Analysis
-
max time kernel
143s -
max time network
143s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
03-06-2024 12:42
Static task
static1
Behavioral task
behavioral1
Sample
91d36114ef911347b46887b535e0c9db_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
91d36114ef911347b46887b535e0c9db_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
91d36114ef911347b46887b535e0c9db_JaffaCakes118.html
-
Size
43KB
-
MD5
91d36114ef911347b46887b535e0c9db
-
SHA1
2f31dd5a0d43ec53a70be01fff3631982f8a3bc3
-
SHA256
6c3258334208e68ebec8fd5af64b1e388065e530c96f26894de39784075c68d6
-
SHA512
574c1af46099d4625cb1305d9c4fe037e11f05b5f22d59504b022f4e09b48f47693fa0fd1f7ac5af7ceee406fa3eccd19ec897300dc5627fdda6d42da99b98b9
-
SSDEEP
768:vGFEUvjdxcXxvt8nEAY46bw7F2m79rDSjRd8U1bTPuYR1kxm:vGFEUvjdxcXxvt8nzhp2m79CjD5TPua7
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C9A099C1-21A6-11EF-9911-62ABD1C114F0} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000061ecbd6347ff94a947b2ab5e90ce4c30000000002000000000010660000000100002000000074113257c15ea8a82c4b8c5261ba18b539d931a6a60287d83f2cb13d33d1a2b8000000000e80000000020000200000007f6df82a46b201974774055bbbf3dd52d14bc15221ae5d47f5292f7f02b7bd8a20000000c543af01d6433b377805d059c6e97ca5b8e414a1322f740b40dc1ad99cc59346400000009e91c94783dad33edcecc88836d613ba378c642a96a8add847a742506823b8626cdafd860323583f1b9bfc78faaa760527ae0436da0e25068d7d4c35dab7ecda iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000061ecbd6347ff94a947b2ab5e90ce4c300000000020000000000106600000001000020000000bfe7ad3aa401573b7a094be092181fec87dcf1e63857acf2ec440b7c94281595000000000e8000000002000020000000ce1178ca36916f662a999c1af77a81c3b692485beac8cc0301309ad5ab13296d90000000d537bfa5f5ec437c77e44f6138459591d4dafca9a47b43ec759176030bac9baed2c63c3a38ad12ab26f7292cd7d8400c617cd3654a88ecfe520e856e162ceee07514877038dcb6207ffca18ab97b9cf5ee8b3a492e30b4afb74793b97a58689ee8169dddca652caa553d917a4aa984ee3be705705bb7943623c2ded87c6b7d2a1fc89a3a84bc0ac6586fdd7c46f40a65400000000a21c2493368ac062b31e2e563507da1f6ad86cc55a97e81023fd28da4de909662708d66065014d9e191fbd807e2a923533ff7f4cb24057b62ae19662e47835a iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423580438" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e099c7a0b3b5da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2028 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2028 iexplore.exe 2028 iexplore.exe 2092 IEXPLORE.EXE 2092 IEXPLORE.EXE 2092 IEXPLORE.EXE 2092 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2028 wrote to memory of 2092 2028 iexplore.exe 28 PID 2028 wrote to memory of 2092 2028 iexplore.exe 28 PID 2028 wrote to memory of 2092 2028 iexplore.exe 28 PID 2028 wrote to memory of 2092 2028 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91d36114ef911347b46887b535e0c9db_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2028 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2028 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2092
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD5ad9a78fef314b4e90f6e086e2af91d1a
SHA1cf012cffb611df88b34f742e80e16f372b09f309
SHA256ad626699e90f3a032369a60316f4d171e292febe4ae5557a792bbc509542323d
SHA5127eeff52bbc6dbfad01d9667dc8c7f18f1bb673ca70854cdd711009fd591f5121eaea06ce6d9ffa71484fbcceb3d45d015d6423410df4f4cfbf7ba026d3f84919
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58145ba3d2eccca99e60bcea509874ac2
SHA15259fcacdb952ce16f73a1b7016c9ff7e7cf0219
SHA2561de1b170e8c7fae855de2049933f5d53bbe957179bb758aa23ae3c3b585fbd2f
SHA512ddff7509c92e9caa57b1020eb606f4ccbaee466200017fde2e47cde19d0d39f9514d334ad6042c5eab19959cf666421772908df5f4fe5f6ac54d30c0e4697de8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5177815db2820c78387292a2d848e2a8a
SHA13f1b25e859a600f2f8335c4ecfff6252324bcdb0
SHA2566d90b8971f6e40fc249cf3b9ed0d1ab79590d9802c9eaa439bd1308e5b73f4f3
SHA5128d4e495e46efc0f0a8da6acf95a9c619b866419bbeddd79ff680380e71c9241d111ac4e56dd28e4ee108abcbcf32a49bee08bab0a7bb3bf88d259e9fdaf2a5f6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d52a7d305b5f6c6e56dbfd9a67c20ee7
SHA160d6da92a5c0d4a2240bb226321ce98ce63c67e2
SHA256841a094edb12dea04e7b5c21e79fcd843d6b70f56c0dec7c1c2889ca692caa32
SHA5124095fb8f66b9e8e7ea6b86f939e263861068fbfc62b905d776110c0dffb6f668994494a45dcb83d36b10438ff70a2e9639f5bf15f7eca311b4152363adf061b0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD546baa04e97b70ed9c517ca00d18dc468
SHA1830c7b631967481032bd01ae60475859c6d7c1d2
SHA256b3ecef76b6b97ab77ad032e2054037e563d0b5d216eef7b3c85e1b6ae41c1770
SHA512cf1b951a3a735d2200abb4cda9486abe60c7fa3c2558821bf5e50618be1d59ca8fb255d3f97ba915ea86c56ceb13d04a9b14261f84ce39a711026c48d9bfad32
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5803d5716d7ef35697bd60fe6f282ae7e
SHA169b812eb33c9301665bdb8e47bffcd9644ba16ca
SHA256e368069ec3f34abba980ca45703d0284ba0efdace24b5adfa251109cb7271f00
SHA5121b8ddefdacf183b46ec9a182191eeb008d82ac7249b17549d32e96db318bcf534b21db9a2898ced65f3912e9829f9fd25db3bc63031efcfaec02f1b0c82878a5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55a0bfcf1c4b55dd7ab61dd814524b50d
SHA1397bd6c0272aad98bdd57fd2603d16c99a62ac02
SHA2566664b8b7078e40d0cde94bc41e750b39985cc2297b784960d6f5d51c5d3ba114
SHA51292251b2e58b0b855cd98def28e4de662f6af4dba7d4d225696ca684fe7441f0d0c0a5cb50945a0a49c5862bed485afb11518197e06b5f58f01e0a76e91a877cd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD587e92b5d60942ceb8258aaf7f9fb8f13
SHA19739e069f2024e136eaf1e34b878b0622ad7685c
SHA25638b73bddef176e188ff6cc2385b85413343e67c7f90eda00ea3d9a611a7def00
SHA512709a1b50c55eb60da91420db7a686d1da54e12c5f7ce252970db5b4f3d1fcaceb6fafe999864e8e772c2efc3476c517fc21df77efacd81b8779a238859c915ac
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a952f8f6b8c5ef5b542c3d04e24c3ab5
SHA18cfc7c416067469f53a9895bf9eae8c0638a4044
SHA25605d10ff891a768a1340816c76b1bf2e4c1abb9bff57ebc36b25a12a1c0d25c5a
SHA51265cf1839e528032b6272a42746e61a58f8d62b8adfb402fa1a2eb660eb3e3829b278363751ae2b30ec9698762ef4a54900d269110ba2449649db918794e9296b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a8d087b2d6dc3f930d35bba7c7fdb48d
SHA18646b54b320622f0145c8e9bc900decf031e93c3
SHA256d5fccbc25119c72512e705fddcf85c0805ce960c96ac51a6b341e021ebbe780a
SHA5121f32a8abbe2b3e22a4d39ee277731cb63363daeeea2e275d6b1c0e06fa9a68fd7b69bf766f0dcf5963859d29769e098f6be46989aa459a1907c0b22679236f63
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5385109f9e461ebc24e3c5b746b00a914
SHA102f5284ef473ca5c926e57d3b936d7047bae1d26
SHA2569ad58f349ddd6380811583bae0d1bded570b7f4d20655b12ba7324d7e33ebbf1
SHA5126e465d40d2d836255b7153a1dc97f533138e70a1ac6ed50310c1513f47db44ac9a880f8f5df17e45a5e9161f8e0e6d5e6aa89d5b0c24b62a4090297f313e976e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f5553d522919efdede450395b490a407
SHA1cfa65331323e244d5d847d3b8252d8931fdc7eaa
SHA2568d51af99aac40d1d0edab9c3cb8328d76911d7938819879e02ee64bc1eeea9e9
SHA512c89ee4d2936b1d553d3c75bf48d66628a701b16cedd234de799aef1f0a57849eaf05fe868ada98ad4f17336e0765a1ac8133e530b81a0adab961ce6ac0b80e6c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD58ed4781915d4396757f7e506fb145718
SHA1fe16c2218e3aa176599339b70387129c64544aa9
SHA256137c5ea73fd9532a54509b4bdc060623aba475e6909c653823a08ace6600735c
SHA51209ec4abab4e86c5c3898cbfce7d26979533c8c28dec907e8b0d7bd5f33c15235f08b2a67d5a33000b9b72c30b8a2089990dc579162735b6b9d5184a69d0acac6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
Filesize4KB
MD5da597791be3b6e732f0bc8b20e38ee62
SHA11125c45d285c360542027d7554a5c442288974de
SHA2565b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEFR4HTX\news[1].htm
Filesize7KB
MD5efad160f7740473a7a6297466164409f
SHA1e979843e468aee766580b4ecb511295674f20163
SHA2562b71a7c41789a74fdf4d6caa51a92282050af814de8a4bf65083486b88fd3a52
SHA512be3c52d687c06bf91817ed75e05861a211b170eec9183dc73095dcdd747c4e62c94248b3d637a184ef0ee15526e17040fc20fe13039b99838faf08439d859bd9
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b