Analysis
-
max time kernel
138s -
max time network
143s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 15:38
Static task
static1
Behavioral task
behavioral1
Sample
a12e0a630cd3081737f8670e04287186_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a12e0a630cd3081737f8670e04287186_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a12e0a630cd3081737f8670e04287186_JaffaCakes118.html
-
Size
51KB
-
MD5
a12e0a630cd3081737f8670e04287186
-
SHA1
a6fe15ef57ffafe061922ecea559429d6c926290
-
SHA256
edef00eeb573a90ba56bbf2ee36cc09b5189eada207109728160b5dcaa5efe08
-
SHA512
fcf79d1461dfbc64a081edde2f0e30ae747e2df070a8a817382025b9f0f2e5c7140b1331dff94cfe74f70c1fba4211f3c85435d42f083ce58f1ad05c3fb01757
-
SSDEEP
1536:SqQ+cOvU0+yHjc2HfeaiDktVzlUykccddmRyWfqDxRWR6RQLcRFLR7Ogq:SPROjXPMdwRyWfqDxRWR6RQQRFLR7Ogq
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000a1113645f66b1431d366e602425907e2fd3dc0a4908315aabcdcb577bbf5cb46000000000e8000000002000020000000c782233e67f93eb7ffca297936a9c86afcf30a3b5b3f0537228c2d293605c26f200000004c90de63cbae672b6847c609891797ca6bde709769ba7b0d7cbb10724efd40c040000000b0e92eea00c89fd55912dc02c3c76870909e52acf2dfd78b6cbba256d27e81d2a22aeab2e003aef9e8d5767a5742dffdc71b0d769f2815d4efd118054f2595df iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C3F5BB41-28D1-11EF-8132-FE0070C7CB2B} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424368555" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000804f5c19ee23140a27efc35fbb6a6525149c9841fef102f5a561f37e80768a57000000000e8000000002000020000000ba0093511d2681c57c83dfbe6e2f391c764e824304a7aef88357249181f282ea90000000d0a20ab10f20cec05d5a6a50d78c43d44c394594924a8ba8e330fd2de6b00f11e3f5ac8ab27afbef603e46b5757593883a2b3221305fef7028c80674e3955ca12590be47b978f9250227ff5eb0dbd6ba01fc1ded922442d870d6511f789f30e7ffbc29b92a5eafdcaddc7011aba5431db6471fcae9dfaffbc62fbd1ef2c2a4d03a879193d97584237f36ae773e68a23240000000daf80c0f681e20ced9d7ec5e617e1a670fc48e2747d4a5ed4b93760a88e06e1e4395f1eee52ae8de3aba094a9f7ae4ec8e17c7514cbb78bfe085d0d52ced25c1 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9023b19bdebcda01 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1760 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1760 iexplore.exe 1760 iexplore.exe 1144 IEXPLORE.EXE 1144 IEXPLORE.EXE 1144 IEXPLORE.EXE 1144 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1760 wrote to memory of 1144 1760 iexplore.exe 28 PID 1760 wrote to memory of 1144 1760 iexplore.exe 28 PID 1760 wrote to memory of 1144 1760 iexplore.exe 28 PID 1760 wrote to memory of 1144 1760 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a12e0a630cd3081737f8670e04287186_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1760 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1760 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1144
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54665895a8333e90713a6a0183f59f0f0
SHA1cd719a7a98ad588e447af8f82e682bbb95ec544a
SHA2563c33fb77a9ad0b8d573dc5e7360121d218a8e66839437adbc2a5fec6b06d633c
SHA5123b27cad24afe74fd5f736f040bb0c0fb375a7e26293f4d7529f89249c982d2e5d8b12326053d146f1d7ccc5f8d8984340ede980a18c22052a64c5132bf47fcf0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ff129e946330d08984b7a04806c4c2b3
SHA1e8973551820d86ba1a1ca2eaf9eb9ca8b1945c51
SHA256de447ac86b4a9e1085b0eae68a25ae2db959a3e5bb3df25eccbac4c6b89d4d56
SHA512c0c86d1012ec6600b3115a99de5de4a708ae3d2dd55a3d9256ca90397302e1960941584e554bd793d8b0d254dc6a6e9e3f5f84842a52c18062e6e515d505540e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ba98d9381e81fdb0217d62ca5f65d035
SHA10fee1a9d8be1605cfe70b1cfe991150227ebc721
SHA25656a4573f8a9f4fc6543f233cde75b099699131c8751046e476afff01ddb48824
SHA5122439c7e28901ba2898d6877f4bbbc0df437a829781136618eb4a8d26dfcae2e3941205b15f929c9173cee7c56707a2e56b84190f568f8e35a0ec614ab99aaa29
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c027cfb0916c0c1d706b834754d8eb52
SHA1c467035fb997d2a130e2122c809f56df749a80dc
SHA2569eeaeb2d590a1077c0b570d53fdbfbebc3c17ac8f73f99fde7dd4a2a0ac4af34
SHA512bce1cffaeb31a4d5ab6fffa6332f28d94cfa4b8e710186ef8ae9ac62ebb5bb01bf9d2be88fb4b0557fc762b0c668c0d6015e040278bb5c32110b9750db505113
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d4ce2f798efae9104c362e49aaecde2f
SHA1f3e8d1f07be8007b1f754b02be5cc003ac240d63
SHA2565b2d4c6412bd7d6d62518bc226e8365369d2e269866ef4345599b76b98988ce7
SHA512d29c11ae28baac036eaf31641ad91d136ba7c06e0b965cfc477f4f5f51d3979dab7cabe74f11154e5e911d981b5c083de0a3bebf2ddb3129b6046e25325ba532
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58ed30689d8a7cc77d7500e1165ca4ffe
SHA1df5834cee8bfd9fc4575a0b102a17b5faffe7736
SHA256b8754c2f6a383b80973da940a427e3674bf53259dd3c44c8497c037ddd2cdb7e
SHA512bb166521722d8be1084ec7bfef16be44313d08642dc7bf0b3c6d8cf25a18c311de21922ae9fa21e43f27d5101f3abbc4e2304291415ed5047ea4b94854b1b49f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dff703043e0fdcd62a8494f8df37112e
SHA1012c4b062c1955b0c6befbc100800a2558d620cb
SHA256fba051e60e014ecd9c24bb34bc29e4b87602dff91fee77b1eb44b62d6edd3335
SHA5125569dca2251c895fa96acf439be987ddfee958caff99a0bf5d5f3e5f7d34dd146f01da5823fdf8f5458c160e829a88f964d1a3b4f0971bc6bb1a6084c2e30725
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f462c0e47326291b8bbf8a21c395cd61
SHA1eafff58e50baecc96d4f01dbba88fc8d79843370
SHA256569107ac80241459f3b26cfb6e4ac10b5be4f83467d62cc10a9210bfa538573f
SHA512ea1d1e051f67bb73b96a0631d4132e1acbaf5fa8d3c13fea23935cb285eeab67838ff36dd5e46fab4d582c34877a1c240928acdc5360b52fe0d94bd020b838b6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD528eb3468b6551c94b6555ac6fca37393
SHA14b73093590aeba1fd53a7234bb9c2d9edd41a86d
SHA256944ef7f09ee7453eaa69d9a24841950bb6ee703554840f553951dd7e32067aa9
SHA5126b295e5934ac7de2a392a5aa2f12657e5ea3b1b6d04b5f7d04211cf64749231346e45de7bd22eae4af3367da22da91115520df1ad65326aa3c1e981368e89662
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5989b198b821963741d3c5ca9e7186f78
SHA1e4a17e1bd1a84ecf0d01b49c5c932d87d26681a5
SHA256228d24ccc25d99085ea697721542073ebe0bb6cb3edbacb837d298d25eafd403
SHA512df5d89ab2a6835f1e73546214bf0c64a6bb8e0326d476fe686b72d159b71851bc4a37641c1a43e8c2b84bb2ab1eefaf421baebf4437feec308ee924c0d339d7a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD592877e40243c2b782169b0c088caea18
SHA1075bd9f4649eb906f3e2be6dbdb60e03777d6d65
SHA2565a35f1f77a2e5dd9d5715035fb5192b51a27e6b1f08f76cf10c29f1913461b45
SHA5126df4775a2ba56d1244a38f2a87aabe107d380432f0b3b00168042635eda1fb5dcf354aafe2e88c71791ee972988c8346eba74887d6868aa4741e3a8640b68cc9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51ff33fe32a774dbabc8771079e430336
SHA19fc3e0773600113132e0cb7adba59aa8731a4bc3
SHA2564f764125948e8b165991f8ade98a4e7b17826b88e8ccd2c3e91a2b6c6db6b8d8
SHA512029cb44a9e6b141af1b131ddcbd475f81f8015e86349147d93117c3208a333920458a5739d9747cd27673206fa1888bcc4f5559834f5f45e9972d7f5ac3c45bf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5701572efbb1a48f797abbe399b65ac3b
SHA16da59e0b1cf0600c89233cceaba5eaeb263a2e4c
SHA256c1e3e0f6f9de9e8d623152310c4d31eb004992a9dcfd6eaf4ac7d5de98e7922c
SHA512075bed4f5e235279ec00aa662ab7c408895eeb35096a031f4c702dccfb3b3e2814e57368d13fd8b52ac4b43b19972905a4c83ff4009683169ddaea2a4106eeb1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e92cc1cc14aeafed807bb2eaab5f7b61
SHA117878b4bbe39bd8cb54509924aacb869e19bc0d3
SHA25668fa461cb081fa14cd924009880bd849feb49bc2212117379fb8b08e090553e2
SHA51234b6e6e4ef28f00bbc58cbd4e2a38674a407d0e25ca99b2ed780a8884d03e2d43d2ba8f092b5bb9bf55db931f96a14844fc6b0647ec885808b21a8ce4d4d74fa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c3d86b4e05f06b2361e289fa78d8c53f
SHA12a12cea10a77783f0e83739e7849f174f303c654
SHA256f25816cbec12920cf0ec671b7278220ac1ada241f626cf541751af61021cec0c
SHA512aab261e5fd757de2212fa4fd8262eb2f732503d119177d12ec053d6ace777664994a86a5e5f6237ab9d85e3a66b25e5fe2131aa198cb00c34b2f3a6191dbe3a0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD560f6b34dae536d0fd9e3c3d4d30d9bd3
SHA1708ecf04259bc6eff80eb91ad2d730391821662b
SHA2566057a7f025f416d560de547bef4b83a4fb534970c60ca250f793fe9c8386acbc
SHA512a0d0b9426f37686fd97e97913d7d89fd2d4f1125b2e0b96dee4ff0a3ae590145245cb981025ef6d09393e0c0b57de7158537594a17775742731d169bcdfa5cc5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f25e10bc870630b9f282e9f2e0fe3307
SHA178392db6bb0b01d00a4c24ce36be64de7af55161
SHA256c839e27679e149608594bfcd5b8310dc733fca10547c00be8d6a0d5134d6641f
SHA5127700631fd355f6ee46f5625cc808eec5fd17519effde2a681d640fcdbb342b7171d2508900e305de1e4f7b40461b39cbf6ae1eea8f6922627bb74d93ff82d888
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58c814885f1f3cfa398e9cb4947edade8
SHA1a0c75b639269fd401b45efbdee2e77e9195e9b0c
SHA25612fcf6aaafde1caf9c7e65309d31da3916a0635c6d9f3f5273a263ed83e3b6df
SHA5122e7449ed246c3313022c82e1262c204f060aa1637ed6a11d8b0aa07673b174e1b550d05c48fd6dd91a05472a6b67ce0129c90df4bc071f89e0c7cc1a22721899
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b