Analysis
-
max time kernel
117s -
max time network
139s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
11/06/2024, 02:01
Static task
static1
Behavioral task
behavioral1
Sample
9ca985d5b7ee04a14c974b6e07c4daa9_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
9ca985d5b7ee04a14c974b6e07c4daa9_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
9ca985d5b7ee04a14c974b6e07c4daa9_JaffaCakes118.html
-
Size
460KB
-
MD5
9ca985d5b7ee04a14c974b6e07c4daa9
-
SHA1
671ebe8d0c517c2241c96dbf8e35133972a3021a
-
SHA256
9d38e36c69c0badc90b1f7dc1947b806ddeaeb82aab3f33256c8f3706f496eb1
-
SHA512
010fbc0f63bcbe7f4e9678985d23b79d2f20bfd36b153212a88506c31e4d8e6cd24eed600b764f4e8e3c649ef74dd448c4bc259ca68a20701848363cee043730
-
SSDEEP
6144:S0sMYod+X3oI+YKsMYod+X3oI+YsVsMYod+X3oI+YLsMYod+X3oI+YQ:55d+X3e5d+X305d+X315d+X3+
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424233175" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{880C8BE1-2796-11EF-9680-DA96D1126947} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 101a8560a3bbda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000158b28aeecbbab41a981eab4364f185300000000020000000000106600000001000020000000002811b85b71cb069b89acffabb09151a4744af78f1a1b395c85c10740ecca4c000000000e8000000002000020000000de99349415464d097a241ae16d45fc6373f2c65ec76883cefda53ebe51bc5c3a2000000020894fe36cf6d302c2bbdf44ddb75fbb38e03cec087c2059a739a9c6d4d226ef4000000020adc96199b45bc4ba53436cad0bcc82d63c9e25cefe476dd8f9a1441bd40fb253ca0b57c046fa852423d98867f2a953089705c4db4967182cbab11d771ea500 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000158b28aeecbbab41a981eab4364f185300000000020000000000106600000001000020000000da2947ba15629a53454482e3a8966f5b7458477a160f0aa08aa5873362acd4a8000000000e80000000020000200000008e8898aefbcd6a840cb854dc32da4e368051ad72c313478b39f2c0405f567f7b900000004bdb5dc7aa4c69ca2b976716e2d6b17dc4e369a0a4f0c67145842d1eeb50f1f0f470fbc5117124212e011423f050a81de56bc17530033b2b72d30552f9cb81ce10384822d2fb007e980a1878cd9c0fb7c08affc5b1448b0127338fb3af227f88aad2f2833b8f4a8c26ca94fb52cc6980e1f9f35255a31871a997282b508cfcf993421944cc2e70cf13427e25c9051cf34000000018d9095135567bdaf45bb282227d7678ed2d1068bf460b04a8c2091716f3665360fc4736de67fac913d0e0bc5eeb6a35f5a9f99304752bf7c1d7589b76cc75ff iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2872 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2872 iexplore.exe 2872 iexplore.exe 2520 IEXPLORE.EXE 2520 IEXPLORE.EXE 2520 IEXPLORE.EXE 2520 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2872 wrote to memory of 2520 2872 iexplore.exe 28 PID 2872 wrote to memory of 2520 2872 iexplore.exe 28 PID 2872 wrote to memory of 2520 2872 iexplore.exe 28 PID 2872 wrote to memory of 2520 2872 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9ca985d5b7ee04a14c974b6e07c4daa9_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2872 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2872 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2520
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fe4097f8a26bb3d4d8992aab72fcdd22
SHA1cbed017bc1fa89b3d00c3ea0b644386120c3059d
SHA25668efb64324ea1a96d20bdc7ca6eca0824b6fe54485a4ccf20d74094284141183
SHA5124523ae41e84f34e739365c9bbab64d94f4d3f7ee49d94063f94148a6e4055fbcf308d533e6147ece5881b380a50da77ba0100a3017294550f4e280f0614ecd28
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD503b5486abcf15338283cb342d5a7a840
SHA1eaa60f5539123164a328014ee19c55a511fe840b
SHA256435d945fbeacf344f16992eb6b707f68579ae86864c24e790edac6e5f889f175
SHA512ddb47cfd8e893757fbf2d1dafda12fbc3e5d21382e6449ded831d7a505e5686f0be3c8ac2bc5929fd9176e6b001d43a2ac8ac1ca4fcd8b4b812ffaa5810ed8d0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56baec0b394f495e02047075d3ad8dd34
SHA18b0a5c6b1c4e02c3d54c32ae5db889a756318159
SHA2566244f60037b44e29d0634f7b2fbe56edfc2aa6907cdc2f387f113787a4f5cee0
SHA5126d22c8c20b1fd8a433d8ebb07121787da4100063d5cd12dec2e5895c781781d5f3c1495611ce67192203b4cbd66e66690d1213053ccdc010c050b987b70b25bf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56e9b276e440440a91738037c00fb4bd7
SHA1c556d978de729f3baa20c50813300967e643d6c5
SHA2565849198b49de074729f543c7be395ae0a9dac0deee2c5f0784ddbb45df2af0e6
SHA512abfd6d9707921e8fed286850d208fa2d9c01b8c70f062acd5be16f41b55efc1570328f4088ea67762d61a67c986067d9329bcd4717216e7de64770908ab1a44d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a407e575b7f546180e543282c8788041
SHA1f31ebd547de737917d5db696cc1b5926163d577b
SHA256e55668b879f537936cd4cb119268611b6858a3cf348794a4401ce56c4897a25e
SHA512bbf215567cd964d41eea3ab205901668ef77cd29a15006a11cfe8b44eeae9b7614d1179d55052e9cbcc60642d9b7ebafb2736e358d10fe862bbbab3e23a52562
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fb7eb9a67fdbd1848ae08ccc40e38b68
SHA1d582ac8517ce39689e3f566ccf8557833dbb27f9
SHA25620114d9f3f2e342b73011c8256293e1e6af724f8a701d2ca47d8eea5c36026ef
SHA512208440a6ab18f6ec162e95231131b42901568c889ed9e05a12fe677c9a05423ab6b9066c91e8b3ee0c6f74d54ff90391043c542928535478e93cd6f8798e904c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56345df0c1a881a7172c984d3bee4c926
SHA161dabfb625a2fd72af8e676ee0a9c570ee1b152a
SHA256996369f8cc0ceaa37b1db986faa4c07821329401cde498ec0f5d464d6f1b45c8
SHA51268df0a8f36db89a5d2cb125b91e83aa302fa61e01f00bfeca26b8fb906d6502d7758b534b9d76dbeab99c5dd5b1f19c3a1e26b37304f01bdf08368f7967bbdf9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD544f32ff76232a31e821fdf945e9f6be5
SHA1ed10b757cbe727fe8083191ec158fe8a66c2a8a2
SHA2567767c25626c9ec1c0aab9fb3a3f91ea1ebe4f990c839d6c045f86f28fdb0cb92
SHA512ce8478c069dd334a41bb02e2e1492f7d20178be80307cb2604edf2774cbfb7582973ef3088055819a28621569be5214f6c6b2b053dad5d8bf82657efd233b29f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f032a5a5685b89d4b5715c836b116c96
SHA116e31f019bc0574b72f0c529a39c5ab6d224d0c7
SHA256b831ff1edc7bac9b011d27c5d6779e327aca8ac2e4512d8ff8c9323ee5853c3f
SHA51258a870e6fe54b95a51804766e43c2bba9438aa4c394d9b21d6bb94ac2c5871214ae6d4c781fb05d983625299fc130868f1769cc8ae7cc1749eea43300cc08d32
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53ec8a411309249ede3c640fc44a7923b
SHA1f65743a0c0080d4b186e58c276f9a20e74ed5c03
SHA256dfd927f0b3e53f5a618a766e2b52ce2fa6bf852192be3d5436056c0781b7e89b
SHA512fe81bded6de3687f2df22a2a0b5e8c7bfc6dfa8407b271aac9e114af1a8449330cde35a21b208e4f96df4ce929cfc383e5e71523d938a3e4aa679f0ff527d5c1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50a95c35f738abb4e8ed57377232990eb
SHA1ec1e53993e2c717fbdf4031d384c2dd559c37650
SHA2564d4d72b72d4d6d4ce46a9db88b77097d997e6fca6740d632e71e2bf5f558d7b5
SHA512aec207f5ba6d2ed580269a9edac3e1ced4e29597de95ace2ff5b970d32c8445c1f956bed181e9f95e11dd65840a6ac63bf2f1205468a41157a78abe83cf5f5d2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b69d543daddb48aa7fa203939aa7785a
SHA147a11c4f8af969889301b9a6b4b0018decf12aa6
SHA256cb9a626ce18cd23a9acbf6ca4bb9235f6d832222c66b0e29799a0910930d6feb
SHA5122523b0dafb99610514cb140c1fb88d3e05c9cae60861d0789c1f21bf4abc297b7c2b54e7d9382a1340f8238096ad44f6a28bbcdbcf85aef98a9cca3c2e05b1c7
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b