Analysis
-
max time kernel
117s -
max time network
134s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 23:07
Static task
static1
Behavioral task
behavioral1
Sample
a2d991f43b38c338322a8a26be09f591_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a2d991f43b38c338322a8a26be09f591_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a2d991f43b38c338322a8a26be09f591_JaffaCakes118.html
-
Size
4KB
-
MD5
a2d991f43b38c338322a8a26be09f591
-
SHA1
194146a61ed49571e70b0843302aa545217d2323
-
SHA256
e2182dd6d8758669d22f06554f36f62b8918b6b87dc499391668d9a26e17d340
-
SHA512
034eb42c67eb7097fb42afef0d38121f1a4275bb5ee474eb81532294aa423a06726093c7e3b61cd271ae32679a87b649fb04aca3acd98d4fb849efc2e4b0bc85
-
SSDEEP
96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8ol+Pnrd:Pk7yY1aEFHVKtF37sNjtXATIQFM93pDX
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90611b551dbdda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424395501" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7FA1C351-2910-11EF-A8D3-D2DB9F9EC2A6} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000faf050008a05bfafd61d642fa4962b4e49842c729cbd8eeb4d34857f8ba0bfa4000000000e8000000002000020000000aa48a726196c522e607f08ccede1656a981eecb4691a6c3e407949433038c09020000000fcca8dee97e6d77f17dcae6e2ed0472b2cf5dbc70dbfb4535b8e7d9d172d578a40000000478ec3fb6b44de7e6abede093aa1f6c2e5f7957279f500fb85dc600423adcdcac623fc8c1e723ac7b63be98864358ca6d586791491d6586d7038d8927c8fb873 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000da6a303c4e414a83f2ffe3ab83db76a22ab651258c6596e4f3c8940eb1311b2c000000000e800000000200002000000010fc4a7a4ff2b9acf7b35effbc76b215d97b9502199a943424f78d54cf7856cc900000003ae0adaebd5228e8a12e6a614b7bd8cf0315e94fd93e220d37e6ee98a4a32f44db23dd689cf27ec419bb7386de2ddbb0d3fa47f8e8e4063f9ed3498c738787e4244c9a8820c0d6f8b9e9c9dd0df84dfc06da0c3ee4a0b37baf79af577ed9a06e693d316386f5398bc7b5cc65bf260e5c8e5d35131526c059b03748e02bdb12fa38809aa2056838f3522084fdeb72f4244000000005f78e7e898563ff22d835878fbaaba4389d67c2595ec0198de8e7e013b4d47af735fc3ed7101de186a2688be2c228d451201bcb5cf79784b80397a181130d3f iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1732 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1732 iexplore.exe 1732 iexplore.exe 2832 IEXPLORE.EXE 2832 IEXPLORE.EXE 2832 IEXPLORE.EXE 2832 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1732 wrote to memory of 2832 1732 iexplore.exe 28 PID 1732 wrote to memory of 2832 1732 iexplore.exe 28 PID 1732 wrote to memory of 2832 1732 iexplore.exe 28 PID 1732 wrote to memory of 2832 1732 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a2d991f43b38c338322a8a26be09f591_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1732 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1732 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2832
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f9a00c8f6cc0de4a7e6785a2be043552
SHA181d5951d2734701a9fc30ce136316cd61af5d625
SHA25626bb38dd5af3a5701921fc27d93991a31c4dbe61b914848543849f6084836512
SHA512df01feb14103f6ff84021a8439dd926723cb7465c5e77af9b38e7507a3f632672bba60f69a8bda98697627fa7360cc688d6c2e6dfa9065dd4c410ea60a3f2630
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57b5eaebb60e4e09aa827b6d3a760c3f0
SHA1e21e6f55c47aafaeaa12093a0c719fdcc7595e3d
SHA2561fb93fd251476318e2cc97b3af2771c4f72c60e5b0886976f52d03d30c238003
SHA5128af886b6e0aedc98a7f40c3bef709e9763c97ef70525720a4ac78d5ee531e3a7251e9eb36abbf4d5f3c5eecc2d045990b3194b7477114b560b4cadbe7bfbb0ac
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52494477842a2466a951bcd39a03c5e5d
SHA1cd5b38849b278f273ba610f0f1bbd7a141095af9
SHA2569c47b1610d7848ed92c9b156517bc7638200db544d6a81a1da8d008e9714863c
SHA5129467eb1116e5a7e7cb25fb8bca3c35b1b175f07ca4263d52e28e2ba0f30eb651d726c3476b56f9aec9058a15e815af327220672fbf27c724ee5f0ce26c288c62
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53637064e2bd5d3eaa636da99ac61c635
SHA1d1591523dad312124bace3f48a6f3b7cb1fbfaf7
SHA25674930f5a5ab55aa236d3229c2ccf9d0ade6a4278791cf9f6dbc3a50ffcb13cb5
SHA51270b2a8ec916ab14bfbd73bd16c2a1b63e0ad3d101c995b8af61b40d1d3138c5ccd7fae57e0143faa0916645cc89fb14498b85f6ff139750684181ea8d5fd9e98
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54319f70c750f2f735979cd4035e42dbe
SHA15937940b28030fcaa97da9c9a9d43fa3dbcb5541
SHA2564033ddc54801f9ee01e0c35354331814ddc1a4be814b9ea7117ee4666eca2c42
SHA5126fc7cc95dcdf30ff423a7aff7c08d1755e82c09d7e27cb168799821c911cdd7f507e6915098561a6c0bf835b2336eb60c8903bff7b6c0282674c7553bd227388
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5900b7890c03aa3f523b7420a3c32f160
SHA1490abdfbfb6b3d1e7cb5e5d5ac3c84d1e2afb70f
SHA2569ea9a53a7d839efcf500e0065abc7bf6ff5d35c5be6b1cf577ccf0eef77e4eb2
SHA51294adae08de5b3fe43d4e4043fd873b2e67069c08f25d911af735287a9e933ac2abdf454246c3b73cdcebc562635c19b94a5cdef57f67cd6bf389140618788515
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f223632d5c16c0c9889f57a35345f594
SHA14930c1c179682c9bfbec84df2eee1144a506f2d8
SHA2561bac87bb8320689f48c23fccf49e9da1690e635e8415fb73a3ad222122be1d05
SHA512ba1e700abd6ef1e00c534c2c4c0f8c8b3978d5348edcc2b35a0d1a90d0b754f94ea4088a522b397fa77d79d71635bbdab865d8e0e09c39a6dcabb182a115bc60
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5456f45286f6841ba0e9625f097addc92
SHA1594b800367cb3078f622bffd2f048e841dde2e43
SHA256a4d208a2abe319bdf2c2b1fee33fca0f3ef43dfa8bac0fa26ce1a34cd7894d56
SHA5127554bf7566804c85431decc25f527f35a61d77f49bea9cffdadf83731fee445aa387874b72fa1702d266b02fae9d1cb4341bf5897ebd6c48349b2968c6f0cdba
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD557983c0d2353582320e25d4a151e9a6e
SHA1ba48709825580970642b17eca2dd17720b164f94
SHA2569e0c11d80c1b6ae213b3853b23ac0d3b38119554343ea53db41b225e7f593996
SHA512c9f9486710e17d29e3f9ba8874d3dcb5b05702bebe9ae76036cc733c653671fde854471f2650c27e3a9a0438311cd501eb4c597569e24b5a5b64d9fe0038470d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c1d26acfd4a606bad7224fc35cf4e8cf
SHA114957e55cc8c6b48e8f4053603caddc80dd5961f
SHA25666815022b5091c7e57c4c8a85a255ecfc0ff4f2683ee5353c0e4da9c6ef4d9bc
SHA512f3193df83ded9fadd4e0acda496d31fed97d62305732d057de848e41ae3b05b38dc6d14411f6835dde011df0006d648dafab04c568b952511e0f396cc97e5f59
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD587eeb319df2580e1862664dfa33564c5
SHA1c4c8526206004e8d1fb945308473b8efe80ce8ce
SHA2569fedf13323e44e45018ae418c3c5c843b9e3f42d30389ebd8b8d0a6b79b91e85
SHA512e97e1a842832cb2db69ad0a9c220f3cb2d9f91f0c5da81284632f7263014a171e54ec54ff0c66328ec47fcfb6702ed00587ff2ae8a38449bb452e4a7f5bc5de5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52bbd9e95a8d4781dbc17430613602f81
SHA1e946e585ded12478048bd78c92ab2d7645dc13ef
SHA256576cfce8428630c69fb11f5d5a698325fbef5ff7af0878350e97974359a077dd
SHA512e59e0e24f7f6e6ae0a43f00c9b512e6190b9d640042ad221f443540df832b46afa08bb07c94e31387136ca47ceff1dcb33e03a6a62357d2e194f71ef74f49209
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5494caaa7c0a684a3f79be2132621c727
SHA139b496aee3ffe886b415d8304bc539ad8837083a
SHA256f29926159b6c79595f0b06db01e04f9cbd9ffe51ccdeba3f73876d39ce5bae72
SHA51256e9ba76364da03308e8829921bd2b20134a5642d329e7c9004f4bbeab2264945a4308d0dd77388bc9c9d06a9c3ec8e3aaf42152f8aff44f283979947ba43dbb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a0f1699fe0772b1325b678949eedca8d
SHA1c4b2b46c3be002724ef35a12fb6ec1d18da4e15a
SHA256bbb15e8f23344d353bc08bbc2a42947bdcc369dd3e71578727c820e992c2004f
SHA5128bc4be052f8c58cad844a49ff897c38d6e9025c7f9a20a6bdd6b71fe9f0734c425aa010413b518e2888fe0473424a1a4f9d8296709fd260ecbe60cc85f14cb1e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e22c3d1f066c6afafb15197ffc79e4cd
SHA17b1f83a28f4614b81475ad217c4a49966e9b63e6
SHA2567ee9e2f044c94115710355de43e43bbe21b5d3a642aceca8336298c486fd1627
SHA512a7e09e1d0bfea758a0f1ef8768168a98af9b386678327df80fe5e27a7afb339eb318d88376b8760e002286f2977794f79137afd2956cfa3729340a584d965cb5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD574e1b2df744a2a5acb3377bddc7037bd
SHA1122f1f9e4bd180282d9f631a817a45964cda07fd
SHA25685d407ef4d705fd42b82d1753424208fac0042679b4f9eec42e72a5642fa83b9
SHA5120b6a0efb3fc2791994cd52590243ce57d4a9b0265fd7e845e828862f872166b2e10d57d08f78963437baddf706e85093e13c6f5d5dea6cdbae02bcd3dd59d38c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD545aa754ffcea132e9df63b8f0967366a
SHA1a7d12fae60b18dafd1b56f3b1dd99ab9debacfd7
SHA25667dd6737445bae19a6ba7fdc79ae9c3a21ba96e9b71f1f89b49ce342cf7e400d
SHA512f67b1bb1c0fc306b8b77bd7d4be1b4e1b159e000c0cf9f60c42bce9521cf1d5439787f1f4940337463a10f3cb298f6975caafe68a7a1cc09fb505fd9ddaeedaf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59156b02d8ee0974b5b7a62e3855e4490
SHA1f27c938d19d78c71041707c77f747c3076e85d29
SHA25649c7763b344017c897fc97ed8c3df867d0415a5932e301fe9ae5719a002a4a72
SHA512b2f05fe8053126d50f70b0e41174adb692f2ab36385f4b1780a3618b1b153f16465fbc789c9d8f64124aae331ce67ba5b80374dee564924630f8e66e245993e6
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b