Analysis
-
max time kernel
121s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
03-06-2024 13:14
Static task
static1
Behavioral task
behavioral1
Sample
91e9cbf3f4aa5388daf9453ae454bcdf_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
91e9cbf3f4aa5388daf9453ae454bcdf_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
91e9cbf3f4aa5388daf9453ae454bcdf_JaffaCakes118.html
-
Size
461KB
-
MD5
91e9cbf3f4aa5388daf9453ae454bcdf
-
SHA1
88ae505eb6b5a4f45ec42250e6c3f8b281b673ca
-
SHA256
dffc552824ac428a5b86c7cbedf597ed7bcb564ca6dc46278ef34d49d9e678e4
-
SHA512
ca0467b69e982971c4afd92a8c63f84c7b850d840b098e04f6c4069857b608a9d2072950ed4191c6686b5b37a0f5630232e5afa24d1150e10afe29ee4ee64629
-
SSDEEP
6144:SosMYod+X3oI+Y4sMYod+X3oI+Y1sMYod+X3oI+YLsMYod+X3oI+YQ:r5d+X3k5d+X3z5d+X315d+X3+
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0759b20b8b5da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000184993c7779eff4aa245b818de711345000000000200000000001066000000010000200000009745e40199c4f3683afacb6f1ff3a1842ae144760cb48e4a7b703ac2aef4f009000000000e8000000002000020000000f47c6826aec5bad63431b2d27e500f6f85b82daa7cf8051424b3381e65d162ee200000003ceb4ca2061ed4602f8e29b90773765b17e5f0e3f4659fc1612fb887c5d3630340000000c21fccb4025a097f4740eb9d98203b90c9cd1e131e1aba87700a56a10816ba904cda7b93607badd63873a6caab7b72f397b8f28e88728f45565a727da04a9b05 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000184993c7779eff4aa245b818de711345000000000200000000001066000000010000200000008feee2318db2496ee1172b9333467454e84270a7179503b2898293db4ea05685000000000e800000000200002000000007c955ed74059d472eb8727053b48a3c0f1b4b856f0a7d7248dc60659bb7a98190000000807e625427e6fe6c6f7f913326ba383b46ec1ff1d0d690a9f1959548bb49561374243ea356ac535303ba4637824a8221f56d49a8dd6cf5c05a9bd8de812d978ed94a11626e5ab76fa2b2243fb614f635b9775ed0539ac460bdc58bb8e583cc9382f8ee2231e258a77ff7a86ef1d061fe1b19dc9bcf95b317016d777de97a2372aae37585e2f12b3d0a53dc444f6c1570400000000aa282c82958271e3c66190206bf9a30797f3d45fd3d2e06e72d793310a1c117fb70d5db75f49837a700b5b7cb37a22aa7e179ccbbfb790dba8d23e169b525ac iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{480E2EE1-21AB-11EF-B411-768C8F534424} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423582368" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3000 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 3000 iexplore.exe 3000 iexplore.exe 2744 IEXPLORE.EXE 2744 IEXPLORE.EXE 2744 IEXPLORE.EXE 2744 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3000 wrote to memory of 2744 3000 iexplore.exe 28 PID 3000 wrote to memory of 2744 3000 iexplore.exe 28 PID 3000 wrote to memory of 2744 3000 iexplore.exe 28 PID 3000 wrote to memory of 2744 3000 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91e9cbf3f4aa5388daf9453ae454bcdf_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3000 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3000 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2744
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c4839db9c219d72f0bcefb0620e700a4
SHA172e6467281bfac6b7976c21c91b7139fd9ec9d1c
SHA256845f08436631b5b23fdd004d9ab67ffe750355b9dd5eec158e800a9a92296ec0
SHA512074f8c398cf07ef6a0df346dde42e00658c5e2a31abb94fbcd42e1a8c2483c9d5e06f834d67de5c82bcd68db88f20d5cb1bf5f84f5ab16a3cd7b0c5fa34bfd6f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58b345e3664baabec384ff2d6335137dc
SHA14cd76d3696ab144f724c0fbb04dff3f081323070
SHA256cc3c37dce613ef985de857d1dabd3e4041a4edf10dd7782a6b1869a9912d8019
SHA5122c1e120d6485a5838237af38433997871439439a36aa6c07ff578990be3ef04f1222aa1d1223ce1c0350df772e3f5b6d5fffa6f11feae20335f9257bd498e0d6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5496a5807a6aeb2dff4ca117804aa43d4
SHA163c3f557bbdf210acf982fb31f6299fb9e2bb35f
SHA25670d31fb17931ee11ac5689e2667b5f843fb509b817e091ad3eaf7f5636762d89
SHA512e182c01936564ec459fbb8f5b3371cc298746b6051d45d485d128526894d16d0dbad66bcdb82ea4e651c95b204ffe0cc21919998673e6b0cc16184b3515697df
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fe81b770ca28dd9d7c5e59e5350959b4
SHA18f0eab2dc25dd2cf272f3d04cc13c203b9194ac0
SHA2560b6372acb7efde5b885aee0a2279d628be33b380eec6a5ec0024322032335859
SHA5127211e6f26441c220b6c0eeda6d960213659678c18a471578491ea14ec6530857cd2dfe808d51ab7eea6fbb9170caf2430496aaf9521380565f2bcecc1c4bcb70
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c89081cc4f8966fbfc4ca34e1079135f
SHA1144c06a10717178cc1b680d4719d0fd549b23f4f
SHA25633eb74fca41c7482f3757302f20094b8fad38a7b06484137714a88532358e1fd
SHA512f17a4e5183501c75f959b9576c498921d89e05e285cf73bfc72daadfb27b2b870efca76ebbf509811df81aaf2b311f1041a09999140c1361e96e60e67b28d050
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5effaa0072b783eae610b0b8d36a7cd90
SHA15151a7e88a4e37bdf979b6e92d58ca1f2e4a72d3
SHA25645cb2aae502cfa14418a9eb1dc196347ab28a985e03933351eb73344a8ddfe14
SHA51294098e6fd396dc69a0d2137755f99e8a3fa4167060c7d70e6dc2b424da273d4e454b96362e06a78f1d2ae49366e7dceab609eed296c08e23c09b75e706dfc59d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54626c52913880e3c2cfc18f8541ba6e9
SHA1f473c219ebb247c06568c19fd4adfaca713d5e10
SHA2563331bb35d3067d65415b45ee3d01746f391d840a9376549667bac8d74f8a29e5
SHA512dca7f9229a77cd344e2dc17a135fa3247b3f427c5b1be9f68732d7b59da839c984a6984e6ff33d986354d6d0eedbe5b0cb9fcfca85d7f73dcf8a84f08d04b9ed
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5269d2dde52384799f019ff5ff560a9e2
SHA1f52360092c3faa28d762501bf0c355df5a772ba3
SHA2565821b256e380be65326798d1450dd5ad145f11825d7379403d45969f38db9007
SHA512345e8dbac02df4574bf6f061d6d3aa7052c244de7b86bfbe9cdaf77f05acb1317276302e8f6a5268fb16e11f7eb8d06debf7bad805ac52fe490bba9ac30b817f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52c0b153f92ab49733af24fdd78c9df19
SHA180341fe1fe6a06c2e105c23630e4969c19f01ed3
SHA256f5b0098774645690a6bd1a30bdcae315608e41034d1e3b1e864b99a42949c997
SHA512ee754e5b14c1b89d1cd8df216a9543c83255137401a74c5ee58e29e9d0fac91f1cc45aeb166442d413738401f0cefdd33b7a00f9031d60ce4f1d765d6365da19
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ea7e3ad774ec0df4b6e011246ee82850
SHA15ee6a7e1d973d57bafa5a9a1f12be5541eebd0ea
SHA256fb99db96cbe0d3078113bdd18b26d63ac65ccdc426947dab4b3d6acbc86920cd
SHA5120a11715f706dcccde887578314588a18f8297e9a5f08b7ec245475785839fd6a4ff05146a0594a5533757bf41229f87daecf679272aa4ddd28308d7e34403a52
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d7d0d1c790cb0539ace0b1dd607aeefe
SHA10ca84103c1ef26a8243245806437d3ff77e75577
SHA2567bc64868af1721f76fe43474f1869665f29a9aa1b4e2d6a7a693e968bd28b2e9
SHA512bb7b0ec00ecf4b75145e8e50620ad257faeb71cb1bb58174196cfbdf45ac3eade75ab87b7cda7ab013a53eb84739aca15f6cf5626406b9936105ccf427952be5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58e4ef26e1b5b4d9ea1bae939f69cfb55
SHA1fd7c9a3a2c7f2ccbb5802e8a89c1f60a84d8e256
SHA2568dc9d2bb7d9a3fe208d51684f720c48f9f2f334e9dded3747ece6ae6228f1233
SHA5125d9ea3d6b7abe2c0e5bdd3a1069ef0c75c2f47c867e04d3907ca2883edf7a209ecabda48f6d2eefccefda7f050f9ae70f0f98d4bb7c954a93644e5e5d688b90b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5371d779de1e91c4c1b904cdebb363e7d
SHA1f9a194a15e902adba4e9de95d37c15811e4bf78c
SHA256458a41798ff687b93319abc029562ca6092497e07f1bdf09ac8aec7f4b9fa65e
SHA51256d2a574b4693193165176a920311d7d0c6fea80ab2cfe68d11e0cea1897a2b2e82dd3c75437fa1e853609996032d429f2fab449d9b735eef3dfd7b1c0cd67c3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f01ded6d48b555f4fbbae0bde334ed33
SHA1e181c763bd86f76c5f6163911f68faf06871aec9
SHA25674a5c63a2f3cdc80389e750744051cd257038595d74cbe06782f571b494242d2
SHA5128274245ff6bbdec1ee03d52ec5fe45b55e87cd35426e783af8397000c36c77c34e594c0376b6a3359c17146d48035095114154f90cf76195a50b101c9cfef721
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ba08e882d867d45074f1da625f80cd98
SHA1ab0fbba6640d94145673d5931ffa75c71291c387
SHA256ec86281531ad20b9cc3d72930f251bb588f1099a0e8b24b9eb72796c1697923e
SHA5121fb6b6c663b1cfbae4c344f7c2b802c1e93714798d1fad50eb64e65baeb5157edcc6e0ec6766db991328a70cd046b8eeebea3c36e3dfcca0e1c652b7e3fab20c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56e1d99b5fa72bb7bfa5d6d2bfa803fcc
SHA19f3d481f604276f608b6e94e8575b7c6352af149
SHA25610fda4e1ee36edc29ffb93a62ce7d98a7e2f4f77fd5b93b1d2757551155fca0b
SHA512fa5e5af19fd19ed056fd26299c3839d41b8feee34c3034ce732f48e495223c01b15768c88552b0a96aa718d38e177ad9b83091e2053be2ab6deefaf7603f2892
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD520791e8a3b6afc8238fba8ca9ab050d8
SHA19ebfe6176749a2dafc498ad4bdec7615557854a3
SHA256fdf7dc38e48f6c2d054ba760cf8ed5f0d686d1bd693965d82d6823c9682e8ff1
SHA51253d75e8291aee2d05f74cae76245a42854a2eef22d9735fd35233b54a28e184987d0b49be45e9be21c2c831b9827612e1ce19baaf32dab91a90a88351bdfbbf3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57ccca96a5260b328416dc5a5121129db
SHA1c2bcac9d456892344071f2d7b003a2bc34bd1b12
SHA256017178236d8406924cf376f79e209bbac609a7f71cb445a1574ce8f2b36e6b11
SHA5123ccb443422fd50eeee880824fef067e4ce17314fc1641ca4b4f321ad375e43e09fd92546558111bbfbf72761a7a862ac75cbe96f70272fc9531cc41c14e9ce8f
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b