Analysis
-
max time kernel
134s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
04-07-2024 22:56
Static task
static1
Behavioral task
behavioral1
Sample
2688f8800a79cbf17779c8c350a25a8d_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2688f8800a79cbf17779c8c350a25a8d_JaffaCakes118.html
Resource
win10v2004-20240704-en
General
-
Target
2688f8800a79cbf17779c8c350a25a8d_JaffaCakes118.html
-
Size
6KB
-
MD5
2688f8800a79cbf17779c8c350a25a8d
-
SHA1
7eef25e79ea1734e7f3a40b6cb80dbb061e5e2aa
-
SHA256
17ee39dad7c680d0813e2fc48c41b288a0ab5d38072c728776c68034f6b1ab34
-
SHA512
78309197710ec46df6c896b685b201740aa890e42e99f93cdbbcdd76fbdd93ae6db4889006a7a1545cb1387dbab0d6efa23aee08c2cdbe82e36de3a47e2dec97
-
SSDEEP
96:uzVs+ux7wHLLY1k9o84d12ef7CSTURZcEZ7ru7f:csz7wHAYS/Mb76f
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426295981" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000937c54b423484cae57486e941ea94ee4d7204e2f251c7077fc43fb616ceec9d3000000000e8000000002000020000000adf73cbffbcca6e6dbea764e5077eeca2e05102302b9f645ff330e6e31631a0a20000000259bc003f1423a104a5ffd26dccf605eaa5c17afb9b508652520bb09ce7451a340000000fa007f6c0d950c1f1a63f3bb6d2d5c098da7e7f83e6b329df55e5d5b896ca7a5771ff2104c7a3e0e4989fad79d96400b28610e273682b8790fd2f491bdb72cbe iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b04a7b3c66ceda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000472a97ad181e3d3aaded8fa2caffd701610999e3fe514c565d7983f048a935fa000000000e8000000002000020000000a1d0a15a2ae02aaf0abd2f00fb1e41c0355762d669c544e1990628b6741530ed90000000e2b1a098190d226060ff28e4f75032dfc008b2f9c909afe750e907e37eb680ce9f640a313eb7a0f70a9150c71d3fea07a20977b1801bce04ffdbaf03f92b541188b2173d984e7855439b8202465cc209dd90aa62e78d16c173cc103294eddd7857dcfadb0ebb76c929cd79ea44dcd595a93b9d9a443ccef6ade664b6f2f16f9e905015090cec4f3ebdc5eb592fdd6b6540000000a2a6860fbf34584438c8663c631cf8239a74936cd752ab3749818da6a7a76d6a3b0843bb9e65ed604f5c10e5cf709fbb12f6a40e95eac5ed17409387fa731c7a iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{67701DE1-3A59-11EF-B0DE-E64BF8A7A69F} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1780 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1780 iexplore.exe 1780 iexplore.exe 2120 IEXPLORE.EXE 2120 IEXPLORE.EXE 2120 IEXPLORE.EXE 2120 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1780 wrote to memory of 2120 1780 iexplore.exe 28 PID 1780 wrote to memory of 2120 1780 iexplore.exe 28 PID 1780 wrote to memory of 2120 1780 iexplore.exe 28 PID 1780 wrote to memory of 2120 1780 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2688f8800a79cbf17779c8c350a25a8d_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1780 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1780 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2120
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f881c947a0bf40438f8ae44418cc7370
SHA1e9a8ed80875fb792279df833988a364ba9aeeee7
SHA256cedbf4ea32709e242b7a90060ee1dd9fdd2e72860e19b00c6987e0f46cfd34c1
SHA512a08a41ee7852877610d3cf110286f215a28d2c8a2d47e957cfbf023040b8c14ae3ace3daabd46b311e6675dd0c057f77d153bd4454863c3e655629e319c423a2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51f4d307f3eb5b5816a2afdc50a5bc953
SHA1513a44840f50f10c8200acde7136da83c45dc3a3
SHA2566215a4d049348d43fe66a5e235718cee038d156f37815cadc31d1f0b02d86c7d
SHA5129e997e9a49af3b59d171e40f495686696ff3cf8782444159d713ac036bde41cea20b892327a5bd5fbfb2576ed33c4f73c31b51a70932256a7489084bec390f9b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD590600e892324ed100cacafa128423608
SHA14801b2b83313c0882fabb11dd60edc42cf380b3b
SHA2565dcaaad6b380a8986805a9e2dae34275103e526d89b0b3823f0fe9b4bbaaa6aa
SHA5124c23b2cc4633c90bf5c3f60bc5f330dbe06c376e593c0eeb71b81a3b9cc6d3f5ed3ae86bc654c8d0b14cfdc57721ab284f1778a867f33bcde11fb942a7ddef7c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5215e59659b4d20ee52f898447cc167ff
SHA1dbb43fe88e8a3975fa93c8092d3859fa36622d78
SHA2565b6fee6f7b34ca7da1c8333d8ec4f17341aac73256f65c48d5b865a0c344e5d1
SHA5129deac67eabe30b6b48dbc7fd5b10a3a6ab02e22ab766cf7c699ad058982a5e7fe285fcb75aee4adb933a159fe2c7081c6183a5e1d1d5091e1e15f0ec5df97072
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5db76a72549503b38125710ce9c152ae2
SHA11b54fe0591c5112d430c198dd62ff85fa21844c6
SHA2563c784c28e9301442a1282a4243783e8b0997743ea50353ecf8ade43217b4a632
SHA512d7c2736210122e2580cd8b0a119adb59333b582c5957554e53fa873e11e6a639f0a41f966ed5fa3cdd0d517167376e2e714010966a266c9c517ef6d9f76f7239
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50dd29e181b0a85b2e00db130bef7ce3e
SHA11696f0748bca4b9702596eafb8f99b60f7a936fa
SHA256d96576faa1fb8151f893be880cfaeae7b0fae761e27b3a633c18e43267b31c8c
SHA5122e831468efae3c318b383fd24b2f50cb29e0adc137e43f0e4360b4cbfc187a590c581254293cfc2a12bddf0fbe555ad6cfb1a6757d914ebcd1ca173ee4b89fe7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cbe19f48cb8b9dc96037ce4ce344c898
SHA172e6889d81de1cbb24ad451b8c26444541956cdd
SHA256e098412c67972e29e5109c80fb8e52437cf57913b626743a280b7eda69c9fa20
SHA512462ed3e7ecd399a3fcce07daef95137be88994320d79337cadcb7cb1f4d766cb84a50ecba225f2001ec2742ba95933ddd2a12cbb5a8c900bc16693afa532bc8a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5684bc68fa0e16f49cbcd133b1a2497ae
SHA137d21087c5ac852354cdf82886ffec3e597d9e0b
SHA2562ea20188d2184f8974b56dbde37c245f2ca9159223b7caf0e0543d9cdc6567bd
SHA512ca80a1d8f973ac5f17d44ccb5c4c47b14230e77e71708c05bb82f1070cbfe4eb84258dce1e8b836d1af9cfad658cb6cb2b6a789aca8955b3c47acd51a30982ef
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b2ac6b754b6b91cf853bcfd4044741f8
SHA1653ba71be90aa7c2139097abd1ea185cfebe6c4b
SHA256017667ea79023aadcdb921943adc3fdbe44460ad4391b3898d2b7eeed31fd066
SHA5125613d786f8aa86a29966de174d2d0930c0922d2bdf2f716195642dab317a450c92f744a773e09c9dc7157ecd2214973aba9a50c9a9714228a46727c9a87349d1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55ded55fd658c070c4712e9cc66e3d4b8
SHA13d4631c44bae114c6d7a75482baaa02d394a5b96
SHA25679143663f25d13256b43e6d3e96b7ddde63ca0b955099ac7683b113ffc8a106d
SHA5127d4bf6c75b3a22501ec166075362f6f67e7e50159c86aa107a1a81578c0d47933988c0d01b9e561faa7252a125cc6caca347b6f941d1843c1081e7580a7e7846
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD528f595020d07cd7e3ac8f52e02b34934
SHA13d37cf8ca3ad4fccbe31f1bfba30e362e70894aa
SHA25696b058d19147ceff552f7a61e8c7ee1a2fb99c8e0f29e7806eff2c1d117a9036
SHA5128f6d2641c6fec234b0238dc377a15866298035793e9e6314eb15c21d397475d943a5aed1ed2a0c2a3a69003927104f2de9c471bc7844e6ce5c8891d5b4900ad7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5408dae4fb4434a824a1ed21766d0e593
SHA1650ff2733be94e05dc0cc4eb677041167ba0c0a1
SHA2560f48e467cd9217db9d7e86f2aadc55a9658e313569281b1135c596c41d3f1142
SHA512666e966dde55e8d546ebea0e7305d5b0abc8c31e39f82484e9c1cc7c77ccde7618046c62891449a6943e37a102f538734d2288a53ae0d468c58fa922c54c07c5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56781fe1e5cd1402c16445a1f731686a3
SHA1ce47da5c0746de9bcdd90e31c8ab53ede98b890a
SHA25673378009b06d89c834f28be1720ce3c32a31ca68513946f083b9007dd396a235
SHA5124b9ddfb0dbda54706187411440831428611be67bb469ab3086eef296bfc1dbce456288609165a14d2675363e37d0c5979b341c17245fc08d2f61b2d87c8a6def
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD596655ea87efcdadf3310b3d6f76f72a4
SHA12433e6d4b452843e73683db8b7ae6a84e8b83851
SHA25666f06384c87291839f4306a4653d5816e36205339c74dee940d409c0b2aca019
SHA512e954ccc1ab67d40541041d71dbbca34b16d1c45434662fc55a382b0bf446bd42d6cb8c3cd29af362615ddf4e1f8709252f00b85e1943856cd70add6265449e1d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c40b1e7fb60779d434421000c10cbfbc
SHA1cef0320dd27b2ecf7da7650df2bc034bd004d6a5
SHA25623ced4e19b898d25032fb6e6e47fdc427c686c11b600b6e2b579c500df901708
SHA512bac6cfb2232d3b00fdea2aa876b1c8cf1f8bcd66f136893f6ac6dcd6d864770256ccdfc75457011d8b4d8938a8e44f97d2d6c8123cbc4efae8343ce3471e116a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a3e0911d4c6d6c069a8188b99e4c6e8a
SHA1ea1843b6918356fb2dea0322b2cae347313f597a
SHA256b33802a06f921ccec0c6b025640f5fba3ac06388a7aeda41a9c577bb1f30080f
SHA512c17e8f0dfe9328404a7da9298047633c8243160c09f1c9dd697ce0817a31bda6a9fe25d534e07940bf6ded67157e92691eee7243458596b5baeacbe2c52b38e8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c54f3f7d7aa4b88354e1808f0e4a957b
SHA142970ac38b4939245895186d0723d683de1e38d6
SHA25663948d0c1ee06d109f58e1a20237610e869dd7769a01c672adf15bf677877b09
SHA512f3ca87dd1a3bfe46d67a93bfb4c6192e72894d6d63d4cbf4cf9d814368f54beba9d27bb0aa5adc85c013efcaa6c46fb7110f4798380a0a6aa32884a1ae64b972
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5257ef439c01a01b67a2420a74262d72c
SHA12faaa7ae57e27ba7073464af8ec2e27d2e9c66ba
SHA25697c915d50849aee8c1a54576fbdc475c0186751ee4002aabad1d9385afbdc2e8
SHA512c278e246b272383455d719cf6c2ce1887049873c786438f62ba2c81501a1ada25a378748e5ef57963ecfbbe0a0bc519644a74cfcb4a2f58df4c8395afcc31774
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b