Analysis
-
max time kernel
140s -
max time network
145s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 15:11
Static task
static1
Behavioral task
behavioral1
Sample
a11b7c70f9c8bd95952d17678884d198_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a11b7c70f9c8bd95952d17678884d198_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a11b7c70f9c8bd95952d17678884d198_JaffaCakes118.html
-
Size
141KB
-
MD5
a11b7c70f9c8bd95952d17678884d198
-
SHA1
14efeea5ee0e1578f19480b88730facf65648275
-
SHA256
f98f1d5b175c91b31a0bef03ee1575e7e583184c39b72926bd3ddcbcca787fa9
-
SHA512
ff0931c5ef658406542d1002a149d592d108e3c7746c1373b7a2d501048e3b4378541d8c037ce65a7e3d24942bfb58c7cebd0625f3fec5e089b94c947ce3a8c6
-
SSDEEP
3072:SXhn40V3x7dyfkMY+BES09JXAnyrZalI+YQ:SXhn4ux7osMYod+X3oI+YQ
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424366982" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{188593A1-28CE-11EF-AB87-5E4DB530A215} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2764 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2764 iexplore.exe 2764 iexplore.exe 2768 IEXPLORE.EXE 2768 IEXPLORE.EXE 2768 IEXPLORE.EXE 2768 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2764 wrote to memory of 2768 2764 iexplore.exe 28 PID 2764 wrote to memory of 2768 2764 iexplore.exe 28 PID 2764 wrote to memory of 2768 2764 iexplore.exe 28 PID 2764 wrote to memory of 2768 2764 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a11b7c70f9c8bd95952d17678884d198_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2764 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2764 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2768
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55814e396966167bb5e6b65db356d8122
SHA10823274259ba676ebf05780bf063c3c0ac8a17e6
SHA256aa3be708c198f23172b78508f4349d10ecea10fd6827482fdc97935fea4f0252
SHA51256b7e3d8e6d3d5116bba81ec6bbf0fcc1c4badb7e2bc56bc99d3831f81cb9d4a9a107f7e60413d806b4d200f24c733646417c779fde59bca2215a3ea8feb14a6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD552a810dc32c2717706201c179aa00738
SHA16c1940bc9a632fdf99582471e8176740fa571daf
SHA256a5ede9ee0a16fe508cf815fa3c29dff5643f2fde9ceee2ba039860987ae11085
SHA512ff1da1de78d94b571ceb5d8800941618a9517c8a5233fc6e091736d7345898579d6f4bbf8944f64dccbfde7416e6d45d187feb452f139317d089c078efd14b16
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b17b5d037f97158ca058ccb76d4011d7
SHA137ee700c4fbeab113464c9203115b57b954716d4
SHA256b72c8427084444c4dcb4112fca275c70fc893f9eaf0bf836927b486f123f3265
SHA5121e3a8a18375f521da8432ddcf9d809dbf47cef8a0f3586ef24ae4ed288b7d5981d2e897f62d0ea6e79f8f442021fb20c0c1483eb0f29bab209075d34938393b1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56d8da77da5058d91b8595ab1aafda9ec
SHA10a1b90cf266e7746ab2a4a5f345961e9ec0ecb9d
SHA256c6a027871424c887eeef539456d57f7a96cb1b8a8c4df5e1fa50c46d07ae9176
SHA512ab04e248e9b354094a788a57c0167d42f20866ee0893ee82c7ca982ca575603cecf4869e7c0b565a87ac3684a5ff22b8cd8100ba7762feba32008bbdda938954
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c6b45236558611ee46ebb5aceeb805ba
SHA186f0f62498c2c46dd27f9777c41d9eff3dbab83c
SHA256de49b5f2b66acb62a8dc381ab6f7c7b0423da209af53bc123280c9a203d55f3a
SHA512a74c4438a694f8949db9d03fef070f337d92d49b34ab91df9f56e974e1e30d373d64d7747bf14a6e3e4ec8564c7c0fcc05ac6e724301ba60ef69c30569f9e5e8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50ea1d643a0765b5f300ea5862f9fcc53
SHA1765ac9261521076444225586f0b3341828b6aa7b
SHA2565765d8d5c3788af7190f1dadffb04eabf4c97bb58800bf2d9172997ae61e701d
SHA512d6cdc38660856b650089b8d68720ceb6c1ae1f0a91b38b92b24c818cca848a8f50419a933e0b708965b0dfca019b6ede8392230370d35fa1ae8a4553dd0c7baf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5060d19f2fa877a73850b14abd4644db1
SHA1052e6820962dfde2b8fb8d4a2c99fd7e215b7402
SHA256f71e1bc5687246e65b80e6b3bb4aa44ca706678ee0ac85dda4714714f0db9b64
SHA51200f3a1d2ca8badb76d8b2e8138262e1bb03696a06917d646de101be4dadb49eabc066bcd0347ee4794a9735d4a5d91b913cf66aed3a41d514dbef98d7b57c7a0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD545a570d2cd162e4398b4f65fd07fd572
SHA11eebecc6f28bc4d5dc1dfe0093fcd35497ff200b
SHA25698c95818facaa67e2a00dacaebc59cef1fef030ed2e6fd91f8cbe6d1fb921c0b
SHA512e9ae340490cc22939c92bf8a0988fe6766344dd2664618f86888e6b2c963c8d842493d1416d0e7a1a2b4e192eeb1c9ee186224b3ed6f27242a256605487f4e2e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dec8a45efbf55b912dfb2aac9b6e98eb
SHA179cba17e08ee82fffceb5934b16a1d54a1db44f5
SHA2566de770236a07129e27575c354ba3df6eac96468b960020f2b4e4d4d1c1cccd5c
SHA512af330eaea09f0aed90619be6f154ed1cac7b6265d2243afcc0a66c0af8006d4ce097afbbbccf731a64c0bc42c2cc4801af3ba084e6cfa2cd00a66832c4e8f220
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5de16d090fedc0a317038664f7ad482d3
SHA117767efff184a2d57743732bd70b36fec638b4ff
SHA256a244b6567eabb921a030451d64ca8944db30d3ecf032481de10832e2b397b821
SHA512093d93ddcb4032b29e230ee900af5be17da0a9f5e48e00256c808f8d5b6eee066a00d1dcde14a9f8de63883bdd33bf027fe603c4fcc4ffcff4e33acb68c2cde2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c2cd8eae9ee141c59f73ba2e2bd56d85
SHA16f6fd0fd8ad7259d9b2a1cf103fb74c39cf533ea
SHA256929aee04cd9b1365705abfcd9d1e648436ad05d36d22e1e74c79062116736457
SHA512b010f36337741ece236e49d79b3f0334d0032ee8b3f705f97e5679903c4e5a709510ec57226698521673a64bbc21af864779a6c1e52f024bd4571fd08ddd24a7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d8b31f55eadcf7525db6a688a47f07f5
SHA15477e82a62f910d3913fa517933ed271a73b33bf
SHA256e27b7d307dbd4cc244b650b4fe25fc1dd73ae29afbab8aae254dbad09ba854ed
SHA5125a21769c025155743a303009fcc5c73b457da32b68b37014ef6d32489bc82eb3a8a246c6ac8346684f103f3691b20d214645788dbefb0326e46abbb7f2219094
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a6cddecf862436ce8c597740e2776a69
SHA11edcff0136dfccecfd7a3003381988eb0ec92d0c
SHA256493a15cae1113faa004dc7c984acf1638945ebec3c822f17dd6031112107ccb3
SHA5127e0a6d38c9eab8625c6e22d75d274cbf4e352fb4f885bdeade2fe71d1e4eaba65ef333b4d3945274ae8a262666b272d581a26a906a15ed8c2dd9368728eb4305
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5275903f1e83adc1cbf680dae21a9030b
SHA1d541d221c2bb1e22097bc73796942a2390b80211
SHA256e4928719a9a2daedae655b0b38cb8dd61c82f7be19bf36ca53f3aae67fe2719b
SHA512dce4a72575a07c8a4732e155b2af7606fee90595d517167207bf3196959efe5834d267fdf6111838be44bc9919a521aa6ad8918075fdf57292f87345f412f33b
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b