Analysis
-
max time kernel
134s -
max time network
136s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
03-06-2024 13:10
Static task
static1
Behavioral task
behavioral1
Sample
91e68f9c86bc508efc24c07f56273ce6_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
91e68f9c86bc508efc24c07f56273ce6_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
91e68f9c86bc508efc24c07f56273ce6_JaffaCakes118.html
-
Size
213KB
-
MD5
91e68f9c86bc508efc24c07f56273ce6
-
SHA1
49fdca21cf5e02d21b484c0fdcbeaa54573a360a
-
SHA256
787581e8eb94a3a49d9449dc10195e16b7f557391eca9fcf2afb62272129bd93
-
SHA512
9d1f289511026b45bac2fff882fc62473aacc5b4d7eac0dea83ea945c0889055c92fecc880f18176b8e83b078f12056a612e0637f9db075946ff313fffeb58b8
-
SSDEEP
3072:SX8dX2Dqi20yfkMY+BES09JXAnyrZalI+YQ:SXBu5sMYod+X3oI+YQ
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9E2A4D01-21AA-11EF-B0F7-6EC840ECE01E} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423582083" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2312 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2312 iexplore.exe 2312 iexplore.exe 2544 IEXPLORE.EXE 2544 IEXPLORE.EXE 2544 IEXPLORE.EXE 2544 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2312 wrote to memory of 2544 2312 iexplore.exe 28 PID 2312 wrote to memory of 2544 2312 iexplore.exe 28 PID 2312 wrote to memory of 2544 2312 iexplore.exe 28 PID 2312 wrote to memory of 2544 2312 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91e68f9c86bc508efc24c07f56273ce6_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2312 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2312 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2544
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53f624f44fe11412966e2ca4ab7b4aef9
SHA1e6a0ee7ebfca949a361e419e038c509bc9e38629
SHA256bb1a9a6560654081a46ce5bd4cd08c4fa515b594115c63f541d6adb5859b9255
SHA5123aa2ecb52bcf007320250b85976c2e58f941f8f29254f740d13aa56f98d394091539a76e7a965bc81dbb793d183c868c91ab7500aca59dae1e037e82f00199cb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5174c9a3f65aa92395f0a5e3417326ad4
SHA199fe7c3e5ea90ac94757736b8adbce39df72c3e0
SHA256d51d3dbe98acda00bc30cddd8fdad93ab4d96be4f5eb3bc0e8363f22a647438c
SHA5126601f66185dc0120b0f66980e1cd00a704dded4480011f80df972570ba48bb0b9c4eaf1998791617e73f7454837a898591d2298c8a2dd7215ecc129637a72506
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51045e597a9086f6dd3625680dfaa7bcb
SHA18d00f1b8a00595ea63ed833ce1c3d6b0a1830db7
SHA25610bbde7c490d79a7b2842dd9cf4738f30d6ac91744391fa1d37396e822749dd8
SHA51295551ad0b6b1e445d3b464249fa8328278ec8906730e57e9aa69b75de20daac3ac44ec6a84e95d0dab4708cebdbf642ea9b2a58cc191e25ead212df5ede072b0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b6a32a6f6f25172d3bf8d71f18dd11c8
SHA145ce21798912cfb9da38954b5ffab2144c83eb89
SHA25619985425a0b03a57e6ad489823bbee7e742379be31b401b4f5b7820158d0ec10
SHA512bdb74eb1ae9ac51ed1a22a74c4befc6a4cb50ab6a2c1eff76068c66d73f8658afd4041818bef79042078f41eee9bfb0ebf948489e9e7db85ee2e99cee571f3c2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51de1702352939c01cf704c4f49f20455
SHA1afe59a06d8939ac49dd57a9bf19978eb9d36dd76
SHA25652580d291e79fa820b034a4883ad92491f0f29a61f5f5e3a7f3195ff2cfcf499
SHA5121bafdfd350b6c33f5cad628f9b29dc46c1d7316006e2cc28b3687270b1f9fa63705a2a2e0c9bb699d4b78e27011889594fa3fc4ecd3bcd9fa1bfc5817dba0793
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57e59e95932d8fe89ffcfdcce889d3f41
SHA12f48836715f0a1baeea68636a8759268676747ef
SHA25636cd38fc5445495ece64ff9a3f908331324b0d06739947420ed6198dc28819aa
SHA51219cd760ee0dbfd316a06acfe343286fd81c669f48cf37bef96b4690fdd64bb0f5b734839c2082177c6dba6c6a7135030d6e982ba3a6304af8e83470aba232785
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e549df41cf4d0daf3d6662e97db227a6
SHA1dcff2dd5e83c56339c3ddbc7e3bac45f12a0d394
SHA256e434197bc2f326e2573078056fe67446bbf345a7580d8567823631c0f6f9126f
SHA512ab044276b46f4c7e5c6d5ebeb1d41153720804833a275320bb23a94b87fe38c699f0b943859775953e1d16b7bd9162ddfd68c80e30766170442be452acdc8ad6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD595d8562ff8911d9841c238cfa6cb1e88
SHA18c719eaf531ce1ba3c163649b944870ecf4c2d4d
SHA2569d8fa4017100f10f116b6115581cfcbb9539cc296c9937e75cacbd2ade47b1e8
SHA5123eef991b3256f83209b4628a4bcd4f796aa59b19361db5385e73b8078980eb6e4794925f441090a1a07fda698cbb05b94851b4e2be1fd4245b9a21a023edd194
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59d766a5bed79d58c7c1beb66ec8b792e
SHA142665c04e8250b65edfafd5fb442f465a866cfaa
SHA256288dc569501730778ceb08f0dc867fa3e12a222f763a990ad85601c36a92e058
SHA512753b6f4e3aafd30801d6253853d345b19a08b80df47d49c558a704e05ea7c9eaf777e38f5eabf8a37f76b21f397593100a3f9825679558f2e4961a0ae6b620d6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD505aea34aa4153d0740e608dc6a87b1b5
SHA1a8a9f6dcdadfe73caaee7fe0d017f5a160f3107b
SHA25682b3409b2bf64199ec952571eb9bdc44070a713e2227d9f45da659093bd11e7f
SHA5120062899ff52af14b9e05753250efd684ad042b687bc670efe5ab2e83430784326a98746e2a86e6b5a52d2fadfeae34ea39ba26567fc00b95cf8cfe7b7527f52f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d4b831861173548ba8979faba38ba1a5
SHA1e266cdfe869734c6639d8b470e30b3cde4dfc2d9
SHA2568d864033b14e42c64556be44bd3a6494db83c42106450efabd209815e2b99fa8
SHA512dd3867a5317988f5766748f2d222be643293f4aed445e7f44f14802be11687cfcaa7766c82809577fe4e3444fbc517aa3e2b79e91cfcb2f1eba14bbfbd54999c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e112e50362d714549e00c6f96de98e0a
SHA19ead0d808bb5b99ed303eaa3d0e1e288a22c2b85
SHA256c08c6146f947a8847eb1ae540c709a88296b1493d8bdba444c42b033dae18f8b
SHA512a6dfcf5e729ff80c2b30e15479ec9e0bf2ea204b02b9aa3ace7ee80aa7157362eb2181f51a9d619b68c7a2b948a7c944e68c0d96cda20f99264c38dca4fe9018
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56108f8c15aa23fbbc90e167c7ed26a83
SHA14c911824f66f53ffc949300f2650cc25c629bcd4
SHA256808a4ddd39bc457f514759b96168bccb1a52d7ccf3a5753771f1fef16fdd9af9
SHA512b9a3fb5f9e7dedd7cc2c1f2308e7c632d91d28de7b6dfbbcd2d6cc725500d21d20848501b154edf5004824c940f19f1685eb98328e48987b1518961d40f39c2d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cf5e3ebfd2bc66f9c4bf50d3749be4b4
SHA17527e642615c56a66d8eea07aad332a863fa96cb
SHA256037e9ec313befbf8aa1a5b6a30728bfd9a397d90d2902247423ca163801414e9
SHA512f4338edab047d46f3dbcbbfb5610e947087dbb427393d6bee3496809c212aa15ab42c41cd534a504ca0b1454cbb8f2a67efb91c6f95006e6b7a93a2dda9ebed4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD540a83ee1a71b20592e7c960bd45fcfd4
SHA1f58fed07c82b87ac61832e201439d27c030129a6
SHA25646421936baf31002d3a1d51f7a352ed1878d99abb62ada1e64b49d321e0b63f8
SHA51247d9f5ca66b21e2fcda691518dcaa300c47762cfa0128485188c64e7c35f37b82502a1fd7e94ec1af602628d0cbc1a416f2a1b3c2ad9d180e43d192d6849df33
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51eaf5a45c534a321558d5e3360e3deaa
SHA132caca7a0c3a174cc95b9e9054215ee8e68510b6
SHA2561d8d85358cec5771a9d3f5f267b174ad8dcb42af486a769761a75c03ae8a5bee
SHA5128d1d71c468ba15692bb7333590b0dd842027fdc57b21bd7c907648c045d5f82fe9db8ea019cb2802065e62809821070a941f6b24e9237a4eeed3176e52efa868
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56ab52c342948a9aefb307d85c8c2e766
SHA17851a82b240111d1ee2c50458f010b82eed745fa
SHA2569fd9ab77b9a9ed10c69462da75f23e226c689353a92123feaf65988119d0dd92
SHA5123e8373f3579fbc4f4339ccbba15d759936aff8866c152a0fbb28f7c9dbb479fbe74aaaa2ef413f8c6d4caa1ffe2d25dd6de99d17733105199f10703cf1ffd22a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55668cb8b7499597c650e8a2c6da62629
SHA1825ed5694fee856d627411de87da6d9e8c3183f9
SHA2565bd071c6ef7b5a796a36661250f14e1284668d8540985a723d8383e9f448aa93
SHA512650677149666ba9512e0548578eccb58090090b81f45315a622d630c7c78cecce8fb3a5093ca2fdd3f715b1eb708d6470a05d7a7e212c1d9a99e75b866546a18
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55e31d3416541e322f125d071704225b6
SHA1cd83df0cf9d606b9ead57cc2898f09ad48c261b1
SHA256b6ab7d50064ae5ebf9c555b9ae439dc6834614c8a02e9b4262b182a01d7ea427
SHA512a24e4f3c41d29c9835913a338f717b335af4a56611208713ff0b4f1c045e1d992eeaf19cdd84cce76aa95cb4da0c4787b3f650258719b75518273a1a6124299a
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b