Analysis
-
max time kernel
141s -
max time network
141s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
03-06-2024 12:03
Static task
static1
Behavioral task
behavioral1
Sample
91b7080b60243efdadd475dcb50bec02_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
91b7080b60243efdadd475dcb50bec02_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
91b7080b60243efdadd475dcb50bec02_JaffaCakes118.html
-
Size
67KB
-
MD5
91b7080b60243efdadd475dcb50bec02
-
SHA1
01706a2ef0a892439585217226fdd126dd1294ea
-
SHA256
dfe5dbb8995c7e33ecd4f2642a11b69d1b01e65fb0e930ec6adceb21e64ab246
-
SHA512
192e6ac827d73b2daabaf92eea13800cd924ace53894305a8fa37e665f609c2ca3fd58dd7b157aa74014886c6610fce72bf0107255fa5c426b4f1ce00b182a69
-
SSDEEP
768:Ji/gcMiR3sI2PDDnX0g6sz6AV+IoTyS1wCZkoTyMdtbBnfBgN8/lboi2hcpQFVGo:JdUTzNen0tbrga94hcuNnQC
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423578053" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000047c1be5ccc95644a94905d54e4c72c1a00000000020000000000106600000001000020000000da905b084f60b022d28d847efd8f084977e76d76db0a75294106553e79891bb5000000000e800000000200002000000033fa4ba041d3dba16525d081d84633c396f4be505e26b7c8dadde6c950bfe57d2000000042a056ee6dbff5b0ee632b751599620e750c3740aa1fb4a385916da5ab101db5400000000fa0219a85985593e225dc9214fd46abff9206c51e9a07a9a8ab61717b82771c664dd5e5b4632845e096441eafe228ff96190a8fb88594f543f42f8012153a57 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000047c1be5ccc95644a94905d54e4c72c1a00000000020000000000106600000001000020000000e8eb0826404dc5282544ece7ffc86ea89b941a4333ca5c84c9b8b59152e82e7f000000000e80000000020000200000006454f094992465ed1d72befc6643e4d11848bade9ea99c4516772de479db7bd5900000001833cad205b68f126f1317be0be2a7ef7eb33622f877fc87e67cd025aa7dd8b150665e11ec5fab5f9fe1b31a069546b7dadd945f7d7c78352943bf182237e16448ffe23fc9ab31417bea24e214162703396c13d5df23b0b09eeef036ffee38e6336c80f2f42dadae5c5ac4cae8ed41bc394d4738b4a9a1c4a79ee274d52d29c3b1e38ac585ed728853ef43cab614b87d40000000e0a051f4c22e0bddd531cdf4fc9d9698715ac60e1fe471200c5525350968c9cb6c4bb1e82b3d64182c67ff37d8303f9c1d2cde64d4da12349b36a0e3ee547d7b iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3C16A901-21A1-11EF-BC57-569FD5A164C1} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0aaf810aeb5da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2104 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2104 iexplore.exe 2104 iexplore.exe 2840 IEXPLORE.EXE 2840 IEXPLORE.EXE 2840 IEXPLORE.EXE 2840 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2104 wrote to memory of 2840 2104 iexplore.exe 28 PID 2104 wrote to memory of 2840 2104 iexplore.exe 28 PID 2104 wrote to memory of 2840 2104 iexplore.exe 28 PID 2104 wrote to memory of 2840 2104 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91b7080b60243efdadd475dcb50bec02_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2104 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2104 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2840
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50212b808b7d246e91fb9c9fe626a78ad
SHA1057704d61708003709f16a54edbc343cdf9ea3a2
SHA256b8548de3dfd164e33d074f2ce912cde4e39c8cbd20cf5f115efa211735ff83e4
SHA51225d244c08124f114608f9c2a3e14b90f900119cd842e455f85d8a6f5a9655acb866e052061272f0d7e6b0bcbd1967efc0d27ed19f2aaf23069308c0330ff0b0d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5eb405aba59e703a294f70532bce7ce46
SHA1d79f8a4adce0067fcd9150aa812295ac25493d38
SHA25609154e8abb32533d53ac65e7ed43ca1dd5f9ad56f170af63df9199b8cd695fa1
SHA51242da0d591d335f2f0b60f134754742a02798b1912087f344c51b0fe89cc7a7e50b5b4431db9f02f5ee1a558ebf618fce803e791345f0d77135063ca56874079c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56afe1b207df90cee2d01c356fb2e1945
SHA18f12a349da6d5b8f8d6dd6cb691bed03217a32f1
SHA256efd63ccd896c993171ab722cbcdc136c8c67ac5223a520d7266f521cb6c553ee
SHA5129e4ad9bb8bd1ecbf19be4442f39606aee484ffa2fd0ef77d2be6d941b7acf7fbcc235b64dd5634b190fe355670be75c795e7d6e3b4f1ab4681ff85517f9837b5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5676e2b9a9dc08a3b5a6dc6e8b2600c4c
SHA153bc9392ef6af5271758a2f9cb8b5ba325d69b52
SHA256cfd3e662f319577a8a7a0819b20dc7a5960485cb94ab10bb6895f6be53ed21ce
SHA512fd112803035a25f59ac589e633cfd8c14ff9a6abd3c7f6e35183ee24933668ef2c1d064dbcd1aa14526d22cb50adc686aa98828574458d8ec26a2f23aa8630e4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b9edd8acd58db8047f3133734649070b
SHA12f5f7d31a40bf3a199d0080113632db939cffcc2
SHA256da4ea1d62764e8d4a758a9c6717bb9f0aee7669d6847a2491dcb2c74ab9adee2
SHA51231c9d2c4c5c6224708f16842ebafb6bd03b2508b044c2d3491a70078bc500e5a8d957b783a2d303cc544021e3696e69557be1a9af2c0401a80cb8004432cc2fb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e791570b690dfc5db4a1fe2acd1b3e7b
SHA145da63876e424d9726b61976128e5815376dcf2b
SHA2566812da14b8e41843252834bdbc104463cf86bf0715820754eed6940326428efe
SHA512b87e54c2666bf636b6af7dd38e505641840346b5e59c2d3433912a77820fd055776ea74bafc00f6c2875e18704ae92f011c1fdf58fcf10d64b167580b1229e9a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD506f64b71525a3a35692f95a53b46b751
SHA1b738a2062a8ea66b4969373fed1181b0f56abc0f
SHA256ad6c680d0386521f5a16e4c5d810f2017f2c114393ac5e3127f51bc34f6979c2
SHA512c5341cc3db4733bad22ceaf2aeb08ed7bb09d1c7b07486491b96397d98f87e2406ee9255105b637cf3deb202d91cec6189720dc6119d4490c98e449cbf46864f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5db08fde0cebe356d9033a66f2f21b10e
SHA17b90ab35a115450b0a776744200ae9dcef2e7d48
SHA2567cf0dd423f413459106659b0c4794d985f86303301c69dd3bf60c7225535f2aa
SHA512118716975f314fa54117d8d3d503b7a30284380052a40fc726b5a496f86be3aeb09b00c837fc5e9c18992c12db57a6981422a676098dec339e26ddc7e7585ed4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD567c9b87481f8539f3cb0d574469000ea
SHA15c87547e7c6e69aee174058594ea3545a14752e4
SHA256d15b8fd4365dc4444ae8e5c130ff9572a552cb6e15921dfb6fa8a429c3a93c53
SHA5120ebb9aad8cc225ed795944b9a819b5abcda2c48237358bd1d19792b508b66175badb152dff3d6e151b839e9e6842e76ab780bd7325e82e06f220a64b8a7bad22
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f6f5df7734a4a520d9ca2d2f148d59d2
SHA16ca2aa2f5296620a8f50e088f7b2856c280998cc
SHA256c5d752b70dd11fab08afbfbfb605f0a81f0af323ea44de11d6cff3e9709cbf6c
SHA512100253870bfad820ef4fbe9f7ff96b1dd3a0e7828b031ff96b7469608ffa17d4c9ac0f9ee5319cbd39024d37b4b41f9dcebf50770ecf7f4a16d889c62530229c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56c304142909c9842db38d94d47cc69e5
SHA1500104fa2eff88908e4aa645b5cb37f14473fb3d
SHA2567236e78802999ea238b77825acbf3e273d6b332da1419a6003d37444becfcecb
SHA5122eb34c836a7d1aa1107337e9c8630608ebd792be1bb623bc610f002d74d5c766af7644394e9471433eb4797021fc40ba62d7412b4fa8aa2fed6c4e4e755d0fe4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b32493385b8eb43ed6c16ae2d6269843
SHA12b619a49e02795dfbb0f5f48a83e4f24584a9e7c
SHA256082cdfc31f4e772a0d8d393c6a0f8ebc669de8b4f2e5c6dee9ae488f8445aecc
SHA51253713423a6258f5cbde99e036e10e2fb54997fce99bfff1ab8a486fac4190136c8402e8b3ea0067c719caa02b8b9a1ca9a35f68d13341b86752f5e096d96c6df
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cf4c7dfc31a5f18f7ed70435cc1257ed
SHA1cbdbcbf9438286f29ca7774c5bcb9e06ef4b1ffd
SHA25663572c063485fd9f92a7cf341b8f4ea1f434a5ba21d395092ac2d6eeea0c1537
SHA512febd061c59c43f87b4b1c75db69e766ca59c9f46d0927c95e58bf5546e2faab0cdb5f654ba93783a6c614a0603f10efa3e7975c510bdea51705f60ef06c1579d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59a11721d033d40d9098b0ccaeaa4fb4c
SHA182e178b9fcd8098577c0916490b1581f2b3ea7d1
SHA2567a7c620ff098ef13a1e1ea5f59c651a0ef5d277462b4dbeff9edd9d98405d5ae
SHA512029bf7c8816e3ac96a4995cac6765848d359eea0ef8321baf522869a5522043a5d3fb434a643ddcf7b6b753a35ee18c80d4a3736853418c88535953fbfacb9f7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5963becb412cf3872ad37418972eb0ee4
SHA1cd03f318ffcf36e21de6a7a755e5c999582c7419
SHA256063328bde130744506b96fe2b2ca76d7cfbfbdd2f910bb435c6ee64dbab76247
SHA512c54ba4c8716841971913a1be5263511f67fba5a50a01e46917d20c3341936d814dc0fe4db17e7d2c009368d1d59a11c8496e88cd25bdbfa97908bfc294fd7e95
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5293cded12196786fa2666f923c94d2b8
SHA1e84704ee81975e5680f3dfbf9a2950bd0e51562a
SHA25646a7657265fdd28a593dd96c9cea0eaaf2e93525c861bbe3396462e278865b6c
SHA5121dd318a6568a5151bd5c19d1b3aed88f61cf9f228e42059e7d2a22f751f2e327d1ef30a04d861ef2800e371130c16c2a375fd1ae15ffa534bf37fb23146c41a2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bf00c33b8bc0d6706a3dae00a7a02c32
SHA17258b5d9b81529473efa50e43ddf206a84c43352
SHA25644cc9aa09dc21547ac73e6394ea671d5bcf26d1e998a944b54e4479cc504a405
SHA5121c78b94a4400c326e23cbe8007f51b562aa11febe391f46d503070f9086e75280edd6c521328f7a7fba1f0400f9c59fbbc341d351aebdcc2f604d5f3173be6c6
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b