Analysis
-
max time kernel
117s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 15:12
Static task
static1
Behavioral task
behavioral1
Sample
a11c3e52d144a9e6005e6173708fd322_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a11c3e52d144a9e6005e6173708fd322_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a11c3e52d144a9e6005e6173708fd322_JaffaCakes118.html
-
Size
461KB
-
MD5
a11c3e52d144a9e6005e6173708fd322
-
SHA1
9489a4d14366f73694f1058f1e78ae62d9dca9c3
-
SHA256
61cf8e7a57394be44a331ec994ce50c8509b25988eaa7e0a408e0948d66a5b68
-
SHA512
62e572b4ead17d90c16ed411c76782649c7dfbbdda3f97381048bb824760f27ad1cf6ce1c2959c6479a8dcb125f740917a0e9dd29701194870b98e28184acdce
-
SSDEEP
6144:SdsMYod+X3oI+Y1sMYod+X3oI+YmsMYod+X3oI+YLsMYod+X3oI+YQ:o5d+X335d+X3O5d+X315d+X3+
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80db3d10dbbcda01 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a03905000000000200000000001066000000010000200000005611a29cffcad021a6c26e8028d93e4f8e18764192fbb4bbfdbc3383464d9329000000000e8000000002000020000000c945120442c9b47ea886730cb4306572089d8cd8e8fbefe2886c74cd879eb7cf90000000a445a4b8673fff161eb4ee2dc0d0e2b5d1759efe14ad7e24fcaa3f468b7ca43a499a1e804ee1ca510b97584dfb21dc3b147d97f57f11853619405faa428cc108571ce23d2314bc5dd5ae271154a05ccdb8cc0f4b523cc757af9ff8ab0893371447097ed832f4388846b2fb11d18dfac697b7b651f8628c5ca30c06ec65c3d25db4656e427e5becbbf57685eff294008b40000000d858c557e653aa0b3eb6389a3759c1592751c508e12b32bab33325f34aa84ebacbfc637529d2e2f610bb03a9d04abbc37e4c8c097877f8443eef424d83dc8474 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000bb16839552cfcf5c0afbfa9a2edc17f4bd732a7571664d687f5b0ca616a4aaf8000000000e8000000002000020000000541ea343431fcccec0c8aa2487ab94a6a7308057b6bc8c3ca3260bc91cf115952000000015bfd9bc35d10613b3543390fe9a674cb7d30897c8bcdf129361a3ae52ee3a0040000000c3d83254d783a97d8cce045aa4b292c99a52851cf36a682033869900779a15aff05c34a600ad5bba97fdd7da775fa5b9d2e0bbe3991875df47237ebcea633524 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424367031" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{379F8571-28CE-11EF-999D-7E2A7D203091} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2840 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2840 iexplore.exe 2840 iexplore.exe 2960 IEXPLORE.EXE 2960 IEXPLORE.EXE 2960 IEXPLORE.EXE 2960 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2840 wrote to memory of 2960 2840 iexplore.exe 28 PID 2840 wrote to memory of 2960 2840 iexplore.exe 28 PID 2840 wrote to memory of 2960 2840 iexplore.exe 28 PID 2840 wrote to memory of 2960 2840 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a11c3e52d144a9e6005e6173708fd322_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2840 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2840 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2960
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51dd65f77a9d502e2749475b2c575d637
SHA1a35e37c6363cc98f4eb13c272c1d371f1e676960
SHA2564b3de782887a8a2d5852a2d39ab1e84c194fbae2e19d85ec6c44f50179c5e908
SHA51298cfc4d1de378d575676c232d7aac01bd02acad07fca822cf01bc453b2b91c3468829589b7c6009392a9340966b3a79cf9596e306d3094195419882ef6d2011a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e5bba06ea6234ddc1db5be5c8500ace4
SHA133da85268aa82fffb33bb36d21b56dd119c057b0
SHA256b1d2fd250d46213c06af5cc4725cfeb510e02b0c5d35092a8e5eb89a7450a60e
SHA5128f0856cf271a2a2161ddc789c1b9b179fbd7065a60acc02e3b70abfdce2c091979494c028febbd4d7172f103cd91fd8dcad61a5be0748b2cfe9f3bb56a1fb005
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5329aa15caa0113d3e09f70fa699656e2
SHA18b7386aa3c0d3f949d69f9a19c1fc3e2416ca476
SHA256cc33c757c441f443262b1be03bc4f31a3c700db2568ae7aa9e3420f72bb4bb85
SHA51259d75a33c3837d57e8e17af71901e761550c7ac05139f5e951c7c6bf6c311c5be8430feeec75c7720047c834cf53a8fa0d7e9fa37627f25f8d9b3a59380b645f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55f0015f7fec037988c010f3877a9ad38
SHA12adb9fca69429248b03930d9ad79656310399730
SHA2568e97e65b36f89813f2696a4839f93e6f379162fe392332be66b93dabe9b4041b
SHA512400188fcc601801ff53892d87602b170b86de7ed9749edf7c140c49219cd974dd03dcf92ac3f341e1d04b0e5d1d756e787482172092ee71ae4bb7101da89d202
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50c4d4671341e0b105677f22b93e20bd6
SHA11abf70491d4b1c03bd0373d0f8f1f355638c3500
SHA256759233e351465cb44283be6f7647fbbf0a300db26e00ef58a1b91c86e566e6bd
SHA5127d2f9be38766628b2a2174f237fa4dff45ceca458a930e8e25cefa720f5fdfe962a87b91cfbca3d7bbd45b5768b702ef30e53406f27b735116c50c47853aa62d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52b98692ce0a214a8afb3ace0172f8751
SHA1f3b60a84b0f907f5ade44e0713960cea374c971b
SHA2561e6c669d9e72e7189fa6a004946a09538f3ccdf029cd9d272d0aba540c096912
SHA5123ca6995c9c15d16abb01c9bfed671646bac9e0ab1f207afccf692a37aabdfddcc45b1e09511eec5e492af079f4e581c19a846a44307498ccd0495caa1cc6fbeb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5caf8c0447d622c8caacc74291e017dc9
SHA1d8247e31a4a0a99d6c1f72492f0aa64062b8dc62
SHA256e12eeed9af20905bfcd56c3e0fe9b3542204adc4571e2eecf143d478367ce70f
SHA5129ea856dddff326af4af487f7c780f6fad87a68fb50e09778717704e696f552a487be657b6a630d899a90ef2077ff4dca97eff07895f569f10479006cf116e2a2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD552ea8c94b2d677e8b4befb9520a67ed5
SHA1bd1211fb23cd5aa717dcf5a8e044eccf32696c68
SHA25684f5405f9b6d34521fe83cd644d68a860e10bfbe47fe37f9da2d410091c3fb9a
SHA51257ff4a12add110ffe920db37a9c07940a19a562323dd85752ecdbe7b71e76ebbcf30af7add29e4e86f766d7751df069c43827d2b9051b43f206688aca7e6b082
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58596be3a493839a5ad69d0eb2ee74f9f
SHA14f3ec9250ead75b6c8224f58d4d6cee2e9064bd7
SHA25614a12fe5532b37249970c648aaaafdb4365b0d824456dd0cb6841ff2d700c027
SHA512d983a18afa21b751c5ec29bef68f3e8d688771cd8a1e53285dda8377b8995fc88d6e4ccb89a217e7ba65efba70fb1cdebd1dd2e0bbc0f1fbafb97aa3f000da3d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD558deae0cc77a8d670fad8d5bba412749
SHA1febd2c99f46699550df4383e38a66c2202465005
SHA25686350faf75d3a28d1b4d3f597c8a27a8c67aef90ebc272964bea0dff09ec95c0
SHA51291061bb87e38138231672a3706c24b8f4589c204651c7c7b303395eef6cf1d2d94c18a5ca8a636e6def5594ed24d9536956e7bdcaa29c5a9b37a9a1cff1d0e81
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c85b724fbb9ae861900c7c0222d29e0a
SHA167812a7f4a6eee4c6a9618e78a5eb5a6050925c4
SHA256cbd928d283cea0be443adaa221294704acca5a0ccd2bddc9c2817a74825cae4c
SHA51253f5814f9d13396197615407e928829348f1a935d3e4c26581d27fd6c4e30dd0e45046386ff4bb61c4f3b422923b1e64f11e31b3e7e32a33d1162614236aa631
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c5824829123d41e37e85e47d0bf1551a
SHA17dfffb88eebda8a3f8220e5cef236ac5d6b92f2f
SHA256bda4c7224145984ca9212517430bd2f2124f8f9748a8d96b6589bc9ac826d2c4
SHA51211ba2bc8b2a3f9eeb617aeb741d8f988f24eb59d8fb7c6e2e56e57c7bf57a497be6692061e8df227efd44bcd03482a0f2c86e10c9671026cee29aedf1908fc8c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53bdba9806fd39a426956104f2288ba0c
SHA15c12931b45a93081b3c140af851b957cb8f1d20d
SHA2563395bbbc2d8ac6e29ede5f5e80bb590a21e98c0ce20dc97bc3d3a40df128a721
SHA512104cf8c5ae31354e4de5df15495c000825f538ce63d61f50631fdda18e6b130fe665df0f3c7a00ee1c679958ce05b9fbc8ed478daa0818ff8f9e950b3b450e54
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e868ae1f33f803763cdea2483f9c5284
SHA1401a785ec7ac6720a5277a4c7f37734a0db8dbe5
SHA256b6949ffa109415a832c2712c59cb9f1959a60f045e0bd02e2e1cbbc1ae399bc8
SHA5129b1fc684dbc02708546750b0edbb04da4c4485f2c3cf323ad896db4745c1b3c59b9f3f87c5eed6ec9c485b8f25f66096e97847a25fd6b13285d387f002c69d7f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51fa73ff5e99e4e879406d83a25d13fa7
SHA112a78f96fdda2bd4ddc5f48d39638156cfda7188
SHA256e5ea5f49d9dbc3bd6d191bab19215ad9edf9fa3df315a99b1c8707c48ab70aa2
SHA5120991c79f222e2acd53749ff37be2bdb1bcf82e758ee5d8e2cd933f5a326c2a7a223e92addbf838978b01c4aa8efc2a6f13534a36b7f91b1488534c10e72609ae
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5851b3fbbb34c56bb898fe519677ef97b
SHA18103d25f428ee6523df1f098374e4df1a99678c8
SHA2566f57dec51accdfe7f198569eb6cf042f247d036bc1e3ad5b09c75ea93eb1ffd9
SHA512e48f5d970551f94c8c24a4ff120d847147d4596cde5ba1ad0f38de396a5bc183f06a2391df91bc23aae4ffc7c0974c5e39e905e16f33d53b0b3545bb9bd23ad3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57cb29e9631f44519fa9704f37bec5ef3
SHA1c73eea7c0da640756872755ad4cf8d982bf87f76
SHA2569f95d87cb9167f01f6d9047102aae4919fec99ccb9eebe692fbb43b19a920c14
SHA5129fc46bd3c26ce2959f0094e70c0e241b715c3a863d61b077d87ef37950a46ed1bfa7797f33f2a8f34ab1abab9ef1366362b4e495edfa25e2a17ec766db4e01a7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bf788fa991ee95b08c10f246a997feb7
SHA140f6c6b17aa00ba1fa0064a0562e20b68e4b6a5c
SHA2566688535b6791bc74c39f0641e749750aa012e1ae1ea2b749a2e2bdd46ba62514
SHA5124d24dc501d8e07f27931946fd2b9468c54c8ba554e666403a896db98b28b61704baf306ecf1b4dd1c0250f17bbe552ef614c115efc9c4658348ec25593d20b2d
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b