Analysis
-
max time kernel
121s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 23:02
Static task
static1
Behavioral task
behavioral1
Sample
a2d55122aa40779b777a17b4526dfec7_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a2d55122aa40779b777a17b4526dfec7_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a2d55122aa40779b777a17b4526dfec7_JaffaCakes118.html
-
Size
17KB
-
MD5
a2d55122aa40779b777a17b4526dfec7
-
SHA1
8608db83b071092b19d9eed506147f9d7544f792
-
SHA256
c068929b5ef481942bba725237c3b3bb7fa0de446d5991036ea40fac0be57898
-
SHA512
b5f4b6a1138c6097c4f2226b3b1dd72c2688fe58b582bc77f7bfc102b270e84efc2108782d0af201672337e59228558dad4020bde74869840f4be7e64179051d
-
SSDEEP
384:7yiHun3zDQdXgsDiADient1PI3Fd1PI3FkcOFfHsMKFQiXAc0Z6gi+L:7yiCQdXgsuADiAt1Q3Fd1Q3FkhFfHsM9
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DC029621-290F-11EF-9EC9-FEBBC6272832} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 602449b31cbdda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424395224" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000f507796f7155672c38e708ff9741b9157d4048b0dee6ca5c2e580eeca6b34033000000000e8000000002000020000000af2ab9b9047465e9f32ed3d404185830850324e72eb2e470ee095af134af1df8900000005d2ee3fe004929b0d5c84fdf4611590892685243326a1ec67882cf2ac0c1a27614fdf0a5ffb2a5758735f0683443ed032169e557e611f6dc0a8f8e6bbd0b60cca1ea7d6b0be4c28299e43f91328b9caa779e0bbe5a3151b251d5dec9c23f46d030e92fdccb657525299e007fa0e6019c299ebc94d846823f3a612c7eaf10a1105686a6dfa422c1c36fd3922590b203d9400000005e8cdc5fe3776702a80e2b075c129e1ccb4982e0b63b66dee5a8b5a4beae0b96fe17b2797c20d8a16e779c9fa67055ff94129338cdbd9571e543bb0c30e767bf iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000afa21db188a2700d303ba6ceba3b12a2acd4e3032e1984178dd2a2438f7227db000000000e80000000020000200000006920cc45b9d38e389442e9cfdc3b7556805b5f2b7aa9e3757f12a9ffaadc0bcd200000006fefbca5a1b50487f6709b3c0e1db51f69b53f4f2ec1d5236eb8a9037841d0a6400000001ac46b49e7590f88afa9b016d6da241e72df8b9fa526e98d3b27557e2c95bf6f8bab45bab0d4c58c18a4209d8bebf21bf5c13d82efd86ca0cb98cb2f074570fe iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1452 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1452 iexplore.exe 1452 iexplore.exe 2352 IEXPLORE.EXE 2352 IEXPLORE.EXE 2352 IEXPLORE.EXE 2352 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1452 wrote to memory of 2352 1452 iexplore.exe 28 PID 1452 wrote to memory of 2352 1452 iexplore.exe 28 PID 1452 wrote to memory of 2352 1452 iexplore.exe 28 PID 1452 wrote to memory of 2352 1452 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a2d55122aa40779b777a17b4526dfec7_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1452 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1452 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2352
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57a0d80cedd4048313413cdce4cef3132
SHA13657c665af7f63f0efb3985dbd3842b743821a2b
SHA256ac49375e4036f83adac2902a93f2a29c163f86fdd80b2499d158588e752f82f4
SHA512c128c8165ac95d925c1801668f838f336261c2612d523c71af436e23f79e5e531bcb310d6d8dc59af12723922d50cf6c45d7fe523590d783e2a95840a3bf7196
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5544feb78e48c75714e26d99081173a05
SHA15287c6fbd9cebe17a0f16c3b64b50914e1d56079
SHA25655714261b0b8ad164ef7c1754b3c7c29faf2b67ef0959ba4c22b76a6a3cd782c
SHA512cb290c86212f9157a8ef8aeea516b64d256e474cbc2ca8ae6121c248bc601c358a342f93d9a70c14b904ccf42f0be082476cd00d369da52bc4eec3a2df355a53
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ef6857949f3052b6224ddb43e8489f23
SHA153214952d5707c4c813e81d2c87e89470cd83791
SHA2560ff1ad5a9f4efa0866a717ff3a8e8d04981a371bf1537d4615513ab08eb7454a
SHA5123e9bf46723f41833ed52e9b1528580ff53e4c2199d3d8e8cf9b6ffe9bdf86a4ba5b991d28549a26cbfeeb0e0b55945feb26b145beee9a88e21a38ab11dfe20a1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57e42553f78998ee4d0bf8c4fea9f3102
SHA19044122ad221ff1cf21cb092ca35ca39f2bae36c
SHA25674ec2aabdc368baf26704c4b7d51efdfe0ebf1c60456ea0d68f91019982a01ed
SHA5127f5d148ef79f9c863f06cadedefb6646ed67f791eb9c688558cbced5a3fb5886c6ba119261b3eb4dfbc6617cc548422b7481f29954169a6d1577999632c7f2a4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a7f2251240110a3b866515e14e1b3c9f
SHA1cb905cc4f8abde6493c01e04aca4abe0454f90a9
SHA2560c8357f7dcc5baa71d3a963152f0c68acfbbcbf8b34cf056408941227904b002
SHA512df470e1a906076a8680b68974b39a124c2f12bd9b88f01bf031d817632b2e18df6f00ea055ce732d83d30525389d3da3179a78df3e778b70e184ebbd3f777da1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59e76ded88185d966ed994a3b227f2a1d
SHA125b82dda571ba3147d59c148b6f790aa91c3446d
SHA2568c19451cfec7b260cb5c44bc8b0c92a955e287ffbe6b4fe8ab310967a0d4dff9
SHA512253fbb07ec4b0ac377458d9f221e180041e856b4cd875d147783431435d6dd2b2a17437a231b62cb2c4112017f5a40ffa94d9699cf70bcbd3b9d0b9cdc797d48
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c5e50884dccda3ad896ba8821d54c22a
SHA1b2322a40ce310803d6e46e9ad8428ec40f801d08
SHA2564359684a58967ae1d623521c04a38d73a628dc0df02677685ebd03e82a64c981
SHA5128da71df6927fac332d1461cf50a88ecdf79feeef6a2a04e6ec595a6d8c92ed199d2831002c06b39f4dae0ab48102e96530d0b1e9bb65bc330d14ee668fe54548
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d14abe739611c2f390f178a1d91ca5fb
SHA123efdeebd9f90acbe14db34e11748c2d42f9733d
SHA256af8569201f8b068735d975b5b8d63a892a489bbc179d5ffb4dd8c3af954b84ac
SHA5125e901a9c12f1676825be8d76f8846f6c41f42ae8a6c6f6a0e915a1f6e896f175730696ec5061c4f0730f793bc37689285e829f9f7899e2fcbff0acd8f2991080
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD536821426f04ec63970f600a6827f1cd5
SHA1a3e3762a619d7862492b945f0805707ec5be2cc6
SHA256d3968e97c95c13ac3c15ca2afee436793251908d42ecbe64e6540150f2423140
SHA512f0476258b702d1163c350ccad1c50e4a5f837cbc4b7c6b2fc96edcd716879e4721a2144ddf4ffd0faa0f18f1a4daad3897e64faed101db14bba1a6d6718f5053
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e0c80b78221e55b89ee457c86b3bf49f
SHA161858ac3fc69b61ebec794e34efd0f6318302d76
SHA256cb3623a8bab747d2bc8c2070f1cf2fe97222c7cf14a9f81dd5b0083902a5140c
SHA5120d5c5bb1663124cfd0b0fac67934d029aae7a50d792a50541cf9f9f1ebf871516d96e53e12f98b8630fd54f0c3548ace931197515f547a1a18db44a1a890b0d9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5713eacbc3b554ab7b74cfdb0bd891c54
SHA18d21a45ce9d9f870ed945138caba33bb1d54e1e9
SHA256e63b5afec68ef41fadbebc7cd3b3d7620ac80f94f5b5435b4891e5d853757f62
SHA5127bb038cb2ba6caaeb00d4f6350d2eb9725dbcce1a8277caac79dd9781500e455bd9b74c957b9fe5524e1d2588c9ec75c621fee911102186e8643a702f971336d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d2aa38ead35ca80fffbb646209ae1baa
SHA1475f5f244e22f54398dc488000995f57ce3ed402
SHA2565a357bd5b64fc46056c531dc13cf6b962f64253c687d597e7ae24fdd7d9e3a38
SHA512897b1eccc0bfd50d980f826505671c6fbcb7ee60a65b796823589617705a96295a679fa1069cd53b935f14c3ee0c7d08c625aed1837fdf64b80c547457f2e231
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56794451b5888603446ca21c7ca254bce
SHA1ead98d8d6c7f391eb8d477758f096d02ec97e03e
SHA25641df43d710ad42d6a89ef4d357f583589f6718476d89f68b01ac1ecdaeec249f
SHA512ff62b46897fa6669067c854fa72f69423919d16940cbde60420d9ff51090ceec73daf59aa2713f42dd1687364a257131c8d7a19de182842d6628a80325c66790
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD582c9ea991ec1d95b59de00fe644f1f45
SHA1e6230a69e14193ecf9ec6c2dfc3bdd49d0b4ffa0
SHA2560de330e39eb1f33c0e223294ecda98508f78b818c49ad75602c38a0b67f550e5
SHA512548f6871142926bcc2b9d590832eb9db1d9cf99529c86a41fe62c5ba8b841d1b50dc0335d5025e20121f2d0ca8c67d893690b34a677c06b87fde733a9f7c946a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e8c08140032e51ee73c3fac2746e62eb
SHA1833aa01a2cf8c6934c32ec4637751db6c01294dc
SHA256d44fbe8f84e06773af082b4f0317ff16ea3f3f4ae9dedc77c7287ead3c674bd7
SHA512ab29cbee810a520707911d94b574889c1cd99ccd0b8aaf9c104dbd8a34307467200eb5c8c887d28bd8aefd60baad82f1ce952d3a1a353fad0a1d5fe59cccea34
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5384716f89fc1925d2c60ff629f81280d
SHA1abfe4178c864f52cb5444c47accc343d09b80964
SHA25605f6962b3a0fe1223fe096e6c1242dae2278760856c577c153ade4f446d56b2e
SHA51202c3ead53ff2eeaf4c63b030354c48454ef0509a49cf04c51eeedb9f6c59968ff035d1db3f53f534fe5fa27b8aac36878ac35126f673adf52e12b29981cb684c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58825cbad193a019909039284d60ec627
SHA10844f736386f81dc6add7cd82beff574279d0277
SHA256751dbba7cdd6cdb4be2b8272d12bf8731981752630764e1a326f2bae27164a1a
SHA5123416d9f170da50b1a3345a57d4e7979c9f86f8fc8a8ae2e7187b69e9598bfd6b4e388d5d0e3456fff1349cd93f579355b1d417fececcf52b184e8051cf2cb65b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e744d480298fa6efd5d9d7276c173682
SHA17b6298e065598528d4c74ec11facf919c185425f
SHA25623528e65469cd2c77bc803e165363a041e64937ece95b544b64e44159593fe26
SHA512aee15d6598f4ae671185a1ac3c22921159218232964f86f5439b8163376e94ce1e5e7323ae53e6c428a078e1f708be56f2dc9e23b57ffad461c954184d80a436
-
Filesize
67KB
MD52d3dcf90f6c99f47e7593ea250c9e749
SHA151be82be4a272669983313565b4940d4b1385237
SHA2568714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4
SHA5129c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5
-
Filesize
160KB
MD57186ad693b8ad9444401bd9bcd2217c2
SHA15c28ca10a650f6026b0df4737078fa4197f3bac1
SHA2569a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed
SHA512135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b