Analysis
-
max time kernel
133s -
max time network
133s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
01-07-2024 20:55
Static task
static1
Behavioral task
behavioral1
Sample
1c773ff46c61f5cf27fc6dd665a5b255_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
1c773ff46c61f5cf27fc6dd665a5b255_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
1c773ff46c61f5cf27fc6dd665a5b255_JaffaCakes118.html
-
Size
53KB
-
MD5
1c773ff46c61f5cf27fc6dd665a5b255
-
SHA1
5e7e4e682c2f8f81b58dd2eb66a3b3d90ec2fb01
-
SHA256
1d891821280cf4dad7fa18cf546de38cf773e248435323df1788bc43d37dec85
-
SHA512
80c29c8b8cd48a8f9584bc8af674ba4155fa8238562118148fe0f2c6e372b8e4384704f2538e01caab1ff5f7bb43bd12bb59c8d41ffb7faebfe2ad8c4e07af9e
-
SSDEEP
1536:CkgUiIakTqGivi+PyUK5runlYK63Nj+q5VyvR0w2AzTICbbGof/t9M/dNwIUEDmD:CkgUiIakTqGivi+PyUYrunlYK63Nj+qM
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a230000000002000000000010660000000100002000000093ffeef5f5b3caa09a0694e04a0bbc15f270868b12ea1c6d72bf09b59a74e8f6000000000e800000000200002000000019c692d7b3a9aa156438ca77f01661cfee1732d527914c1f15a4d6e44479650e20000000d7cb0bc01964eef9b94bc0ad9f36a4cdfc5ba8015f09248b6c21d42a347df0b640000000bdbc2d7d8a58587058ae555f740b3c782abcbf1be37f9eb7844c04762fc85f742d51db2a6f25c46c67b4af4245e3607452fdbcdf2bb730d0d3e6ade00dac3ddf iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426030453" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2D0B7DF1-37EF-11EF-B97B-5630532AF2EE} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0d91704fccbda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a23000000000200000000001066000000010000200000006f05c94f00155ea7089ae1876c63ea6ce6a0787b2fd2c4483f434d4432f954c8000000000e8000000002000020000000f572363a3a1266384a3f633ed1aac9bd48a41f0dcd4a4837944bd4cd82fac839900000003bd32557c8fcd655c4f2f261d09498bbb963526ee0e252026be0da015ea3096e87927397f1841a4ebba250b367a02da9573cbcbaedc0c115bc87f8acdc619ca82e08426351e5a9ed940c2f96be296cf795311ea4a379a5ce5d1af9de8b28bd8e3a00d08e8787143abcf8a5e264d8e9bcc9690989a4753c732eb48eb684723a0c5f2a71e176bd2e53fbf75e8f5b21009c40000000da4865abe9117e165ae47e1e4c7dfac4775c9c82f6bd6e1dbb61c71c1b27ed3d690baf7e0e41d1f36fc0160128add9dd5eae643af562c90165a6278a4964e1ab iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2188 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2188 iexplore.exe 2188 iexplore.exe 2184 IEXPLORE.EXE 2184 IEXPLORE.EXE 2184 IEXPLORE.EXE 2184 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2188 wrote to memory of 2184 2188 iexplore.exe 28 PID 2188 wrote to memory of 2184 2188 iexplore.exe 28 PID 2188 wrote to memory of 2184 2188 iexplore.exe 28 PID 2188 wrote to memory of 2184 2188 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1c773ff46c61f5cf27fc6dd665a5b255_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2188 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2188 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2184
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53d867c91c5f9c579bcd926999bb79121
SHA15910c89fd1e34e4fb78788ba0c630df712fd244a
SHA256aab1e53c30a8f3f6e16b02202ce4baff40a286395e2107258cdd02596a5dac18
SHA512825a4790dfb6cc53c1ab8a1b353c3e36eae59dd9996b33a680e06b6bf2fcf85c0de510a2fa12691e282b421437c074e89e293bf85567069996c3b41c90340351
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5273abb7f65f45b624655ab9f7c48c39c
SHA105a74c49e7627a1aed26e0f68ed5ee57b823dc58
SHA25607c3a32f2b1dfb7052e15d672aa3d37176536d6e3809d660066c10a7c7867623
SHA512f3cc7b927b8b7dfb1df9f9dc4a1cef50dba18b7c7221adf89905b749d0c1ff208ea07922a4cc1ea976bc58381c16b41b4422e4e25874da5c7e520d318746dbf6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58259c78690f05f62eb0262c0e8dbd88f
SHA16385de2bd7820f712e340ef0ca99e611ad3da386
SHA256bbe4f6c5d58110c989ea33d5236baf001262e734af591f9e4da8ec2f83b7ac25
SHA5121a1986f7cc768c1c5da77aa5030d517e8cf4d2cb86a7f2cff21f8f7cd74b7ec18d10a3d80fef284d57f9ede7fd867c530f5dd42fc0c9592d6ff1df021e505bbd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50d726fa412ed87251d18fecbb1a48fc1
SHA1bc88a5f264f424594b80289971fa3ce9eb6f7a10
SHA256a10efc7a940bfc74de69ec64593a1ade2ea363aa597c91df1dfae5fa3eb75a52
SHA51223425dbf4d38278315d4d017e737c5b4b5952f71e13b35b162ab86cfe0987d2fec0a988dfa7fbcf1b6785f70aa17f91f1fa723f1b5264d5c2802ae23427e1565
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5617160d92f98649f3e3da500cc83fc52
SHA1a5e2ed9cc7d6e7ca0562f44cd62c6be96bee3f67
SHA256d3e4ed7c741cadd6d96a85fe52ff5635dffd532605c4844746a0a01922aa4aa1
SHA512c04da2f3b5afabcfe5b8eec7a0f280afd57575d87708e7134482c713df162e3d4152a13c0c925a7997e5527c8d80ee68b043fe61ead17a552f8912fa62a6e0a9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e99a5d066d9831c413143f5d6d671101
SHA1fd9eb16a7d8736cf295d03763d4656587de95805
SHA256579716f5eab11cb65c7f7ef228a975ee8537a293241030347ddb486b0ae3a044
SHA5126ebd60e5ab48fbf7e1b2345d8e809b562f936875477154de0aa45e3ed35388549b1d3c710b71490e1c9df1f3363c717e283130f0c433692738f143d3eb9f9726
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57463a6410cfd3ab3dc7b7ec833dcf638
SHA1bfe73575eae1f2abb60b116306ea5232e0460093
SHA2564957bad232d5f914f13fdadf6bfde60c852d27f96ab72dbad7657e76f13e3590
SHA5125ce5a098af2dab06e9257c7c65abfdc7c6c25879207be4af54f42cdd71d1e922dc4642a833e3ca5bb6f787842a56935cc12f2d602b1ab1afd213ef603f7273ea
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a45867d9fb21b627fca1f8cd1d503e3b
SHA1ffa946b0cb13ebc25a734559005ed996dbad50ed
SHA256983ebb2b774261b75a7715d840a68af32d19dec8d9ea93bd6b88d837710d3528
SHA512a83397c3d3128f42ba2dec058e998c21fae9ea51eb6872ec54890c5a13658f172575efb1ebd2f13af1e4bb360564ca9a98afd51f3754fbddcee86fdd696096e2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cfb6351b59c068c51cee3aacf006ba4a
SHA151d530ad76a283b4927f29a84e37927288eb8601
SHA256ae7882a98567b60185ac6ca9f0b3522b99cc4ed0f867d3e0d10c85c353c069fb
SHA51272e72a9fb556ca06c129349b98a9e59baea41f516486b81ae2b1c3162d94ebda9dbecf8a398227e6ea3a728beeafa23213d08f1fa4a52f4679df71e0ebd83d3b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58cdc8a43bc3d6b5b4ac3d273a0c56ff7
SHA10acb0ee5d4407862f8fca9753826bc9bae444b99
SHA2569c313b070c2cfe51cbeb0dc91b5642c264da7edc0ad43ac23d73c103c74ca16c
SHA5124f40734d716eddd5d38f66839ea56e8d608dbf48f26a94bddce6a5568c4cce3ab11783a255461a8bbd58b0e27843641169fda39136e8d1b91acd224ff4c0016a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5130427e0ed2c151cec3e9c7008f3ac8a
SHA1c52c914be90bab38c5c009f97aeae7a94ef24e75
SHA2565131af639692577cafddf42d49a502cfd73727115bf2df9d13d67d4143abab20
SHA512caf1149ad74331b2cd950c1847385033913acbca6e8654f20c955159d3cfe017b0ae03076b0b894a674ba3bd963f6ba035de3915d57e1562fdaaf98eb75fa4b3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54537ef80f6b534b7605b4885258017eb
SHA1710d520a84b7e5fc7e95177ad45704d6ddc0658d
SHA256362db3294865b7223e9eb0b993b95963295c38ed011d0c42c860cce3fa6a57d3
SHA512f39e55ce030bc22cb14c947e4139d1a470c41c11ccbb5f8a52aaa45676fe2270e3fe49a32c72d97260b81c10cb70f629d2b18361af96cbe283aebcdd2261d793
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e79f731e3a6168f95e6c8742ce9e136f
SHA1a3c662cf5927dcffa8c7a37fcfc5061481075dfc
SHA25630fb177b3dd31d2a4e4515794c300d6ab4636ba1c0a910c3e30c265d113021ba
SHA5122c84dffdf6b61e79fc97098eeaf79f8017c21696a22dabfcaecd74fcd546b35c7860fb1c8bf47066e036f5b7b27217cb60e716cee1b6690af75c394f94c1a8aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e8e8eecd7259323a8f2fef5165f265e4
SHA15cdeb891eed151fa313020b9456f49dca75fcb39
SHA2569a2b37566f26f07bf6d851ad6e0f6050f555225d89c44fecc83386bf132219bd
SHA5125aea585bf4917ec16730cfc5b130b7f4c0ce8a4df858819849c6c056414f466e2dc53cb4d7a61b6d3c08efcea88a3a5c358ae2dcfa1e3ba3cb8db39f49f9dcab
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2XHJXO3H\glossar-js[1].htm
Filesize706B
MD567f3a5933c17b3ab044826d3927d0ba9
SHA15957076d09bacaa6db8ddc832b4fd87ed8f05f8a
SHA25697e800f4836b7030dd58fe6296294b7ff5ef1b5eb0e88353f230ea1608d2bb64
SHA51203ba224055ffdbf32b7eea30c764dc18d66cc6d8707dc5fafab74e155b0bb3d4d691c5788b033a68f05299547297125122778fa7e3252f93e7343d918936643e
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b