Analysis
-
max time kernel
139s -
max time network
141s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
03-06-2024 12:00
Static task
static1
Behavioral task
behavioral1
Sample
91b60f9c60132bf8fba4043803f6c786_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
91b60f9c60132bf8fba4043803f6c786_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
91b60f9c60132bf8fba4043803f6c786_JaffaCakes118.html
-
Size
61KB
-
MD5
91b60f9c60132bf8fba4043803f6c786
-
SHA1
df07f148ca614f7c6c9243f35d3029ff216c5446
-
SHA256
1c2c9156c48c4a0df13ebda5ec52b7bcfe75f56fb99fb4b651606deffa39b451
-
SHA512
7a55602d656135d030c40fbd53ce5a23ea6a38ff6cc285d603f3e479e8bf7b9a0a3a61c125dc1ab6b75e04037d430d2091c46779879950b5618860ec15ea5599
-
SSDEEP
1536:SCKL1jSUr+jp5u+0VFRBjD4XOrH8YVSWHY2XoX3/Jcyshv7Nx9tqRVcmSNUq4h8k:S/9Qf8FtbNI77BTA2f
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E76BFA41-21A0-11EF-8A7C-66DD11CD6629} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423577912" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1740 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1740 iexplore.exe 1740 iexplore.exe 2504 IEXPLORE.EXE 2504 IEXPLORE.EXE 2504 IEXPLORE.EXE 2504 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1740 wrote to memory of 2504 1740 iexplore.exe 28 PID 1740 wrote to memory of 2504 1740 iexplore.exe 28 PID 1740 wrote to memory of 2504 1740 iexplore.exe 28 PID 1740 wrote to memory of 2504 1740 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91b60f9c60132bf8fba4043803f6c786_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1740 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1740 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2504
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD5379367f24c903dde2a59eba7722a8043
SHA11160a1041f1925d42e6a8fcfa09502ee45fab324
SHA25612fa913e9a1ed9dad2993b5c2a995f87bfbeed09bf45d353e4406a2f2be8f821
SHA512aa3f3d5561396bf30ec333ba69d316756bc3a45b417ce9642305f942612e614f1c30aa93b67fe7efa706b8ddea98c39a7a46ef4643880cf5dbd6b843ef305642
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5294f05f0736cc6f14ce9938f76258ade
SHA1c4ae9c11fd884d93469a4ad388c4a756e7b5bdad
SHA25634fe6e26a9a8820992220c1f0a21daef337c8596672af9bed07f90a2ec31dd2a
SHA5121af4b3c26e7326932a3c0ce56601d72e48c0fd69c91dfb985a40526e75592bb0be50e460a61af75ee7b5a605c314935b7ea70961c06c9ac4d1d0f48fe56d5c57
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a83f4c8696bb37aa7b0682b25c26e2d6
SHA1d799d3256627f69469059ff634829a1fd05697a9
SHA256d3f15ebcce625db10ba10eee7fd819fdf60161609aae3f6d61f1c2287a0c3ddd
SHA512d26f25ab7e11c908745aa4378ed92725c98281fe6bd13770f5107cd703d3709bcf445a80ac1ed7434180908cdd3aa1c1050ab29b60d02dcc3e5ad56a652e0ade
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d5945d9a0fd28805cdd0e3580dc24a4d
SHA1d276d60b35dd2b70be6178972692d5d9f3942f04
SHA2561db2b824a5c0739b617a7e8468998bfd5c32479e4901c984e6985d15e0f62f5d
SHA51298ab17580a5f2ab7e4783365473dc7e289dd6ae0079778ffd47002970f7f75c95eb7db925940c21c54282f7a269e413e308fb482b4130681ec8e9e9d847e9e82
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD512e567b3ef1f159a70dd8886ff93bc46
SHA135a36d71058a1d5a8ea421fe7b779d217f046eeb
SHA25621570bff94bc68cf2fb1bbc90203062aeb38a1f48b09b19eab931f1066d47626
SHA5127c6c438eef36121bf3af12c623119ca5a8429cd8576f2ab11c81ac27eb1e1dc21d1fcd3f0d0d4984ac1c4595459abf8216cf1c38cc876e645b58e730a94e72fc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d8ead49fb2b73994ddb480414a1ead69
SHA15ee392068ae43b4c2cc854784d0da895f1551586
SHA2569ca956752902e7f8b70fcde5710ab55e7efb5fd6b78e74e6fcef8647b4e79768
SHA5124e70e6d690a4a404482d7b25a679a02d02b0cb330c863a0e0ff33cf86fb3f179eaaef1d69d318bdee023f4fc5a79d6cc06f07826d380060c8591377ba83d08dd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5da38382d7a0e3ad797f721d056e3b73a
SHA1aecfeb478acfd0792a37c477928c0373ccf7b56d
SHA2566fe91542b3855dab2c5fc6e991583141439242dc1df5b708641dfa9ca9f5d6ac
SHA51222686c95e5f8383cdccecef6be89a7a1dee60c9024b98714b277482e84928b080361bd15d5df1c2360be4236a5cab487675fff96addbc10e01166b2e6fab6396
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59f93f5d44460e946fcdc36b2df5bdf00
SHA1a7c2c545d4dfb9f34ad769f363346bd9d4fac663
SHA2563b1c601b4116bfd79c62e848fc3ff5cbd5b3da25e540e247df44dd37532c7ec8
SHA512a7abedddc6a39fbe29d8211e9535a99506bcebaacdeff49ddb9ee76e25acd02d39241e8d40907d3b1e0de1faa563fee6585528ec28a8cb11aac6931d8b5661bc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD513e9182b9207cf61cc2ce76570ea41c8
SHA149d3b31ec96179bf02d3f4d3c5547b88d4e9f337
SHA25661534b894c83098765f93f97f7de541a816ecffa0b10585331946ed31c69c322
SHA512fee0cb3a89bf1e808f64959c10e3411ccfa7f620987097c46a136755218607515d35ea0a6439854652fd0674e7b61f49b5d114b9d9b742047a01c00547879eac
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bdacdffe96a8716c39ccb75bd1b279d0
SHA11f9c06d5692231009894e69dea73f110e5df4fa0
SHA2565d1ab22dadcf8ca1e0d7beae39cd770b5871176f2dd0526863367ab8741d2568
SHA5121be44095172cd341a5a155c36604f97c7047a4fe553038afb5d8c103137d2dc5572271ab1b201c49cfd4ba96255a4ece1623efb64f7e63d995157b682968e097
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD5af47fc3df3e42240059efee815f5970b
SHA180b39de1557bc7455e0f67482684e0c785cbb2b0
SHA256985b9afd6f37a3b09bd72d9a668ec5240ce73b8649ed633a7abfe0841ef9eab2
SHA512d62c6b983d626e1d603b390cec8639ed3725ed3ae3abbd591c747fe57d2d0a147f278c16ce7ab4ad55d725791311f15d33224fcb287fe7a14ff330b7ccf2fb68
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\ga[1].js
Filesize45KB
MD5e9372f0ebbcf71f851e3d321ef2a8e5a
SHA12c7d19d1af7d97085c977d1b69dcb8b84483d87c
SHA2561259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
SHA512c3a1c74ac968fc2fa366d9c25442162773db9af1289adfb165fc71e7750a7e62bd22f424f241730f3c2427afff8a540c214b3b97219a360a231d4875e6ddee6f
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06