Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
16-06-2024 10:16
Static task
static1
Behavioral task
behavioral1
Sample
b2fa9bc135c23c10be2ac726d132d3c7_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
b2fa9bc135c23c10be2ac726d132d3c7_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
b2fa9bc135c23c10be2ac726d132d3c7_JaffaCakes118.html
-
Size
143KB
-
MD5
b2fa9bc135c23c10be2ac726d132d3c7
-
SHA1
286923cb4d5cfd013127908a020d4a9fa9a2896f
-
SHA256
06bf352a3fa859da50d5bd692bc896a08e392b9a6d4bf13b8505796a2bad43ac
-
SHA512
9212ff682dd5f29e49f622de86b969297c9ebcfdf7d1c5af195cc76884909417741769bf3299d92ad6d7014a466b52a81183966149e5d7b6751c3b62913ed17d
-
SSDEEP
3072:Swiufww9U+x7dyfkMY+BES09JXAnyrZalI+YQ:SwiuoZ+x7osMYod+X3oI+YQ
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424694844" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{776A0381-2BC9-11EF-9A72-56DE4A60B18F} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2184 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2184 iexplore.exe 2184 iexplore.exe 2080 IEXPLORE.EXE 2080 IEXPLORE.EXE 2080 IEXPLORE.EXE 2080 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2184 wrote to memory of 2080 2184 iexplore.exe 28 PID 2184 wrote to memory of 2080 2184 iexplore.exe 28 PID 2184 wrote to memory of 2080 2184 iexplore.exe 28 PID 2184 wrote to memory of 2080 2184 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b2fa9bc135c23c10be2ac726d132d3c7_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2184 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2184 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2080
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bd6032cf7c1368d8c5799a0ce2c67bc2
SHA13f489231cc88d268e33ae2cf92556f4e5ea9a456
SHA25696aa0d72bd1150f1f6e2974ad4e20f65eefd18701962407b91a3bf9a8f310cc8
SHA5124861d64f10f312a9f2a5f72752408cf28849971846fe30a575522b0ac67e0b46479e38771a89d3dc63cc51e26a32bfd74620446b7072070747bb21cd0f9bd472
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f2c6325b902fceb18c8eb9b7d597ac17
SHA18fe3a02e90c24697c60d862fd1332d2cf43fd8cc
SHA25696a2ce12aeef6f559199ccaa7b3a66438777b42c64cc3ed2b1e73c270db06272
SHA5126d4a4e4f5224860f150db58ef382e1dfba0f2ddb1028c81a1568e830c5c5a2ff85b72843a463f6f7c1fd1a397b9ab35d0b957703527db1cd1eb96a4e2fe49faf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5deff117f32a03753f03de96e18d4d634
SHA126507615f5cca554a3bd48315700c7126535eb9e
SHA256479666fbb9ba975cf69696149f36d941ab3880fe276bd775dff63bfde0557524
SHA51262a2a4415b1d80ad725de1fd0ea78ce32cf80601a9db079720eb86a8d2f2ce85e517ad600a62592f7bf49c1413981cce33ee8b5f22e34133854c45e992825632
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD506bf440276e2048d66b9f816ebe20280
SHA127417c1ad8a0b13c3b301879509d639b90583489
SHA256668fbf184309a9a93f61859d8c62293b00ccf81b3c87015a6f1f579b4f8d3460
SHA51244762a5fa86bc6596deef654b83eb3990b262ae322c013dc4fdd561112b9d0c97573ad63e5b3b31465333041e40af4132e3056c56c55870a172606ec5117ccc5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51a8061a0878ad20c50b0c6084270dc8a
SHA1985ad2b585e6b195faefa51294f04c1a79261d20
SHA256173f751755bd3fe93d69e552a94be220e498a717a189becc103437267b33bf3b
SHA5129d14cd504d977798df4fe0f8753b44926a260cf765a6c512d2fdfae7d6f179fdd8503987a2f4c373ea89a6a4f1ec4497999a111d0918daee5a9666898bf3160a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5eb4f50f530bba6a11b5cd266c32991c4
SHA1eee1d4da5603d3361e466a1f682198e7bd20b281
SHA256cca2f67fbfd34ece76008d2cb574b8ff275a7aadb9c6bf906acd1b05a00dbaa9
SHA5120ae2bae6f2dd6c57080d10b87c0b2a45217ede8f864238943120cb0b38c23de5ecf82f03eeae84c488ad2a1e5ceb7c824ac687912905bec60425849f8c1bdc2b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD534d22ef66a7752e00278f9cb8dc9af48
SHA1755bf34d28bc244168d44c029e892036bed825fd
SHA256436680da121cb74ada8ca5c3e428e98b50480619ed109b4b0ac92c561485e16f
SHA5129b71cb312d966f333894d0fd40f506f510a8030027f42ee25f916b6cba6c284e6f280f36b6b3478a91b1a54cdc2c87830faa421707a0a648645112bdf22192c6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5acb72e6b1a0a17a2d7e18cb6bd5b5af1
SHA1419cdef36761e2df1ff5219861a04484baba5750
SHA2569d1bec59ea80e66805ee7f7a1c1f01db0daeec0cb13977c11196e0b082260b59
SHA5123bcf1b0614a8310f9af227b880e8bf0fb268ff4ac1e6b232d6fdfeb6504f337df077dac9caf7c2da5fb359fa2dfeffe332255a0f24b027ccf43e37f15e8a50ec
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d76aa463217beb5a1823c2aeae90ce04
SHA1ccdb618d6d5fa48c8ff1cb0c1a7646f9fe8b3981
SHA256c2d5a9f01dd3aee4b4bbcf158a63972c8d7dc3236d3f78510b1eaf1834ba973d
SHA512adc3f76ebcfe4362ce5bdf06ae138ac1dcd25db07e58ead37a77dc17c84829c091e67255d04da24ec421ff0d22779ff1f98ee7b7ccdacf74a6624b2b16def92f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5db0932cd0b74b39e76df81e6f8477c56
SHA1151e6714aa5a82dcbffd22345ea352708f7f357d
SHA25688c436598283f779bcbfc67594a016fceedcaadd9a038509ae76dc109b6585a3
SHA512b5c7c89c02a8a9c0f2cd22abf421bcf113f08b6d697b70b683e3fb5b7553b4f8c6022a81c5153d05632ad4ad2cd442571286f449e4a2d7810872247cb37ffb7e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5639f7b58399e4e5d710d3bd4a64e26f2
SHA1b5dd9e1f2b1c234c96ee9960a36f9e4f943e794e
SHA256b549c222ee1286b0373cba210ec6fca1480822c96fc7b1a75493de80e2da30f0
SHA51239b90f509f696835f2a29a40f8163f90f8a76818aa2bdc1d3e5366f098d3ba2a0d80497b1d568ae1c5ddc0a934288fd63bd7f8366ff198fe9205983182c42384
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fe6e0aef03a70fce39efc3cff17a0c77
SHA1b215ffdffbd1d6b69f1e5360d04346fa8cf9597b
SHA2561c665ac5549adb38493d84314e919179b824f051b0c6d891dc3a10672ef159be
SHA512f2e3358b4f505b0075dc8d756ad56a595ddaa46fbb0a26e5dc5eeb61811d14672f9f1a64eda60d469c5cca274849dcd4fa1b9a17db81f4d6fd2c4ccc8659f012
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD536067837c8b6e40f079d95a0b5fb48ad
SHA13da4e599f4780f73c3a03db2640519948f3d9047
SHA25606ca6b9a9e4c4c29bdfa36168b3f94f3a710417455425fec8379d46cf18a9d2a
SHA512f7f633e9cf1776891078efe455740dbcd2e00b3448102251fc13b9e26f7242bfac706f800ffbd1485f5d8fc1c34be8f204b7f0b8c24674c92b9639dcfdbb7a94
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a820196497d69c0c379524fe30bc857d
SHA16f075ba341fda2b5ca536d4abeacca396589602c
SHA256c934b8bad3aa7cc62400337d5c81d86e79870883b464adcda7cdcd1561ab6c99
SHA512da8ea7efa016e1d8ca47fddab92f42133ec1d7db8e74e2674b05df7eff3f9ec8b3b88af9d7c7f3a9623435646d42f064df6dda797a08eef12b227729f1ae14c1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59e08722141508b400093f06955c1d51e
SHA1c45150fe36e6f4deadda769f6314c780b388acec
SHA25614db9aec8c9ae280d21cda60a0a9af8d1a6eb3f81692679e56c20b55dcef99d5
SHA512a4846add9700cd20d9716859afc25e457228a1db8ab3194fb30a2993249b19d5e7df1334b607952ea3b38563b81e29887902c01fa31f9f9a67ce090816169aa5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD518c765628d0e2715b0354c908451ad69
SHA10b28e4eac95142ed725f20c27a54672a45458103
SHA25616825e3b526da789d527d2bc9cb09407d3ec2838af15a1785b654fbf1f1c719f
SHA5126989d7efd0bf7a07a19280ead41ff32a9be3ef6f89a3986f39c2ef4ef59cc43ddbf098ed9f8d676e7950f76ff4ae3afcc5637292a26aae2420a52a7a14f69b30
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD575d443c4b478afd01ed8e954b472e9b5
SHA1e16db72a1208be7adc53a2e870119d11bc1efebb
SHA256357b20968171ad0e6db1402f488e055cdf83e0e8b95e755b0eaa89092bcfcb83
SHA512ff2a0147c14fe8339bf29db0894206ff9d8f28b44f19316cd34b7d917e3132225a54879e4f0010d4756a466fc3d03a4cd0f2c066d7d48fbf5aa32b0b3f4075a7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD513bf3311bcfa734bfbfb826f41d36f2f
SHA1cf3e32ea5e702e31dca90d50969c64223833325d
SHA256f1e060a954298d497a8b51228339ce295601d1b6c00e10f328acd46e5f8a0446
SHA512f70203ab9ae10e276240dab407ed72568ef3f1c993773ab9ea99d3da263700d0b7560de87b281f0680af9d39b4074e08223bdada0c51bdebe93b63f628da21f6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a0ea8770fce8f8364cdec3f4d7b59d7e
SHA1ca6fb1a20255165ee1abdf107e2ed8a71959c8c3
SHA25679deb77a55bb6c4d2c6be0c3a599b243937bb911997ea31e40eec7d9c3ae6ddd
SHA5125a3d1539f58767b14a76345d4dfaba6fde8d16a2c5f4b95374e84574f0a5509f747ac2a1cc5b57cc04037230f022403787fac2b607420a413ac09c8aa97ebe59
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b