Analysis
-
max time kernel
119s -
max time network
132s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 15:38
Static task
static1
Behavioral task
behavioral1
Sample
a12e70ecca97bc77f1676b258a5fd7ce_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a12e70ecca97bc77f1676b258a5fd7ce_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a12e70ecca97bc77f1676b258a5fd7ce_JaffaCakes118.html
-
Size
4KB
-
MD5
a12e70ecca97bc77f1676b258a5fd7ce
-
SHA1
994b6dbb73d12872b85e5d43977bb9b363b7d7da
-
SHA256
ef7af5b7cd6f06867b4ac70c5f9db04be8064e7de3eb848b997cf5b4497efdee
-
SHA512
fb2e34d196d82ef091e42da51a241d6b0935dfe5733f7631e4d4d8a8357243b3f8091880418e369af63c6914c85cdd732ac9daf67db24beb4afb867f163da72e
-
SSDEEP
96:SI/dJIYnXNJu8a/UpB9qUFUltg1a2e4mD94DDGqCMLJ7JS1QgE0v:SIzIYnXru8p9q7tgKfbsSDEw
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10b9e0b0debcda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000597762022907e6d7251db89f1f5c8282a38f8e346c55cc6791cd1d5838532062000000000e8000000002000020000000736503ab8f27c18a7ff1195e37a7208b049df56f713b4fa304657c759c9a30f1200000007822ed095d2274ec173828e083eb770b850df9f400155bf858eb09673e709b54400000000e4ddbca90de4dd5b193b7371b7b0e88a551922fabe16419aa36412c0c848130075d5a9a536062c6229d1dd5913d6293bcca7ef74c763be245cc4ad89bfe8c7d iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000008edc1e09605c4b59aee4ab260fb877901c4030fe4a15b0e1e5cd09f38d032f26000000000e8000000002000020000000b57e7e0f634e564c488aac43b28e449cf51c039eff35e2d8b8f8e5749d79147b9000000078d8032531a78204df2cb0d717976833d0b4684f159e23a060f2e4769ffc34781c9ef81ca626834224f34750877f1c5d3b9203ddd9b0670e3708f48e6175985c5be7abae80cd726d8dc99b665598049845b4a3bd7d504699fba271bd611bc84207dcb908cd74c5fc57ec9a2bed580e715f39bd41305900e009df0c34863c83ca97247ab291d8b1f400cf06f7058fffa5400000009f28ee82885e548ca0bd9042cd19850ec4498f8e47008810d58dc1530f0f467b143e806541c9b5966a53196297c93426167d7136c3c27c79d7aaaaab3fb79a28 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DBE06981-28D1-11EF-9684-CE8752B95906} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424368596" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2248 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2248 iexplore.exe 2248 iexplore.exe 2384 IEXPLORE.EXE 2384 IEXPLORE.EXE 2384 IEXPLORE.EXE 2384 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2248 wrote to memory of 2384 2248 iexplore.exe 28 PID 2248 wrote to memory of 2384 2248 iexplore.exe 28 PID 2248 wrote to memory of 2384 2248 iexplore.exe 28 PID 2248 wrote to memory of 2384 2248 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a12e70ecca97bc77f1676b258a5fd7ce_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2248 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2248 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2384
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5508b98e725f30af220683daa869b05b3
SHA1c3d54b940777bae804bd3fb6db18d9a861c7772f
SHA25687edc1d2c5060e69539c3d3859162eeba67e77f85d4215062a836430e5f15006
SHA512712eab3a0d341e586e8ecb4cff1b996e9fb5ce4186af60518d19cb4d69ed72127db6105030c13ea68ac6800d6cf7ff513bb8885959d726bcb2061131f9bbf61c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50c8442474657dfbf747af2f36956265a
SHA1daae74fe70edf27a04c93377e2049d3e5079a0ab
SHA256ebd6de9ecd1ec07e1afb8420ccb363e947d6654034df98ad266307f6216d6c71
SHA512b76ebc3ac7f58539699014244b14caaa08d86ee661c302aeb8f2bffece5d354524b482fa9efbe0e01daa1a61afb3cc87278cb1e714e0c4b5d8ebae00c2a93204
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5522b909c76c785e96bd95ded455ba327
SHA16297af1d68109d5d330b7740328a1348bac454e7
SHA256c1923449c27b9e16f08b57d6f988ef4c7a2155b96b1b36cf1a21e0cd5c53879d
SHA5125cc16870fb0ad3a2b7a892db5c775c8b13e401928112afbccaf134a19077aaf360920a9f2d7aee73bb90a0e07edd391bc643647e3f217f734c9365a2a8e71988
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e44a31e27ec766353bff38a37453661d
SHA138af031df9a1958b26f350c8a574c70866bb86e4
SHA25687896bc4aaeda063a326b5429c019e743e70665c283532c07013a53f38e9565a
SHA512dd039d492e07af1d167303adb6bed9c386eb5e86c6056ffe5d9af306bb2015683a8b08a86cf7836a39b142a17c5dd68f432ab0a2cd8ece57b2d4d965ebfe45f5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b6d2de907a44bf8019bcc1d54a6b1cfe
SHA1c0aa4704ee560639046861b54635162fa7e59d11
SHA2569fea23f0f7a18b7f7b7b0660b50c777842e34b6e63f437df522631d1402ca09b
SHA512827e50ac26d2198221da618f108a4bca6179ad32b5caf56dcaddacf04c8736c8e92368b76db2963c92e7f7f25d4a50f54bfb39fd010a271ce7e2c15d965b9b2a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51e39b2e336dea86c42a6e5714f5fb513
SHA1a4d5143cbe6ff2974eea660e79567430b074a3da
SHA2562087d8c23d141640837b3e0dc9dcc9734621a9caa2a69a77b8b3b3d67b6a7470
SHA5122e245aaa15026b9d55189c22548309bae4b58758bc246dba18fa2d3d5891b98c51d09d9cec8ec4e9f3bdc154442141b0a4660a68036192e79f876c1b3a6cab24
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a9c97fb8a99f5430a5aaf0f8490540de
SHA1975358d0ed928f7854e34480b6c4bcd59158602a
SHA256d612874a3fb6f996c79aa20cf01b68466f025a3714f17a684aabc6dbb3a5878c
SHA51280b83fa0fb10a23d7c99309c4fe2d0160c1ac84e1800f714fda721ee287e77faf74cc3eb8e9eb2a569c1e86473f46911730ef93ce1edc4ea75ed17aae13e4ba5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c495e3a0d9b05f9a0bfb834a3fc641f5
SHA1e51021cc8a882ffbbe939d4be4c17be86cdab8bc
SHA256fb4f22b0776f6f10b7388dcf93031421413c194d8360dafb40a282503a98a5bb
SHA51228b9dd6697f02b8612263013488cfbdef430bacac908ded00eb3288a7de3bf1119f6666513c70f7c3aaf0f258b856d44e8f14112ffc3b0b5af9ca93f7c636f08
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5393983e66fec0091202b3ed2c3ca4b42
SHA1b45ae52153ac7f2e61ababadc9964323f600905e
SHA2562b964dc42ca2bc62704ff16dbfb132e9070eeb2d1d556c718e7a8ce67d98c0dc
SHA51209c7ed1ac6b2394e05ac9a22c9df0d9603efc4d214f28e759a7b44dae43ce22f1a3a37eb5dbc8f1330ada79ea2f03570f5e189004cee1559c1bcbafa4f8d9848
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53de8534abd2be6e1ec05c44c2887ddbd
SHA11f44b245fc5e862d82e9da5f894f371bae948da1
SHA256c7baa347ce45e7b0578643ee742eb10ce3f16c711e28e6fd7310a02f57bedd0d
SHA5121480b52e99fc8dbef0b3a0c4605e73b4d342d68896ee8869b567349b0a8af94d582b0fb46dfae6980e5b72025ddb5da6b0202a36c451d8f9471a570a29173ccb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54d7914e890de41ad298d37d9dac1b4e0
SHA14fdbb6e35f162652d34c11dffc0edf2cd21f4b85
SHA2561225bc51c70d44affe407ac667f13854f22356833e1d8bfee1944477e7f393cb
SHA512ad6f360ce98484799b0fc892120b8efbb5290b3be00dde4eea155e8258c9ada04e30cfc77103a2203e64de612edc4d181d4820affb3eece44029262f681a6ec8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59d78e7349acafa3f462a97f189829b22
SHA145d30189b11e4afb61c7bfce1fac7075926f7e03
SHA2565f875ad5e417062a2dc54414a896c7be68db64e2ae62ee0065956ebabece4044
SHA512d8d221fbf1339694c5733366081a34b2b653ce4869d81e575c5433315d398591c95ba8dfa0fad68cbb84adac39998b1c8aba83a68ba7f5ed282c12b17a158252
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57853b36832e23cb1a15a73594dbb1144
SHA11d2767fbb2075d47fcc0f7e29e8a653e1dbc92f4
SHA256a2888e0ddfaabd101dee0c6ec6a4a5238c8bb2d741a458bc9d6d74058b963dc6
SHA512e7a9fea460847f6483f6f45c8f19c2e9936e4a7bfe401fc15116636b8809ff8653b5f24d6b07e1f7ee1ab51702c48020554e12c1d6d2977df594b5d16c7b7f2c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57e2867fd307fb71af49d3e2b98e1cdce
SHA10b77ada6165ad98519cbbd47a7415892c92eda7a
SHA256743bd267b7bdc50e43df18a18b51fa39357983040bcc5188215dfb46928dc4d8
SHA512c8a022bc54171472724f1182b803dc9cf5337602670977d874a93a4f23ea71506cd4969d448542587a7489e781fe181fdbf833d7b9e75bea33c8ee5ad5ee096f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a7b3ea2d6e1fcc10ee3fd61f69272674
SHA1d49d83a66207296342e629280bd892c7445d4edc
SHA256ae2447a732bd9230c3bc4b1406fbfb9c556b50b41490f84785d60d3ce698cf4b
SHA512d8b98d4a2da09ee160ac7da58213da0f0689f4b580c7ccd01ee67c025102d808ab7714417df234068395ef5ef343651117617cb11c81c72d15d2b92902a8fab8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5342e1ee545219272b2adcf6fe55ec497
SHA12d5ef5569f26d509f5365132b75001c3c9a69c3c
SHA2567a6ad1b69610125a8203e98eb3e8a66bb0469bb582dc225a4b4588792bef9a18
SHA5126cf1bb5cd77f4908c444105d9c8eaab52d49a2979071b2fe49a088d994be048a63b28be499cc58eb7ed2d19a25cc4a7df973a127de1cf1be324b67d4194c1234
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55f1477a8af12e5f2341a1f2fa8e75730
SHA128efbee5d67df5e63653472bc27f2f2ccfb53946
SHA2561ff62ffde2ccecd97836c86d64f6388f2566156d93d0300265893c2da6df2c88
SHA5123002fff3813659087a1ff2ed0fe4f1f01cf4ff39fd186e9648b900c32fd5cedca7a6d8453f75d4de052d6b6f8cc2bfed2180da25c873e80f56ea0822f82ac6f6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5da145847da217ba7476be65935c5bf85
SHA1ec259994ce74c56206eea46b54412f8129019287
SHA2563e57b710b34134122934f48e1f02464b4a7cf99e54044280bb3e5b38786953f9
SHA512e64bca8d6ff92a72acb7c175fdcde55fe44bd2a92be439f4786d1ba29ef526feed1fe07874dc758beb51f9ee561b54e7fcaba1c45011b6b95ff2951f8671bcf2
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b