd3d05856197ba4993a2ddab6a9a1314cf895fb8c18d92ac385683bb06dbac34305ea41c63eefd9112ab00b4c990761155274
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5939a2e38f6686a74b1f152eddb73d9ee
SHA1d96423b7604c2f5a8be43eb990e4340641025b5f
SHA2569e347c9a6d8c9bf24f83908f4922c881b70e68c01a2c82f66b9974eba6bba89b
SHA512f3947cf50ba123a2af831cd1d4bf4e86051dacbe0ee17d627a06a1754ce3541e8380ef6a80b5dcc74aa4353b06656976d1abdb8839cc3ec2711300ea7f26943d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e3c6aeef0c3079c9d3a8aee4c689c286
SHA1498225fa9df43cd7629e04b2229f87a9334d4c8a
SHA2567b2e94f8baffe160a34fb4a330f3ced545adc71dd5a226f0d59c3fd60bb7a5db
SHA512381e80842842640a74e9dd4c839b20eaa8a10a84102f2273fde4e0d5263ebcfd9d92d3313e9d398b3219d7d8293e5bc585a5616982dc2e4840943d80aa6b8eec
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57c14d5b3d11d5bb960d76c0d6bc6bdfb
SHA106024635784727ee6fe6d51ca7a44d9eb8edde1f
SHA256b09951d7b6ed5929e8dd5801b050b396e9ae3a478355292a12db779baffa45ad
SHA512cd512f3f165fc5e2059d9763859a2be173e6c71edc4e19cca920b47e7558567dc859848c792903f1d93024b64286bb51f20c315e5de9897971c6023aa76aa241
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD575af8e062c7701c974303e3174b73dec
SHA117e9206e75250ead0bee7172f220ad72f7ad5967
SHA25675b9737da3d0acc6192d83a3403ddbece445544c6c66d5f6e1d4315c1df44d42
SHA512183387f550901aa1c83c6b4a623ea6b511d9053cf5ee6de603161cc5ce1a653de57e7c056b9c9695ff9fb3d7fc664aaafa8c5f82cca52f03362152a19c1ffa18
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f4685f5053a27cb5bcfacab0229d1751
SHA13cbab5b2429276a9fb48c47b88a26294a8ae6689
SHA2560848e6266143eafa41ccf3689868a5941a4d357a331634d65c91f1118d402fbc
SHA51229b64796c496f53e2d492356e2b3dbcf40cab500643db6f34f2e29991f1ad27ea9dff8dd52cf249d5e6646e9341097d02736a3c9bf01b4447bf0b636fe10ccdc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d4c04f12a56770bc2866dfd3ece43641
SHA1abced00c35ca31096b91ae26431a322908e72377
SHA2565a28f4b90d15b94a425d8d37a7b3119d6c7626e54723eb76df131a70212d3437
SHA512e34520d2e504142f7a246d4a486648e32c16c9cfdd63a241e568b849dfa8376eb73d214328a0a3654b9f7e37f9aac981dfb51125d9030fdb238361f5f4d4ac93
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD566aae1aeacade658d56721deb8e59d8a
SHA1696aecae05819b4142da12a88bca59c8d7e5159b
SHA256a8dbd8d6be10e162a2f0b2a6cc0e28ddf9772f32eaad454b8700680c9742e0bc
SHA512041e20eefeeda8f470adaa946e2c0778105be12a3eb64ac2f12d5cd4981c4ae3af1cfb71ce8adb09734cb6a772d9ea43097275a6d4ca666364ab8195de395f39
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d4d58d57dba0aef983e39e26d1035a3a
SHA1a351882c15075fa3848c467c9da334fe54226e02
SHA256a45d86e48d5e63cfa963cd1d067940ea289995d3e6dcfe1e67e7d41ac355c504
SHA512694dd04c559844d6851adb3359e1d2691b760eade0a056d8f5b5cae2ffbd59bacc1edb4f0cf57bb080ada8898af6ef2762efb5c3246065ec6f267142d49bf5a8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD584513af37b80b87ed96e9a57478f32e7
SHA1b7fc4bdbf6f50684f395867d0cb0b1ca1717c3e4
SHA256603afca9d74d510753d9751cc4169c0d085f8f7e741177bca2b8ba7b900125a1
SHA512c3485eb9eddf68f119e8b04a63fa172b728db4c3d205c3387d7106f0ba1b98e6c34f2114a3e153d8535b1f1d37fd86159d2635ea5df1987c25f78d0b6db8f4ea
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD561d4bd471106323e860c4a09edcc6eb5
SHA1c2eb2c6ada936dc42ddb5dee8e7d068729d27a2d
SHA256de93cd2b4b2dd136c154a874c965d33e49243567364efca07f292dfc166a5e4e
SHA512757b1a40d3933e94bbf2322a8a1992e52abd084e114a3a92ba8e5a102d47d758d194760c57cc017ad620decb6dd5c0d9b98f65c04a7e798b6feb33036925841c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5789804d2153e3918a37f3c909d395d35
SHA1e8c9bb45759747d442d37567b74f00fbc06c2f45
SHA256f627a71e1fea7b7491e7e6ffcf40c1d629a428dd4ebff3420e1e76f5af7d474c
SHA512f39fbe26355cfd4edf7d40a1b474f4e5aa80da0c59e67c880477fca5f18ef2710e4409f13458c27c0da2bd88622f7eac02c7302eb5a7e2b46af539150ec2ccfb
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b