Analysis
-
max time kernel
134s -
max time network
131s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
27-06-2024 20:50
Static task
static1
Behavioral task
behavioral1
Sample
1779dc957467fe97d6fe2f1465da4d2a_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1779dc957467fe97d6fe2f1465da4d2a_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
1779dc957467fe97d6fe2f1465da4d2a_JaffaCakes118.html
-
Size
15KB
-
MD5
1779dc957467fe97d6fe2f1465da4d2a
-
SHA1
671b9cfefb36898e0ded2965b8176c91eafa1149
-
SHA256
4979bdb9974766ee1b1a971eb6b4a6556808ad7ce46a58ecd1d8f4a33f0fb369
-
SHA512
72d16dd0f20afaaf94d51dd238e1b22dc3d788536f3729afc4cef0ec2fc8f40ee7c6feb6852aa2c8c103e10177fb01e230a9ce0f11944c3f5ba2f78dca37dcd6
-
SSDEEP
192:5s3L/3J9K2/KG8sQse36M7ROOrOHnYihaXuayVyI8Kh4m2kHR:5I/ZdzQse36SOOiHRhaXlyVyI8YhPHR
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0c576b7d3c8da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425683296" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000089776e673964844785de67696301b4f900000000020000000000106600000001000020000000930568339a220cc1014c7284044b3a1e72193e9fe916be476c3efc096bc96963000000000e80000000020000200000003ceade122888d7ddae0a7ebbda366dd131084d255f650da0b63c4cfe84b36b9c200000000bf170f35eac6567c59ba4111ced873133e03fdff8a5f2e4459a67b4414490f5400000003cd9607c0ed937e33cdd47c14c2fb197abeb051cb973b4fb919124dfeec7e3774deb5c397073192ddf9f539f578659161998b59ffe414bb8fb667595d54969d9 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E2C5F5C1-34C6-11EF-93CC-729E5AF85804} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000089776e673964844785de67696301b4f900000000020000000000106600000001000020000000401d856d4dde867fd9e59940af9e11dcbaba2d064b74d466221693667e54d657000000000e8000000002000020000000385b30220b757afef17297625f348651a7941d1eedf47cba901ba98d84274c3c900000004d2075e5dab99dd3bec136ad7003d5ba8112d30d691e97bed9163fbf81a9fc5ebca8ac46883f9b613707b2ad968f56e8db43ba4fce5749305994a057903d819ceb7a62aad5e2a2f2113f572be82b7205503efcfb9955dff54c48f9b280913cd5c4a2d2d0956f47919d05717568c6b4d7db932d98d58136aab2c77de1a859e7712465a32648f683788a540fb0704deaa5400000001cd8d02b1491a21bf3fdfda9dec2ee71b141ca5ba78d40d171bba86b8f6eb4d99ba9be9b56dbbc13dbfda42f21665c8163d0d68e5c651d3e3cb7a4f2f3cc7874 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 360 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 360 iexplore.exe 360 iexplore.exe 1720 IEXPLORE.EXE 1720 IEXPLORE.EXE 1720 IEXPLORE.EXE 1720 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 360 wrote to memory of 1720 360 iexplore.exe 28 PID 360 wrote to memory of 1720 360 iexplore.exe 28 PID 360 wrote to memory of 1720 360 iexplore.exe 28 PID 360 wrote to memory of 1720 360 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1779dc957467fe97d6fe2f1465da4d2a_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:360 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:360 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1720
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55928218ede252dbf9ddd56573f9b1bf8
SHA16357e09d9d6177f7617549d4fa4d71fc266a696e
SHA256814d19e9e31959db24779556abeab42c8563a7f67845c81a82f7aefb3f83cacc
SHA5121cdd62f19a886037f38a2c6a161e2295f51eb7c3aa3826a6ec15405dcbb62398d33f70bc660a1dbea7f14275895238fdc5e57c45abb56cbb78871cd64a8803d5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5484f8b8bb3c62268c6d910ee48a58dd9
SHA13fa828bb34f26f651fd67389367b13e998e87434
SHA256cd1514643023cf3f915d0c24e98b4fc6bcb142a1ebfc1559af4d4ecc98649646
SHA51270db172110e194e17bd9337ffeffc04d08b74816715db5265158103a2d5dd585bd3232b9f032d3d0e384c067066d0cf40348219e819a26c3369e8f8f03046c16
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c194d26c1afde121b84b407877312b17
SHA1c66bd78bd47a3454d88140a9f0dad521682808e8
SHA256cadb430778b845f8ef2257deb4ab3929975d3836738b7bd576911b0e6f43dfbd
SHA5128a9c0704cb8fa6bc2bc8b87a3f8269cd0713ce4a8c655128e48bbaef9c1a46a39c84c9b9989656904664389529e249e0c76a2db7b6ac67c7357e12b21275a9ad
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e725b6c7cc2239a692ede30a58cc7d29
SHA1a5952427bf358e2f1a5639a60941a3a5af577b53
SHA2569aa766952605e295936e592bdcde8f9c7f89a77eb5392ec23f34258f3de7b433
SHA512e15c3f69da8c8672ce5e6f45a3de082ddce84a2065a0bc69345edafa162897d8c4b3b5a1af4ba0aaa071b4c0a63b32d9ce64bb68dd0cc1ff43962a685d8e0fcc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD571d42c38d3fcd32600404f7a4b743556
SHA169af51e03dd443b18f46d9b37bbdd14a8f97106a
SHA2565d93218b990cc796ae31e460eb33684817556dff50511e67ca0dd24a9d86f1c4
SHA5122cb7883b89766f760e80d152039f64526b0e84bce67b49a1648eeb6c672bfa929832a30e2e3fd7afbbd22465d86e6ba6cb809a1d649ef13b46cea675f40b3b6f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD560f881da94050b5c991fb956840cf0f2
SHA1ff7e768f8ab09aedce191a3ac9b6652a1400e5ad
SHA2563264ba70c74580bd3d2b23cb77f2af6eba863a156206e68ddf24237a3f7a2802
SHA512fd167c2913727c2e3bdc587f80b5d7b8a8d39da97330f44b118e84912bab3eeb1b6cdd9448af1ab2299e7a335a4c818e2cb9ad17e8fe9fe2ca4aac2133e460d3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55830fe640ef2ea5141c5b6be539ea045
SHA17acaaf5c03df61af50845ee3d5ecba16eca7a489
SHA256c3d6bac4bfe744028e2b339fd3e7cc28c9eb7d773c6d56646ef3f2112df15d82
SHA512fc731d86aae2413639ff5c27effc6526f203b9b84b2432b033442b2a05c2f828f15853ef36d4b259ed3ae241d5d7b7f8c94a0a0dcbde545d8c641675e90606f7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5335341e5f7d648ed6426c543c9bf7ae3
SHA1ff9a916479522e2631211ede8c81fd0b2e6e7271
SHA2560602739d6c077b23aa6ea3cf30c3ea392c78de3517c561cca0b372295e83f9d8
SHA51244612b64353b5df6868c3d017fa23cd09bdc135fb379f6fb173733197bfe693f7dc2fe22c41cf290190faa6b79a624f56e5b73481a1ef93d7223bbc6cf609369
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fc800f46e9da205c8ac5c4f8e428d1cc
SHA15be9e4021d2e852394aec54feb904f3874cb563c
SHA256c2b7753f3e98367b5098e7826738745f1ea7dc54c904c515778afb0c295d3675
SHA51244d9870c603a912eebf5dd325647d5ae7685036dd971d93219ef93d3c63d4973b982a0afbe4d25541e80ad085f609cb4ff3f9f89517f2f6b05f8a35d0b77d620
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a004ba45166425a32c8eccb1251d8a26
SHA1a4de1c9f6d66c62647f1a548f7eeb5ed6ca8c43f
SHA256646f4ba93a4e39701007b36ef72baafe6fbe86c6407f612452045e4fca880845
SHA512ca65bd067d9f7288944684ff01b77cf09250d61c3551992db77d3da6ca323f0a42efdf8cba38b69b0c0c88d0b494432c0b84f6fa0b207311a4fe255b00d69fd6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD549b7f2bd5a053427335f9e3a0f92c6f5
SHA1e16c22f5c250094877cb241f10fd871c57d00f99
SHA2566a0da99d0d4aff1bc20eac1bd29a63849638b9081e55d8b5e1431364255fc3e5
SHA512bb0a2a20216dd8a8907e2711051681e4a75b7ffa95352c23f34675ebfc35041307e19b576f9551dd539f24cb88e41c58f86fbc28b2921f3e49cc9f348df8813f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dd78b68ddf390860b5f722acccfce9f5
SHA1ecdcd8d6637ced6fe0da74b0a943e92e84f1cfda
SHA25625c2278cecbaa081a461a151584efb3dd315fdac8599f9612163a1e0d96ad5af
SHA51296769ea28219432e26b8a679f9c0fc9330e03b896193b705b636fce92578875e234fcf2338a0d754d81ffe11a9c1d68744452e703e82109831d8ec1f3b47ceac
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ec1a92792be5799fceebb7fd11964ad4
SHA175cc823cff78032fbc1bd203faeec0913f03d97c
SHA2566a92f7b0ab64669387ea488eb5e9dae84d01fb5a0bf1bc8f0c90e099feb81b7f
SHA51208ef29bae6b5c9fe12da84b9c8ee735ad62a02daeadad105f811201b08328ae31b35f1097c08d00caab0cb3de7e62edfd2fe611d8cc0f844445f05ca1a3c05be
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD533b133d29f09e81212f2d41e60888919
SHA12a43ba9cfe1ca400a001e6c2f4c5f5e7119ad7ec
SHA256163627289081b47092a458f0c62ad35dce33ab4f5c7385b1d1b62aa0a49cbbcc
SHA5122504d73259ae7803204a5d88ac0976b11a5e604cf19d318136995df07cdc5a3935aa44c115e587ca295c085fba85c3cf01320146caa556e231d43779d2d393cc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5604e5dac31d46bc99de2276cc18a0e22
SHA1b3e91cd55671fe04077f731cdc0f7e73b60fcbd0
SHA25672bac89fabaa48442fedac6cc91356656f419362d9f2a2ce942d145dcab7164f
SHA5122e9e3f2bdf54c39ab98105b7ca90c43bb8a4bc71f7c1b7caeebbaa3d08f132d78401d9335186bc95affeb563ed58e3b75e7c685d37caf03f7f03b3fd42c65bf1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5201ef0966f051adef0a8784b8c9f2221
SHA1ad17ee470dfdc0a95e4a7189e6d11345947d2da4
SHA256a4b9766e14bcb166c0e08ef8acf8a71a88de8bd60b08ef99fad858b8b6e08663
SHA5129c91f208a758c38cbafc514db6113c18c54f8781db7a9fdea636e4d259e437ad64a2225dd214456a2a0f7e93cab172cce36229f67fd913f7bc2bcb1ae64a7b66
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD586dad68259124985b3a1fb5252edd6a7
SHA153643d76bec5c510e31fc040022f3f5e14cbe8a4
SHA256e422ef6d36f7283d31482849b20a53cc164da78f04a409e456478ebcec8dcd91
SHA512304b3e85dda10237fc0abc1c2c293fe0220b3e994f83c9f8d3dfc2ed059d620c0bfc702d7cd99a431fa4dd1c62443af368418e3b371df27b7ab49acdbcdd7452
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53f949200ebe1d5cb8ff68006c539a30a
SHA1e81f0759aea70fee9e1ff66aaf101ea8228f3544
SHA256e3a0f101dd0dd02591221ab4779ee82644b269491e8763fc414365f674f0244d
SHA512cbd80ca2906020f8384230dc2c7055520036baf0a233a6ce2d8f310c21cf95db1702528bffacd88ba9302fc5226c0553d3e6ffb9ef92a7dd67da6b39224d05af
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b