Analysis
-
max time kernel
121s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
03-06-2024 12:53
Static task
static1
Behavioral task
behavioral1
Sample
91daa3e076c340a4282ea2776543107b_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
91daa3e076c340a4282ea2776543107b_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
91daa3e076c340a4282ea2776543107b_JaffaCakes118.html
-
Size
1KB
-
MD5
91daa3e076c340a4282ea2776543107b
-
SHA1
89bf005fc0b520098eafc09bfa6d6d371a02ca28
-
SHA256
32d129099eeee4303b0f2c911040bf36c55104d23b7937dc141f36c2ae8ce4cc
-
SHA512
5c1f7b05697200ddfab707a81e5c57b8ff3c4ddf1c259f47193e2bcd9081d1a78c1d3566ab18201a4d08f7b890130963126072205e2aab3d527532447c528dba
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423581054" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a74df8b6fcb1ca4486dc234e2994f9ea00000000020000000000106600000001000020000000e003746fca369e74311893c0009805a29dd06f03510ad856566afd1ed4612a48000000000e80000000020000200000008c1481118dc3f36e329a0ddd2f4e95d1dc11ccc1ce6aafb1ddcff288ceb45102900000004aed6db8cf7bbfe2f8f80f61946b952d566b6f31bbe097bb9f6f021a8359b332238d803f7a840e6c05fc523f1b932db905b08c2c2e941e33546dbe98afab153bfdf5cbaff2f6fa1f6c158e224a4ac6728a1401c9bca4a5aea454634059883fc832ba9640d46507a2cd3e74873279bdf483d052a19fca119b95d89239a4f86e150147f2c86709e4cc9536d14d1a156b144000000041a755b30f6d9be84efb476669dd52e278daf1296dabf2d08057400d45d102c8217385497cda68be3cec7eba4f63aeb2da878c155cc29636759914ca2e08025f iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 401d9b10b5b5da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{39678A61-21A8-11EF-AF55-CE46FB5C4681} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a74df8b6fcb1ca4486dc234e2994f9ea0000000002000000000010660000000100002000000030d2565421d43a5916cd84f8512a24536d7340e4d28ee92eb5c15297ba234f67000000000e8000000002000020000000c0853409d5a96caf0a4ce181be6823af078919ff23f31d0e14bc8c32739d4b1020000000c52933eb9ba11e490a23ae7a843584c3d2c5dce6e7f471434daadbe9d8e7c3f4400000009ddb1736071931f94c6886ac7dbf26b659bd481d823f141fc89b67732611f4ca9c95bcac152d355aa4d8ba47a7192e1e079aa0838f0d72b270753bcc6badec7d iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2984 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2984 iexplore.exe 2984 iexplore.exe 2660 IEXPLORE.EXE 2660 IEXPLORE.EXE 2660 IEXPLORE.EXE 2660 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2984 wrote to memory of 2660 2984 iexplore.exe 28 PID 2984 wrote to memory of 2660 2984 iexplore.exe 28 PID 2984 wrote to memory of 2660 2984 iexplore.exe 28 PID 2984 wrote to memory of 2660 2984 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91daa3e076c340a4282ea2776543107b_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2984 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2984 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2660
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c14c884be41c4f4912db59ab1f59b1dc
SHA1d162bb5aefaf46ad6c6c36f5ea920d673ced4afd
SHA2566b35c2c330772e095cb6547a1cc12da4f7c2936dde72d3f5b6d9f272248d28e8
SHA512e296ade119f921f8e8f8c863da378ea53d257e208e5d9638082043c7a99f0e6186bfe4269da0e89d7cba9eda1ff878410370174c6d1970f9ebdb8e0b2e0a4f81
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56eb0022ea2e5e6fac778a910c93b3a66
SHA1c054f13a8c135a1fbfd4d12ddc03a3b4a6137564
SHA2564c543dc4b584cd38d74389e73cf3c3436ccd8cbee231d83b291680b089ce5455
SHA512146bec5d52062b7a0f40a2e3d2be0c4a8cae74e95fef03bbb95afaf36ccd29ece504017313dca0c77dcde81b59043fdb569d0d4251eed429f9b1c9534e698349
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57cb9ce71b1a871e21375ea3e90748cf8
SHA10f34e5a28e0e3fde6e6276e3ed1683cf348ce1e7
SHA2560b59d7e6bd2041721ab7b4abbe6b3a4f12cdc12f16cdfb67a8ba3acc002ec6ba
SHA5121f83515f6b982cb93cc83283e53e1895dd5ec399cacf8e76db066523d76d64d8f28355fcf6e6bc744cfdf98b1b616927b5c98f4fb9c4c0075c3d6dcdd49b753f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD504296c08be293063c3abeabb258a190c
SHA12bde723e215562e13bb5a66386636295b6a959cb
SHA25683f127e99f8218a1c6ac1a3cff3f981a783d37cd972cefd1804eed9afb45af63
SHA5121e729b474be03be18e7c7507b350f94bd8592a525c203f41e1c9d8e5da7d7298232d17ec2862b5ecdcf1671e2e72d6dd07bb6f95a6bbbb0d59504db7c6c45d0f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f9bd4686e888f4ce02eaaa643c4f7d10
SHA19b9e1b97e07492ee1e7e921bbf5ddfbaafd5b0bf
SHA2565bd60e4eb28098d46b2835dfa7b36b5b9771cefc34d7916897069c0081f421e5
SHA5128ebe3d735b3071089e335cf922e77a2b027598f5794fb4027825681aed0fb20361bc12bb2b5cc927b1e1ec563021cb9b7a78d8d2b9ff77ab8620e4cd980887dd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5195b57296d14a20f3a0b710d5c5f1523
SHA11e30da66cba9d127cb7a333d5f9b8c37cf83a61e
SHA2567318a9dac0fe4bc1f0795220dbd8af315e7911575261b1c059baffda936e7ee3
SHA5127fdac86d3ab160fb9904fae711e918cae6c7e90f927c05830c6c486e3b27675d0c312bf0aa5f92a6d2facab865d3ac406d57f9b27234dfdd4c6f57d317872096
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50999bdadfc056d9b85cd7adf5919f59c
SHA1a884d8605d2f09a61d54f2f428daa0d387d6f165
SHA256ba25a5ac7a1579bb2c7de1522b770c878f0b1479fb04c914c302e3271e5d08c5
SHA5123280e4bfa94602640758b76aaaccc11053faeb6514a9e83907b0f0eb84bb47e166b89f4e842ebfcb2198450dd8454991bed2bac287c1ed3d79f50ece8ce0c339
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57510bc28d48a24c91bfe9120eb3e1b08
SHA1f2b053feb34a3c0448d5fc4a80a889e48714ef2c
SHA256e266b02b7044f0f7a99cc992a247ff3ee744607c29a028650cae98c2450b10a5
SHA512c726af8ca6941686de51dddbde9330b5ed74002ce5fa906df0c3253c68ce43bc2ee53b5b1112baa912e49a069ccb501ff8fb3b7a71b6305a221da1ba93a8a292
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ff68579a03a14c546bc3f5ef0c3ff6f0
SHA114bbd4a8d261291613dcff3f1cc848310ad34fa7
SHA256817ac0c632a7053cd3de850f861d0c2a0e8501379a3751e986d8a72eaaf07801
SHA5127b8669ede5da200dab9db8de506434490937e25165752e7c219812e15f8f64b979e317eac9309fc1bdbac041477be6d7c7a14ee25df9cef62d6b5d842e4f034f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5280d386b1a7a3f2056f7de46efc807b3
SHA16fde250d0a83918d7b5f3c81f3a937aa0c9bdc45
SHA256f879cc79eb26abb3c705f2d567abed61b3828043f6d00d33e07453a402b5f81c
SHA5127622768cdd130041e9aaff4b395b9d00d5d5ec210e66a19f67858f70efc0ad32bc3f82da6258fd2d571ad1d7eccf1ade073719f9c4f8b7beb6b9a3b94c2026be
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5da6ceb41422b0a8b497a5f51e9fa41b7
SHA12d5e490209c5398be298fdc0274b3ab4fa8611e2
SHA2561a8ac13b04d032e2ffc91242746a87e025e4ca8329b340105cc42e0eb10ae93f
SHA5123c40fe367859076d0eb012bcb50831e0f82d993c08c242c2352d97d8477960e2d7789dff2a261e2bafe3a21c342f9d49452dd461010fb561359b718309bc92fe
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e5a5be9657fc6e7b2f8c458ef8717feb
SHA1310949edfcf36eda69ac58c1c895ba6f8350addf
SHA256f0308fd2f823afdf0e3b8be9c3580945eb5f05cce98311d6e7106e3af3284067
SHA512615c8fba7485e78e3d9f84b9cd3663646824b0c8dfc09c6db20bf27158b2e20819f8ded6a5f0c839cbc19b403e04b16f34a8749f885e5902792fcc5600487d30
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5750f1331bbb3ffff41ad78b9c95efd2e
SHA1b32859f480fcf7643984f6f68d636b2041de77fa
SHA2568bd0d6ab9f307dfc07a4bc1770b1081fae1a8d53b636779c0948c98c1a6f3fa6
SHA51259a9b381c9ddfd5efa49728adeaa4b82caea82f387cbfe0a9e05c57ddc691f2659b2d0364128691465eeae0c58956a582add77db208f061b52f4642fbdc407c0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b1168a54c25391848f2fee5600630fcc
SHA17da11d5f96f62b77d45863c8495da273ee01d115
SHA2567eaa0d07cefcac62c9393aa63de444ee229aabfb605834b259124d302d64d560
SHA512ef0288a8199b794d89475c63f3bd64b07fb268769fa8001d6393528bf64db42373698ccaee45b939faad01cca4b2b1bf1ce5069bb6deb6a03e1ae860bbbe8807
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e51ee92e91a6af348da5a7b2fd2722b8
SHA149cd8e3c4ada4eb56df2392091c8e2210e9c1cee
SHA25619745c2fa0c51ce21787ec9c576418bed18a7435da3d7665c6af3708ce2bd055
SHA51288459c0ab5e76374a74c8cd510dac9d9ec7f47b9ad672bb7f70bf1f3f5f1ff014003330bcbb6bcc2b3cb7f8c6a60a94e3c38b25c3b498dd8794809f09e963b32
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD580adc4b343282687870c1f205f1f78b6
SHA1f32f5497a9180ec473493ef0d9fb6c9bf342da42
SHA25692f0f6425ddd0d9701d0bed7a5722c67e172f64501e96b0b6bfe0691fba00c3f
SHA5127d049e6053beb1fb0052186e17d49b4258cd347029fdd03d629c5ae8d71ff74701612ff190294460628309b81f8c542be81ec600b5fb9b2cb4bbfa95aa3563a6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f4e3d9a2000c923014c85c12362003c6
SHA12c3512695a709b38721924b73e2d2c46916cfaf5
SHA256d947214502d52cc1476c0dc8fdb88defdc8797c13c27753f29aa3dfde7be5bde
SHA512a7fad7a7c8b3c59579a8e41d3c0fe6d084622ac3d91e5240735276fc0559dea2fb8b4ed64faa74bc2c9cd08a6e1d9214507904ed8613161f163f94407ed54a56
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD597d15b3f14dda4c7ef86875a39460d02
SHA17007476ab3a303c267c12b91825125789c7aa87f
SHA2566151537025e7d8593b70c397a2e9a861e70c7667ff869eca2d76e42901b48169
SHA512092bdede62ccdbf63a384821bf5b8965047fb04289ae01c541f6bac817c040c2ebae370cafddcaf2d7013b52a6c5aa64b823614d5e488de981bcb3349adc3a66
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b