Analysis
-
max time kernel
118s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
11/06/2024, 12:12
Static task
static1
Behavioral task
behavioral1
Sample
9e233ab505c5c9f7124226a2242c00e5_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9e233ab505c5c9f7124226a2242c00e5_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
9e233ab505c5c9f7124226a2242c00e5_JaffaCakes118.html
-
Size
2KB
-
MD5
9e233ab505c5c9f7124226a2242c00e5
-
SHA1
8ece5cd8d2f0bf7c307298e0dc54cb23fd752eec
-
SHA256
7e9b49a70920a9e37f36543f48d601ec62ef815487cfbd732b9c9d305c6ce2d7
-
SHA512
e77a38b11b53a9b2e738921d8527b0fb6f8e9e70eeb610c4764049bdae986e0427cb7249be062652de935b1aa772338dca2c2cbc0ba310a72a97fb0c28d1d9c9
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003208b5565f07a944a755260836a5806500000000020000000000106600000001000020000000dead72b55bccee7a25dd5408962f2e0f56157861d1d352e0cadfc900a4810615000000000e8000000002000020000000294de72ff9a32822d6efd662a622d522ed51da9b00b6bc8ee1d6dbdc477b9ee420000000bd53326e41732606bb16ef035949b54e596756f64032cf0a6da4b629684c60354000000045ccee5a490ad96999e88d77e1b5b129e20ce5425824419c0fe90a6f5512c3dcf22f65e9c773205867185c99a2d041d8e44a7445b3d68191b1f17dbfaede1411 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003208b5565f07a944a755260836a58065000000000200000000001066000000010000200000000053f37ce839c34b1bcf72a46649c987bd19fb22a1feba7051c4d8d3d07f9c48000000000e8000000002000020000000cec154f56703bbdf37c6a7590406641d86a93c5dae657d77342495720a9f9193900000009987629a826030c72a5b780715f12a5eca283512953858e3aed59b0335c079f9df009c7446a6909cce40ccc50e5c37e988cd24b0c815e92dcf465931c2aa41f6c80fb79e4f646723a22642ce0e533c42311cbee73b6f19b4e631b558e97b2f2e9d543f5c1825fc2d9263261448169dcae61cb05ae49b61dc9bdf84649ba59b8fc985f70f709790d3a13ec97c9a229bee400000008ad5c12736255d5c1ae731cd7c116d3a151a50f5d907a1a123a2ce4a6f06a7cf34cd61d78d4f7647c06646cf3b68231acba4bcbae7c12c4475b9c9f54f7544de iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00d2c4aaf8bbda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424269800" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D5FF6891-27EB-11EF-AB41-FA5112F1BCBF} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2276 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2276 iexplore.exe 2276 iexplore.exe 1664 IEXPLORE.EXE 1664 IEXPLORE.EXE 1664 IEXPLORE.EXE 1664 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2276 wrote to memory of 1664 2276 iexplore.exe 28 PID 2276 wrote to memory of 1664 2276 iexplore.exe 28 PID 2276 wrote to memory of 1664 2276 iexplore.exe 28 PID 2276 wrote to memory of 1664 2276 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9e233ab505c5c9f7124226a2242c00e5_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2276 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2276 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1664
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5494f276856bf45cd0c1e4c2f915d4979
SHA1e080b26e93f1b18372c80f07562f669487c85cce
SHA2566aedfe96d1695c2a3ccae7c778b7e352fad9f6d7dccad54fdf8e18e31d24d26f
SHA512baf36cc6c0776007707241349c2f79493ce30cd9a39705ec347eed6eb9f3c763da662079f4a38bba9f42c5a5867be64a536131c0a88fec48b7d356e491c2eef1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b70185cf2547413f70f2b7c9b6340529
SHA1f7317a8b4f347f650a52b7c47133b8a0e52312c7
SHA2560a1b627e839d770c2ec2fe140be623708913c1c19b5e5e15d12ee32107f377b7
SHA512aaf3c7c6c0732187d47cb78fca0741a28740766332dd78d5af54be96625d37f12f4182af04dd33976350f75e84061d899346a904403e3fb862c7e3c153a8c143
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD501285d9f4a5addb33046c23f28ddc540
SHA1e83a40fb0c6497a6db615409d00151dc01d2ab55
SHA25652b1bd18897aefb3afdeb4e62741b9ab0342869b1452761f3d1963bc89a5276d
SHA51296158a2a180d23ac9a20abf612ccf42f3c270bf2787931194a10c429673387db17af8b53418b0dbcf027a7e23e71d5aff1ca3b3d3e1fcedf747c1af595f8ae26
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bd416b580d3b09f24c946710680e9dfa
SHA14aaab9b77ace4fefada024b7ae44cf15db0d9892
SHA2563787f2c6ee151a549239b251aa8be1c4390b5b5b687ab3f10811cc8f241a489e
SHA512b8937c850b9d785793363079fef22db63122135ce97d27b5fe7d384c2b8435bcb6081c5d5cc217e2beeaf39d9a5d17ecbe14aa7aa5421e9e88bd0172afec1583
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53ba330c7c1f8a259e84369f7c4b0b0ef
SHA12251e816bf2e72eab8773a6d9c763830d819cc38
SHA256ee8854f324014511c21cbc888cf6a10d1b18ad4d9a7e7264b6abedda2d84f9c7
SHA5125bb65604779ca8c65ebed65cdfab178492ada942fd9966556b3aa6f120c83e81c30a497c30bb51d984b1b89be7acea4079bc189645672580b351ae4cf84e2454
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD591b9282ddb386f0452a8e25513fa3ddf
SHA18018b51ef88b1ee4c8a16ed75f870a738f848e52
SHA256e68e684b45a9203fdb76694d5a43487ef2f5da1116ea5f4428283c9e34435570
SHA5125ba8f48f319a59233d3c1218e44c8dcef1486e8968613fdabc827947283bdd597b62e4e7eb90e2740d9010eb59232424ccce22fe6169b7f32bece511b27e60a4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b36ae595cdd8d44c103a5aa17567367a
SHA103dd364a216259225925cbda56279ad230ad5571
SHA2568e21d54678760af65b5fb8c0733bafb9ff6647c356a6177350099c19ba39653c
SHA512be8a758daa264ae7db06b129556b2cae69c63b2350eb4a7add4278e8b49c3ff0acfcf0f639ed35518dcbdde9b777578be39ae31119b565a07ef2fa4043d4bb46
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f152a476c8dc6e3a85b99ed0769d53e0
SHA1c78371171cc27a151673f6e24d75a8625495fde2
SHA256d2477adbeebd89c442b4c1f85020ca2bb2d626c22103ab32619a709c88f65c99
SHA51231e341eb6ea1f74ca361c753bcc48bb01bc96a976e9841ce01b142408402d5252a6282cb3685804aaaa7633e63a0d29d4becb3150677627eb713d11e83ba25ba
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a325bb60e557554a8d3c6d8cacf49614
SHA165406dd28244fe863f99d3b4d93e797e4466dffd
SHA256ee4f9c68c723137160a5f71af8df38ef9dde2dccda24a09ba119db774767aeb1
SHA5129e29d591a39df1a1628f642c0d248179c07bde860f16cdb4f2bae085ed771cc276f15d8cdb8c254934a058a18747ea2ae09f6f658f97c01e05285695fb3cb100
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e473f10be8c33888f9a8942874d01b16
SHA16be579702e5213134b1c1db088157fb6b47aecb4
SHA256e0f65fc93094cd7c2fcdfc480db8068d1d3a60fdaf095e82501c7ef43dc8e124
SHA512dec0516442099bad2012ecb0ab1d12e7b8ee65d007d7e7d687a948cbd9dec47e9a9a2f0cb7597d240c25e8b120fa27cb3e2d68591d0f515474b2d2828c46a30d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5da76bce79b88bd17d6d3f93544516ce8
SHA144f5f1bc5326dd3fdc03c2dd755a8b4164ad567b
SHA2566363eebf863a7e300f8a96b14faa53c90e707ea58f74e9b116b15ee4058f1cd5
SHA512e839dec6d6e9eb73b8ed698c9f6684f72bd73d8fa9a5ae0c2cde84b33071e04fb2120c414b75e522ac5a2ae0a1b0a8de0d6cc1752586927df137a4b4bdd5d6a3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d57615dfed20efcbfb8279156c59df8f
SHA12e01a66853d81c11e8dc9c053af4bbd8fb7a15f4
SHA256489d40a8cb0bbccb13469baafc85bdfd0eccb49f0332f06c0f84bda7ba47f2a9
SHA512434645c4045a9546f5aa7cef95c2b7baef1d129c5d803f94559dfdb7ce632a1aed762668c720890cf3d8c69f6da6f3214e68f4e2f9ae7c9d1042a61b38ce4d6a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD525ac6c526cebc26f1c0abd64069a91f6
SHA1e989850fc112b41da5d020a1693a31ac6f720616
SHA256d41cc2bee4a7c968e5441da2e0e7b97a91e0061a6a363ad99955d8c060a16c41
SHA512e6ef73a115adf60dd97ec4d2cffb3d56e2b93c9bffbafa0ee0480b3c499a28b80fcafa821e21a3489bc12ae4fb6f02f0f14ca26966455c6b0e01c9cf0409903e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50b6c7db8a96144be812a483512265e00
SHA1b2fcf9d90cd261fcdf8c0df76377bbc6c5e65079
SHA25677cc02cddf9204cd22c9a43d57dcc8480682329e0215618fe5669a6af98313a4
SHA51269ce2395f079a020ab27321ecb9b29340a9ae0a4fc5fb3a668fbdcb465c92aaea01dd0a2615a66421503b9b9bd43bb2b782ddc97ec99d305e837ecf017813d7e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD510e1d9d82376a0981545d410dbb322ea
SHA12353072c2be410b9827042098781a2d01452d34b
SHA25626e16552bff531128c0ee1a910617fe896642eec0a4d41dae1d0ff3931ed8065
SHA5129f3d4a9f26e5f7f45f2c1208113ab1501bd7a5867091fc5aaf4ce6827b6eab75e8f419ad502afdd537eea1b29af76966c29585f6f794b082b384d06bc2aa5d0b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a4009c9497209e9e9ed35119b641be7e
SHA110f5dc9b2b28bc14359b814a9e5248ba922b3d59
SHA2567d6a402ebdca7445079f989dadca7d18641f29ec41d1278af3cbea3c2cc75144
SHA512396418b0e1da33421b787eaeecbb1e455b17d8f481ae4fb924eebca58d7ed93d24c6948dcf336d5044e4cdd3b5c0b236af3f8932715489f8043ff3e230c08e76
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b3e34689cae4fc7ec0825fef64740eec
SHA152d6bfd00ee48003f3ecacf49e8534f73c9ab1ec
SHA256fd1990e235dea7bded182a348b2c938232811c8163269367fdd913bf2b263bc8
SHA512db7d75023501b84aca59fedb29723d37f2fad1608db2d17ae4109d6524775f68988056e56ec380f21f53543f18c15a39b8c8edb2331d34db483ccb904b3e80b6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52d95e5da7457736ba8740c6d77b6d23c
SHA196de3ba6f287e20827da2718b35f2be578d4c131
SHA256de78e88eb9fea82ca1861c3c0634c2801c09ef134119bbface957718d583555f
SHA5121cd6621db948bf0321b01e1ba0d4526d05d8189941b2ae6d37d5dd312d4a790db4a6edd43e9a8c49ffb43526c9ef936e6bf9c760b79b23c599d92470a6bdcfec
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52077c51704940efa33115634057f3a1c
SHA184285333a50d6b21a9705f47a4c959aab90a5f66
SHA256114546cc28a656c041389065f64a9ee7fdb9423d483e1e74488af6153fef0fd3
SHA512bc7ca2a0b5a1775d6041bb27b5b2fe7e8c5614986873a003e78bed0c4b7c54c93904746a76b58e852fc4dd17639eb79c230a882563da6bab5742320684eaf5e5
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b