Analysis
-
max time kernel
135s -
max time network
136s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
03-06-2024 13:19
Static task
static1
Behavioral task
behavioral1
Sample
91ed1ad1eec2d5a31de1b6990f7fd6bb_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
91ed1ad1eec2d5a31de1b6990f7fd6bb_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
91ed1ad1eec2d5a31de1b6990f7fd6bb_JaffaCakes118.html
-
Size
213KB
-
MD5
91ed1ad1eec2d5a31de1b6990f7fd6bb
-
SHA1
1af8fc49c470abecec901576f4ec8cc2e8603dc3
-
SHA256
9c02f438035d1660f6f8835529f15c6320bf0ede0a474719235c0e2cb9f730a1
-
SHA512
a8de2210b40aa8ba7575c0f5c7b3b137721c647eb1d7e5c4599e7584629fd21f834f9b8152e92d5cc729c037cd0683abe06114e75a8451ccccc5d9b5684f79ba
-
SSDEEP
3072:SZz6OhuERVWyfkMY+BES09JXAnyrZalI+YQ:SZDhTsMYod+X3oI+YQ
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423582611" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D8E72D41-21AB-11EF-99EB-F2F7F00EEB0D} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3056 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 3056 iexplore.exe 3056 iexplore.exe 2168 IEXPLORE.EXE 2168 IEXPLORE.EXE 2168 IEXPLORE.EXE 2168 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3056 wrote to memory of 2168 3056 iexplore.exe 28 PID 3056 wrote to memory of 2168 3056 iexplore.exe 28 PID 3056 wrote to memory of 2168 3056 iexplore.exe 28 PID 3056 wrote to memory of 2168 3056 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91ed1ad1eec2d5a31de1b6990f7fd6bb_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3056 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3056 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2168
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59989c6b13c3cb32561e5e19a4c6191de
SHA13ce736d39bd78dfa94fc2f416b1a5b0fa877e06d
SHA256327c5309acd74b84feb67fde3381c828cebd753205f8f7b5f533568596ffaea0
SHA512f67f32498a02edf3d26d0c4e2c403943a61d31fc06a0529a845660d18960e9a36750b402e2d6f9c0d97dcd71e3e2ae0eb68ac011e3d0590b2b4b7f9c82161ac7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD596f7243865f108d90888e5b62b2537e4
SHA1f521450ac76eeb0aed2845ac803c9e2b8f2996c4
SHA256aca67dab3ec8f4847cb11bfeba95dfe9625db20ae265a572cf64e50893b24267
SHA512313d20d8c21e81eebc4720a1fb7af47bed0abf6388e77a1870c9b6f51e9b9f1721b82779ebd4eb48fd6cab4ff79c35fe768068023009a0be855c9e9ebeb96972
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58b14c9cdac5d60885cb1bab379d2452e
SHA14f699a5878d3e321d860f391ae0337a8908ef0c1
SHA25675ae1f72dadec27b32fbfd1ce21e6af620eff27bd0e2033a2cec9eeae82369a2
SHA5123132995fd37924acea5c0dc779fe9f3eb09b5530ccee553fe23d369fcc1ea04eba6b1304682ff70bb43b3f65a41c93217e56e9bb04124b3bebe1166b8e567379
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD565b2bc4fee2eb164b80480ba0d26a98c
SHA1655987c5d3c985198b45ccc1e59633378268adb2
SHA25691edf9f22954c773df55432265678e55bf343f0096b651b61e45978f1f3781aa
SHA5124864fb6e20c5783d3e72d5657fbbca00088825191c6a48fd2c232b8eacbba082c3336db99a941a533fbf8c0ab53b4a6f53b75d523de960d46e273a44cac3eea8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD523aeb3713e9b33d05f5a21b15c3c9d60
SHA1590703d330df2b08622f638577e34702b8660bae
SHA256855a8e33eb345c80e61c6334f7f525898ccbfd0e172962e752b49e66f0360d62
SHA5125a1412ebfb21d0f339300c24d25df01ea58f254a6375e315f06bfed7bfad03665ad03f5621a477a81d2887e5188f805d9970f7e0d05e572cbd6fa0949d21c68b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fc9cc857b547459ae7bef678aaa828b0
SHA11041fbc68ae552a9af27aacd895fa51c90af551d
SHA256041eecd60ea7dd5734ef64a648f5ff65a236c418bbde6047e05215a57f7dc3fb
SHA51298f58588502178bb1711e21ad1490845bf2f4d2e58f6452027e3320b05204a5c7b50d8f03d365ce876530422933babcea8256c30d438faf9ebb79b18bd1808d7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59f1ca3d96f5b322d4dadd1b862bc839e
SHA14ddcbed44a3d26313c10af10b13e4dae504e496b
SHA256b3f99b79b6518e3800ca18108a91fc5ab44d28a5c91ea559ec0e8b779739d46f
SHA51282eff0a412964ea17b25250c6c7df5a4af6a361b9bf0af74e9cc721a0e4cce4ed82f0950b11dcf92806a4080dd98043bc9d80a30c249d8e57eedbe17c12ff96a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD574e89ab9b2058b5c13f74e86c5a6d758
SHA15d52ea0c252a0cdd3e552c469ac99c0dc0f42281
SHA256238903c6be15667669a478f12d7bb82241a533625f892c9424d0d9d502b5be21
SHA5122e7b3e4c57fc0591e666adaa187453def397147d59063d36874d006927584b6ba7e9a03ef9772ea105d4cf0ee04766fa8517d420baa495dcc9fe53df76afc964
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD508d4a6db23a15af3936bb0a52add1957
SHA12d8a34f0995d65a7838e4241f43d739fa3740842
SHA25616f4cf54b45b83ed6f9d2945a6aed9c2856a366a756d49e8a7fbd5c893574569
SHA512285465f151a0772eedb3815c45c40f88563849017c67538decc7a0f0279beae652172e80c2caa8ded939f987e8960f9caca2e797542daa678084c911f3e3a61c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e1f5e665b066f666a50bbda659fcefd5
SHA15851dd332be1c15f74ff0cd8cc905e3d3cf6abb7
SHA25699e302749e90402db98eccd8a50e05c323801c569e9270ac07092c655fd733e4
SHA5129d44b3ee9031c5df5a42548077cf1af57e0f1833345a795fe918a461d7c37280b6233ec25a04aee3cbe5bb8d2a68b6e47a44b8f58353c64312b3f840479d3e54
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ce3acd93579c9a3e60d9fbfd07084dd2
SHA1912a08003690dec6b023562142ebdd310967e327
SHA2569ce6e428ee2c71e3390bce39da42200eca9457b242cc40ec4e56045e1db836af
SHA512fad8728576d4a763bb13d57c78b82b631e61e3999c4affbf4b12cbecddb86e6da7fa35392c6431c1aecbe7544b89bf91c9c0056bce02648aba4fbbca74df393f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51721ba11a342aea3c1f28d9e49e46401
SHA16a51690214a3478911b96d6dcdd2a41a85164cd3
SHA256ffc610f9d6fd71aff0c05ac4b63dccf2c27db470984a59d23869c489d2a53df9
SHA5120e868a24af9e89f98fbeee854610b0c88d4fe0f6926a6189c82d0a6d888909028c5e92d2a1bdbd79b234e91080fd158b784a49e300b6c57644e2d64912d1b025
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55c9f278d62885030352e7055a7fadb9a
SHA1ad934a87ff88130ad8855ff060303eddf7fd6bd1
SHA2568c9be595072a7ffb7e9c3c5d44ebb4cc3f1116b397ac49b96aa45dac07a0abf0
SHA51282b075679dbe40317d60685a317f970fe8e79cdc15d8151779470fc2957fce3baf368e3a0ee81acbd864b67f7beca20ce73b611becfd1d03245c3014efa8b335
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b4db571ce377fc38408551abb85c74d0
SHA12866b067f7f20bcb52ca1bc0d985d3f0d7db96b7
SHA2563dbaef2beb2e9112e5b5810443291b2fa01010a0aaf1f940d2753cb494959bf1
SHA5125d3e2c2ad7e534553a183eb6b8d3b338509ddfcffba5bb85404ff986324b400284045c42453b7ffff3a927a14cdc8edc254e4405981c3495f62383bdc403c89a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bed5192d83b87da43b593773fd604889
SHA1da0df049a5dc4ac2f092e41851525d17318b92b9
SHA25615be3a39d27a1f222faeae7811f313c84da9bf8208231f66d6f28167a036bd97
SHA51210ba4976c5d44954391ea5dbbb2da575de0f18615e871ecddb01a1062d058817d04996dfee19439e9104a057b7ab06637fdf5c32e5ba5f9b24b5346687025c02
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54dc4a1cddbc568ca86731da7837ee702
SHA1caca63ad6aaa01ffd94f4d98dff75605d511c0cc
SHA256502cc7e97d323308e50051c314b5c2b239784d381fa615b5024bcbf0f214e767
SHA51232a703301682eea11731ca5ee366bcb53a09960035cdac0887da14d20820b604eeeb0ac8d10c13c3ee380422d77dc581895f693a8b34f809ecfbb0404249e528
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e0682566f23e5ead04a95a9fbfe59de3
SHA1464773b07697c21fdea74dfcc03f39a392336c0d
SHA25657becfaf9b44766dcd3f71cb3bb2b0d4ca80227059eca4a068adcf6e58b73467
SHA51296e87905e984777176a9d808a2c4446463cad88be270b45b280ef796b99f95780d3bed51db469e14ebe319e3ad8555362f3664e48def4fada5a87fbaa457c7bd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55f24c05c36c8fa7e1ecf0e1eada40a0a
SHA1c3b87920c7d9bea43070a96c99dbfdfb620eba4f
SHA256fcf92e5c53c043a8747ac30564581c1a8601b3c0f06a1f26edb9eb67a8a90fb0
SHA5125ca5aaa339a17e25b9242c1dfea410ae99d4be5e582646b6069eda73d70dc146536bdb96af63113b070e7b0e01ea1b9a6c0dbe3bcd8f4af711bebda8dbc044ad
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54c8b95fb1b36244a35e00fe7db358b0b
SHA1c8a6d78547baf229f12c8967cf26713c77e33f77
SHA256c99a41b77359bf43e28a6866bbfa3527aa80a0fb764f03fffa58918677d68e47
SHA51211464b234306d1109c22c743431e0d6f0425dbfa547dd83d22591a761a45ae99effa4ab28820a79bcfff267608b4a05dd6573de3e70b69b8ffcc3d60ac894980
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b