Analysis
-
max time kernel
137s -
max time network
140s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 23:02
Static task
static1
Behavioral task
behavioral1
Sample
a2d5ba343d384e2ab9fdf1ae39bc1941_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a2d5ba343d384e2ab9fdf1ae39bc1941_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a2d5ba343d384e2ab9fdf1ae39bc1941_JaffaCakes118.html
-
Size
67KB
-
MD5
a2d5ba343d384e2ab9fdf1ae39bc1941
-
SHA1
35c7061c104a2b6e4198817d6e740c5cefc1ab9f
-
SHA256
19aae5a623700dbfa4f5e9afe0f70d1965f75471b30e076409e477e9b400cc23
-
SHA512
10f0673ea1903d71fb1f51baea2e50be245b9dccce48230f4ec33cc644cf96a5a075e1a03e935bf5b69c91ca2b977617a4031a1cd1e05e73a28d5cf66818d3cb
-
SSDEEP
768:JiogcMiR3sI2PDDnX0g6+w6iaUoTyS1wCZkoTyMdtbBnfBgN8/lboi2hcpQFVG8X:JaxTzNen0tbrga94hcuNnQC
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424395241" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000003d66cda85ef5afe7fa0f79168264b9e7d42fd5bdef3877fd1409493465d548e1000000000e8000000002000020000000f8d3cc9edba1feba950623d5448178e0583aa6ccfbc12204ea07f3be53df000590000000c658a2cd7ac83788f5e65f84387a35b64fe811e7afd9015c635928f243e1c0663b8d03aedd04dcaa085cc9765cc1bbc68bb3b6e8301092b07017341062e9e6fd025df61e2c0b674008780a5d7f7a9a96e56374e0c53a4f2ed9bb0e89c4614b4ba4d16aaf2fb31f8d53eb8a1ef5115c3fa310db199cec14adc47f61f7ad01aa8962db9a0029123fcc9f4024d753ba472640000000d8b70e24d064ecb01b091e476343c6e96c280801166e1c94dc4809d66f10bcb73bfb4523de51f27bbdc9ac6dec70477fd82cd93aecc8d159f858f33a6bcd080f iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000c08e17f2e8cf66fb9b5ce4789462007e1806ccfb482052d8b389d2304b6b6ece000000000e8000000002000020000000f06a5159035d94b3ee0e62b81e123480d78721d9d2aa62aeda4549edce160bcc200000000066ff0b1c1fff6bdfbfe39732ff9ea75bfca31ea5bb05254778ad5570bce51640000000e2320da8bb000b1401e319caa970bf9068fbe3dd8fe0037be26693cbd2b31c502c647c162a6f03fa0376b051880de9ce1adf9495268e2df48fee425db8159590 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 401f75bb1cbdda01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E6B8FCD1-290F-11EF-A85D-46C1B5BE3FA8} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 948 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 948 iexplore.exe 948 iexplore.exe 1088 IEXPLORE.EXE 1088 IEXPLORE.EXE 1088 IEXPLORE.EXE 1088 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 948 wrote to memory of 1088 948 iexplore.exe 28 PID 948 wrote to memory of 1088 948 iexplore.exe 28 PID 948 wrote to memory of 1088 948 iexplore.exe 28 PID 948 wrote to memory of 1088 948 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a2d5ba343d384e2ab9fdf1ae39bc1941_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:948 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:948 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1088
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dc0d13cb4baafe9441f957a1534b2de7
SHA1ed9a2fca03aca7526467fd0cdc5e32885101ce82
SHA2562830abd41927b1618605d6a49ff3c0b4718ce8ae44405adb33f91d72311504e8
SHA512030ed7d8039b4cfcdb18ee71a05b2693acda5871a88f9eeeafb47a8786a6b1304a13b675e29557d3ade1669754b6ddc3d34fe018c3035ad6c879a305cf6bb825
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50f75038a68ae94adcb18a29051dd5ffb
SHA1f1d0cc44395fe70c986128e467a545bbf63dec28
SHA256ee1c4bbc83f1b28acbe2d92e5daa0a0c6759f84ef3e10a62b0324e4c176f9b79
SHA5125a98940b456bd52efaed6fbe7f0258a8170cbc727613c349ba690d342dc7493d1a49ed76c7d34feaf9b0575b4ea58bf9e679fa287b49894570ad8b3ffbd5aab5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD541de76042208fed15598e6006ffcf34a
SHA1e673632f6e2a8cf67389d64aef10996cb02598fe
SHA2560b317fd4c012da444faff30ae6003366eebf6b854f67792671a3e8fedf9f1bed
SHA512d26f3aa9ae06e39722f26c6467e84fad3432879efdee21e28f8ae85c2ff7191d8d6b23f53b5f2ddad46d8d6f1e49ccbfdb7915e8c55932cbcf9af8c978c25127
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58fa678130263cbd2cb5e349e974e6222
SHA15624081ea804592eed66956c0c77ed902457971e
SHA25693eabf75ed167cdca924550f59491db05a8892766d9a89d47ee408d7db7053c4
SHA512c36ecee56545fdf27ed16517cec2f35e95f13c2b4688ceb94f246abaca8c598c3657ea353995e9965dfa4b17827012c453816484a140283ab2cf9bae9e5474fd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5353fbb19b3fdbf0ada970ae99f6beca9
SHA13072da3c94e5b6411138e609c1a0d9872be3658c
SHA2563e707dc6814136e6480246f9a9190e14183c0d9f9ba3011b82cc6b3af160ac66
SHA512e6cda8815391d67db5cad60dc7416cb83c2ca87275673550571d239a1b7459b68055dfb0794abaf49cb1e8e4e660aba58461bc568cf3e90c7d2671835a1e37b8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD584c07a1af97df214147c5e1fb3c5dcdd
SHA1629e54c5482b5588d06bd82e81799273f821fde2
SHA2568575dfaf6fe1ecff962af29c6954c8d41ac1c858abdd43fdb34c7e65445e63f7
SHA512b08d911e9f266646e09aa6622cc5e8c4ecf3726a40df3637a2b4478e9c2307c5a8262d4856a567d237e57781ee4f37b993df8fb54c5cbc410515be065b6df370
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f0d5dbfc814fffe65804d56e5f0560a9
SHA1a01f440aecca81333d04cff5b4a5d46ad89d5c09
SHA256a3d43e804c6aab577987acab88606459feb471ecf86d832d15e33166ec187c5f
SHA512c79803b557a93dd1496fa71bbfacbd1214978850bb45bb209f363367769ae24796efcd13e4693f3aa7e84a6f1a5fa85ac1d8180c836f09ff75b48c7f4210b608
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD530858358a2afde60f275b50c1e706f42
SHA151a04a757c10fe3c178f6ddc39c85d50002841f0
SHA25610ea7bcc9fd48c1dd997c341d584ab1987b0a4a65f8e5d8e9254d9aca925a9eb
SHA5121e990fc7146bfe0d545a63ed9835ee35b559138bd6a0d4cd6d590c6c93101cb8f05f09c0e6a103999a65f72b24b04014c5aca1e8ed3bb87f3bf4f346810eaec0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51cea7c3d2fd5bc58206a096b988ff7c5
SHA1bdf16f60dc5adaf0097329ce753160ad0d55a0a0
SHA256983b91e57c8d990cfda2501707bafaa77de6e6ab6765658f5a9d344c7edbad5f
SHA5128925cef98566b0eae132ecac328b38047bffe8b66446645b832055cd3316ed78f74d2c6fe847f43e552daa2f57437c9df9b99c20e5b55c5facb50309b4347039
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59784547fcd099ad5e0af653d4f213d85
SHA1f961c1f1fb6e4377aa9f3659ca4c6dbf1b0579e8
SHA25662ab3955ec11824a457489c2ed7da0e9d8cfb21ee960c00318c986a58544431e
SHA512582c5a4db11bfe067bfa083e35edd92da9eb4520d0786a76209e27904140b2fa338ba03640f5f99dac1147700032ab549c80c087b418ed22b30d59d8261bb004
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD580fe8a1ed579f778cd3b5ec0ce994470
SHA1481fd83d43c2daed4dd6f18a57008099a72e4f85
SHA2561ed597be3c09343ca2c133d18396f72a7da06761a39e05c93964b6c8520a19b6
SHA512df0a5e03d0b9711838caf350931003bd0fd01c06ac697545f24b897bfcfc450836527c1d6ea6e5fb2a3cb4e3d0041d3a71fb558336d943583b6b0e02638ccdee
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ca46b976b7677c0526ba018ec991b46e
SHA1385ffe2d47ad9892b928b762e0520b656deeef7a
SHA256825fe277239cf977583f5d5081cda3b1ecd5fb5bf99fcc318ecbf0854601619f
SHA512040cdb78cefd6f9bbd32cd8ccdcdbf32c40ef483e3058d56e0b488a3085506e2599484cb94bcd253d57f3d7c8f15855dd4a87853e750fd054e6a13e682b61ac0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD506db7153fe277c7c3e730a25fcec9539
SHA138ee31733a9b52bdb1a43cc55bc8ab6773facd19
SHA25628b7db81c91f6701a7a60fd3c6861d099aefc8a64306d4df42d93c522d9f9c7f
SHA512a8c563cc6902e910aa9f4767e983affc77ae454afec8b61103d3c2d4e47c8c6ddf365861058ccd2b42bef9dc0542c4f593fd6b9446a9f49f895f3cac07fa34ac
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59bc2964b7d3ddd1119de69d97e2f280b
SHA15feb5730bc8f54421439d1884fa2f00026599460
SHA2561da0b4381a778b63857bfddc71866cad5ab4c7e5e249abc3ef9f403ed8fdc0d6
SHA5123d53dd5e45ff5ebece5d11b1d74476762dc7a4d019887895c27531a4dbb747c459020e0471f3905a955c4de80dced0863889b55eb4331d898492c9b6792b6838
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD577610f08ea4c8a57813148a4e714fdbc
SHA151f4d7f3490dd9d62fe3375490116ee91769d0f5
SHA256b1115910646d91bb30c21117ea0c049e2a2f8ab47416093a8acd520721482164
SHA512cf129547ebcd93b844607b7d8ea73c479f1bb8466e5bc1e6da1647da337eb96876fa0465d5450a8ec4f513d34a995a32f2f26a388c0067b71a968d1af1a1c9ac
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5908f8a2d66399603d633dcd5537b8786
SHA1c4a8bf4debe0c0b57b192e6c019da16922c6937a
SHA256013bde7c755ebcffc0d658a71405d1d6884af0918dc4e5ecc8bfcd4c41b7dcea
SHA512128d2dfbdf99995ea5658d3e056c129d06e5112b89aa856fcacfdb8c3bd260e8c4ba1763bfeb52506ca0ca9fcfae17ac06c1cdae640282498d97490a1ef4951c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52c39bf395cd8ea5e9a3a76730827c157
SHA1eb1a91efd0f1c17616141542cb02a9136dbc7eac
SHA2568dd09fabaeb1365719b9391e9255593f0b1c9f79f5f41707fbb2c17c0cc6990c
SHA512f6577548d2452400af88cbf5ed4e1474c4edc89ef8455044afbd66f8dd5acb8907da6038322500c328e4f8d09ca11a9d4ed99ec559fbdf249434a7dead3571d5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cc6f3b25a8d2373b46a8a1009669cf18
SHA1b0690b89f0718e7c58b4594d036701f05f07da04
SHA256b6d6fa0bfea0f7798c72cffdab55a242146ff6ee19fa949ff2860b3b671128eb
SHA512d6b98813ab07ac9204f975c38c0be6071b5df8946995db9c4b4fb4286eb49c0406cc618d38724b3743648f065910718b281fe67560a0329ba5a2100659c04013
-
Filesize
67KB
MD52d3dcf90f6c99f47e7593ea250c9e749
SHA151be82be4a272669983313565b4940d4b1385237
SHA2568714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4
SHA5129c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5
-
Filesize
160KB
MD57186ad693b8ad9444401bd9bcd2217c2
SHA15c28ca10a650f6026b0df4737078fa4197f3bac1
SHA2569a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed
SHA512135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b