Analysis
-
max time kernel
122s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
14/06/2024, 01:13
Static task
static1
Behavioral task
behavioral1
Sample
a77b639e65ce5043bb0ac0d943f55d6f_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
a77b639e65ce5043bb0ac0d943f55d6f_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a77b639e65ce5043bb0ac0d943f55d6f_JaffaCakes118.html
-
Size
460KB
-
MD5
a77b639e65ce5043bb0ac0d943f55d6f
-
SHA1
67c5186c7ff046d660c429fc14676133bdfc46d2
-
SHA256
dba3d2dbc97ffc6045f0709781a34d23d331d7e1555d9f7d621b238a6f0d0713
-
SHA512
57d82d99f5a81e921f3420f3f28d90700c5b33c74b50334b8701a61d1504c2eb7a56e3ad45741450941efa26c77f2ef287a702891d73834e463ecbb7a7c10fde
-
SSDEEP
6144:S7sMYod+X3oI+YMsMYod+X3oI+YIsMYod+X3oI+YLsMYod+X3oI+YQ:Q5d+X3U5d+X3k5d+X315d+X3+
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{622F2161-29EB-11EF-AD30-660F20EB2E2E} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90f0b13af8bdda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005a9384f4ce73d14cbdf07ed7047a6b17000000000200000000001066000000010000200000005431a976cda8c3d590002d0fabdbc9e096f33eb979fcba9caacae7c2c0446081000000000e8000000002000020000000437c85d06607abe5d212d3124179d83b19e7a789924a30f8ca6739dee9743ac090000000fa7262974119708f823b6b4c5f68122a10ec3177f9d907a60f7a02fed9ec125e0a54bd94bdc64595723f69e477b66de9c580ed8a33b31d926d97dfe5f286a2aa04a81af7d675d84eadd6a4358bef042b95dc3b133a116ef514092bf6a31e904e97fa8891423246e913a225bcaecfe1fc24106d602818aa0edf7ab0e43d6f185fde505bed67655b750dabd1ddb0b2ee90400000009d9195c98a95faaa7a0376d4e83d80a9467502a21ee65268a60210a8955709c8447b18c0c542d5225f88fec6631bfa35f0a06ebb5bdaea1d5da9ce87b6d809e8 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424489509" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005a9384f4ce73d14cbdf07ed7047a6b17000000000200000000001066000000010000200000004f4aba45fde8df331dd4a34c181669775bd35fa6e65c53dc9d7fc1e9a0139df2000000000e8000000002000020000000cd10acd963a53d5395f537ac4b17d2988a6ade7afc9440a15ec19be82abe4a5c20000000d75fb8bfd1657ee34ed7601f534042b54ff4efd6a9319a25d8e1b409bf1243bb400000006112f7281d344441461f83f31437e4d72ff651b20b45596f65d8084d6d7075a4f483d1cb9a24af6ad43bac337ad81756a0ba0e8a49d3222383c0d9bc04b105f9 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2036 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2036 iexplore.exe 2036 iexplore.exe 2696 IEXPLORE.EXE 2696 IEXPLORE.EXE 2696 IEXPLORE.EXE 2696 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2036 wrote to memory of 2696 2036 iexplore.exe 28 PID 2036 wrote to memory of 2696 2036 iexplore.exe 28 PID 2036 wrote to memory of 2696 2036 iexplore.exe 28 PID 2036 wrote to memory of 2696 2036 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a77b639e65ce5043bb0ac0d943f55d6f_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2036 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2036 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2696
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD575caf092cf3b1ab428bb681132564a62
SHA10e268a46b6fa0d072ca15757c9c17cc559573ade
SHA2567937394eb62914248a30d079994dcca42adbf246569d88665101c78aeb44021a
SHA5121f0e3e37f45aa7a37bde3d2dcaa2c877c4c62efafd1ba4a1ca189083af01d184749be76ed6861b8dc2c447da841c4fa60ac2159672da3e099176929d44318228
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b2f89198fbf9f17cfdcdab5f26fe9d53
SHA1da8c1479095d37413b1bce239d49b8f5b6f0cbbb
SHA256f6c83fc27fe92573846ca7b45b501842a386262b712fd799967d5d1ac61175d6
SHA5125a7d08d310622a896a91b8bb29be78bb2e77d46f81fd408c8df9ab0b1719a842784974080629b3aece0de383a7b80c00704d1f882085539a9a3ef3ff271d6664
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD517415343f8d8e419284ee362795fa85b
SHA1289410f62a01f5600971cebed566702773422e30
SHA2565bc7c187f4f325e0800cf34f4654b11d70c9c0f88a2eaa8db844b6efcd8cd5de
SHA5120ea72f19f187c6476fca2860dea185284b9e9e94c6aa04f912a78df7d54ee573746daa3c4d2608ae792364c0f1964774ae0a5cc07a278543365300993a304839
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52352f65f7e495accd18ded49d0c323ef
SHA1edb2af2540c75bfb01496df04e96b6deaf4d6d2f
SHA256a9476d35a8493d3c25e00da5981ac4c8904c5d98cf3c71a65b97e08859729d66
SHA512edd8256c9b1df3672a8928aaf3d713eb42949a3d73a85c7c42c2d6783c8a7d80003d10c55024af3ceb96730b363b492340f4ba231d8757a5271952c688eb7bc0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD580af37f28084acc12f5a98bd7269d34a
SHA1cda7f8302787ab12c2c28e5c5e94f28fe2aade97
SHA2563c9421674db338ede56d8c02d50e37e75ef8785307184616c8d55c02f2012984
SHA5120c42921f33e0f1191b5ea409b2839b57372c12fa1aa7a752a52048b006a06ec52351d1cda9ec41eb582615480046f2497338e396a02ddafe971871056cfe3d79
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a927539b1ce6ea1edf906873c6517725
SHA18928ab79b89c01b19a3a2fff3f842bcf8bb9065b
SHA25614488e7fe762ab0ca70d682cfcca6fa8f9118e759c51173d7bd4169d257a559c
SHA512c403c33310d0494e2276d9cfc15cee9b85c6c79e89c9602249c8f65171f7df8c2af233dd55699e4049f3793787fb496d76b70ab53ebb41d26931041bccbb3538
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59bd39a3ad01d51317b35800dbcfb4f52
SHA12e8167624c659ab76c34d4091f6ece82f57f19af
SHA256bff5d9f510d64142324f3738340e2335a7823453182bcf280d69d29e610d8393
SHA512d1304e25a4baf706e3ea23eca6154f3fa5b4660ff253f68b36ea179d7c1a9738b8a767d6f25ba626b681b1e7b20931dca2d6fc648ca895286e8bf5b059034aad
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5252dac2250ae97e256668d7d4dd3a6a4
SHA1128e2f0b5be9cffa4296b53e762eeab445231233
SHA2568d4de9c45f7d214e13a9e8d684fa59b9fd2bbe149f21f0b8d430ef0851fde834
SHA5126eed01230126df4ad4c7f21f60ff22746a6b8040f750308433ded6b7e775fe1364b2b7cb8b36bc54daab9566b5ba889d916adc23b216fc1ab399558764d0345b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD509f9ac06a37a5385f3e2236efb446236
SHA110bf88fb84a62e30032e2a10522a5df2c44db62f
SHA256b2bb6c1c12addbba510c3ac12c4cdd044f75c6e38b33a4137c79b05fb6ed12bc
SHA5122b31fc235e38ce08f7fcc93ab57ca69a0121dcecb7722795d3cd5759fffd93cfe8507ed0f76bb336ee085c37ad44ccf383f2bcbeec476b40d805c633b21cb347
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a8fd4a10431e98b1875bb8eb2ca97606
SHA143713d22726ea47d4e73093dd78ac50be13bae13
SHA256570b9facd1797a32217f484efa5f0c3ff76b44dd0ce69ac21c48f1c111539d35
SHA512f961ab6451897e878709b24daf198a8a6e4d9dcbf2ba7077d5df088bb771036a5bd5401e547d6e44e268f4822fcaf0ef09056f143db23509a48bc45d1e1a61cb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD529e90b0de77fba08e4293b75a1eb17a9
SHA164bcb5739ee5acd5cc94ecf55ce1322faa1f2f71
SHA25620a469bfd6914d5a09d34cfc9685c73f849bd6a1c3549ed58ed2f25355062ff8
SHA51209cfe44cb60e5ac0714868124387fd612212917c5b61ac6a32047494bde6fee9892abd514ebe68a8f8e10b7d98430628647f87a2cdd8c595b8be05818bf82a7c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55b0398db65ba60a9eef53e4feb20f639
SHA181ff7dacf48e14bb3ad11ebd9f12f604e845fa03
SHA25651ac97bfa4880a4041d695d26a1beff243a69e7ba3387875798e8e2a075aa1ac
SHA5128e44152e39855b3b516df1e30e46290e22f2713f1015d59459fa3ce9220e5a50d8c6f76703b1da07c0ac0c6ed11238e2597db6034deecbf2ecf9736b3755d1b8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50cf22d466defff11b790f12ad6aad220
SHA1da5fa43f38227c5f99afa6688b22bcf27c317540
SHA2562b41d0aa6151341ac2d41d88d1f8f06b51004d8ab942fe9e18d4ba09a8ff88b9
SHA5122c38b80c50aba04c67339eb65b6ea050ddf963fb480ea48836a0cbf3dcfe586df4b6e288936934b1095c1d528dc1e31a02830b28ffa4f159b458533e20dba569
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57c2b838a3dd97fe7d89e048eaec2c6eb
SHA1edb936403de3306e73551122e0882bc42016d1e0
SHA25692fc9bfd67a8f882adb118594f4271874a36918190f0494e467215df21ae903a
SHA512e36f2009b0abcd94459797e8d6fe83bb54316d65073ad7c89bf5d60849a41822b24416a25ef9b627b4079be809b60066eebab7bea03a78abe7976c79b9b467e0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD500bdc0023830cbdea4bd117c5c17f1c0
SHA1910ae6e5582f5c12c42c157751fbdadf5887cc83
SHA2563c87f886f40952486d3ce0c81f4e8b52ebcb282ade9ee31efc0087d816a720f5
SHA512358ada745e7be20fb3c928221a7917b9c96862a7ae7ff4a0fa258149738db6b1eb616f467f38b99f444f0d32920d3208ddcbaf4529b77a20a13e05d34fcc7288
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5356f11044e188679cfa3e9e6edc6f57b
SHA11ca14dfd0d0633d08df768608d4786b1fc20c07d
SHA256de9154445dd0c1e36786ada948f9cde0860083ae27ba07b45beb9791dec3445b
SHA5120f478735e4e90e1f257e340b24ad18205370e664900048421e59d0f350e1e6d6a599aff7f4050070a009620a917ead425442ba5050a9c0307cba3459148b1899
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57867e54b862a3d2c1274c021fe064ed8
SHA105f68497eca87b64dc98a6ea16b3806530975f27
SHA2561fd925562108de889180a71e388df883855bf6428c5b3a5a03ebc8c23cc8c60f
SHA512920ee0cec805cb575755d536c96f5866d80b44eeac03dafb5332e81666a77464f8bb9a0bbd8cf63a33b741fdc707fd2217de2822f1a5bce58bb355eae4d6745d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55b0d8114605746c9638eb852967cb21a
SHA100f80df90c19f47b53a511b0c847e068c1d6299c
SHA25665d916915ca60ec0d708bbcb3e1556068c6c6e1179c8c9132b97e40f6cba0e17
SHA5128c7aaeb7efc3c3941edbd38b7f1a23ddb78d32dd7f751a34834791f7a97c6f00f764e7edfca771a719610389c440df10b0492bf9d8681a81d442f21271b8a0db
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b