Analysis
-
max time kernel
133s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 17:10
Static task
static1
Behavioral task
behavioral1
Sample
a172d780da31d0e581fc73332483ec26_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a172d780da31d0e581fc73332483ec26_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a172d780da31d0e581fc73332483ec26_JaffaCakes118.html
-
Size
4KB
-
MD5
a172d780da31d0e581fc73332483ec26
-
SHA1
2d65a20aff410d2dd07081f94ece15f5c1ed1f37
-
SHA256
be7999326c573fcdb0cc1aaa1d2c355fc6e1495267a52e42b85caa1b10fe5976
-
SHA512
c75de32ae019dee23a55a111a06eadb79caa9de2630c93aca570d3e8e7d05c757e3c3a682bd9da88e01bb3699e8cb3a2b75e47877cbc4dfad3b6b0ac7f20e28b
-
SSDEEP
96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8oEC1/NeU:Pk7yY1aEFHVKtF37sNjtXATIQFM93pDa
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424374097" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AB470601-28DE-11EF-91CF-DA79F2D4D836} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000fd3112bc5b11f00a065f9cfc407c95bcc0b7a20f5c207d484b3a61e88f296f08000000000e8000000002000020000000c7b635b006c0f727111842dbbf07326f0d5eb6e7f6f5108b88cfb1c8028f6942900000002d20a22d53e0eb4b564e0775054578c192aaef272b40820fee5726347f4bf1a588b6773223fa002c06cec48194b7dcf3a10c52a3cc1dd69cbd28b545204986bdb2552a65b91af3acf815dccfd3a5561a1417a1318ca028b7984273557b4aa59b018367ffb05051aed6ba30ecaf97548b9dd8d7576649dce0fe1fd747b945b361e0c29b22222abb0d5bc8b5d6bf130dc540000000ba5209d4e39648781ea0eecf7f36516af2d71ba0dcbe0c7ee27b8e6504dd3afcadf57b0bf25acc7b525be8bef5197e34405f0f7d47134c334a10eb658c2dd62c iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb810000000002000000000010660000000100002000000059b961a11fb110cfff12de46b8c7b0b9f8fcbf95aa4003aafde56957fbf29514000000000e80000000020000200000009d1b2f4602e14e48ab513e2604bc34c23c018fc14eb787c8903109ce5ada493320000000c141cd4e18436640f443271c00da859c0e9ea53ad7f6874847cd1c91ef585324400000008f77e676a62f67e0b394fc16688dfc9991fbc6f0b5e7330e150c8053c45b22d6d3447d90d467e06647ec1843ba4fe8676f3bc45533d59b51210c84f240444ece iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a064ce7febbcda01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2200 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2200 iexplore.exe 2200 iexplore.exe 1076 IEXPLORE.EXE 1076 IEXPLORE.EXE 1076 IEXPLORE.EXE 1076 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2200 wrote to memory of 1076 2200 iexplore.exe 28 PID 2200 wrote to memory of 1076 2200 iexplore.exe 28 PID 2200 wrote to memory of 1076 2200 iexplore.exe 28 PID 2200 wrote to memory of 1076 2200 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a172d780da31d0e581fc73332483ec26_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2200 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2200 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1076
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56a89364c555d868852003084115d82da
SHA155bc14aae6e274604eab61c264d6d6efb6a121a8
SHA256704ab503338c3fdb64125e700372875cac37b6a462bb2beb9ead4f6d5fb4c4f3
SHA512ddb02c42c044dba6249119498cef8829d127c444b4ff6629507fc9ef19778fc481083e302acde2be1e6116b792748907339ff19335d17627ed8da68e05a75bbc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD587a9d3691a887ad5a6a45a53df5cb248
SHA11913ea78c7416469395753579f0a24de31032b27
SHA25606f0a02745111132ae33f7ad95eaa66d942cf4dd2217f1f736c8fff9a9650211
SHA5127acbdd5070c2f80bb8a7871578bcefb3a5029be3f2124acab988aea543d9225048a2af9b0bf33c0d1f73ae57d29a5ea1d5def9fece9918975e8aca15a81fd39a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50a5f2cbd291f721b5c8e6e90be2fa7f8
SHA17f050005622abfff316ff11050a375398adfacc9
SHA2565602f7535afbeb2819cc0add0722218fabf1b1a82c548fc7cf8d613ac64c7c1c
SHA512ec0e8933a0fe27c60371676f503837576388cd7926123b6f38174c1cef9626758350f3fe40828a5d684e060e52be8654c71e02ea236fe6e54e3817923c420978
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e255628c90b6fcdfbee05cde147f5060
SHA198d6ed666e07a44eed824026f358999f9fcf250b
SHA25689c295078d6fb5e2d3a4c7542a29aa609c4beae2d7611e152e6a5470eb02e0b6
SHA512c24f5802ad876b10ad50d2c64eee7d15d36620718ac4b1c126d879652f24131c73d1cac74ba314f886d94af596416150aeb72466553eee3e6063fbd78bff3e83
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59efce32cc3d8aee048fbf55957e566ff
SHA1d0e0f17b1f584c28213e057c73a91b04976f44b0
SHA256ace5979b6b5c0f4fe1000f0b5d159bccc995fba221879a3a1192db669c605fd6
SHA512e49b80f3e4eb6f0be8be4064a5d278410138b6b3413332a52c3b1267dfc80796e2396acd7b97315d52a4d2138295ecc2cb3d1ecb3f36a011cba05b1af8de17ce
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5da32f88aa0f95f63e2981214de9e30b4
SHA1bc64b376b9a98486165386655c338814da17a73d
SHA256b0a2a15f720abd90240b3789ec8a946075f9ae4672e36aa50c3fa70bc4b2d62d
SHA5122cfb4f281c917ae368bb417d9eb8ff6b4bb040c5d05b926ab0885abef589560dfef5f4aedb1b5aa552cc5263d56345e51c855d480232f3bc34ecfe65c725b9d9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52c8f1f0c85e9fd08c2ff2c3902680b9b
SHA199af03d7bea926f5c806d44e5a1d5979f56891fc
SHA256e4af431df90cee8e0f6b431487d09d49d5cdd8aae34f592fd93493f635e23669
SHA512abf05d92c54005af004990a1705ef7757b5ded700dd0ed8bf9a75895de2a8c6f0168399831d7f96d47567cb6fbb9d0e35d28a43714c123159cfc1d7a780bcb44
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5da4d77ce1c004d95ab37a22580ff5cbc
SHA12ff6c9ca26dcc67a0e7fcc2286682ffa142809fe
SHA25616475120a0db60ff0a991547e6b2b78d95bd6cbca7978fd43c0287b6dc28761f
SHA512aa8a6505eb2802c98c06fccc15b3f9cc5993ed1a776b7de6c6c404f7f20be21156c268a64bd838d1d2ed7374074f2e0eac25eb3e76e5b0c98077c9ed47cbb3e8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5132935e7ac9599228c1ab57c4d7326f1
SHA15743b5692e37d926986d13e2bd5dda5f63c84ee9
SHA256e52a79162babf829f865cccda1a7a0cb6f904badea5df4a5ae051bf7923db763
SHA512843537bd99cc782106205cae5ff343a81e7740a62e425dd6531a35cc66c5765bdf6ab0b5727f91b1074fd681c20167d2e349efaeb4b32fa19dba2b0d1567282a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fd982a35cd59d5876bcdc354710a6bdd
SHA10ae02fff0c2f65970750460d2bc6b74ef1c17d91
SHA256b3d35d6a46557d7677c10f3fecb8eaa34bd6b4f1e41cf87d9d1dfc8d115ef49e
SHA5128062ced7081307b38d0fccea9dfa2e10b900ab9d33ce6a2fa4a97e71e2ac461b0ba1930c69d647565a65ac7c4ecc3c971b87ebb35a419a454ebf11b6e4130a47
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59499e1a84161031a9b58c8dc8e86e8a0
SHA1b8cbde90f187c07ce45af120fa3841f3b804c088
SHA256faf783896f0d977e7940944c12e65cccd7c1f604de4f679672fa543cc03b305e
SHA512c392bed456b9bf18a41aa12871d940772169b6f133ebdb4d6f8f3f31553ab2373e728d507eb6760b4eaea71dce2894e0fba30e35b45d9a2854d3e5ab804ae8bd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58c6e5a31f3389757fc7524e5ab2c99e5
SHA19d0bedc4439c3aa569fb22f1734df9e6f2b34267
SHA256eec714552677c32aeaec531b0f9d4822a63e9db4e00039ca902c6ff08ff55a71
SHA5125ad44fae7273c10e2d582840db2751c15d9b5273cd1b2597298182a6fbf241c9ebb40612ef505f42902681e230ce7eee220ea6320919d3a0cc867f7cded45e92
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5696a1220641f83db283b2a1f7f8a43c7
SHA1db12e7fdc0cb14e3dcb805b090f80e5e4e4dfc82
SHA256490785768cebdf791bad3c52ffe15ee64b08189dbf2b513e4f618ba8685068bc
SHA51215eb3de311ad8c894b3b39dfca81d294f808af470664ee1dd73a1d1229c65f8adbb3fa8f660701d66febb1fad6100038882248109b22357a3fd2eb3dd7ebdbbe
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59e62c65f3c770bfa394df97797b1b1d6
SHA194c8341f8734df588cb0994033a02e5a958ef7b7
SHA2565c7e1b1a41ab77f381c36f54a324de15ac0eb8a9031c3e8627c9052b6ea04050
SHA51253ca72e75107cbf98039e1b65574bcccfe3b14fd516a648f6fd6514872b8e1c6dcf3f9338139cf6b79b741f0a9681b3d1dc1be15434ece27ea145be688f45c3b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e3d4cd3c790acb5e02bb28d2cd40ff1f
SHA1c5fdcd8d01e1950b00facb54900c8777d14042ef
SHA256d378be16014838c9500e0c79784143c931ce9327d6eecdcb19ca83f066528ace
SHA5125b91d3958537da99c9533d93498221f0b6dbdf96b0f93d9ca4feaf55dba942e358397c56d0a6cd1ebd5e7840731b00f53dcc273d0383529fd7c2ff620b59a542
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55aeb15562ac383cfe7ad52ce7fb52e8e
SHA1b65507284bf4414f1267c4ac6da232e17e452d47
SHA2565eb59bdc72e0ce4404b3e034e43168ad66e6ed0ffa86100271ab9cee2952d803
SHA5127543117852e365afa517a3543d9dee61c740e1cefdab09b8bef2abb653258173d8101c5d36d17993c52bc48c332b1b8b4cc6b83db171509950897bb08f033fe4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD598a86aae16d9721024a2d0ef9e44a1c9
SHA1f6ef6ad9c74b78612043cdc0bf4ec0952ca61d74
SHA256f4884a91c26982f30c7dcee4bde506bde4cac9ef9ff128f89a22e4f1dbfdd871
SHA512bad3e83b9f197917eb907a9c62d6bf588469d842061ed05442af9ba05e6ea29d54820a693ae80e0ae7399dbe0f6f4b277d8ea5bd906a794af3e8c13a99febb96
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a29f79c0094760e152b4b57538bd4b67
SHA1a1f9435a08c4868718e4d7d09dad93baaa037f36
SHA256661fb47bcdafe29409ba8b4093bce3d6bf5236f8628f8c0b06f95a376a366f20
SHA512489b318b2598d97a4639e0a8c15755f6b757ffa44bb2cd6106c1a5f2b6f8679f0b195da446ba3fd511b924a0ea554f92ff48b8f9ab75be9a785299db5024451e
-
Filesize
67KB
MD52d3dcf90f6c99f47e7593ea250c9e749
SHA151be82be4a272669983313565b4940d4b1385237
SHA2568714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4
SHA5129c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5
-
Filesize
160KB
MD57186ad693b8ad9444401bd9bcd2217c2
SHA15c28ca10a650f6026b0df4737078fa4197f3bac1
SHA2569a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed
SHA512135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b