Analysis
-
max time kernel
120s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
13-07-2024 20:06
Static task
static1
Behavioral task
behavioral1
Sample
432808015f8aec0065b59b392a59b962_JaffaCakes118.html
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
432808015f8aec0065b59b392a59b962_JaffaCakes118.html
Resource
win10v2004-20240709-en
General
-
Target
432808015f8aec0065b59b392a59b962_JaffaCakes118.html
-
Size
53KB
-
MD5
432808015f8aec0065b59b392a59b962
-
SHA1
02262b87862510c878845afaea32837f458c8af8
-
SHA256
1ca3ea3214bddb8071e1e3c1b6150ec2a71a3f37344ccdba23b8681636facbf2
-
SHA512
64bc59ca961f490e3bfacd2f15de9ad3fd66fa8072e7389870c2f604ffd38dc62e7833440bec1d5cb6d81ffc648027df60e1d24c245927e455547a9f430e486d
-
SSDEEP
1536:CkgUiIakTqGivi+PyUNrunlYkM63Nj+q5VyvR0w2AzTICbbyoFo/t9M/dNwIUTDN:CkgUiIakTqGivi+PyUNrunlYkM63Nj+4
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d02c362e60d5da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{58641DF1-4153-11EF-937B-6ED41388558A} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f0000000002000000000010660000000100002000000066ea42168e5207392b131c0be3e907026c8daba94750c3172a7990f878ed624d000000000e800000000200002000000049e585aad0cb535961b3ad2109d051031ef48177ba81673f46d9003ee7f7f621900000002cb0e3d5154112c5a4862ee076219692a968beac0c758bc4d5ca081c21e6d0128faa12cc0d623cb99f9c236f141caf8055959ff10cb944d8d4f2f1cfabda067ae789033045eaa5cbcb0503319a29a8e6fa72153683ef692d32b4ce1eb66592840d5072212ade44ee27a1dd7f8305b1b57039080ea8400c90868d31168d11d741e45bdbe4e4f68d8ed7cd87900ff1dfde40000000642ad270cde0814b96a6d56d6f42c490a171a9e3ebb49b716d15f348d4a17303316aa2485974068caaacd53707861ffe82bc41723ee6d94b5eee70ed93a0680f iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f000000000200000000001066000000010000200000006e17505a5b23691aa16d533bb26a3d7bf23dac978e0a515982b6abd992d5011c000000000e8000000002000020000000b8d82e34eb1d3b6c3389fc4a295aef916daade0a53ebb374c1b017e6a9f815fd20000000e7b8ad1d814f5c9ebed4b4dc1e6ed10a6839c386442fcbf692d7125943bcdc1f40000000e7bc828f4760a204b794d4d4afaebccea3645afd422b3dcf6c2587ecf30c98fa351a7291c9f4595c88fd1a53c4aecad25f218022fec89f7f3be778d236c740ee iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427063038" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2688 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2688 iexplore.exe 2688 iexplore.exe 2772 IEXPLORE.EXE 2772 IEXPLORE.EXE 2772 IEXPLORE.EXE 2772 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2688 wrote to memory of 2772 2688 iexplore.exe 30 PID 2688 wrote to memory of 2772 2688 iexplore.exe 30 PID 2688 wrote to memory of 2772 2688 iexplore.exe 30 PID 2688 wrote to memory of 2772 2688 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\432808015f8aec0065b59b392a59b962_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2688 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2688 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2772
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD532a70dcabf1d01c10b032bd6adb8b044
SHA166f9a3849dd11f1135d4f7dc8b7f7a976f437cd2
SHA256d86ea743774e05c44f15d1ca471e0137c87e36649718b9d0967714ac7ddc19f6
SHA512a57f06db0c2e7ef8ab51292a81b771ea42c4fbef5a0c2ff0b35ba2544e63b5b97b01524f379ca00fa94183fae338cd322182590f30a1d3f1562652a766c2451e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD506b545c207d423ac2e812083f3d3310c
SHA1f659b0b886c33d49f9c3a276026e0dee66de796e
SHA2565ea0744f7d6feb3ec69776686805a809625dd86be2caf03460ba42a843c77464
SHA5121aae61693956efe2c535b3c928e8e02542f2208fd15e1ace6ef6fec07b3fc1b2b6b7006b16d87cb60ea196744f9d09d98d3d20d04cafc7d26aa1e620cfcbcf74
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55c0aa4fcf5cbf2f49985d77169722ca0
SHA180aa72de0e350675eac8c07867ebe2fac4947011
SHA256969ec0d895e0f115edac7900834e33f0e54ba4e74e1c4819ca5f0a0f215eb66f
SHA5127a7df500be44d51270b08a91eb4914b2267613fa25efa5711deb56062548b025db6700a9aa9d99b05e7ec47aa82cf903cadf87ada1ebcad78b571b55cf8a2bf9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55305b26e42d953cb55b0f26ea640d77c
SHA16c428b07d355ec563d93463d94b7ce5bd0c58e9c
SHA256de78c9023b7b1f7ea92c98d0145482ec3f45fe876338f9d55b1e69a4be4e2c17
SHA5125162b4d95d1074e53689896af52bfa44340e831431abba9ce1542745095cd8ccb8f4e4bee5f29ebd551e3f3036e134ff17a3556213bd306b7a0ed23f041a3bda
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57f3da4a3afa1c8f40cb06130c858080b
SHA1ed6c626ecacdd135d44959fbc9037121190eeee3
SHA256006dc4bea5e490abee4e066658fdec49849d60049dc4e30a674f1dae0747cdbd
SHA512fef923c60b75010c3a9116e1f695fbea829680d2d979cac92501dcce5b660a449e45f33f9940e260cec64e9c39e98b679c9e52fb53ebf7f029254b25aad6df69
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD592e3b237d15acc31b579a591cb5cc006
SHA1cb70e13ae8edd4ae98280c1c8ee20630f545b75a
SHA256b64f5bc0d4b3c158ab4c2264be532b6d832d73ff4e5f147edd316ee420f6e10a
SHA512f1675509817a2fba5e9fb6d2f5e9d4e80b0cec5193ea3e86f41f30f37e9de96c888b36c78ca61a5325cca97cc1f3bf9447b94a8d5f66998633ed99ab2a06faf1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD562a80760ecf3a5e7add2be74379d663d
SHA10ec5a5cb149469354d5e5edb72aef435e8f20f93
SHA256ef5908cb0e0c6d24efc83d0fa791e635aac179fa48728a10515bb40a955e7c50
SHA512115288c9c1e9c381aeeb689b7629b9fb631fd067c68f44a41de4f738eba0c9b8c3babce621ef51ee72dee32f0f24b7cfa9f5c5026113dc6277fe137cbd4efb13
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54003f6b40ef0f210bfa2617a8f3a19c8
SHA1b50fb8633da311f1b33d151b3a3443345ef6f46a
SHA25629e96934d3475c07a9f435306d52d996ea8032cd6fe992cfd6ad155003945981
SHA512ba9f1caff0f0e6587b9ca5ff3421402f4cf63844ebdf61cbfaaa80945cf2594ba1f055e44cf26c7511fc1196dac1fa22d5fd027ccee3d7232bf9607942bab9e3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b2135b32cb0bd4c63ee47e35eb081007
SHA18d4dbaf2fab0dd4801466bf86906367d99373d57
SHA2569020cb106958eccc898901cfe5e0c73d97b8eaf353aecf03d26de5b2930d15d5
SHA5125c8d1424f41b22d07f36f51bdab1bbe162a487d6c9b90c3a091656212c945e5e18c15b76afbe703a41330c19bfbe56ed47453bf97985e28f08b251b5e9156118
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cf285fcc7415f04c6c735d75c1d38bba
SHA1c7c34ee7965efcf0d706dcc1a1a9d0a0cec52119
SHA256c82d387390670c2b08946011ec1f45bc5e590f525785b053d139be841255be4a
SHA512cd11d9ed94416d12f103829a42c192251866d7fbdc507a3879292f5a077d1d0e974115272f20dcacda90600151cee8196e067ab999ccc0effe7ed16d13828bff
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5feb28085972c05e0262e7a4697361e74
SHA143ba6de83994d7264302bc64366180ba05dbbbb5
SHA256e99a043dff7b29bd49d0b76bad8479b79e3867d67976c54d52df5f034a2bfd6e
SHA512ab281a763df6b26a22f65c5621f5e6310b0355b3a224877da4943d156ed47c51bff077d97bfe1535ddbf494b3381bd29fc4d17ab3404a4b6d0245071b9ff4cc1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dfc39b33e17a7f106655e7b796ba5330
SHA1255872c921ccc45069462520d24633132c8cfa74
SHA2565414e50d604374fb71ba6a0ce20785ffb681af8f0108747ee5c102f113265635
SHA512d08c0ef22de99d7dc1b525f107f66ad6ca10e74481f36cddd6947e974ef119cb95dc0e5650c6fd46f365dff9628ef056ce69d053e8515a5f4e39c9ad3547cf8c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD578c2448567bbb6772f7229fc56a86a83
SHA18c69a998297d3baceaae7fc1007eb025d7c03522
SHA2569ef80c3b46af43e1293f07198d2ecad61b402986c81922089b53658d0b3b7136
SHA5124b7a99bca06a92dd6b40e3500a91c89f67b9fbbda354d0e7c909074ffdb689bd7df969975e1c119772c150b1e08b48ce834752402b7e324a8590d85e3ca3c75e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD557c178db5c5078f52848627b84885edd
SHA15ec489ffe58c68e1e835af46d7a67ef25bc5791c
SHA2562f27b28400d51826b0532bac4b858c66974c19020687efc8f91ae556dd4b944b
SHA5122453e06022e63530cfad9ab92dee6d2a4e188b3a4e345703666e1323e723584e3cb171044cbf7135c0177d28bfc243258311cdad5acd3825eb4eb1e59a336094
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD524ecba6fa92829f74e167f169d10688f
SHA183ff7f797d614b5b48bbdf75e0fbb5e562f4d08a
SHA256cea950fa5b5da7310791bcc12090f2ac61d60c9f5b962fb28449def147ee7a5c
SHA512dad3e65ee453fe6aa28f6ac0d52cc84fb8fcb9b67b87f8574cfdc1b8e95acc2abead0b561e72151bcef85a1b8766b2174ce129c3004f173168d7e0aebeb31ed1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59c694b37aa1c566e6a3e8a541671e82f
SHA1bb2b721e3be6f70c3f96d6dcd709cd3bb3e5abdc
SHA256a84cb9ab9bc65fb7d621945bb4d1226e405d6172625a60590e79deb5a3d21591
SHA5122e2c6cb5b5dcad88f8a7a250e58872e3a59029fcd16a40bd561d5fe0cc0be80b87a69a4656532e4f44ae00b357b59a3fdc533c34be7009733e7021418a5550b7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57df28eb14fc48926eb20a2a4e0149ee5
SHA11981d70833807ec4e0ab26b56d71a32f5dc12e37
SHA2567d87d0f26aeab6305ed6ea1b15b0a93ce2020ee59a0e61e4db05123893362076
SHA5120fd9d65b2403b042dced00da8f2f40fbae3055f356b0366c346ab6a0f8ededc18445c38289009c4a35c10db793f011cddb042813cc123dd0850e68cc47826bb3
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M7GT0RRO\style[1].htm
Filesize706B
MD567f3a5933c17b3ab044826d3927d0ba9
SHA15957076d09bacaa6db8ddc832b4fd87ed8f05f8a
SHA25697e800f4836b7030dd58fe6296294b7ff5ef1b5eb0e88353f230ea1608d2bb64
SHA51203ba224055ffdbf32b7eea30c764dc18d66cc6d8707dc5fafab74e155b0bb3d4d691c5788b033a68f05299547297125122778fa7e3252f93e7343d918936643e
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b