Analysis
-
max time kernel
118s -
max time network
131s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
14/06/2024, 01:02
Static task
static1
Behavioral task
behavioral1
Sample
a77207925307faf46d68cb8765c04ba5_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
a77207925307faf46d68cb8765c04ba5_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a77207925307faf46d68cb8765c04ba5_JaffaCakes118.html
-
Size
68KB
-
MD5
a77207925307faf46d68cb8765c04ba5
-
SHA1
c1888f24211da6003bffea03396521e07d24c966
-
SHA256
0d6695aedbd92bd98ee58083cf2072906a47df6ceb362757799a38309539b6ca
-
SHA512
f288d8f5b5c722a15d982890690b2a2ea695b909fc06bb352be47d44c28371cb7d7f9bd23338e66ab24c13e3f34b7126e2f9015b0fbf71acbc447de59fd8c732
-
SSDEEP
768:Ji5gcMiR3sI2PDDnX0g6R4tMztZmnmytioTyv1wCZkoTyMdtbBnfBgN8/lboi2hX:JxF2Ym4rTcNen0tbrga94hcuNnQC
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ac810dc13d748444811784fc8a8dacfc000000000200000000001066000000010000200000001c246f45f03870590ce5761b54d344d505bc5a7152d109f6b7db2da501623d71000000000e8000000002000020000000a8877534cf221f50309ded6ec85c36a3bc670903633fa2583aec501e3a76e198900000006b0dd7505e059838a63391dfca226265da958d04e7342ec092ee1c091af1a203afac12074b2ba21015e63d89bcd020fee2c5dd15cdf7db525a3dc0811481bb8f14110a1dd0902dfc9e35ce566243bc13d56946942d85cb5cb90cf4f8d1e981ee85bdae576d252b887d275c6b4db95efc4f8f22b734da5d26c867a27cc9756a1b4e5c1ec79dee624d825b136b9bee13fa40000000704f65747ff4db086b6b36cad223cf47f1e3f9060d20150a90446e7206452b848cb48a54dab87726bbe57a674b49807cf8a53fcb1823205d4794c4763ac3760c iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ac810dc13d748444811784fc8a8dacfc00000000020000000000106600000001000020000000820af8443a34c7820849a6bfcf58d2ab4278a1af64d68b8486901c74a3f6d6ba000000000e80000000020000200000006f3beba94728f32147f36ca957a839508326c06028000b07f1960720b1a49f9820000000808518c6755dd1b16aa0309c5e8ac9d082e9fd14706f2188fdaf40a94fb65e094000000029c15cfd463ab6502462f40a0dc7134ee858bbdc18795d625ffd0d9b0f321f0c68ee12914beb0acd3cb3cd0839418e4bec75ae406a4cc9056008b4099d3283c1 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424488848" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 709a11d0f6bdda01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D5C73DD1-29E9-11EF-B7D6-72515687562C} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2328 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2328 iexplore.exe 2328 iexplore.exe 1692 IEXPLORE.EXE 1692 IEXPLORE.EXE 1692 IEXPLORE.EXE 1692 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2328 wrote to memory of 1692 2328 iexplore.exe 28 PID 2328 wrote to memory of 1692 2328 iexplore.exe 28 PID 2328 wrote to memory of 1692 2328 iexplore.exe 28 PID 2328 wrote to memory of 1692 2328 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a77207925307faf46d68cb8765c04ba5_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2328 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2328 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1692
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
889B
MD53e455215095192e1b75d379fb187298a
SHA1b1bc968bd4f49d622aa89a81f2150152a41d829c
SHA256ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99
SHA51254ba004d5435e8b10531431c392ed99776120d363808137de7eb59030463f863cadd02bdf918f596b6d20964b31725c2363cd7601799caa9360a1c36fe819fbd
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD5fff983f78e67edbc9af542a90eeb810f
SHA15303b443b3b8682f1af9e5fad1e053fd87257f67
SHA2560a9c890578e8cfa5bc0f5c9d912a01476a04e2acbf3bd25d5dbfc1d66f0fd83d
SHA5122a750f30356cbbbf20c02fab11cd8d0d4965504f01bca2e62db82b1a93f7c6b427ecd814dbaeee7a12a78fa66e1272be81e2305d760d47c1d0a46c5e9a03e43f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e02c145830a10a693110fb8c2a6c3263
SHA1444e53d23a4d9b7814eb41dd2071d257302ae5d8
SHA256d23c67c52836a06461b81192a7991cdaf46bc6667e3601d80d56442fcc2642b3
SHA512504d771c2b24604c68a4c4f2d574a630ca3d6285e16e30ae60c5032877941bec193c4bd2791de1cb59e3d62019329b93f35adda59b3f5666f039caa1cf47540d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f56b159115c7b9afc724c195d54a19a9
SHA1ffc655782b280d74c67673d8cd4533dcb55bf422
SHA2563c006f446ad91fa092f182cec3fe3b81339d8d393141d71131467bf28111d193
SHA5125996a17673a07c40493d981fcc3d769f2ac175d83c7b85a7369e392c91be9bd124e6831c2808f5f2fa803ac1f52c22105aae09d09275f5842e36f0ed9688e0c4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57d9df0012bf4a24c733b2c04ec2eea60
SHA1ff4ddda9f4a4e5a3a19c7fa94b5c089da8c2893b
SHA2561cb2d062cb727420b5519ca2a89bbd408e5bd738290dd2a73413fc47f20baf0c
SHA5128884d27c5e4adbc41c38015575d5de37d7e77d0fc881cc8a2bca50df48dd032894d9816da1f466a18cebc13aca6a82b0c3ba7b15d4f5c9005f1f2ce7c51d2f70
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51747d96f02b781e36de3e4247a77c21c
SHA1639a122892f7f2f293c1334d5a67f99ec61b0b0c
SHA2561d882bb59763f3ce6a2194b2205ef5a7ae0d86ff25fd6dafe8576715a022a747
SHA512b49537455f8fa46a0973ee17ca1bdf4c2ef0db3f5ac60601ccd24e13359e0b86c8bbc6955b3d1532ee197bc540a967ca02d17826159621484e7cdd2596d6da88
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD522db6d1c273d8db375be374c1b56b7db
SHA158932483892502cd5b24bf90541eee38e35c871f
SHA256f0edc95da14bc908cdb73308d100b299458e1cb83dfafd86288f8aea99349612
SHA5120d8227c28f06d673b7144797061fc1e2cdbd366d951e2f10134b8bc276ef9ba07e6a06802960409976e2f36d291fb32ffd3c464e84a2febb17294f18b03bc67c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f00ca62c21daddf88a6bd68ad5a86d81
SHA199e2a1e89fb8e505c8a08ff894df12cccb2d20de
SHA256ac0917c44f9d5e3220471d0417d5790669aa8f6036b022fb9895f1187f19fd93
SHA512670ebcea4dca78a65a4a3bc2aef3badf85acb2a88b75033b5c8c0c826680e2a1c5178dce9633faeabf629b2c3083087a5ba4cf4369b858f181a6bc30ea660a21
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5549712b84fb01a13e47ce735a864d540
SHA112b60a2fed028928e85b8f5d89a5b237855794e5
SHA256710f3a94d63cb093706b3b82ad2d9706a32c52e068bc1a65fe6bb53c7bb40a70
SHA512096ab0e3400db0cdd1d044fcdf967646c9eb013228e2e847263bef1beb62a96a6b63f12818bb1311b34637d78755b0cb3cf2f67b53df3779eaff802e08f4e0ff
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57e9fe8b8331f9c5ac234601b6e251e55
SHA1b7a9d4a85798bb0d5d7953a9db5be94a40ed1cb5
SHA256e7d4b55dbdad9503795e3e744af71faea651d90f01781046568313afe0b80386
SHA512eddb1212d6b9529194f56bcc82f526d6e0db4f098ee3932d58bc277c90a04171dcdf825bea0a1f33546f3cc7811350b73faf75702797f735fbe5ff5a512e0b9e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD57fb3ed5dfdaf0b4f95cae0c95f30796a
SHA1a7b9c0668306ee767d0fa3ecd56ed26ab82506c1
SHA256b03b85eff2c4dcbf0ebc96d4423782ba3f1743d8261f92c52eb5b637cb7275a4
SHA5121006c8297a47273881a92e7584f3108cb09e47dbd02f1ebbb6ab042f36fe22a9ed3f4f2e5b549c289a301a3a80887cba6f57fae362b93dc59ee5b5bc3790cfd4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
Filesize4KB
MD5da597791be3b6e732f0bc8b20e38ee62
SHA11125c45d285c360542027d7554a5c442288974de
SHA2565b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b