Analysis
-
max time kernel
129s -
max time network
135s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
17-06-2024 07:55
Static task
static1
Behavioral task
behavioral1
Sample
b7807d0fccff441336cdeb646fc86a19_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
b7807d0fccff441336cdeb646fc86a19_JaffaCakes118.html
Resource
win10v2004-20240226-en
General
-
Target
b7807d0fccff441336cdeb646fc86a19_JaffaCakes118.html
-
Size
35KB
-
MD5
b7807d0fccff441336cdeb646fc86a19
-
SHA1
5945159f0544d48f7eace6bce0d9dbe28a56534d
-
SHA256
fe9c278d3b7081c193e463e3f6de049bc0684ba4ce79363b40c643bdbf9754ee
-
SHA512
312edab912d20634e71a315303a51c59506081e20037f76ff62ceee3c7b486a90732780ee4e26b53d20e64c9dd7a79205f643b63e8f710692331d62d0edd4a21
-
SSDEEP
768:9tyqiMNgUV89cGOExYlzs8wAJUFaGeqOeeZBOGWF+:/yqiMu8ExYlzs8wAJUFaGeqOeeZBOGW0
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EB9FF1A1-2C7E-11EF-AF9B-7E1039193522} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424772778" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1044 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1044 iexplore.exe 1044 iexplore.exe 3040 IEXPLORE.EXE 3040 IEXPLORE.EXE 3040 IEXPLORE.EXE 3040 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1044 wrote to memory of 3040 1044 iexplore.exe 28 PID 1044 wrote to memory of 3040 1044 iexplore.exe 28 PID 1044 wrote to memory of 3040 1044 iexplore.exe 28 PID 1044 wrote to memory of 3040 1044 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b7807d0fccff441336cdeb646fc86a19_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1044 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1044 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3040
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55d6d46dfdbce59046b971416ec90b992
SHA13c3cfbd0ccab22998f797c80c30ac07c2509ca6f
SHA2566cf29a493e5d89891166959a5472f1d191645c799ebec691587fdf9f2145dc93
SHA512b9037b91a66daba42d382a07172bd5958185c35b851dc7d8a059fa37d138ed4fe1672d6f9db6f8b6f7617c34bb14bbf32f42a69361e7ba8d6df12483b1f9b29f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5def692624487718a0bcb9bef9af00bc6
SHA10d8787199c1a9059acd9181244ba4bf3231c9da5
SHA256291d4a05a1f85b0c7b5ef941b53f1ec00e35c6ccfeda7dc53fcd824b69252c8e
SHA5121adcbf60880b09ab3bbe45c09f87f978dcccf87c2d68c178e2b0060219876afd6f5fa5a9fd7d530d589980e80a8b1f62fec428fb5cb4daaf3e30be08388ca8df
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b508d5f675f601c92a680859b6197696
SHA1494c6118ea0ed53b929feb4900a7305de7d9e658
SHA2561bbc11638b7e503a4ce6d0bb490794c81e3031e393751992047fc7cce73a1471
SHA512bfdf131b79fe4bd69f600dfd74ec3f325702c7f39f78a8f7a513b3516e83cf132fa2560bf0b6529a340550997fdc045e578819ebc297162eadd47a09ee4ba22c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5757133bef2064fdfec9e9862fcb90b3e
SHA141291ba48a394d24e0fb2a1d14fd7c1a7151637d
SHA256bd0cbc49a8e819900ff3167c40305047a09dd2322d1b28cb8a616f721b47fec3
SHA51275a35a37c9fc71e8f919d00951dc75735d0cf9588f26f3d330e6cdc2da8fefce8ea6b5cac355ddd030430dcbb5258a7ae059a8d50985d1637ad0d9a21a502bb0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50f6a0d23f0e8da0d378f71e7fd8ee520
SHA153500f5dfe7b0d35018cfdae5eba273aca3fadaa
SHA2564533b8cd02864cad277f265d96ac117bb401e954836665e589b58dd6a9bf1d11
SHA51298e9238632d36b7bb6482eaec9cb475bc75e39dcbf71ad9a5d9c39275bfba52a7a118f582c764ec25593210aa4cff9434c5609bd04ead4bc8e0b81c16e12211a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5421b574bb13886b0e68606c59cb4f305
SHA1739e94f9d90a2fc32ce84f7dd201e9bdbf6fdd85
SHA2563d2337bf74146a729c42d33548349ebd09e7c7acc2c7705fbca99f579ff4ac67
SHA51220e2c0d95e4a24cc0a382ac6c428191512bf5bb00e70b941fc19e0bb734cf16e5dfa091c4bce94eecc8eab8428cf3ae657b8d60fd30f0c3a0efefe54126ca193
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ce46e6152a43dbd6415dfbf5a4d7d1ac
SHA1aa4b8071e1119805f514dcb2828f4511b4e65c49
SHA256d2a6490302c5c194344f95cf472351e41bf3c74d57b85604675ba123fbeeedc1
SHA5124f849a29f32fdab1dfe941f86b7a0eb8a07b3d064141c0e89e78210a2f276b166384f519327afcfa730f2522905aefb9cc6b26992a3d4c6fe5d29aa260b57947
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e43b54de3530bec29efdeb98e820377b
SHA10244079ca3aad6473b40bfe3d6540b3783407fa5
SHA2563a1096d5a2b20cdc014861f00c28608eb6e8147d2a38cca073dd1e871ab2cda4
SHA5122f843ec940b1c5507e733855b6460199a3e6352565bcab07388d7aad689cf979358a989e52c7e6fc37154d2b6665a33e44e5cebf0cf3a32d600d2ddc690f5889
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b451559fdf5d5b8da1bf1e99f2fc5cff
SHA1bbe93d86ff97a5a672a0dfb2d44e1bde529b3c80
SHA25676a948c56489802f79c84e15f8b7f2b2efd36f793b0f1e79aa60eafd37d903cd
SHA51259aeca2184533739a0032978190f4d49af1dd6843343a983174ef2b904c042b79129bb5528a0bfe8c73d753130d243011b988ea8909688618ac0539bf480ecbe
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ccdfb3ab88708a02f7d80feb1e068bfe
SHA12cd19a3d59a400d3b8d3d9af08e0ef229b09a76f
SHA2569a4e8f902fd7053fa52a59285c7a625a697881aae3df5a771fbeb179bec54dfc
SHA51291b76ff63d80badb54ca2ed936d012db0fbd9f3e566747282e861ef20a547ec847a73a60a340691930942fb319ab7265d3b5dfd7f3481eeaa70fe738f67c52c3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b562b27c7d44e6f27832e575d15936eb
SHA1ab65a99c305db912b5cfc2227b39012b55ef9fbd
SHA2561769d667edfd2949bc4778068ca67b2c1f8fb2a1653bbbfad2803dfecbd5c0be
SHA512549e8b9a72c3a4f3d6438e5073d412ee62a964b41c480fb98c7b196e97fe646c372aa62ff64440d3ff0eb0af612151c05b8026449720e3bbba294d82139edb7f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5009131f40e0c77dba4d63acf8213d89d
SHA170a789907630e49de2aea10f764589bc7282c713
SHA256eb3e51ad54e85ab8f0111c356ff50b5bdd4dc053af2c896df8ffb5e651680ab0
SHA51253adaf4f0fc00d540bc8c6909cb1395f612be4670590f41cfbf1853bd56989a2143df1add0dae429e7f682cffa7b37d8739c59dad1f451162f7101165e1bb86c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b93f1ca66598bfed1cb6c6ab25f78827
SHA178988ff935eb99a14fb1af2f7491769b1b5554e5
SHA256cab9f46b6d20d5aa2442e1997e8d145a66cd05aba41d1287b633f601d46e5f27
SHA5129cadb7a2389ac0ef8331806835f0ccd10de7f2659913835834bffc33c67fc1af95b007e42cbde473e0709ad75adbb9fa8c4d0d3fab3e8330c4cef80e2090009e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bdea0e1510d43467094fdd439861a07a
SHA165836df78a058180e21d69237247860fd5b6acc3
SHA256310431b1b7ea7f2f9856c036c071a037bcbcc44ce39d94db41479779b0cc3d9b
SHA5123fe61fd8c01515b6fd7b3cbaf4a275de1191dd63304030c51d108ba133efe4b0450d20e44e1cf239763606469c97c72529ca51f0bbe7a57d5a8afed9eac06bbb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5df80b2d04a36e36b2f975f0297b1aa0a
SHA1eeecca2885c2a117a9486960da060eab31bb53d2
SHA25634fce517f3b86275e81213b86ae4b2d46b76d21b27f1c389c13751f5589662d0
SHA512b9397f498cb7f9e256e412fbfe465e29fb793b940e0aac625aff9b75c5eefd28ec73eb0d4965986ee134ac695c4e656cb817d313c359e3dbf1475664b9bc3359
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f9f15dbf67095cd38b5ef13bd99d9e18
SHA1ee60782259c692a38bfe599d1d8609ab8e311a1c
SHA256c424bac205f0352d9400d111a9d67a0701d11507f1cd40d50a9b96a74015ad6a
SHA5126f2148bb422a766519d83f880a333c7c9a839ebe077745509f9a0370030022cfe5a076fa75a64e3425ddc8bb3e22c6417520da8b5e3156144543ffe68e4bbf88
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD513bebb445b20ed03087d4764f880995a
SHA1b86410ba12b89225abd21a272f9307cd9e1700cb
SHA25635820a50bb0ca3733f8262cb742de380b5707a92fd6b3c6a6d68e34838d9b7ad
SHA51256b6ecaca5c1f578ac4f702c6eb2c15b7803e54779882672ebb214b4445a06b798d04a50f122ea9b26f7431cf8e08b3e2423306a46a1175f309b137a5d4b2fa0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5602cc2ebaa555d7f5812a6a129feeb1c
SHA17ac0876ec7e5d62bb5ecde9ef458d59a25ad7c62
SHA256c44bf774a5b6552a5318c414d7a0d71eb3e4e111a91ca2d95dcc54ad10479cd2
SHA512d2aa316a8545481402997bab3532666893b837121a7498aa7011857a1185dfc3a31cb1c4cea2a9351768fd3e70e5e8fc7acdd9bfc68be9b90d8b44e8010a16d5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53558a361159823a5c292ac85b242d0a2
SHA1a3460225fad5eb492d802243abc0dab051448458
SHA256fcb33a1846f63452d4eb860dd9d226a023558c8da9bdf1d248aa975e5d465b6c
SHA5125ed602338a2a72b19a752315a241225fbed8ff205a711c3e18e4282019578e820256928ae062c19ac663c9e98797dc4b7e4db933d198c69cf449bb2905f1a5ac
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50fea6d08ab20d20420f749ac15c9a06f
SHA12ad14fa24a0daa74e30c3f807268af6259da6897
SHA256fc9b865eecfffda0c707ea0c3c82bdcc7aacebb802275d17f5a4f0f7e458c555
SHA512368dbedf110ddc596fe023340752660df5edf504a76d5f75944ca068788030c730684f44fb1fa6d6c9b2bc2a93374f5cd48f41b551816575e0c191787d3265da
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f55b286f23cf565680c889acc0cffc6f
SHA1f1a6418d4bf2ae4ae69e7bdbcdbd816685e78234
SHA256af84525ce01b2d972bfcaccb2c78ed1b03b88a3a58b127766035c886a3e9d56e
SHA512ff81cf6595dc5f21b0745c9c05c884c6bfb0942e301b182f09555d0036e34aeb680b52bd0de0ebc00cfe2de4725ad0758199d0e66eda0d73ed5b8d1ab553e47a
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b