Analysis
-
max time kernel
136s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
03-06-2024 12:41
Static task
static1
Behavioral task
behavioral1
Sample
91d23c609272a76327b047f0cb63ae67_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
91d23c609272a76327b047f0cb63ae67_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
91d23c609272a76327b047f0cb63ae67_JaffaCakes118.html
-
Size
158KB
-
MD5
91d23c609272a76327b047f0cb63ae67
-
SHA1
6d8ce83b09604035c237230f6c8dbeca36d00269
-
SHA256
834e3862b73f8f82d78238e1b1b41c961b861fa3094f08f306db111da7932562
-
SHA512
1c000349f675dcad65630619b42834f056115fdcf8175d5f4ba05b8621098e379a977e1e127c4c77a223a906cf935be5712ca06dc96445bf0a45f815ee8355da
-
SSDEEP
3072:Sl6yJWS1+/dYyfkMY+BES09JXAnyrZalI+YQ:SlBT1+//sMYod+X3oI+YQ
Malware Config
Signatures
-
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{98270321-21A6-11EF-A0EE-F2EF6E19F123} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423580355" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 8011c8abb3b5da01 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000797c723e9b0f8e41ab29567006bcdeb100000000020000000000106600000001000020000000f23f47cd4fa49b99380e52e2c139e30e129225c4a227a1f020d220265212dfb0000000000e8000000002000020000000430085f44121caa52557e689b73c2341f066383ee8cc70441d776d50a1004e6d90000000dbbaea32cb6238cf8bdd3163101d6cbe7cb2c29933558d28af65c78a075adc338ff3fe1225803d03859fab0fb5fca981f263343d3526ab292e27bd3447ed4c78b4defe4e15a8ec8d17e92648e97a575a0b9f46de1e0a975a26d26cfb316d54b79dd8a9a6eef0e4be94e2adf431168f16eb207bf1d17f077562c3b8506ab4deb7c0d9ba6b648c998d1435862dd95ee1dd4000000007a3e891ac5beefe3a9492b23c38656cdaf3ec9899d3d9e97cebd63d8c659ba08e6aa9e2833c4bf067431ac0ef1d11da628e246b43820a0640421320890e6abf iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000797c723e9b0f8e41ab29567006bcdeb1000000000200000000001066000000010000200000000518b0adaed1d682d3cd416a48f1affa7e8dd74412f9d9c036e539060c140797000000000e80000000020000200000001c750c2df57ef2cbc6a3866d3ea663d1d65b3c56c1c27b5399a891531752bf9520000000b6439048a32b68ccf9f3bb1df05738101a271afcc5874409d29d0ea5bcdcc43a400000007f1801e7d66cdc1007f78ae5a20cb53346494ed96e823e58576c75a65840bda410b326a79322682b3109694c40be347a18182139831615aabfeceb8f7f948d49 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1680 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1680 iexplore.exe 1680 iexplore.exe 2928 IEXPLORE.EXE 2928 IEXPLORE.EXE 2928 IEXPLORE.EXE 2928 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1680 wrote to memory of 2928 1680 iexplore.exe 28 PID 1680 wrote to memory of 2928 1680 iexplore.exe 28 PID 1680 wrote to memory of 2928 1680 iexplore.exe 28 PID 1680 wrote to memory of 2928 1680 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91d23c609272a76327b047f0cb63ae67_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1680 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1680 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2928
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f210bc4bc27507f9d0b0b41c6c1df259
SHA1bf9a5c54371146b6fec6a0e897261d28af721936
SHA256afcca3d91bcb1c0c373a0ca466cdb2fef3a8b2f4a427cf5d7e99ca1cc00e7689
SHA512335340e661e6e883a8ed074199a021c7d7c6b469e95175952626ccbfc76bc617c67fd7fc98389feb493f143aa7192a4bab9d722886b8a4d4995b300b30a9ac84
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53a45ec90c0a578deaf6b843b7f4383bd
SHA14425793c02b556ce25a6fa3470d11ac8814b71df
SHA256ab94841fcb9a8c8bcdf10f72d923dc5913b7162ac7c0bc89b76adc0dc9dcf86d
SHA5127bdb375fb92537bd504fd94fb550547758802fa5e97054dd1c38d588cac1612e48048ded1be15690cce62b0993229372089ba757932b5e8058a5fb7ebbc08748
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57fce48587d394d6b5fd777672e05a050
SHA1c9a2be177259726c1bdf44ba6ef46c1a6b88b9f6
SHA25661ef14b3842d8dab02cf6c096133b92111076ac1d25e2d7a0d47f705a8529c4d
SHA51240d55396fe9c67605626970d0c09c9556c586d92157fd14319f8cefc7766d4f434f8a9b157298ff30ea856686190a551f0516e14cc4529d952b98fb8c4041836
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a4e352f823d4d659bdb330d20539d142
SHA1e5ecc29bbdef79673a7ddc2c11090f93c85c101d
SHA2569ed64916ca3361c548d6f99efdb3a71958420b7524e471fe1cdca9fd35080e0f
SHA512a18b1e49c1cbccc9325084f0105d38bfafdab03848fdbd05b69c9edf0cd92f89c7446a4e50013ecd127c0f53752b878d42af7c12ba73928b5d2bfa0d7bb530de
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD537a5fd52cc8cc97cd41de43294989a23
SHA12a70a09e22b0d765250b2350a8479d67cbb8ecca
SHA2561164b74a553a5ccb964c2039553bb7232c0d381d455839baaf64ffb7a9bf1a78
SHA5122ba2999f24117c9a4411e18e8d4632500dfdda2b933f00012ed7983671b7538e2554e553d307e3ff4108a00c25ea8d3df7d0308ed8dd06b65ca6a96552581472
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d6ca23a246cf31f9d2417870eb47a8e4
SHA102e7bd97cdca7d9592faa1dcd415034abc62e3ea
SHA256916f8fbb148daa76a98d8cb5cbffbf366bfe445421eb7cf697f7ce078ee8513c
SHA512655d87a416c78be44859fe17758bbc69955c5615787eda7a545c94407526b14c860c88cde0eefb00aa1e15828e6cf3b48f93e4efdabaa22135397183d97c34bd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51206dd4fe33bc03ab7de73510d155670
SHA10d41611eb8e357372b1be51f1a7675b3e0ef6d20
SHA256a4997d6d9eebaf88da1669605e212404d369cf1fc811abd7c43a3c3114d1864b
SHA512bb63cc356d517217636432274fef9d8cd5d03a6197530a24ab9183a414c707d181e0340cf53c9e98b891cd67e569b3e0cd541948df05114732f11ccc6de3ef9a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53999ca8240a8e093f4a2ade4157795fd
SHA1992cd55db4e2c81e062549d686405f04c4e85ecf
SHA25674d6705759e1a195cd9a3093078668659fd0e7d7e585908db549bb78f11c8940
SHA5120e0f1cb2a06f94a1f4f8bd2004431b9bb6c9e7d596ed0902e11f3ec964e8a27f60da144ea733c2e81964257aa081e89555a6464178e06740cbe125b39ff4a5cb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56fec17bb6b334045fa265972f901bdf6
SHA181acb3b050deaa71e9edbe647e657ebac851d337
SHA256427b3b45a4c3fca71f3643a5844f6399da3bebcd92efe5e6520eab211e9b0118
SHA512d244fba4791efc2a2399277f46b3b144629aa6d027c248328dd5ca0100d1cd2a2265b93ef65701c181383476895d509dfcc77c7d5d20f29d74b421481dfc67d4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51988359d31ff00f50d0c5a748bec0e6f
SHA1a167afdc0818e056e932020858e12d5b0149bf8f
SHA25638b1b95fc1b324f6b639bae346b9326d3a7fc5e29aa655983ea7b57e04b6b062
SHA51268d52263c3716247b822e69a1d8dcc5d92cc8806aba9e335611924f70ceca95d0f2713c9be32da3674d9024c5f3d7bc3914631ddb739fff9f3ca3c891300536b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56f80aef7b03a9c85e0de7a42d8d43327
SHA138a5644482452504b5cec0c58738034e8bb401fa
SHA2563c4489a68b36fc6e74aa89fcbddd49ca59394bbbbd2ed1098c7cc82ac5a073a2
SHA512e6c396889088a8558492c2f39826ae98aad31787850f62790b795ae3e80b640bb344603bef355806edaebe9d959c12ffbd324f7a02602a39dc0af1c683c78e35
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51b2708b72609c00b51a98e7eb0ae4598
SHA1d5708684a97e1df681c0569dfcb06b7fd34d5b0c
SHA256f6174a354c8f8fd12b01e7c10f7ae29cff768c3a0ebe44052409b3cd47f837b7
SHA512de9fb5fca3afe079206563b737b92c0947594100664fbd078249d673b212fdeb1cda4d7d760e8817538e515808a724d945fddf22d0d6061ef0c2f8a46e561f16
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5691001157778763f20a1137ff7f299a1
SHA14a81406e4ad7326162ddd15c670ce0011a9a27b7
SHA25624fce034591bb2fe9d52cdd4a50fc2c03ee6f35bd2bd9c176b9b066342b59e38
SHA512d6d6ac6a54ea8d588ac025c816ee26f6be221bca49d303c7d5ce2f1df14f663dc64a290d9cd9f3091df174e6e1882c6e3b98e621ff309bf2853c97bfee597b35
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD529ec2cc799db3ac13d9171d81b30cd6c
SHA1e110bd2e25d796d491bf8228c1c36a60cb6c1592
SHA256b9a29381cc37600881bda8e8d313083598983585b2f6fa63fb9635953bc642df
SHA512777463234af9ad284b75e3a78f961136eb4b9c3340d9e9a3264b4ace99c59b5061fc02422b7809aa591b53024b1561be9298ea250f561d32cbe7ea067138aada
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b