Analysis
-
max time kernel
135s -
max time network
132s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
03-06-2024 13:06
Static task
static1
Behavioral task
behavioral1
Sample
91e3fefdc09dc02943d75e551f6967d8_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
91e3fefdc09dc02943d75e551f6967d8_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
91e3fefdc09dc02943d75e551f6967d8_JaffaCakes118.html
-
Size
19KB
-
MD5
91e3fefdc09dc02943d75e551f6967d8
-
SHA1
96867da5775ab43c0c2b036fe847e4123ce53d46
-
SHA256
321572ad0ddfc38e7278acba7555a1012daf79fcdb7b318611d58f6d2e2e638b
-
SHA512
ddb2bd19d071db8269c87444c7e52b4f4190b58891e3c0008fc77738a563f7ce8307cf9b26fa1b04fcb884954e92bfaa1c844ee9f5cd03b62f66b02778566fc6
-
SSDEEP
192:0dCHhx17FHlrlUHdWqPlBYAn7Kc+B4XqI7LEOXB6pe7I+96cFYiu0G8fO8sPUpwr:7pUXHY8+BLWYkI+y5f8sMpKLX
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000050c937698ae70e45a809b739adefbc8800000000020000000000106600000001000020000000394d7c1bd551077f3215ccb65133b9cc76756923f6668e85c32dd79cc6d5c273000000000e800000000200002000000087775f96cc32888bb48952751a5fb3e46a5bd2c70c26a96850cc0e53d9fd11bb200000007efeeed91ca7a270cd7b809a6047705b068ebd18c0112c5c700e465c2e7979334000000088cb8de3506d65a06a425fe79dfea2c0a51cc9c7b28da40aad4b669edf6dc8d972c9a45a39a6f4ac024f2b216eafca0a43e1cf0694e34d7d2e798ecd36fcf91a iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 4024affdb6b5da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{289205B1-21AA-11EF-8C47-FA8378BF1C4A} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000050c937698ae70e45a809b739adefbc8800000000020000000000106600000001000020000000b571398289775d706003ea60239a7cffbd1eb25ebcfe34f8ad9588bd1c0ac0a4000000000e8000000002000020000000c194446cf326621c53a4ebb6200576e2a678032822cdc2abd156914f2ec5bb5d900000007bdc895227e48d3c596040de0e3038dcbddaf10b559fffa1e9f14ce6879b63156147a1a84890bcf980eae4be7ffa83d74cd39259c996c6195f48486dfde24eb7499705c36a691280f0cbecfad9d39effde3a354ed260a74a7f71bac2f2c8b297d6ee0a5a3376dfecdca8dd375a1f6428e77b72874b7ac5f069bd5413eeefa695fd5a659f6ea21a77df41c72639d5195340000000b16cef0c9966e3f7cbf9055a72e3f81a0790e2710e594fb8b3af3a2475cf3c97f8225a79d92f731aab92bcac09d7e5c968006028872920ea9b190f026b5756d0 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423581887" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1592 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1592 iexplore.exe 1592 iexplore.exe 2116 IEXPLORE.EXE 2116 IEXPLORE.EXE 2116 IEXPLORE.EXE 2116 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1592 wrote to memory of 2116 1592 iexplore.exe 28 PID 1592 wrote to memory of 2116 1592 iexplore.exe 28 PID 1592 wrote to memory of 2116 1592 iexplore.exe 28 PID 1592 wrote to memory of 2116 1592 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91e3fefdc09dc02943d75e551f6967d8_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1592 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1592 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2116
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD560f20cd2e582de77b2c67fff260578a6
SHA1f42a64ad995dcfcb4a26154852ccdcdedb811c0f
SHA256d9063d2ab2e95272aa609cd6617f9c1252001a7c5e40a9603ea2109b3cf965c0
SHA51214ba92b93f0cc4bc59f3ed20f0fe44c50f092eb000b774b70527b2dd8edc648bfb99bada384345c75ea4331f5dc6635d83478c613e6f992a4132e94296e7aa73
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b47ff11c53d1d0ce6b4ddf1da8abb394
SHA1cb31eb90e6a4800f4898a270fe523801a89c39b0
SHA2564052f5063d704ede9dc3f2471ccfa839567470781a1423d65456821156014945
SHA512fff467af69836efd27fcc151495f4802607cc558888f85a8cbe8a1cb7ef5d25412322877ed9ac810badb81a42df7ce17c9d7bb4a602d9fb152609005af0049ab
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56faa2ac0eb9bec466869260896959562
SHA10f6db42d3ac120ad3d387206b06f59b4f500605b
SHA25634a58e1a525d2722d5b5e9a00a16326d4fb654f59c073731bb9aa58305ad4ce2
SHA512981a1693825f546d649a69cf6ce9153b9c75b07b5ce16e8144709749722af46f5cb1abbbbb7bb0afca84b653fbe57b2c1688c35b26c3c1e4d9f44ee4be88b772
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53e64466fd2ce825bd49541fa2337297e
SHA1ef83b6bf2c1ce61de3d079735cac639da5b4c5e7
SHA2560b0b3586bdc3c56201594c46cd2b803938a7cc404d28a1ab3debf6b017bbaa9d
SHA512ec690f2340e34740dbd35975562690d020c4d827e34fb81471075123efda1e84799034452fce5ea93b9086ef346490a1e0cc90a3dbeacd7c386e8c3134b53d7a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f2e3402f0c7249aff74ab0f4d7266e6b
SHA104c8391030441b26df78997983295a02c638bc3a
SHA2568ae2d6277760320cd162aac3fbe49b649f9bef278b14cbdb27648d17238806ee
SHA512507f9bfa6c56b0b91922a441e5c4dc818df02acf715ff97987d69d1f236d87d3f3ceb160ac02811a892ecf3b5da5f7fa9abf876c40230a8d1c34703b4bc28f0c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53cb4e22d87603f9af876d3c062cda3a2
SHA1ff9bccb8a912fb5b1dbc345d216030cb1ec7cd18
SHA25665efebc16acea1ffe0dca388b4497b4ba0c117df970dafbdf48ab42a797e169d
SHA512ca765d1749c8c9df2fa0270474e77f2ed10c42ba1ecb95fd0f8a43f17507d59b0d9b34da1dafc4799cf715e5a4d464b46bbf13d110f7bf5ca8f6bfa5b8244f5f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD567a76a06df3ae2e94ffe6c48ea388ad9
SHA19eb05185abb35321b3413b34995d962bf6817055
SHA2569b35271e359ab4a215173d03ce1ecffe5eb7e51cd38d62cb91382352aac12c49
SHA512179e25ca68bf8ab16ee5861840c9b5a87ddb10a20ea84236ef92781bdc194ac557e983e0839335db417eaeba505c83853ffee0a210e00f23d691f93b440b265f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD578dbc23289579a94edd6d969d75a4857
SHA19aa7f7e070003e46eedd69f11a82f25b4c620810
SHA256286c314baac85da308c94660cb3090a57b86975849bc9e6fabdd30c3bce9a2b8
SHA512defc2bc73dabed04f7989d178cbca09e42bff03e24732e8c076408ccac08c3731ede07e8d99c906eeefc4015fabcd01ee4c791644a4bda48d8585714dd82c788
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ba6087fcf118190cbac6bfae1dc648d1
SHA1ba7e0e8aee0a7607458bc3ddee432db002740400
SHA2569fd3fe5d669bc9b2c131407acc9e7176eb33ae07cfdd2fe98f5e76de3aeebe83
SHA5124f6ce91241594790923559fd5d214f78a7c2afb7d273141cfdfe471d605abd6950b12070f6a5a637c78f4a199c3542ade85accd3f1e3cbb109f72ae5adab00b8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD558123e665bd9b04218267395ff968279
SHA1b5535173dda43fc9db127df5bcbb5edf6f1461c8
SHA2569de9b0459cda120bf59e78d54f6b91e49fb51f981208afb094d83616920dd012
SHA5127b2c2cc5031d16e99e763ed8faa585375ca91e7d82495608a35d7a9393100aed911640b4b83128e79fd11cf8c3962f2c92bd9f2790be148c0a808410d014904a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53a048bbe622b2058ca6a9ee679164c08
SHA1b2c71f731b814c5c19f4c2c971449e5a55188a37
SHA256c02e97488c52915489d8e80542cc5fb7581fd6bf38ec79cb11964c7f1e69fb59
SHA512a639f684b6f5af04e7c053049f9ee4a5d65a64c6944a470b41e84c1e17155a43dc21e23bd5945704267f8f050f07245010bce9a499d7695a37fcc2360ca2fcac
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5efaf1ebf4f79cbb3431c67fa593ac114
SHA1f622f94b01b8db0edd8d28f885f29881b9b8fd20
SHA256c8b9339e988ef084391e6c7fd5f4ea12fe0f5d6e1f8b4b1faa335cbf975096a5
SHA512e4d82be380ebb2e176537b66a638c5361ff0313a6454d4e3bd059213f184a2e0251f67441634af99ef5a00c44418d453823223b88e56faedc40aa82579cdab64
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD507595b1c56ab55e5b741b46afc2d2586
SHA1d2cfdc3b61846dcba3ec053426fbc9f907dc7bff
SHA2563b7fe65be427e1d64fe66a238148598fc4911f0fcf1d8c6e908ea946844dc6a6
SHA512f024c3ee4dfd15c11f0dbb1893a300f1dfd1abeba625c29429a88256a05ab9f77f6e164c4d3582bfa167ed5b8bd698c5659fc7cf948a0dacea6a09b86531d2f5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53fdf98f5b3cbf99db64d7e78165112d8
SHA1d9c805efe545b22848123c46effd8e05763ec4d8
SHA2563155dc9d70820e1d79474958fb7ee14cff04b40cfe84d4bc61a89e6488b3b5e4
SHA512718cb0066f74f4a492aec1162b5eee9263b812a98a22e2041f1c28d2a3a4974f53167f2888631c24015f3f9018e4f2057198be10a717e9d06b84b0d91b9ec1f1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD520cd513da124875b5bbcaaa3b5a49bb6
SHA198802b3129704768263fde683d523ef4fe4453d6
SHA256405a7b9084573530ba8cd2a832353fbe2d1ef071c6e0fca399b5c7cd471a1932
SHA512ff20660897d4afc8d236bfe0aa17d6a845064e89dd7d714b78181345c633b600e1d96de8dc53e285889d40f4743a948c8bd28e4dd2424a8fdd8a69e82cb470d0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56e9c02c43cdcb87fe36879a26df3a325
SHA18d4ce9c5623878856360377386b007dc3078b687
SHA256f767c5d5671d146f337a9eb78de73b9b91c8dac90532de4f642cb603f927a810
SHA5123f5a5e7722b5e63257c2667d720dc42d22cc24063bad040e2092ebacf4cac09d14a2603998c27039c37950276ccd7122f9d4f938c78184ccd000308d0f6a8513
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ade86719332fe909249c148a7993f903
SHA1dc15f5057b768e9f0272d9d474e27d73b3eef40e
SHA2563a704e0365c0fe558023bad71f8f29c0d6b1a1605c482414e2d59d233f587593
SHA5123d62040b5fd611346a7279966bbafc8cb2cbb52aa7f993b1b89dcbc0c6e4079eabacfd1d7573ebb671bfeddb7a36cea30ee2a69bab800d0dc5eaca2f3b3393d1
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b