Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
03-06-2024 12:42
Static task
static1
Behavioral task
behavioral1
Sample
91d2d8cf64772b68c4868e9d5f349a84_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
91d2d8cf64772b68c4868e9d5f349a84_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
91d2d8cf64772b68c4868e9d5f349a84_JaffaCakes118.html
-
Size
53KB
-
MD5
91d2d8cf64772b68c4868e9d5f349a84
-
SHA1
9d97338ceb8eaaaacc7dbf16f11e60f803914903
-
SHA256
35691fa42af498a139d9082f9d0350f6bcf72dc6ae125eba79e75f4ba0f19429
-
SHA512
3dceffa603b4d60f35e1199916cb24d004096c3adb6d3a0060d1e6bb8ba7d2f611cd82a813d730730f02ccdab537fcc5b29d7314663002288394c92e86351335
-
SSDEEP
1536:Z4fQsOO4JEzqv3vbv3vUv7v/27eqv4Pv4Av/vJv2vtvOfurHyyjy3XA+aIYCYjwe:J/DvcTXC9yHXxeVGc
Malware Config
Signatures
-
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B72E95D1-21A6-11EF-8840-6600925E2846} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423580407" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2268 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2268 iexplore.exe 2268 iexplore.exe 2892 IEXPLORE.EXE 2892 IEXPLORE.EXE 2892 IEXPLORE.EXE 2892 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2268 wrote to memory of 2892 2268 iexplore.exe 28 PID 2268 wrote to memory of 2892 2268 iexplore.exe 28 PID 2268 wrote to memory of 2892 2268 iexplore.exe 28 PID 2268 wrote to memory of 2892 2268 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91d2d8cf64772b68c4868e9d5f349a84_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2268 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2268 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2892
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize471B
MD55045963f2f3edf90c8bca8ad623d8ca7
SHA1c0a2729fc8e9b10d01658b5391a54e783fe13ea1
SHA2563638488981c1c73205ecf3c13253e8fa4ae7a70110f6e87da7f4746962d587de
SHA5123e054dfe0a69c357ad6eb0f7cf3abb574962ec21d4af1817e5c95b2b7766f87c108ed71e9bdea020a09ef4d6c971e5b8ec502554f018ccf1b1c9092ae491ecc7
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD5995701e06b38bcbc4bd6bbecd29b4d8e
SHA1f3819560f1651a0e8e72b23121d150fd145d7f63
SHA25675be5d47fd613b48565f3d94f00bbc3a69b5d17fe80480dd1eb007c188b842a9
SHA5123f06482d6bfca1fe785707b3940314c6004d0958c06ff58ede670df02ba6ef57775d181be59e6ed02d8d35e76e349ce01db22a760c9310f5f3aa1346ec1588b9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51c0cfededc8b72b305320e647f8ff559
SHA1d7594e813030c2012d264eef5a86380fc20397f5
SHA2564ea34c199c5663bffcfd7f90d3d9ed561a13540656c4addcd2b41403e01ffcff
SHA51244d8e259f79fc239d02da2386be828b0385382eebd5a23ec07005dcca58968f4922ccbce5592725c96c9ee5a4194559a1825b19f0331df8c33f1961aeba60530
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e444156d928286bb27a031f038a2ca65
SHA1031d4eb2bf0faf79dc8481bdfe00690168a860be
SHA2565881ef3661a3f886482bbfe534d710b277b7d0f2471b18f36e12512e5921cc0a
SHA5125d950f29afdcb1c8adb1905ee2f22c2e0ce539fd91d731d9b2598bf38581034688a504d22ff8b728a74ceeca33d76c77a555c202cb12cc23efefc69d4ed7bef2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5efe30f295339415439d2bfde94dcd66a
SHA1902f648be370534847f736e413e0bdd2fa14aaec
SHA2565f528c99efc6aa425eb0bd9512371b6714d4360544414e94190f6b515911d927
SHA512ea800a48e83a791b2901cce80749c71ee23854fd886c7b169c0c702635fdecf90e211bafb86689d224b13b17bee450e3c576b25bb47fd375adff0a9b8c7bf2ad
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54db7939f42e2eaddb7d8d1136403a45d
SHA1345ce7b7abad69dcb0b806f7aee97e8dfbef9223
SHA25632c7e3cf262ae14ab5c1d836f4409a8e692b782b20f7c294df02cfefcd835a68
SHA512bd9675310fd0a2b5bdc333947ea8ac73a29ae3e4daa2b2f37cdde602b879d4baff1159b3a262e51a906440d95a2134bdbc5cd49a7a9b17e3cac8c693cd54baad
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58e32e2bfb8ef9056d0b3f756e69e549e
SHA118d558b8012f9fd6b70376814a01176738314690
SHA256a7c27d137742ba2b44d39681179ee5f56a384d2c9da6b6993080cae78a903bb3
SHA512a2a6c4e64f8579d298a1a4a8b9ef7dfb6eca6d3b577047bbcfa3d1730dcb9b5c3a77d09182b452e5b402103b345306340d3500fc47ef3fba5824e1011e295068
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d5dbf2ecf4c0d0973f9ac8bcf0a72e2c
SHA1d1890f2072a7f3006891879bc7ec396a259ca6cb
SHA25640d2bb61ddbb3b80ef97ea3501d23854ed5378043b2cd4fbe7e26b021a24aafe
SHA51278b0bee583246dafc71cec1f4a6f12531a9c84c9320bb6050f1a0cee0cc3c73b46964f980dc8c4697d31ee75f6bfa37aca82022357ad1bb06f15c6dc2c04eb41
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5532ce16bfea815c037fe9ea1eb932e86
SHA17b6bb01667a910eb954c1953cf1a2732e421c954
SHA256bc82eeb81ff7765a90bf0e988b612ebe98e57b89f827730eb5e44b869e7589a3
SHA5121786c8dd63af5d50ce3a1598c1e90a18ed65128c514902c1782da2e712c1800542d1611600a1aa57efef9e24d400ac8f5f715600d632b36c6e5379b917294c04
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD526185ed2cebdef343589fc8656f136bf
SHA10e3cd8173f25eaab4ccec1d27b4f6b7ce5f49722
SHA256a2a84123f88c2b65807e2f537becc013940b237e890e4716b3cbec98d8b70df2
SHA512a11284d31ea1bd37a07efadbc9ca3fae0e1621b51514e14c62902698bf6c7e8b74efc7d748a0b5705eaf2acc6e959a3aefd18c08477545dfe9d55eadad582b71
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD535e322fe331e4bf7c2a1694ef2568b27
SHA1af9127ea5db8d61adf721cffff0db213fedd18b9
SHA256c842016789edfc7a7ed6c328bd96b8a972389cf1100b35d8f7501db58f095339
SHA512c8eeb844abe811064f1d7d4acce37c1614f66a323e36c721e3acf9588bc2d3cc609003c650c98a55afbf2d7094d17228d75389dc143e470b6dceafe67508ad0d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50d93e4dbc42cf81b46c8de8ae6c29927
SHA1db3d9f4eb80fb80b65cbe7cb5859aec9bd9bd500
SHA256d22ad6110fc5e1d12752ff1eca97f2caff547d1b011d496a3887102f2664eb03
SHA512c9eb96a65d7b680e9eaa02eda7e130ee1ff12b211745d1fbeb7a05614a39894bbebdd11edc0e0c4c42a9de4541b7a0a8d3b856eafd8ecd1ce44d5cf1e82357b0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize400B
MD5ce071b692da8531da5f293596a3a55f9
SHA181772d83b9754822ef1099b6bec1a1f097f54396
SHA2560361993fb8eee93fe2a1ac1f6691b6bf59b5d33faa684a365b19cb0e881262e8
SHA5123b05f62e780b1f0e70b094c19450132e126673424e14a3a5e796982906992b1e04b9a4cfec7c0d7397f833f495b76f486351ab2554fe9ea88c107be16e641ee1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD561dabae7d791b5f327188a1566bdd12b
SHA111ea75a55fcab898ad2bab2bd717ce5e3f0a793d
SHA256cb2aab9b6abddd9b1724ff8e00a247cb5650a37f8e6b9d06c37fd588c293980e
SHA51256e937af4ce8128c4153e476d624a3acea2a574947f4612253ef07b5cd91e06d42966f2ca3a1f11815afdf82a81b46f0ba95334497195cc3d52c1c21334baf2e
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06