Analysis
-
max time kernel
122s -
max time network
135s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 22:05
Static task
static1
Behavioral task
behavioral1
Sample
a29cd006211c385cd967714d0b9942e6_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a29cd006211c385cd967714d0b9942e6_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a29cd006211c385cd967714d0b9942e6_JaffaCakes118.html
-
Size
1KB
-
MD5
a29cd006211c385cd967714d0b9942e6
-
SHA1
1537add29c7a0d27e8079ca5825114b950aec2b3
-
SHA256
8f1435593db4087fcd6855b7b0188bb0e28ae1ec7635bd7f00174b721ea46479
-
SHA512
919069b8632c6d78d4196b87984b8724a95aaca8682f5cebc6f6fdbe92d17ac24aa54c8c275c8b8893a99b47e3db574155d9e637d52fc98b952ca020ab0ad2e9
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424391815" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000152bc1ef47cc6161554fc1652d8d1f2f58d54414bc80f8566c2b013a4ee64c49000000000e8000000002000020000000920ee620e1b2dd53ca733b598b9fdedd03d795b4d0e99dcc230db315a1de672590000000c6b0abf4af36eea31bca95d6e2a3b3a2667f483085141ec6ee204787664ef51d940bf05d269034f503753248fa8b8c9439ce356d59998477c11c8da97b68692483bf257d1e8c8084f9b3b4b100acb9d44eb6ea70ae67068600dafd51e2d3d514b1a2d357a53d1d9782996a1000958a5ab8b426941a07a07815af0a35eb9f74b1019a8c1d575b45402f302566f3c16da34000000004e48ba0442d6f0024f77efbf47ec3a58a40f0087e59bd04d9b322204f703e527868dc604d01396b7825a11f128b645603d005e1db72f18ae5480effda2df7db iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EB8D90C1-2907-11EF-AA16-D671A15513D2} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30ddb9c114bdda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000faa69987c4468c9808eedb8a9b451b396c20ddc69062fd62a574f60cf03bd6f9000000000e80000000020000200000001f2d05d2e19f1f33c992b0fd24881fdfe8b9a1e7df2a4f55b9095493956a491a20000000ff5888de1c4269ea8ac166e17ce124c434756f4a52c58f21e936f84f84eaeeea400000005ac57dfa73f8a3946a63345e1bc6bb7a988f26b7007d8f0e3cb636540b2a43509ccd28efd6ff32c3d61a6a25a06d068db3178e03227c06a8544ef7b1f97df419 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1168 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1168 iexplore.exe 1168 iexplore.exe 3060 IEXPLORE.EXE 3060 IEXPLORE.EXE 3060 IEXPLORE.EXE 3060 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1168 wrote to memory of 3060 1168 iexplore.exe 28 PID 1168 wrote to memory of 3060 1168 iexplore.exe 28 PID 1168 wrote to memory of 3060 1168 iexplore.exe 28 PID 1168 wrote to memory of 3060 1168 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a29cd006211c385cd967714d0b9942e6_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1168 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1168 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3060
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5003f0a3c9acf7efc38850b23ef0b7e00
SHA19943ac73aea2750b9b225a8a30d4c986c6fe6009
SHA2568f7aceee271f5501a65a49ecc6ca0d475647557b28691c35664fc64275d5f795
SHA5123076245a8aef6761f4ad3d640f5b48193914f083cfd27b6c975f646cd2685a82171d86196f9aba2b640b28b8f447393512102bd0802e8814bd953eb7356d9f7a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56c9f7cb030621e569ec1e9af6df27cbe
SHA1eb0fdaf8e86f3c0c61c4bb32bee5e982d6f6cb56
SHA25600d7aece78dbef9d043a48b782de60442a910269747f56786a51bd24fb5cfab8
SHA5121a653dda66bf183cd08126ed203c237e23c96f157c2eb59e0ceaff31705a87a1d967a4c515ad7debc0b55e3ec57528e855b1494f789155ffea8a9d7ddde163c9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ebf8fdcc279edc8c5bfa7da532d149d1
SHA18ddbf06097d8dacba5b5be5948743890f5aa071b
SHA2568ee0c2d14e9bf97e242598f486612ea099a00c8efe5438dd4021ced3c993a4db
SHA5125404bb4883897b2b8e3f8b97516383464791e5bd31e47461df8dafd44f6092e3189af68662f56e6b017f78df8d68c6da1f0ccdf0283a9f421d1aa07124354f29
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f04c4530bde2f63c3844db071a3971b1
SHA1185abfb3b0b9525cf86f0151ac358b9728405820
SHA256847ec18335d1968930e5d0f87e307c00fa399ce3512ac888a9da53f18a25fd55
SHA5120c7a2bbae13423ec3b8f930348f69614a0de6a06f5593e6e5283e81056169e29b973ffb75e59f0ce5761c8de04d8a992cc90ca123daf53c9da972a91a0b05e39
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5226af43bd298622a7a6ce154cb5dacd5
SHA1814e84e69a067b1893fe73934560f1780c84b07c
SHA256b3b8ce265fe6d2a7fe1f5f65ccbe32290cf29dcf1e823c093855b80e0898a06c
SHA5122360de1217316172c9ebb5523a19f98ef1aa411f476094aeed63ad251c00ae94bb350551858e51d8454e46e52b9c6399d5f2848eb2c708b9d4abf2e190ee4c9d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5eb98713330dfe6e82a187c447a392054
SHA1207f44df93404e72f3896d8892088fe7c6d45517
SHA256fb07bfdd7ab0adf290fa6280dbefc07cae631baac695beda1c547cda64075dee
SHA5120a67f1b32826c0bfda61c19110740f7f1d4df09456498e99fc6e18b6126a6320821c2758454305c04501e4f0c8a78bce590b167a1b683a7c1ac07bc6a5309008
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59bed87fb58b418b254f9b307ae8183fd
SHA1deac3b7abb8ee079295b489dcf1a0b5c90f8d122
SHA2565d2a8a0cd1b8682dbb23fc6c54739fd824da8ccf1aa9181bd1b5dd87784cc051
SHA5124b66885a6bdb5337233a2c83885ae417ce720c009b2e80bccffd1ea0b9829d6cbe077a32d36ede3496329a27205186176696ec8381c7851a878f216a406b5d44
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5149cefc6c11ca316092622dcda680c5a
SHA1bb4d52b4efb7b1d4ce5d22bcf0658a4b2e5389c6
SHA256d05aea8fc405f4507926ee49c38a444efac93c6c2c2970b530ba1c292ded0060
SHA51207c69a49899e9442215d747ca524d13593bbb3bd99c7fb3094ad5053ebd13a0ab26e054408508d1c2f4c6d164764e37202cc286c27fd419b077e6942d5adf5cc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ddea0309185c6bc5485c5daf372dc4dd
SHA162c290ad39e4e1a64fbbed12c8489db88d32e33a
SHA2568d5b4c15020e2802fe18d557436e5d5ac604a505fc535050f88d645c178ca7ca
SHA512f74e9cb0c7697a893df7b230561dbeee6dcb717e9cfd43be236d9e0ce616dbd8cea8dcdbb6967a648a1495c111ff75db224dae4b00de2fcb1257847804376809
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56445ee1f440af1b7a6bd3faf6887385c
SHA13b5037b9d7e7e9ab95bedfb29bdd95c374da32e8
SHA2562e0990574529954f4a13d2cc50d781cac0b84440dd741eefa1c92f5f9085cc54
SHA51248f71c9eb98d17d8f1e9cdfd33b78bc848cfacecb554980913b1df297e22419ef3071dd34a4ff43754f8d50da6f34010da08faff30e3c859787abacdfed5667d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c0b918f8d27e911210178c3ef9cd278d
SHA1390619e037e142d376899fd917992a2c246573c0
SHA256b25538e1ab96fff9e2cef5a03321eb5cd3b7ed6a03f0ac2f081afbd16a029dca
SHA512772ae1a9c29e8db01e24701aa6c93020e9f2084ff3fd9c15a08ee45fec1a443bbac0274828db6fa6f8ef33cdf5ff06ebd7c834add0c25e993c81d4d041918775
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b2d502fac5afd19cb8123ce31a90f4e4
SHA15337f8d120407d692ccc93eb1de46fac17d502ff
SHA25633175e100a1b5e511228cdfccc4f87b54e92c8772f837a80a09e48a7297df14d
SHA512b9fa3dfb5ead90892fb5693588716cfbf8850f9f1306b637c4998561d9e2aaaceadcb34d1e3bd02e30226d3f6943ba1ad63ac6183d3074eeba96d9bdc7122c9a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ebeb627318fae9d75220071f6f982eb0
SHA1157e092c0529ad8b0d5007dd75e3f0a4bedb79c7
SHA256160ff09e8e2a98b7b5f57872a42e3cd70021bfe36fe03e628b53dd65de18389e
SHA5122523d56fdf6d51f24c032f2e091eb416e4adf77d6aa27e00893f45bb795ace5dd6eaba050e716b5b97da08d875476b0ce7b9715c28674323771a6ed542331c9f
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b