Analysis
-
max time kernel
121s -
max time network
130s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
09-05-2024 15:53
Static task
static1
Behavioral task
behavioral1
Sample
2ab84cb6714f06f1c3b710a68a136115_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2ab84cb6714f06f1c3b710a68a136115_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
2ab84cb6714f06f1c3b710a68a136115_JaffaCakes118.html
-
Size
254B
-
MD5
2ab84cb6714f06f1c3b710a68a136115
-
SHA1
f92126eb9dcaf660d798327a3086b6e0212750d9
-
SHA256
5523aeb90e64a6fc7d3d1f0fcdc3723c0bd56f8143a10ef88ff91a89bf6b3eb5
-
SHA512
9159ab7da93b39497c4761b6ac28329efc3477d5759f4164aa5b6bcf7abd63eea46899d524eb0cf643f904c1d1877edc1b02975644d2f121d8b9b9311727f3c2
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000008c785708e3bb9df70aff66188b61497374e07e38346babcb969294b0d4f40faa000000000e800000000200002000000069aee81294011094ef1888792997145245c9c38b0a74d8ed45fa91dd34af05e120000000755a26be234bbb3cae118e1a57cd07a20331a149733b0ea71ec7d966a56e9c9f400000005cf6976bf5708d77b3b4c2fb7ca0466a43863dc256e0e37ec7a06fe36778b74b3b1ae1b841785d0624b17911856b42e4fcf964ba0fba28ba55b13732c344c43e iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000713a8432f150849dc156f94520d1cb49660af130f44c4edd85a687954e65882f000000000e800000000200002000000034e2f973178f800b48cc57dd72dd3c23d013c9128ef405b5400949d7fbb31b4690000000e585bb1a68495afa64493dfc0d9246d57b847444fa45a824c8c3e76af944c443c9de12d7c1916e998b09f4c67297950c1a8df21e5a890b23dda1c5e21285463149fe26f11a576ae7284ffc43656764e5b39f4393c75212c3ce6086dff110b766d814698d2b3e7c5e2cc2dbf7eb20e8ffe939cea0708627099220471c6c15d83ba8a50f5954c5c759e1026398fd43c4d14000000010ef09fd31ba48e1ce85fc225d0f3cfca95f38ba21982bed555094cdc57b8baa0cd98a8ef051af2981646025e98c85649a06112f02461e40099458d0f8b71209 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421431876" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{46E998D1-0E1C-11EF-BB21-6AD47596CE83} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c073681b29a2da01 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2320 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2320 iexplore.exe 2320 iexplore.exe 2448 IEXPLORE.EXE 2448 IEXPLORE.EXE 2448 IEXPLORE.EXE 2448 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2320 wrote to memory of 2448 2320 iexplore.exe 28 PID 2320 wrote to memory of 2448 2320 iexplore.exe 28 PID 2320 wrote to memory of 2448 2320 iexplore.exe 28 PID 2320 wrote to memory of 2448 2320 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2ab84cb6714f06f1c3b710a68a136115_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2320 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2320 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2448
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f1ab16ded58b7c59e30220717ba125aa
SHA1cd7ebe75cdfa31b484aeaac897ef248308af419d
SHA2562bf13f238a853591b70246dc2eeb89834ac8c177706cafc7307f705f3a09ba0a
SHA512b48f3f0812bde25be1afe5ca0e399db8efe4e4d2ddf02db2ca35fbb080bf79a94fd5d4dfdc5709a91cc292c5e5673643bf56347fa583bbedf13f0891fc0ef583
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53dbbb6caa2652393bf18f70a3ef79d6a
SHA1482acf78d7b1450187dac0a52f0c0a18148b84b5
SHA25690162416642c258f678048d39ef7f41542a06908c636578cea9c6dc380704ecd
SHA512cee4a911ff03cc9d42a2caaa83e8f144e6279d9ed346b430b30d0a4786e8f1070ccad895fc501709cca6b1f8ee4b42a32cd5dab1a9a05a575f5238144eccabea
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56071df51dc2d4e71b9059c1eead03d5f
SHA1e7b23e41abb5bd002c00087aeb1c4c944f9cc52c
SHA25609e019d4c246a3f039d487b917c26d2a90a2d8abbb4afd15f63c29e74ca26f7f
SHA51224be888859598f44b314b20bb57250353fd7599a830b2367d5177ff3567062bb3742ade1a512173fc4a4fc85718e08584e50526c2992edd7daf091f5230ec361
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59998424593f68685522be9733dc49415
SHA1946e5a7bd9aaf25101d7e496cf3c53e91d4dd860
SHA2561ba003001a0fe35fa29d3747c62c8a72c56d5697d8666b4246b5cf6f3d9dbea8
SHA51289a8a00e6dc1239e7ca895d25bfcc9872c94fe9eee8cb5a9760951f65c6b9d8224065d9373d954aef358e7052a18f33eb0393599442f3b0470f845af420f067f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ea65ecec9483ee003428ef663e8e3b9c
SHA17e82cd1320bdf2fabff2838a10c8ebc34b27708d
SHA256a450d9fef5760422f34b2d0e31042425dcaef0df5c7aecd452ea485fead68fbe
SHA5121ba732bcba358486be7815606efe37ac5a414843c7453b411d253121b256d95fd0255a2abba29b49422446ecaa8f190823882c97122121dc7e43db1e2f154e79
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e9a2f1efa20ab712c8cf9140b7c137ad
SHA17c137b04c8ba5d15bc56e514f2fb8f17a6889e35
SHA2566a926954a327acb857926f591a842e28b0fe1299b609a6fc1de4732e0b43dfae
SHA512f7eea4d2ef3ff11030178540e08d43353b1283a2bc70a82c4441cb16a91d52032bc8ba45bac92d7db51b0644c1b596704250d9e60d5abb2cb3d99a3997a77095
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50b9a4bd58791e91d44847f28cd7defc1
SHA1e2d98c366145546b4fdb0dabe821bd9323ee7eee
SHA25637d35a870b7f34af86bc1e15ff465fce58860e0181b52633b5034e63283a0b40
SHA512d97be560f1724e094016e3c9b15b5a2347f65f45fac012ef3daf296abfae3c20662687c11e1fc9d24319ed4a04b41814ebcc085f208f62f9cfe2f1001dbfdabd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55a0d5a13a18dfe41e8850f832ecb4fd4
SHA14e8f50b2636da05c86cdee6870af42884ac2330f
SHA2560ad5c813b1829b9b8f259b5a74207fb81c2f2de54428a84dcc494291070786b9
SHA512df2c08cb7436d8e7dcf3dee09847a476f644bd70a431e53e63a7e3881e60870e7d0a316bfdabbb9a801bb841ebd955a0e6a14e8368cab381969261a4ad42c280
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5458f5abf752ca8debc9c25b1d211d2f6
SHA12a694e76435b215aecd437155d20091bca88802c
SHA25622f202218802576473d205a869f73488e8cf985d618b2a5e6ef611e8c2b5e458
SHA512192c0f28014c99db7f26453192ff4e18974d9cdda2d52e9ab240fcc85ae0cc18b61c8a2b77da0a3f965e5ff1c62909921e4cd1d6e72a431414255760c7357a81
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5864b2f7e426b71b813ab2e63c9401240
SHA132d8cdd6ccd221b5b2b37eb1788699f11617744e
SHA256d2c53f73ea670ec433933b630217b7a1457943710d5c577e2e458286c88447a2
SHA512865c9d9f3b862c5dd02daed0bb320c176f8c1c5db092d72426fda38b26c52e3219f7620d16b58e10c59de6067d7e3dbf6b63a57658cb56f14e6a7f49794d530d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c60de82a615b6ca75114af214e48d1d0
SHA1049d288accc5a79bbdd72feac9e01fdfd1d27116
SHA2566148eb498efe412d972abd071db8c785ede73feb312622d5b5beda234968d5c8
SHA51287070271233d384ea83afed59d44302cca77475631fcb6458d468843db4c7b55cbde10a0b2f23ddde59ef90ee341f157664a19517802323436ae4bd9554f7a9b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ef4b7121d10dda6104afb341b30160f2
SHA1ec3c1ca710a4066f425953ae4087dc89bf50b927
SHA25689d7e549a2a64694119dc4ada702faef175b91279a416dc370cb7e2490f61465
SHA5127929782b70d0054445ab0eaf46b8fd86c4a5476bc9b5da4427c633723d750009aca41f0749a39b2ca72a772e160e86873c04cd6b7b4b2923f8a8e81b5203b11b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD536585f1984db2e51015216e9821b6339
SHA16eee9503814cf5bb63d12f5f2ea920ad549e6fc9
SHA2567f637eadcd7e7321c1429f31e01880b6b5190db40ea81da4726a09f5f3387b37
SHA51253f969703321ac39c6e02d51c56e9a4a7c5f0fba5fef8d8cb7da3604f97ea8b27fd38618face10974a5552ef56d6afccbe2a3dc1ccd3d82c0ff0728986be8dd7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58ebc45651c9e33bc6cfac50622e3f9ca
SHA1a31eacbdfd2f224086be35ee5702a700841bbaf1
SHA256fa7f5bf413bd4d60fe7bfbffb34666771ebc48002d4b04b80972c85d3e895ff6
SHA512918a7f53b310f825ed3650d9ea301bf9919269b2395da9c244b58597a6299dfb9419f9d67b15edb1906d6b971b124acec677b423fc0d321bc55e823ef5cbc699
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5da28bc813b9097dd6b38f1f473ac184f
SHA124e22a01d40789fd540eb38685e8cf028bbb4c90
SHA256ad0f5d9ad1aed6900371893ba564575d1749716ce0d28e1abb582e2bf8d96d03
SHA5120113409bd645f2c86e40c4d0258d1e0f18e7867481c6053435118de42eb03c2f6c07fbf64f19c59c776a133333da0793cda032442a25a3c1575c77675e519f21
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5830eb457277a172f4845666656673d0e
SHA12ed75a61b4ec1ac18940cae8dc30fc150cb16932
SHA25661e5eb89d6daffd7d9d4a7dbf5a76ef0e002fb22c220680b9e99698c1e53f33f
SHA5120d0f0874052fb88da0cdd266d15cb30b40d06bf4127d208935c31c3f16398610ab0d807d0a6b18f24df07a9e8f8c2f10a6845e73ed3d9235387b6d0898f84a61
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5168829676f6184095fa89eb1d33992f2
SHA1a853fb96590a531deec1d33b22db05ffcbd9dfff
SHA256cbbef2af3c02a703cacc5f3a6f63dac9b1ebc486be28752ea4d36b7528bcbc1d
SHA512edd712f7689e1a64835a637f0b704e6c574d9e3e3ed6bc412a47db5ba070d3d291c9e38652c514c9b939812e269f1c93287dafded3bd1711074e691ce8a5257c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5cc41f8b7021a2b17179bb1c72b306487
SHA1d40eec37362ffe1bb7c7a01df924a9ffc6d025ff
SHA256ce9152db6c25bc1ba8cfdbf3a86f0a7585c750eb494fe847aa2724071930c9f2
SHA51202c4271bb382d769db7b858187e1456d8ef6152334bfd30de053c634f06f36024f7c9145d6c1040fbe880a2d61a6392cdbcff83f336616ceab8c874c7cfa2a06
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51605af506dbf14233de82d60f322c8d2
SHA1eab726ff33a7345adf781d0e1faea5f33bfc1e89
SHA256c7a4cea09c2274d12e789e1161415f7d00b00b9c85ba24d887c6a61649df772e
SHA512d962099d8a372616bab4d079bcda69bf5b6d7e30a1881396ca4914ff044a3fbe17ba1c04cd9f352427671777efe547360adcb3b8fadeefe7a30c1a20535306ca
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a