Analysis
-
max time kernel
117s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 23:06
Static task
static1
Behavioral task
behavioral1
Sample
a2d8c3c70db0ce417f303385b65ec033_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a2d8c3c70db0ce417f303385b65ec033_JaffaCakes118.html
Resource
win10v2004-20240226-en
General
-
Target
a2d8c3c70db0ce417f303385b65ec033_JaffaCakes118.html
-
Size
460KB
-
MD5
a2d8c3c70db0ce417f303385b65ec033
-
SHA1
66d9c74cec29d5a76feb47fa4e9eae696869421d
-
SHA256
566d4f8342647329df1c99bd572c59df53263ab1c27eb05b4766e9aa554de4fe
-
SHA512
9bbe1351acef9020398fab74b304c9ae8d61d0b72e247c76ee2a03b1c283b24c3d3f2341f4cc518ab5d2a9c3bb79bfbe118994172a997816135427832982ae76
-
SSDEEP
6144:SysMYod+X3oI+YnsMYod+X3oI+YwsMYod+X3oI+YLsMYod+X3oI+YQ:p5d+X3R5d+X3c5d+X315d+X3+
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000757112310ff4754f8d676434dab125d90000000002000000000010660000000100002000000006d78779d79a6e78c0dabd5787ea66f131ff9bbcbc6457579397fc76e0b96e25000000000e80000000020000200000006ab3d78e17d474dc5e4de3809cac07573c037a13b5d07e76fce724e18b4505e120000000bff0324512ffe728038aafca3735a7a62d5ca15cadc1522483c10c7bcdb631d340000000a1c19134cd94809b7a142994c0025a5442c9c0365b33d3fbc6be93d3d27ab6e4de6601d14e58b23e33f488973165c80819bea431dbfedc517c91699f0bbb4de2 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000757112310ff4754f8d676434dab125d9000000000200000000001066000000010000200000000d827fb0f80b2b0df62123528c6654d860d8b5f2024f3fa8d377f8be9b85abba000000000e80000000020000200000006353009fe886542d50f9c06cef42d6f6c56d72ee1777146e6c146cf545b7fef590000000656e42f3d4e169c9e5c8afe49b0d73cbc76a21d1656021cc19c47a97ecdb312167b0df020989187673861ff8a543b82bb4bd54595209385c1a5df9e92544a01fda178a1d39eeedef498aa0158906d06ade5db80c74799f61cd24ab14452ec01bbd0bb5e2560f481dcc657035c5e8157f43e4696e805c4b87745ecc1dc594946b7e86857b7ffad1e7a434b4f6308eea42400000001ed9a9ab09e02db27a1b9ae46d5897364c813fc25c7f116956cda3bb312c3f2e16e4abeb5e5fafb813d1746ed8bfecd56d81a4e97bd64446b75c89ebedf8be2d iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 805859351dbdda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5CC4DDE1-2910-11EF-A30C-E60682B688C9} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424395440" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2196 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2196 iexplore.exe 2196 iexplore.exe 2552 IEXPLORE.EXE 2552 IEXPLORE.EXE 2552 IEXPLORE.EXE 2552 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2196 wrote to memory of 2552 2196 iexplore.exe 28 PID 2196 wrote to memory of 2552 2196 iexplore.exe 28 PID 2196 wrote to memory of 2552 2196 iexplore.exe 28 PID 2196 wrote to memory of 2552 2196 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a2d8c3c70db0ce417f303385b65ec033_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2196 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2196 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2552
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59d241514d5731650382535afb7847c62
SHA1f2e17f2a910e273ec26fed0dab2b3ed65beb3954
SHA256ac2c1abacd56f04625e24f7903599dbe5b06d8c30d3f1dc663ae81786fdc671b
SHA512fcc3e04aed447bf60bb6fb786b891cf52eab3a8ac100f7962fb09b143fa5c82bccfb4c487e0f619ea82d12f263ca013d8183015661458e3b25a1e752c10fca6f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52191a4757ffbdc317cf7a61d4d6112e1
SHA1f24c6d8a774546b1ed0ca159ee38b9abbbf4eff5
SHA256776729808c7d1b88c81dedc7032be69db4c5dfd3aed3fc9d9e8d4fba4ada5bae
SHA512298cbcb665296c8dc7ae5229fd03a26a44b1465bda9f9d8477368d2980560e48feb97159dae640e2e07168fd91792199c41669eaa2d3f8319fc532e86dca9d59
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c6ab2e6fe0b799eda53a15174cb5b7e9
SHA1d0385ab5b6049dc2c5dd4220aa8b1d98b12c641e
SHA2564b2c1fe210574e5be82fbc727ed372a283582247ae97d24014cf2f8173e84742
SHA5127cb0ee916b1fe9a3408afd6fc2d961946ed8a3a8ee2b6b4e88b23de33fcd94982ca542e216fd6c984fb3295af1891377ed283ada4702be3e46fdc6daa4a0a412
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52bfce96e05caac5d59b2294d9af9dfb3
SHA19b551d022549d02dcf1a4b343180ca1c3d598004
SHA256f1f5d102fc395e47a31c26cd4434dab60d30de39d8673238edde8e146ce45459
SHA5127ce594284e797b5ac20afb63e9e894c97fee093585c6107d1f47256404cb636c1a3c583f0ffbb5882688c45077285714473f4738ef35214ea9668f06e382bff6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56adcbf8b1766bc4b6a98bc5e0ba19bd7
SHA176aa83703dd8c846ef175cedf05d40062e3def33
SHA2561d8fbf47b0aa20c7bc5b7084ebeae23ab2f65055d9515b62d0f8604e9fd24857
SHA512db0eaf09e92393a14b41864ba9e9bf46c566bae60d5cd57872da5de278619d5cbbe6091d67eb151062f9e274943383e0b1fc9b67037bd93489a0a8502b740c1d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c72e9c0e048f723c779a440e7c63a2c5
SHA17ad1369d137269891ba459a736ab45bbd8b3b0e0
SHA256371aa1ddeeaca9b4f35fb23ac6db2ecdcbd59440ce8560d0abb6476b54c21fff
SHA5127fbca0ac40551a76c1c2c38bdd2355b2dd648c24e486ee4fb2cef75137e73f3c7b0f43c9b5b76dd196f2a002176a27ff7727b0a7e9b8a20386d0becf153ca5b8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5046dcded6a7a1e8fbafcb88a0fc40a25
SHA12ea5816310c9a2cd5601f521a0d0494014e6e865
SHA25684047305c3e5f4d1b138915f0e50cfb8dcaa79795ef4e7c7d2105802c695f479
SHA512d4053fa08d077ac5844b52e2506f5f5bb8e23fd8fe205e499c60caf206eb6424c7ebb06291fd03c4c78f3fa045d682b55a318b04aa0c5ed4c46dd51fee66769d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50d147529c5ee51b10a8022bd27fca57b
SHA184b6a2a7b2680d3df99cb6d67ab6966cd4e04e1c
SHA256f005d5993050f68cf7a1ae7247cdd7f00d6e6161847f6018d42c4e406b8a835d
SHA512e5c3bcc5c64a7331ed0d8984521c33aa1773360c62cd2975781c44c01c6e9e7dca975aebeba45bac6f1f715c837fb82ccc3e0cd6c662e5f6618e8970fb7caed6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5152e80cf102b8f5aae071bee3bf83a9c
SHA1542360d6f25a1b275f824728d37caa3d9591b935
SHA256e888ca2571d537a78ed615cb5676a393ccb7a71a2a965c0ccd732909bde1a268
SHA5121a7af3d24f827e330e1cfe466be7347552f8c72debcc61a2bd61b8b458417bdf9daf803a6aa03b2369df908dd34e4f98051b234ad498aab65d159fa2134698b6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5629060d7c0ea1128f880011f8a200b0d
SHA1113067e24fc0f6f5d66c1ca5f5a0458a7a16f17e
SHA256c820767c785b96889c53606b96fc0a4884808980ddd0f3eb0174ad191f2b793b
SHA512333dfa970d9d17ba9714bc77b24237e24774bd3226a38d7117426713da833e63948317f07558c41d53b79b8d2659bd43057b28c6a6deb65bd64542f878b64e77
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ff0a081e52531d3db72d4ab2284c436a
SHA1fd0677087229a8115525aeafa5c8df6e4be90533
SHA2563c26e142b459f1badf209bb67141b364608e450a8aa57612ef1b706224d7e564
SHA512e6a2a025f064a23c99a88946d5194087b27bf0b5d49f444ef152263b01e6e808f7c93de1ac8d934b7e25b197d733ad26a8aefef5202f2bc1d3298f363e592fd6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55b9b870100b1c13714f56e93f498b02e
SHA1953911db996b635a3f74c124703be67efd19068b
SHA256ce825a5a8795e937446201d03902ef98908cf54cf72db3636046bd2b6df36de8
SHA5121f9f474c6df6c5f899f5787be0d710561614c61187677fae8fc887beed5b2e1617a75ef4baed50ea492e581993a7b7d2fc609ea95f4347aecaf678167c9b56de
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52e1ae28bbb26256143708452f72ba84d
SHA12ed64cc3c46ab94fe850fde6bd37691d17533019
SHA2569fd9b1012d0dc4a7a2d1c066177f39be0fa990fdcaecd0f94bafb33bf7d189e0
SHA5120685fb3197f34a1337b261d53edf57e4034f4d4cb9925936ed5540599341d643df5e590909d55f9ebf95344e49590a6687f85ad232408bee663401fbe9ee0e5f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54036a3dba2e5af29c0faf0b8deeb1ec7
SHA1de14dd00a8a008e53f8dfe4a52adce025a5bc81a
SHA2562c0b6c564fb70406d2ef88a12aa1981e111e84cf2f5ab6d5ffb6bb916898e394
SHA51276805cd88332948a44404c262e2ea07d7c8c14fa8a6ab6ec2e8df7890565c535cdbca063044075c16df547567769fb6d0dac7755512e4a035b3421cbe15a4920
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD585bfe917d666ad9fb6694d70a570cce3
SHA1c285aead6e6ff863ba96da133aee924c667050a3
SHA256df2faa6a165bfb334e7b643a15a4a308d9d0ff3578d702b0ff0ffaaf0c759378
SHA5126e21ef5e437b7bd59de395ae89b80b749121d62ef9f76f80935e64650e28a236c812a0fe9a70f86f1a363a39d6c44b0eaf1ac945794c6793e4324ad6e09c957a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52f906d6886ad858ce9dc2b1ce8fc277e
SHA1a30f4a684b60aba8f159c09541e6efc2eb007f01
SHA256a91c985370f035f875105a42d91b69f3d3027b9131fde2a11abcdc779d541c87
SHA512bfdbe39fa8f6573f9523e70706486f053010481c6c176001bcee7a4114d6b759df87510df02ac91b9fbb94d864f47c60e5069eee368cf94dd24546daf9b360fe
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fa97ad276627ebba36775ef1b8799b61
SHA138857bf086d4276d5f88b24a7121eefd4ceeb5d8
SHA2563abc2f1b2da30b7655e2792392c37cc0cf6c20e874460186bc9f0dc6d821c60f
SHA512b642429b0e5f67da603e865312d3669f674d528e9d592c7308791d0e52536a49e35b56a7e3c1fb06441b7c6f0f75f5a2c935c64e9aed97319b84931864fafac6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b3196c2d8780e1c25d22cc6222ca8630
SHA14a51df3612e7b1bcc99d492449a030c6b228b475
SHA256db09069d62f44ccf6a5e31051115f4439a313e19c9d3c23148d604497ff025bf
SHA512a86c0eb27dd2d8d9c396cac5616962ae596e1790342d9b6b65179ff2cca9d20b6fac3cd159bdf4796d2b36f01b6209a87f35c04510d0f26d5857821bef58d83d
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b