Analysis
-
max time kernel
133s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
03-06-2024 12:53
Static task
static1
Behavioral task
behavioral1
Sample
91dace6903c1544b3ab731bfaa393903_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
91dace6903c1544b3ab731bfaa393903_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
91dace6903c1544b3ab731bfaa393903_JaffaCakes118.html
-
Size
460KB
-
MD5
91dace6903c1544b3ab731bfaa393903
-
SHA1
825ca17accaa32949f52da59807a9bf6d4397764
-
SHA256
578c032edb3c066b2bd1da2608fc2b9703360bf9958f3a52c60f6380e18a1ba4
-
SHA512
5b2df3dfdb173f522793cc5933e191d78eb889a1adfb0034d78ace7d6b1e282ef40e2fe50d676160b32ce2c22bae91bfe8fdb80777c933981303b922695c9218
-
SSDEEP
6144:SysMYod+X3oI+Y9sMYod+X3oI+YwsMYod+X3oI+YLsMYod+X3oI+YQ:p5d+X335d+X3s5d+X315d+X3+
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c73afa9d00624b4e88a89a1476f1719600000000020000000000106600000001000020000000b8ca5551a1fd41c277bb7b41027060f09d37eff3ef2f683e5e8418f784f4c4d2000000000e80000000020000200000002e6796f63c6eae0b350ac1c5940ffff960ca0fc62c224f26c4beca36c8f86d6d90000000bc71238f222a3554446bf6355d500b2424bcb43debec4019a4d7e1837808e25aab17d750c98ac6fff9a882901f9e241b97ab6f06ae02bbb479dbbbe6ab0aa8e2d8ba468bfb1095ffe18e25ad3d736020619508c107a8732156c2f949ca734cf49793440581d78f4d97e994bbc2f81f48f670db2349743a36d50e8343a67dfdfd13847c6cff0981eedb0291db0ddceaae40000000c02f4325ea3e0517ec480fbe65fc58c368181adb8336137fe3166ca5d1d0198dfecd167c45c973f8a14cbe8733e610883330e3aa9d07dd6a13c3a7da01407ef6 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423581065" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c73afa9d00624b4e88a89a1476f17196000000000200000000001066000000010000200000003cba5de9b9dc7eed8d095f88607a205dfe25b6c0a6c31687dd0045b8125fc61f000000000e80000000020000200000007ff624c6be890a1f4b0a900a28cced5f284f1aa728c2c1986f25c6064ece15cc2000000041871427ca4de391575e72d7a87dbfcc16a68e7e426be2bfee5c127d036468e34000000070d75992d9d35a93128481508050e7b259dea9d1addfa3a6d0299c0af582a38e109e7b1b2ff607ded25102a76a0811dbdaca37f6466a5fde9dbbeca9a5c68d9c iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 709d7e18b5b5da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3FF35261-21A8-11EF-8554-DE288D05BF47} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1684 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1684 iexplore.exe 1684 iexplore.exe 2260 IEXPLORE.EXE 2260 IEXPLORE.EXE 2260 IEXPLORE.EXE 2260 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1684 wrote to memory of 2260 1684 iexplore.exe 28 PID 1684 wrote to memory of 2260 1684 iexplore.exe 28 PID 1684 wrote to memory of 2260 1684 iexplore.exe 28 PID 1684 wrote to memory of 2260 1684 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91dace6903c1544b3ab731bfaa393903_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1684 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1684 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2260
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5afa9321bdb3a228ac70ddec482be4e67
SHA1ba03fc07a140dd27d115cb751bbbc47bc27bf4b3
SHA25626030fe1eb59e945e6695cc24ef7581d7d65ea644558bbbd7cc7c09a61f527e7
SHA5123bb2960fd96860ead69c2e296bfe071fd79f14c1913559df3f9fa069ddac3f9362c88a63da046ac2a10f1e3b872eb7acd74ec067bbc56b3e269695239a13909c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5be0c559010d58b410c1667ad848bbf7d
SHA1718d44aa8ab24f9efaea9391e361d1b11b243007
SHA25604fc877390816fb205cc9f277e33b143d16ef32c603c5e7a334f319e9675a53e
SHA5125fcc1971f09690835e78bc367b11cc9c0562567eaec47c3e750da92b8209bd24c5f58382f79d3455aa2a18703892b6f7f9bfbae990f973e23b287ed484ae15ed
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53c4092cfc4106302efbc652945b012fb
SHA15d6544d818d68d14311a2d568d753330e2984d71
SHA256fc68ac2574128abedbf2e8303b8f4e790162a3437c98a5f69ccf7f110ecd38f2
SHA5125f9c8818a475a22bc7f031248a08299484295cafdadae503ea0bfba846744c9486df1932c69dce5f156789c9a710e9f5663381c288cb3d7f1c4faf054602af04
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51fd09192c46f4fbb3b8a1227d67a2cef
SHA171ad34bf3362c7867aa57e9dc970bc76c7e6104f
SHA2567988c614b887af8582919c355cf0f2bc241a0bbe5a10e30aee0edc91d3e0f65c
SHA512d7a61cf516fba21d83afb4fd50512d3f7e4f7b68facfa84faf0752b9cb41c66d7070004ddb3468966e35972f72e6606e4393a6016dec3d4ac209b3bc6c6eeba1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c2693995356186ed492460f58acf2126
SHA1e8c1dd45e990208ce96709d09d1b36d52c9ec5ae
SHA256f052137d2bb6107f17f1df065663e6ac4a1b97c4d56fc0e68b2d1e0fb10e12f0
SHA5123abbacc0169b005723414c23c59ac8675f1c4cf1cc5d647534e977cef64c8d120fe059c4669359f3ae864be253afb07c504d1ccf7e1385f9d9e4f8b50c8ae04c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d8dd003d8527d56f24b2c5d74de8835d
SHA1d38a8815d41162996635e72f331a4e66e03330a4
SHA256c9e2fe855cdb87d09b34e6f92fc6a38ef5b0fce1c4d8b7c63bee418693e626ba
SHA512987017753f8e4c40de82e0991b975120a04cbb720d58995d452de58457e1f783a21db8c9560e3b81f2ad09bc9ed09214a7668d2b6840fa7c767cc6009a7f1918
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d376b8bd050d9fe28c009829f6d38b4c
SHA108e2f76afb52796a35cfb5f4025ffd4f2a0c65d2
SHA25681fd87fcbb4fb4332429172e43700bfa896adb210411432895b55a96628ac84c
SHA512e1e7be056bc41ec4b77039088363a8b968a6f08cce7755ceb416f88be504156982e0d745aaa7e4428933ea65621e307ec73909a9900946113d4345844cf67e0a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f099eb58a4c6d066c8a3046cf4f6f4cb
SHA1ef13da4c0feff458dcba71623313633c1e87f3b2
SHA256e23d4c5c143e7c7940c409d43c45fa2a877c376cc53bf4973fda08dfa72ec097
SHA51209c9e9c7aa2c4f0533789ea4ef0abfdc5cb5f4a48c8b579c622a06e9b95f788503f9658959b7ef794dabd42199b83f3c6f4b1170ea5bb39bba3ea7f8ddee3887
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD573f14538b3daafeffe47042202c333ff
SHA10f0aaab02454569a043ae4217bbd0e9b50978e15
SHA256ae2886d59d69fe076e996f5b5cb40b2782571fed062bb8ebd4d643983ca5d1d0
SHA5123dc55bfcb60e5d46c350de854310717b29dea5771373630ca31241ff73d7792391291c54accd676574913dd833015e7b4fb3cb264022420b09627b99b7acc3b1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52041a9a33c414bed0452bfda28872f85
SHA1744fe02a1e027392cec9b75a80574514a5779c9c
SHA256308e98dadfafdbd69d6be83ea83da2c9f10378cfa5ce586eeca6ce66c276b809
SHA512ea45cebdacf1bea26fbc590996382d9d883b751721c3be3bfbf6478b89a6a4288dcff77f6c8f5ad926981457086fd3ac9b37def7b05cf64d296556def7e9ca9b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD598602e72bbe7044dfae50dc59572af2d
SHA1c52724a5ba4ca7d8befcd82f56401fcb0c366017
SHA256b2c50c7f2863ac31a7c6e57b08db775912d3917e6e8146929c0c7aea08d80e75
SHA512818ef154754f8892a58bf278115d91c81b8562959cadbfff89f97064de5937a723e687bde8d425d80d4e35ad295a76d183d4080a204013d4b3c7bc1db349d3ff
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50fae5182fb79763137b49823c7b75f32
SHA16f7bfc44cbefdd87f7d50f1418bb10b391cb5858
SHA25635118e67fa89f38e119874965a31114408efc4efe24cc334ebc059c0cf523389
SHA512aaa9dd506d52c59cacd1401993d32f30d0884f8369105647f874880cedcf8c3acd3b3862ae80d141acee549679cab1decfba99c812410ba89675d438502c0895
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dde7801aeaf350a6acf3001ab81dc2ee
SHA175061ee9c7dfcbc00ee8ccdeddad3d432c19811c
SHA2564f67cc2fe7d9e0fb4ca65fe8802aa45e67ab890a659081a463e56f7277b4e988
SHA512111e84f9c7c81871bbca021a034fd7a0a631c9ac05d0c15207f56f338418801a491b0b90be00db65757f00ba81b1a7f0f295191886d5a7aabefb36af63bfcb13
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56fb640947344af223ce41afd7969a77c
SHA189ed5fa5c1a5c1c7bdc65f79352a237f3466c6ad
SHA25654300455cae0ae7038abeaf9a7a47d9053e58bcd87f0ec4a3a75f403865b5bb8
SHA512d8c674803ab56aa431fbe7c081652b02dc734d886c133ad04666e1590cb7d29ad089b3485e5a2342bbb66bd13b688b6d44c86e805f4237941133a080da75cbd1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD520bfd543972ef9dca98f9cb980727138
SHA1f992fd00a83d47a56c49fef20b7384286a39556f
SHA25668b61069072224122277d8e9cf385420d3b03e126da9a013f780c469f44a49b7
SHA512f5cb1d9aa92a14c8172386c6b4d45907fcb36db3218b410a6f61296ba005df523e9917d2dd85e3a0a53063e2eb721d441a34fe273d225249b2c1a3316a40ff52
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55e7daa7a8809c8f6b6dfd0a183d25b79
SHA1217c36fce0ae3544595f2e9da29dab1fe9cfea57
SHA25665b935b63948933167af0e6e6cd8f54bd53c8581198dd263fbe42a24f95d300c
SHA51256b8d0380c4212510a15707b0cdc05b4b043726f2cd6c02088d7c921092c2eafcc8d892a7d9afdf9519a4e4f4a1fdf3aa492c0104210c2b9ba52c950825ea8aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b8a5070f9214024ae7867a6660361998
SHA10de1875c96c8a760c804ba8883ae1f5298c4de85
SHA2563ea6d9dbdd0d42627f9f8a69de0a4792e9294c28b3e245994334f41850f690c0
SHA512251085a7700728bba30f45f4253731a52aec108ac2f6dbb7f86a2d577980668cda2fffc8c0f2a9e95713d13c8952ca54ec3a55350f81d0268d1663297f545490
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56c9ceeca1eecaa912781a602b4227167
SHA13b59e02f5208c0e5eae45da5c87f780b8ceb641b
SHA2560855c2c99bfaa2120f646b35d07620b3bdc9cbe14bbbac31ffb1b747d3bfa21a
SHA5122d8ea8b5aa9b8374890099d5b0dcb9da70965778274224debb00b9278b9f943d75e8208a1fae7a6387d061cfb0a004e76f8760f1e02a0459f211c7ff339b20c3
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b