Analysis
-
max time kernel
120s -
max time network
131s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 23:02
Static task
static1
Behavioral task
behavioral1
Sample
a2d52318e40d9f08e4af7ed752ffa957_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a2d52318e40d9f08e4af7ed752ffa957_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a2d52318e40d9f08e4af7ed752ffa957_JaffaCakes118.html
-
Size
673B
-
MD5
a2d52318e40d9f08e4af7ed752ffa957
-
SHA1
780bf46a55c7ea3a4759640031a272136e281ef2
-
SHA256
43cd509c8f9123a2321dd22eee6108939e1e1bd8e46b40e1f8f49a867ded8856
-
SHA512
2e196d07ce6da8df89a5b7c2168476c8e50204056ba8a61ada99a0c57d0719d49138fd18e6e12e124da7bb39230b9ac559eccd431c7c84323f2dc29f6bf6a0f9
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000006e72802dc652d3bfebdf1c3a15e988cea7a087849c6db5bda2cb4215be95cf43000000000e800000000200002000000074ad99a2d95db07c0d6993a5d891cc1aa31f35d055ca45f7dce30682b7a4f1f920000000b2e70eea3b4bc0e63c902956d47ad0f5bafc848e067b32509a43c1b1d24edc1140000000cad283cd83203f9b34f54008575648fedfb968a07ea80d7ab97d52021356e9716d66544933d9eb1c0b730aa11dfd842edbadfb47d0c26e3e7f4c5c27dec36e7e iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424395221" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30b5489e1cbdda01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DA032471-290F-11EF-9E46-6ACBDECABE1A} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000d0d0df978a806f0e12155c5e4c8acad64bb0aebfb58151bf21a0fd70f1d8075c000000000e800000000200002000000064e43de08d5c1539506d8e1e238e85bad6d76cfa3b3fc0287bbbae4f52f600e590000000272f420ac4d6743249bd522fdb84666bca47710714e670591774b2de16a44c1bf598b48737579df19031238861c44dcb594aafed58409c7811b5b0dff772eb24409516e2c71a9979fe95b1a64cb699064ae013b2664e0c4394196f4b00d91e2d45919f35e8fda8ae5be506c66f67d83354176fd76f44b816f706ed684167ff3454c286548701a83e0aa458cf0aa7bb1a400000004646db716e22364c50f530864e76488078c915e75ec2df8314fe30641106b4c7b5044c5c17ee1bea7844da2b67b133c5bd9a07a04b38bbd69c6d970aca07a944 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2820 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2820 iexplore.exe 2820 iexplore.exe 936 IEXPLORE.EXE 936 IEXPLORE.EXE 936 IEXPLORE.EXE 936 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2820 wrote to memory of 936 2820 iexplore.exe 28 PID 2820 wrote to memory of 936 2820 iexplore.exe 28 PID 2820 wrote to memory of 936 2820 iexplore.exe 28 PID 2820 wrote to memory of 936 2820 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a2d52318e40d9f08e4af7ed752ffa957_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2820 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2820 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:936
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD515053e256499f3d28cbc10c2673c5647
SHA176c42afca80644de1478390325661ff491c17731
SHA2568f6377d5825d86d4425c2186d1ef72e60fafa788464febcd64d8ee075a9f159c
SHA512e235251ee0e02db5e67143ddccebf24d4aaeed184cef6da0dcc738ca1d4e7b9cca379c44b6e63b6388a7865e281f3e5debdd332cf9bd439edd35f3923de1f931
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52435fe6af9342f08dbef49eddc621b6c
SHA1a0cc8f516358211f7543af7c91ecfa1529df2976
SHA2569c7ed593bf7263023f978a4fe6a388ac65b1638a6f20393aede4a7e67e7843fd
SHA512bf85cb9b0d16307469f2b4982ed7667178b99a3b09a39ccef64c498aff8b182ab53fd3314143d31fed8023f6b3cc878efa2b3e10e35f102e73ce32386b6a49e8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a1297f3e0d966d37b6b35f90c5babfe2
SHA107bb743d6c9024c59f269b63c00a884e1b003937
SHA25680ab6c082f307b8882b23d54bcc133cee46afe0fba04ea5b982ddf3223c31dec
SHA512485af8f931577b8cc65694d28d9a1dee3725b529edcc998dc6d74c9818d01df600727a57cad43070bd2588b568382360af31e80ee02715c4578373a79dd7b7f6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b31b23f9f4914c99a8a4b86590a4f44e
SHA1d0e6f12343b7756223cc021b4dd750fac175417c
SHA25631a92885dc2225c3518e9400dee9e1a15430051a322d55af735a797ab550251e
SHA51281918953fabb1862582e26f94724173e661368d344589aba9a45413bca72b51a3b6da67b82f576c3b148b6d6d63b528ed63145148214656e7c78956bcc2b0277
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cd3939661939f73a7fe8f2bb1014323a
SHA1a852ccac3a19e3fb9023ee232773e92bc4b2de4a
SHA256936728c884db2cc58699f72d36f2eb9b6565acee7a8c6299c722631378b9c134
SHA512ffec8db8f58a26dbee5f17a2f3274931616515c3485be6147d6ba0ef9518c73d8547589250cb6ed52a28ebee5e2e0b4762d510f70ca6bb9f002fce252556b5f7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56b2fcb17b1e1078eb5dd3a7ee0b2a613
SHA17db7d86893674af7e39fde80f4ad231812bc0f50
SHA256b14c6e1827a4848d6baad2ce49619f7254ccf563a22169eec3e3b3894ff9d54b
SHA512278cfd9db5f1d1f2216f489e81b9e6ed1a92d3c252b1b16aa62b3752647128ee869343e19974310eb694998b3b3c9989266d6abd7cc258a1a7ce8aa8c97abe07
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5945c68d6a469da801e49b377659749a6
SHA1218f8f1545f455fe07841bacdcf6ff75a4ec8baa
SHA2563d7fde99f1bf33488816e633be0067e26b0c374aad7cb32a7716cafae969590e
SHA512c3fcb6f5c3676cba02dc35babba5303d303f75e2a2d94c598b9fd081be805933f96c960ff35ef68ae996318969e458a5f10afbdee92a233735677367e5a0c583
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ceeff4927a09cfecf9673c5b14c5a906
SHA1580b3f9d4db46226118fc1a1e9cd1da0eabcd7e7
SHA256742e02f873372c1ca75d1a17c09e042ded25ac2662acbe2623bda4177af08ce4
SHA512dc626a252dec5083510b26fdbc6fe1b397bbcf43034b5d625005ddf6f942abb502364ddebb85a5326fa6d8dc1cbeed4e02425e6b6dd94b56f007d0b3b21cc08e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ec277af480dde698cc9f21adf4dc292d
SHA1dd7bdfbd19751d57a495f5d2768d3cfe10dee1ce
SHA256010b34d744793765f07b1e952159fe88db0f3875eeb2710463effd4c8e70d890
SHA512a2a634fd9a6085a98c5e2e8612b4355112a46296e5b9a3079771cd22ff695536d8e0267501a446fb21b91545068346e39e846d6ce426d44635791315be0fa3ac
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c6597e01db6e78f765110c65cf655d21
SHA177f92f678c91d77dc9d40242a46986147e2322f5
SHA256321b6390abb47035fc2a10f39055d0234566171a94af2a2338e9d365b00451a3
SHA512d151ff0bf7d913d70d7604cf8ca3be102c875c2f37b2b67f5f01bcc2b1e8d389c1afff3edaa5ca42ea063ebc4e0129ae016b3ec913acf3a6f4f3b7094a74e8f4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53abbb57e99cf84883eb244a2dffe15c0
SHA1c2a03cb9a13c7b05290220abc3fade6af3183581
SHA256157d3e552396c9d8593ffea7282bbfee1dfe4701d085d6527bf3c13fa3285ad0
SHA512fc45c64efffa9b80d9362d24a713b1e64d6585d335e9f280575fb6bd6b13d4d42de320a9559f25d1aac2588716fe735ddf33d23461ee3970314c7d018edbd98d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54b2ebc1b189d1d3c6c76425e1d9c6a83
SHA1961583b121b8c8d90b8764757a27f1555259139b
SHA2560e51ea8e7d2163fcfcffff83ec4ecdfc0fa809ab7186c72e0ebf26230bf54ffb
SHA51280989d649fac22d37579fdd1ebc2f6b06c83bae102bb2b976764fee43d05e1021d1e6438725259235880fb3d211c109f6ccf828a25ade29d72df7052653debba
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD550d81ab07e83ad29257aca3c2afe5968
SHA1321f76706ce0c394a14d554e979a2e5d02b09912
SHA2567e47d3382bf94b1800644967af6201d8cc563437567dffd8c7df6919100f780a
SHA512a24000e8b011f12722fd21dc34ea5391478b6d4c2a5af26da1cbdec4079a568ace4739db8701bd14abf0be94d01bb12007e8a22c99759b21900b8a055a54e305
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b4492fd9b61f683fd9a3a91fcdff5216
SHA176e0aa666e33dfc5de1d8ee6f33e176e059951ec
SHA256c019b6e9b52aa5e8a0c8f3d998a765896e740a6249467d2f30778b56d20f6a95
SHA512ce511baaed399ec533f06712599b8ba0a624b28fc6da073373e584621df07f8430a9bf72f2b12b564a809c19537156c953168f83f690702d96e2888f64a741bb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD506bf9201ba36df7c48bd54c14ab6a167
SHA1c0313970ec029831a9394d7f39a97a55a94f0b05
SHA256dd641085e5464e5e43aa11f5ba86047818f96902353d8a066cf98e5ed54ac327
SHA512133daf94e6b4c24df4953aa020847d88699b9ba97954083c2a3cc2985b694be5a7ea1a6f8241e3f2e08c199a8f88067bb323f7910c6edbc7155559c7e3d18494
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ce5dd07af58e48b6b9131cae4bda05d3
SHA1e2b1eb305c9960346c2087d90b054eb66bff44cf
SHA256bb77ce67c15c67feb576ce6b3f712403a2677567565636c633c354f921be8b28
SHA512bcff15da9c389033748efb842f90eadd6cc8ed0c2c8af15a0b3a2e9b19bfd73df230159d66b9e7df2d656bb49d58707b5399e5bd63a90b542df40eff81064d60
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d52ea83c26fc3cfca733c20af5edb1b7
SHA12eff08472d8c1aa4b7b5b6dc6357b9ce3d596782
SHA25675eaa7ecb28b6fa794ce1bfe4b13a2369edf21ecab1e95a217f6a13a8eafbed7
SHA5129e35d57f849c0c803ba2224020a9b30edc1c350655dcab987d9292b72c1951980d9237c356a9402d278b6cc14cb93cd055ade5158cbf33f26a1195d2c2efd543
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56ac36be4a51b75eb2c12b210c7da81e1
SHA1b802068bff37cf77ca21f90b799891d6636071a3
SHA256b6745e2081a0779614e1fac41a84cd8ab1e16a83969c491ef7727e4b2742fee3
SHA512565cffba21c02d7cb100bcbd10db8e63fa2616a6894a4ed0595af589f4cd31f5b39cbef1e07dd4b2872b0724e568a8a73db1ba096697f9361a9a6d28f07ae5b4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58c9a72d4ce019155ab8c916b31dc55cb
SHA1292661a8f1d0b6a1ad1a83e9b67f700750534d26
SHA256c0af959cdf66796585a5740c1d762fc42b6f31efb81a9bddf15b0163c0db4e5c
SHA5128fb84e55593320146fb2f41be1e29e2df89452935e4f59d0c52ad34029df56fff564753eafbf2a73c5289271e2d3bfd5aab2070028457157027f941ce4561453
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b