Analysis
-
max time kernel
136s -
max time network
133s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 16:32
Static task
static1
Behavioral task
behavioral1
Sample
a157fcc0928f03e0009a9e6907708087_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a157fcc0928f03e0009a9e6907708087_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a157fcc0928f03e0009a9e6907708087_JaffaCakes118.html
-
Size
626B
-
MD5
a157fcc0928f03e0009a9e6907708087
-
SHA1
76d47a0d050a76d5a8585c075312a9bf429d0b09
-
SHA256
3110b5b844d1888f35ffd13fccd7625323f77e0de5cbf2a8dca0dbfbbf49c353
-
SHA512
202b8c67795bdd05a9ffccd96216b27cd38d2f9cd9e055ecd13155a97fa0574aaece49653f7b427d3fc643bb39b3fb977a7eb27f937a311f638eaca4167233b4
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5F2E3221-28D9-11EF-9E46-6ACBDECABE1A} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f06a9d23e6bcda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000006e72802dc652d3bfebdf1c3a15e988cea7a087849c6db5bda2cb4215be95cf43000000000e800000000200002000000074ad99a2d95db07c0d6993a5d891cc1aa31f35d055ca45f7dce30682b7a4f1f990000000aa88eca19c088e6e154aed448547259d04ea28e5b8426ca41b2acb3bca6ad0d067a9e0c21c8494cf2cdc3755bdd98e441d00544eea1da8bfe7226602d1397dca139e5337afadeb3d18baa005a7da7f9e8a91b0e0f2fc41aa4c378929cf0380768eb786c8a82c4254ef5dceb36dd5db5784ca272f317d40f5a5244fdf480f82c4872665cdab494c698480d34f7d661897400000009ef39ad2b87391b8865f7a84fdd0662bc6a08cb79d706ff3b0293f5b32269a649e0ee7113d02662307f57a31b58e95c199e5e9fad7468548bfd88efe7fc4704c iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000005f0658c8caf8784bbf953856cea5194559b7ed62b70397163d6bbe52d9eae7ef000000000e80000000020000200000003db7b1b73483bf2e661799695bbcc4e533cef8152c20a0be44daef624058c5b0200000003ce2d5cf796c5af54293d397752b09476062764663c324f7221a45eb6e3f9371400000003f318054c8975aa698f2c39930028e053e472cccfeb8a77a5c08786580b6458acaf5a769050e6c165072f9dd7efc0e4a1bcc6e24d52b179a76517c5a9f4d2a2c iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424371824" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1992 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1992 iexplore.exe 1992 iexplore.exe 2728 IEXPLORE.EXE 2728 IEXPLORE.EXE 2728 IEXPLORE.EXE 2728 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1992 wrote to memory of 2728 1992 iexplore.exe 28 PID 1992 wrote to memory of 2728 1992 iexplore.exe 28 PID 1992 wrote to memory of 2728 1992 iexplore.exe 28 PID 1992 wrote to memory of 2728 1992 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a157fcc0928f03e0009a9e6907708087_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1992 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1992 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2728
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58f92e03bc223b2715e2c4790851a6086
SHA158fda7939a85397d94a336b3158eb9da195236dc
SHA2560f4a32fb1c41a53b118b95ba85d5a26c528a97ce009b2f095b7623e3c045599b
SHA51257be0586d87502a6db24c989aa922cdc47f3060b5c8bcbc15af7e38574c66dc9ba67041d0a5d1ae3fdb8de6c62fbe1575544cd05201b3e3ca4a519690cd2b75e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d60f77fd7f2980eb9f817d3bc13a95f1
SHA11c16d40d4e356219bc22e906014cf105e7e4fc7a
SHA256d207b284d0f167519932cd02726f10ccd5325177d982d31f7cc0a81da0913f01
SHA512c97abd4c3a321cd3b030fff7009137566fae577fb811b891a5d9a2cb2607de7d81d11890228b6eadf1e2c5fb0ff8a140ba807cb557f373a7aec7c6e5ebfac5d6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a1c2a4afae6f6c14296266dbd4aabe7a
SHA13c226bb952c8a146f5e11028c58fd0e3fa10bdb4
SHA256385d8499ccd80b0dea864369e39f8c7c961326509da1526272bf67de9cf7bdde
SHA51205fe68581f75fad149a09504b3d6d24ccef5b20a719e6b527182f10c58c3bca214e2cf25abe201b894f22470ef38554358c261ef82ef1a0d0eacd3e238f5d025
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54cb04d5d40b1835770d21a8dd82f4077
SHA1b7e39f21ff635978a054326467ed65adb4e70071
SHA2560828ec66c21432f71921bfb1f1bf42ee81ff63e4e80ebac320de11b2c7d6fa99
SHA5120855571da8d22ed204eaceee7f04c5157b9e1e9a41a82b80768c895e9d6a90ac2c127f77334a773e8c57ff4e4841bc5d45fd3e752cb04e1da32b79a5b5820bbe
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5693334a1219a8d10e5b84f6b80dfdbc5
SHA1147f728cb2c2863f89ea60ede9b8079c84f76cc2
SHA256a70a50703bf9493dd782f049b07eccb34ad061e9f0f7f0b7c2b84c07aff51734
SHA5121b6cfd26d1089073174ab0216f7317791bb555b0b16d6e049d97b57cda824680c3b7543e6a3c17bc3f5e1e00edec6a710bf2a637ea3e8afa42439d1e6a5d66a8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56ec0f7cf602e9e9ede0cd6d1d6bb37cb
SHA173a388713ced106e7592d87c0dd24911be7ed151
SHA256b859c0c35c2a4f49f3bdeec6f60d08de3fa0e5093b65785343cf2760a4d9f7a5
SHA5129fe772b342a74d54cea24559fea765789badb5d8bbb2598daaba69f22ddac3b766118155de5a128aeded2fdcec5ea5cd78fb173e179ca44b1726c602ffe3677e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55c6669da64adb845db09aa9a6191dd24
SHA13f1a195b1fc172dce5c357aeefdecace7c23bcd0
SHA256aa3b476fc6d3cc4f0ff06ff112842c0f0a47aad3140cef9ccb38da6c776a70f9
SHA51221829d8af41ecac3d0198692d329b1016b7d269d48ce382df09d3e76eccedf08e62ccc1b0130d43e469f209ee2d48acc6542b7f18225d79ca899a2c2b16aad25
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59698981dbdd83a5b3e3892dba40fef86
SHA158907240d2cc3d2aeed024b2f73f3fb821b8779c
SHA256a935508d91cc56ecc14766f6b2d5250dbf7b2f6de394295f4e3787c91e712a57
SHA512dc87b3f88d81ccbfa8c6b63e263443a09f9dae8f6fef242e41900ff0ae1936f1c12cccfbd6f874ffaa46b595636c01943423a299b5bb6b71b7010cb2832a93be
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56be05916cf29a676c60517311e45e332
SHA1916c2a418baf26ad0d4686e89a323a707963bbdb
SHA256bd07d3f9de295385afb8f4fa486dbb6584dd24668e1d13d422875cec33bcbed6
SHA5121d4d992c2af30886dad530e43f1fd419d3e530f5593801bfbe7a5ddd28232e719586104c53a6c22724db54b25287771778c4b1f93b0ef4b54d656edc9412ebdf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fdfd02fec5a3642236e087bdf2b151f3
SHA18e7c48600e8871dba826ac6d81a9ffa634aa0bf8
SHA25647216f9df18fb69ee6841840f54282ade2593861c8ecbfb5672ce59bde158401
SHA512e5c7de64fdaf87c3f90a2978bf85145b568e61d2835ceb18c533a2072f73191e8cd492e5fdae4b53207fb457b766239d853dcc50cd9843f6ce7461d6ae3dc1b4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b60fe25329e40aac62f1cda9dfda4929
SHA1e3ab2617bc059c8bab9fbf580cf568ef9a5bf8d6
SHA2566618fdd77e8e5afd7f38bbada8279dd9bb4fdbadc2a0bf38723afbe501fecdb3
SHA512271868d256187e8aea41281bbe0dde12c32dcc533608b2ff355a94580bd1092b47097062342084fd59f9899c29d78693be7b70353a30ecbd796ed161be2fab7a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bab69b7dab98c40b10d7e683f24f8a6d
SHA11e6360fd4a4843508c156c33b64cf7b6a3f3c57b
SHA256487dec0c89a0223c0a20911a86d0fb40635ba5ab5e66db9698b8661d9cb7560e
SHA512e4c6e2a54aeff65ec674493f079745454e71f72801b32643faa68e49415a8dbcb9ccb4228a7be16bce96ebbe9bcfee308373de24a9e2b41bc1186e4845e4d187
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53b1337885ccf3d9cc92a4ef8867f18f0
SHA17834a1807e3622dc9bbc43c18bcbba9d8cba8554
SHA2565187ee9106a8cbcf3f3f09641d56442788a96bdc260668feb3c3956d917864b1
SHA512b5dcf057ee92db0e1bb1bf21f4e7ab35f6271605d49c9b066c20d3c6f9ebd409228dd984d497475b8071d563ba04568f48c7ea58b52e4ea97f59f403409bf887
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56a608ae10d6a7d2a8398735b0ac56985
SHA1bbc03c14564cd96b992a77c4a64bbe451d06a239
SHA2561e3a8b1d6c5dcfe4193d66989d9071dba40ae783d49ac24208b815787fb41636
SHA51215d8805d832cdc86da6c6a305cb386bad2289feea2e1ce32bc5b68d50c3471d26e2f3b1cb1e91cb9220bc5126f7b6e79ae52d3eadadfe532592b9493abc2bbb6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f9e16891a4c7c842bc0b0e91766221f6
SHA12575529ec52cffbc6127d3e9a6890a38984a395f
SHA25693391943786d20f36ac9d624caf145d0aafb2a35a7c6d914324aa3f107d9ce42
SHA512c9dba7d3d5aaa6eddd61c1be401bc7f05f96e304270d6cf2e57577c4eb67015985cb8ad82c7d0da1083bc2a96341c3971d044e0cf28a1cc9c7dff08fe6b6c274
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD588cedd366d580f188d4a3f32a73d655b
SHA1a1cb441c51c3e5b394db0a76d7e285f77fd7aa38
SHA256f89e45538e548558817a4dd651f7345fa2012bc1bc1b355d3f1f020751ebf035
SHA512ce6e54fae00c91be1af738459bea68b557bbbba3ff533d6bf4cc3c8178f74b7c5a21e7f59dcf1e97c197f83e03d08d56be83df8ca4b4efe085826ace98dc7daa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53414ca183d23706625e4576f25470a89
SHA1b2a07bf777f42c9f61181927e0d57c2c4fe77dc8
SHA256601260b0e091483e6a5de68ec3d051cbd5c5c92d84bcfdcadad7bbe6a13047fb
SHA512dccec82fd653673f03d115b1f43fb241a75fffb5d0a1566ceba2914ade74c967025404f2f334678e49e4f464cafc34cb218feaf62e2aabe358df78a6251e1bf7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c924f1b98340e86a348dddb91188fadc
SHA1bc768a905c87d046b6c9bc69270d77fbce55d941
SHA25628536329f5310ebb39823484cd8b47c760d49c9b7523cbb24ae77396e8fb500c
SHA5121e2b6227d96ca83b33678e796348ea7dc62fc0c96b35273d981839cf35b05e89782d3b9349a11bec0868cf994371a1e1770e39a82e6321e10e8bd1d40bb20c3e
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b