Analysis
-
max time kernel
143s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
05/06/2024, 14:13
Static task
static1
Behavioral task
behavioral1
Sample
985f22abbb801d81488293d52bc30827_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
985f22abbb801d81488293d52bc30827_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
985f22abbb801d81488293d52bc30827_JaffaCakes118.html
-
Size
218KB
-
MD5
985f22abbb801d81488293d52bc30827
-
SHA1
1fdc2458e94eba95c5126a48bf129a61122aebb2
-
SHA256
1ab7d51445c5f03cb055f0d89cfc86d1a409b7d02f895971533f0f2e07dd47b3
-
SHA512
c7369cae0d4526eb70d773a263b59cdb1f9c75534f655b001c631dab28db0f83fddd90507edc75d72fd9ea8e7ecb0b13bd98fb3190a7a0511db94b1961554eb8
-
SSDEEP
3072:SRyOaaSHGrDJyfkMY+BES09JXAnyrZalI+YQ:SsOSHMssMYod+X3oI+YQ
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423758703" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000c0a96e8c89e61a66335b4906d698eced1dfa957088a08a5394eb42606a952d7d000000000e8000000002000020000000b2b3d83c95c98c4b04def5ee9456df2fb4eedb2fe7b6f80ef77c4a5b84c3b4222000000034cedb37d4381cd957d4ab01bebf3fad04a85caa4331314e99f98880a75071dd40000000b406a1f9e99ccc8c7de8d9a715ee38d88e6d695ce8a96f3107a52a9dbe904b5239cb21d9f1eebf58ef84fc0b8003b9ea328b879d6dbbd07d913faa6f51b2bbf1 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000006d78cc9bcbe1b05f437e1f7f4a3b83349fd07a30a5a63d4b44aea6b8e0f21cde000000000e800000000200002000000051392e211add7e676ed81430e0797763ae477683f5ef9fd9dfa895a0554b7af390000000bb1ccbc606be076474070229f0c0990acffb2a41eb7c9b7a36a512edc319da4cf88fd8d943e8eaf793b05485dabcb59297ffe2d6113cf4d272cf0327070d6456428a77fe5bf3687a403a214831131450560a94230e2e584b4860f30cb35953a4f74371ca750a4f95949f13e3916f3a6bf8ef57b38be8f3787c7042724d41eb61dce9c2e290f6b6b1be930db4cea065ba40000000b849d31b74d78bae5e92423a7570720fa4306b2ef01472c492a35dfdbd59fcb4989d9dae3c894a56537a0b6d3c55addfb2d1ae46257c6ac737411ffb72f6a3bd iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D7D76D71-2345-11EF-90CD-4A18CE615B84} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90aa53ef52b7da01 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2084 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2084 iexplore.exe 2084 iexplore.exe 3040 IEXPLORE.EXE 3040 IEXPLORE.EXE 3040 IEXPLORE.EXE 3040 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2084 wrote to memory of 3040 2084 iexplore.exe 28 PID 2084 wrote to memory of 3040 2084 iexplore.exe 28 PID 2084 wrote to memory of 3040 2084 iexplore.exe 28 PID 2084 wrote to memory of 3040 2084 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\985f22abbb801d81488293d52bc30827_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2084 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2084 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3040
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD573c7a7334a63133e07a9696607a1cec0
SHA1f1fc9484649d000956a68363edaaaa9f16489b62
SHA2564bf3cf3b023ca90236f515f5d10ebc83850251807ed0af8a08d3a37e5984574b
SHA512d492bbd7a583b85a410bc16fdf787161e23a9e022ffb3481a3009a938eb2b9b93876a591b389f81c86b0ef8e2b144777b78609d02fb37396d1113398b28ff498
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fbfe8ba26f21ca97b95d467ffc8968e2
SHA1d995da56c646c03d9261796b446abdc823395961
SHA256c1f4bd50c5df411613ed5ee11eb4d0edca4b283de88a1a43e7b0c7712b93891a
SHA5129cf0165b1a94ce79c984e968ccbd5c0364401c977a5766c510c055508ff09b623e804eacfc9a68d81838140064dfec3bae394c89e5fab8b7da7596a8a040793e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56b1851d24bc0f90dd81cabfabb0712d7
SHA1566b9ea0a624b15a2b71f9e6c3a0291ea51312eb
SHA2563e425b2767b08a7677be9ea6b176c08778f4f274dabd89783b6c4de561f0a477
SHA512e1e2fbed0a5c2da1160b949ce77e7d53954d1c5db23924baa29218bed8a712266b258bbb7ab8470f2bdba305ef590aa919bfa908e7737f42baf42ae40dbd458f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD550bcd2d04612a93604962a26743a0570
SHA11fb08761d24cb8115ffa04246c6b4409fea709c7
SHA256e358264f9d047f8cc167e97ce650bd8fdf3558dc35b5b86080d9708e6749f864
SHA5128ce0ed47211d18152c8ef1a73973835712c853f6265b0583dc52710a4f4e01051f0359789cdbeec78276ce457c979dae8375de289e6938aadd7d6cbb696680ad
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dcba74eb07102c93fe751263fdd6e9b2
SHA19d9ec06fa7ca22597daebff36b63fa2ce5526eb1
SHA256f518f686675278f004cc7926a0dff0c23439f85d569086ab8949a95107a1dbd8
SHA512186a0a88941c50fee177164840b92789156f355ed798955145e553a826886bed704716ad24d6986675176bc45dbd518a408e85b530c0ce8ef01fee4f325e6b13
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58ac985176a0e5bf7b5046669e8731196
SHA1080dc8536fb522d66289eb7a62b3d78731be85a8
SHA2561631df9c1b5fe544b8b58af157a46642d14c1fb66f740e659e655890721f326a
SHA512473b97aa6d83a703ff3a668c166c58886b0343dcdaeaf16c4031ca9057a42aa9d1486ef240a8c7efc66279e7ff1f9cbbb99850947c329e555dd5db88923e4abc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD501b6668dbe5de12ec50c646cf3eec1cc
SHA13b8f877951f856a1392a750f7161c4745e9b5d1b
SHA2566dc0e62b12a8e3526b0d2220ba9a792ae8dd3af1ce0e12ed99323620cf9ab97a
SHA51232bf5527c4e7d22ae67a77aaeb10ad7c54beb601382d5056e406ccfd11f290743e51a60b4aae0dcdaadeaf6e700908279d5278a68c2057ba468c9124e3a372ce
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54beffdad9d4d038baf199530bfce37b6
SHA1c9ca4fec5059533f5e4e81d82756c1884343bb71
SHA256f94f92d744ca4ecc608da0042f15b24efa7e408b10326b41ebd9d88d1795920b
SHA512c1777c981fa9952fa9d00c235d4d7a324109f4414e4ed0f77ca9307310bd4de0be24e1b0171fecc8a99491a76c3212142f698aec437c83fe349efdffd2b8e82e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD568c273afc3b3b2d25b0ade65362447ed
SHA18a123e8cf89326e174e96ecf923be6c2c4573d71
SHA25686522bd085f66e88b10b019f14c8f0f41f990c2523afcfc62b343847d3b2e60a
SHA512e047960bd4b790c7da5dd643e1d7343e2e91e05c4c3d5e4d5642afe7314a2adcefdc692250d13b52dc90e6bd6ebb58019952c7839ced9f8b4114e1ba243e9bf9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d40e0b043ef9b19f78b32258c43eb76b
SHA15e1d5dac0378d1d1bdb74c999741ef54e410529d
SHA256f68fad4efdeaa4096883ab57432d551243ccf982170ed62048becbefb2f73940
SHA512c72b0e7adecf38d907514a489c998d55da3c496182f0c9cb65619a1d5d912c3b9c00772b692f73bd7b39a260d2a2d27f46022b292777ac97ccac4f920b1e7310
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c08fc6bb7aca8e2635e913d39f8dc264
SHA1e0a88020b7dcd63add56d5af2f54247d5683443b
SHA256cfcc41f376e532a70840b6e77a4b5d4eab3bf38c16f0cab0431988bc802840be
SHA5120fc32a7896f36af3b41adff1ec379704e9568521ea290115f2bb02ff84ed8958bc142d7714995ee727c2c86771c897306eb25466adbdf42ab654c738db04402d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bfd8467ae5175a213f48cfa3fc63d4b3
SHA1784394457db4079bd0ebb0458e5302082da8897b
SHA25673d299936fac4665fa7f84b16abe651eabd3b64c31c7c34b20d03af3f70a9be3
SHA51275642e20121c7378ff5b07dd68aa2ef69ff482e43e1622e878a08a6808fd946a461149af655041a7dd3b921dbaac7741be5ca81e3615d1a60b8bd5411829f982
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD582681c6f23457bac6c0c4839f1435cb7
SHA197793c92bfc48857b97d46ddc303de9fd5f41438
SHA2567af770e37b3e425045e88456febf4dc07a10a2cdf105787476b1c326c8c88627
SHA51208d05249b48cf85974c5270a92bad633f85557d236c23f6a29fc1ddba1b5416eea485246605efb99793526879030715008b5c5ea87d2dcc028d6260cd4f3a772
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52da3f66c070bce159a786d4b68a59a0b
SHA1aa97bcb8ba96532f52448355117cfb875504c4fd
SHA256e6b0dd2c11ce6e73fd306a00152619bcad16e7e6a4d5366c3ab22884184a0371
SHA5122289854c41867dd479243d0bcaa48da8491cf7a3194316629d29d7f8a17f8018d6f6cb0370221c7ed8f9b2766a39f8bd8c0135f9c186c9eed3c79617b8b5a77d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD537a8839eeb1d8615c6a90446df1b2bd0
SHA11d0967e0f3875676f9aee3e5a290af3ea0943219
SHA256f9cf92d50bce4e4be1e1f0c886a02a171f7f2abdd40df230867799fabd3076cf
SHA512c1a79ac9288de381058c8456daa6e249dfce88cf49736fe52c88f8016affb8a471647574302cca30335c5170ad1a5d61928311ea8c5cc06c59205d10f03a1daa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD584a43673a3bcb8fb23531e0ccd01dc52
SHA13f688327d415ffc186c90c2d1292cf059cee0e70
SHA2563b3bee6792aad750a53279b020158b8475ff29c6a274ba8e1ac30007be59334b
SHA512af480c819a398381db9df3e1413fe48b729427a20b6475b1aeb02454266ed6b1c0b7749abecad4a0140e55688148fdcc57cd3a1abf810006e33ab9a5012f7ef4
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b