Analysis
-
max time kernel
137s -
max time network
134s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 17:10
Static task
static1
Behavioral task
behavioral1
Sample
a172e33e410dc38634ef8afda6df5c97_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a172e33e410dc38634ef8afda6df5c97_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a172e33e410dc38634ef8afda6df5c97_JaffaCakes118.html
-
Size
151KB
-
MD5
a172e33e410dc38634ef8afda6df5c97
-
SHA1
8f0bf382549b6f03da8454a8627b0972c657740e
-
SHA256
9d99d7b6c0254bf65b89215ecdde03ae47e1e64c618102429916bcbde9fcb2fd
-
SHA512
13a48c7e195fa122433713a3176de0e57776eb676a87f08b8b2aac70764afd9d75c37d7a6bcb40b6787c2dc3b35cb1dce186fef7d0105a158e42a00ba7acae4e
-
SSDEEP
1536:lgAMryDEaiwP9yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJruH:lg6d9yfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B262AA21-28DE-11EF-9E55-E6415F422194} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000344931d217a7c723ff581d175a1188f029bf5d3492451abd916b638bcf663d75000000000e8000000002000020000000233e8eb6708d5032acea7241fd4d3964d0a0f4274b5dadc619820ebec8171318900000006f7c9049ce1f2df442a72f2cb04f91cb40eb9a89a019668327a5af8aae7286b0b5bd1dea1a03cfaef4dde15305066e69200612cb90c7ff4f5a2f0c810c9bfc0abb3701d4bfa75af4a009039860cedfbe2b38d1cc4d683e039ec2674308229dc313cc2b969d5bedfe5d0867a42d30e36b6f8290923a0ed534649ed8a053665ee3784d09fb2a898899d3c9177b16bf18f140000000e3938d473c52d9e7b793af37dc8b707f2a7840373eb099c42f4a4ecff505ae0b280cf47f58b43ffbcf13c6dc276b060d63376c795b934ba5c4447dc554c44299 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424374111" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50746088ebbcda01 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000006da1f1bcc9f2aa2dd6f6c5da70a0398cb0e3e685ae3b2f1610dce667665a9ec7000000000e80000000020000200000007943d9d27ed28580ef67d3669645bca1a28286154c562a503d44a4279210c9ed200000008b3cd0f9f211ab374597f13ad368050153b6e52fbe96ee71ddd81a929a156e9b400000000cc8a34f803d4bfd17ebcc1b6f7ffa93b0ba2c29d56733177985981a79576a35cda923ac3fdf9a0ed4d0ed88844f7a2e88a228b7ed4b71004082c8f436d2ebad iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1440 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1440 iexplore.exe 1440 iexplore.exe 2928 IEXPLORE.EXE 2928 IEXPLORE.EXE 2928 IEXPLORE.EXE 2928 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1440 wrote to memory of 2928 1440 iexplore.exe 28 PID 1440 wrote to memory of 2928 1440 iexplore.exe 28 PID 1440 wrote to memory of 2928 1440 iexplore.exe 28 PID 1440 wrote to memory of 2928 1440 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a172e33e410dc38634ef8afda6df5c97_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1440 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1440 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2928
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58cd891ec84c1ca859d50f45b1f43288e
SHA1198005ce546a77a2f99c70096ad0bcb5130d8295
SHA2568823c10fef0452c43a4ca111c2e2ee7725950237b9be81f3b14ab0e5d8f19581
SHA5121a67d0fb61e015d437e80cf993f37c5b8b428aff64ffc467b4c0088513d6affcdf574606bc1bd604eaed881465ce4c78fb83640937804825c341f509c39b17a0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57291277d75e02291a5dcdcd33590922a
SHA14f053851d0fe4ee3ddcacc6404da66da95be9523
SHA2569187730f8c7f40f34413dd9b4069709b00372c74480d115e5b7db87cf86f3ffc
SHA512119ecf77cfc3b96f040d8a68ccf8ace8005051d593efb35943954e84ab4bac8186b17c7dae25325db0e40a3973877081ef2e970d6b737969af4d52d8b536b3a0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ecb6e1a539d0571a08d7c93d864bbcba
SHA16332fed9b03030fadf633db55684f66b705e4076
SHA256981f6d8a7058a7b08dbfb25e83d73d5b75937be645c4eb2ce20bed8636ff4b99
SHA512890c7ac31e5d32f716202474443120b505c684b5b7a60120c6e88a7fe90ffc5ae789bc877c4c527d8f3de6c766ca761f830d4241c8b79182cec4c5508a637512
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cdbea69d49630d3de0c7d0779b88816b
SHA143e0a50b9fa1f780163d10100be111da40bf216d
SHA256fee59ddc21e6341b7d4b284396ed69a4cb5e61ee46857e04e445c667b6c41c75
SHA512eb20634b1a34b367e907719bb977b6c885266eba8a28dc672bc78564270cfd9927c6fc503c14bc074d81a177fec6a10b0a37638b7507857a3407a9dd50a1acfd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55e70a2205c439dba1e33330702c52482
SHA196912ce018e54a2486a976deee46bdc9a763095b
SHA256227d480fac143a8ebf71d1bd163cfc5990c1d967fc1aa1579495996a6f04e78d
SHA51204e26fca577e1eada69e06140d5818ed252fdc8f52e3e46a0320d90c904811feb31184e805a792662c3cb3220e1e281500f223187151b8c1df800bf60579879a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5137fa3c5f957d26b4e12f4d0668e2c2d
SHA10dcbc520bd0c971736b6b3edf36e99273a9f2110
SHA25602ecc4d7cded7186bd54fdde68965905940692cffb0f9baf4f3064233adb52c4
SHA512063e8d0af3e605a9bd686a902259a707309ae4459af0749c4d7bb3a20da3d04572f5fcf4a41195411dbc4e9ce30e17abe8d760e6609b741f33a9d39144b72242
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59e2c4715267492a22b09f7d42adf5cb5
SHA14f4f8148b394b7677d74c8621638b453968752e2
SHA25678a4c9ca90ff0d2cecaa46ebd9d9d29be3164fe59b794b064d511bded8a9caf8
SHA512c487aaa36fc5f59aaf3ee7a89a5a90de78d8c27ed26ba2a48365ee1a50b18039bea696900e0a6895a542f03c0197e9cc6f5e25eddfac6427de067fa2b11aeb0f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD518ffa73d17f2f4d7b85d6f2539133875
SHA1a7cf02245f0a3d5f86773faeffe2e9311284d345
SHA256432a30e356e0451d57f827a879090eca4f4d4df99e3568d5a07eb86acebbc9ce
SHA5122ba6f001fa22fb8fdc9fa63c13555027131e210e513015f0d9e859f037b88acb786fe700ed62fe92bfd7376eab92c1c66876cb6a3f083f5a92f42bd1e1e26dcf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56a87b5569924260293e0ffc3ca40fb09
SHA148349d9ff040ce09170aba7dd08535e8ab822bf9
SHA2564f316946ab767ec7d1fb46747b58d6160942c4a1646d47991f0f308285c0eb6e
SHA512b3e770a6d1eb72418756f57b6258c983d0b5f27342686165b137902b80db4cd6d75dbe163fdcb4f8d6f737ee561c32350452cd2fdf492038132372014a438e6f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5873e4702f3e173d364d0aebb012efbe1
SHA1d430db45670fb67cc6733c70ab2710750a462b1c
SHA256cc0dc34f81a134ce935ecd934620a1d3b79e27cc88751889614919180b8c051f
SHA5126d1144bd396a93c2d68dabc7faf64def682f483c9147fa1e8bd77aaf6f5f7d5a659ff6e3fefecb4bcf0f74c2e9b609f998bc3a24094a2bf44bcc18b9af342be8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e7b09fc027de226e258bf5804422606b
SHA1d911812e589155c96e34d6e067c3bed2380558a7
SHA2566a4144cff57f1523a9e369ff87f4bed7057d7cfd6b86d404179e170bc393d051
SHA5122713e9aa82bd8463f058897b1375f44faead75b280816d6814514608b64427349dce4ea4c938d26eb02ea6d61420d643ace004e210ce982b45e6175651be895e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5faf3a74ad234e1d89a7eb8a265bebdaf
SHA12bd7940134870eac2203b70f5d00b2106d69a010
SHA25618cce97be39a9ae726dca11e807c2fdcfede4e46c803c903e70d92f674f1f59f
SHA5123fed647e1717479a20128cbbffabdffe763684395e63cf321256374c62d8f21283039d6df6c7fd5b8e57b5a3d510574b9d822539ca6c54be3d39c96d0f1f654d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53e9337c1b1a57c0bb8fbaaf3af3607fc
SHA1c9aef7dc6b2efc0d508cf9f19df1a8a03d9844b7
SHA256c6d320c399081009e647bce5ea11dc063e55552fd41d5b761cb7366ae5b81765
SHA5120bb054a728f91dc2b8b0c6ecb02886063c796f0b15d722f2e757367ce179cc817f9840863535f14d506e1dc25195f603467fde7076c1d6b15023e52778bafaad
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD572f58a662c87f79d2760dfdd50275027
SHA11c86da9f59ccd0cd73b8be8a9f6288980ebd362f
SHA256ea8022367ee2e7fd36a274b85cedcb69dc5e151dd51e33efc905f9cddb367b19
SHA51214d4a65d16bbadb2f62d3addd60af2954dd9efee970604456e94b64c3cee39a9012ead500bb360a30a3d32db879054792733ec01e66539ec55c912ad6db0ba3d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f7c35e94d73f923fb644e491e1f67626
SHA16aa23a5d277c114fe2a3289eb6727bbb74477cf4
SHA256a9092c9d75650ba24730c664f95276fbcf7ac5ca2ba99c28ca9ccdd801fe3ac7
SHA51245af1d183a29d80d675bb759d53fe1277f4dc8789afd299ea44061b21144f1a981bce5b4be2c005edf08986cf1371bb74976f7f64efd3c787a8279177f943a0c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b7471096a89b8a0a9c3c52ab3dff6c7a
SHA1af709bbceb12323180f07b806562c2cc3d75c56a
SHA2569cd0addd3dfda1957b92bfd41e331be6a08d33c9d4789832fdc90c457c9c8456
SHA5127eb3c5ac5d2cb93e279e94c7c562217c8d5e32902ca36f10953dd4a7955c21b7f899bca85bbfe6d024a5aca575242d722770479b0564f523a4bc5428a0e216c1
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b