Analysis
-
max time kernel
120s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 18:27
Static task
static1
Behavioral task
behavioral1
Sample
a1bcfb317e4a7921e129006c758f56ff_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a1bcfb317e4a7921e129006c758f56ff_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a1bcfb317e4a7921e129006c758f56ff_JaffaCakes118.html
-
Size
2KB
-
MD5
a1bcfb317e4a7921e129006c758f56ff
-
SHA1
cb76b065f2075f3e27435fd3399492e802fada40
-
SHA256
12127f15740194b86560981756b147c8abec845d6017eafbdee5c846b2e7ee2a
-
SHA512
4d411f42b99aff3614512f666181678edf59423dd14a9a786d995a37d795eec975b590f8e8389b1fc2a1d70f8bd756ade6189f648936e35355644dcfc7049928
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c86987e598cf484fb09f91a490efa926000000000200000000001066000000010000200000008da91f1e113fb98e6a633c0a77171913a070b008166940a48df8d5bb8663dc6a000000000e800000000200002000000088144897f04da393ca1af67ee8551b45aba9fccaa581884846436ccc2fc50d1290000000da469fe198babd0da3882633e2bf3914aa9e29497aa3a4d91b02a948778a71a43b69df7d4b716f28a5d7e1fe50439c7bf1b67847c2b7c64dd8777bad4b9a57f6d87b4faef96201bd0c43563436ecfa43f0f3ca72855829d848fa3695262af70a6d623a4e297a3360793266f1b84b67d66032d5bfa4130d84d325894ee4e5200f02d4dd9ef1a229c8cfb22f48c0f7f22e400000003df3b191f71d86109fb97fe7c6e6388f5a0ba6467945ac668e285f2cbedf5b991a5dafcbe719ed59ac3d9d6a3a82e69ca06e0218168f6f9dd6f293f90c27f9ba iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c86987e598cf484fb09f91a490efa9260000000002000000000010660000000100002000000045b3f7d40a1a3622c1e874ba3037f13f3fa7d3d9f200f70a4eeac9672650dee4000000000e80000000020000200000001180e8c166e772c3b532ccf8594604951c03a64f8ad1e9d76ad467c8ff413f5d20000000fc05c2a2381238d11b4c31727fe422ef7d9bce39a061aee000610455a933e5c9400000001d1d52854a99526bed819b3c8bbe1bb12e0c25d92210b8a86a903696e5ff95831ab3a90d51dd51a34c080858f5d18a2ff16f8455eee20e3f3148bef6a01a46a8 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 708a1646f6bcda01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424378724" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{712F3181-28E9-11EF-8A7C-66DD11CD6629} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1904 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1904 iexplore.exe 1904 iexplore.exe 2508 IEXPLORE.EXE 2508 IEXPLORE.EXE 2508 IEXPLORE.EXE 2508 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1904 wrote to memory of 2508 1904 iexplore.exe 28 PID 1904 wrote to memory of 2508 1904 iexplore.exe 28 PID 1904 wrote to memory of 2508 1904 iexplore.exe 28 PID 1904 wrote to memory of 2508 1904 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1bcfb317e4a7921e129006c758f56ff_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1904 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1904 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2508
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c2fc1999aa73dba28ba92369caba83ba
SHA159f4ea6af67eaa8a081e62441f27f1928676ecc4
SHA256603c7245731c4b84821dff7aa43968ff2ba6b3c948b716485ab4915df17c34f5
SHA5124d36ece5f81c0137291d5b20a7575d8d8d304b31b85c4dd5be43d513d55763b7433ddf17c11c998c5d9f621b8d7eec5f9cb53671615d49278447dbfe882ce2c7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d1faf8a22defbb1c272fa6f2402f13cd
SHA1d1c97425ad894676dcdaa8daad9b5106f8fc6382
SHA256bd507fcd3668f151a1af681530652ad844c699252585ec0086be93cdae9dbea2
SHA512410363d7811417a3317ddad515b99d039b1adf08ef8cfc9dfa94a3ddd0dac1419bfcda4b1c6543ecb6d24475063c7e01227b49ffac771d3639fa5041e1127348
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50aad1ea7e4b44ee52d7a37937015b73a
SHA1ff1073962bef5f2ec88ae6ebf353cd4683665890
SHA2560cd29cfc74d7ffc975c3a1603a396933b0be5726e59074771adeacf2a6696388
SHA5127755bdbd869c173c2464bf826ed7237ef71afd00c9e02645cae8e276c7d385bde7995f403c4e5b5a62666d198984d77a78ff94eec23a206a20eb42dca07359d7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD567bf25aea3c25acd99d21afdde05bdf1
SHA1f9284dc8fb1f0181257a2a994b0326a40677f1f1
SHA25640e71d86ae33b27ce0193904b3fbf1d4f6e17afa485f48178eab1ebb4deb8103
SHA512d86e5e290fb6b99e2c7cef49079e0b18bb9ccdf7a076e022c7f615833406f7ee44c341c33f2b170ac69a956b3be4512777ccf563cf24eec650820533592b2519
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55fb4fda1753c1a608ed5a96fc0c5fa79
SHA127a923dd78a48ad1dcea2f4ad842f6173e179d79
SHA2564b6f325440fd4b9474ac575b488f5a21899946f206a3ee57ef0007df5af74121
SHA51299eda161bca2b508cbb6131ea78648b9569455e8837be01cadc098f0878155ad9c4c8d8761a58ba870810fea690c39b8cf6df06371d2bc116c3d897a9ef264e5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5981308a2434c95d2cdf54843337c54b4
SHA1594c1814238f1a6edcb5a0da4f052748e50a25ad
SHA2564fa356d59798dfbd8bf3c53854857d2ada65b12f3a78974b0177b42d8ab76387
SHA51265dfe088b9f7068ce3799ef0ac99a5f63ed1a57928c8a4dfd3c91f70ee91c272262138254fbeeaafa716bd276c33af12fea13b11f25a8767c3bc594752f604d4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52b4307515add520b4772ef47aa20caea
SHA1e73c2b63a288fc4c6ba380a1432dcb12ec437547
SHA256262529a1aab43f47031f59cfc8e38c491eec2da328a7eacf428ad22bc730720a
SHA5124c212daf4a50aac7278880640a1c69566114bbe776efc4410e2489000d5869e085c2f62798e8a9a244f65b3e1ac197f2dcdd4826ecd4a5c7a2422a7c4fb88aaf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50308538fb2d8244fb744facb069b3bc3
SHA1dca211f1bb154d98613b1ad2bff65906fd961ee6
SHA256e83bae6956e7a92dfb850167d967cd40d0ada246dfa0a129907a801638906d52
SHA512d584142bd573e5bc53f194423acfe89d929b613cdd3b8363255cfb18515232da01984182889ea13c604da89c42491cd6be4d152da9e2df22800ab79f42003e74
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a960148d23ff31f6d0556bd6f02d59e2
SHA1b1ec6d31ebb0e219f194461274cae7910c22e828
SHA256cf8fda31a9cfd1769c25443b7ab8592e23eb1d81780b24870e65ed097b7099a0
SHA51294726afec57593af027abd856e97cb8b0fdaa589d95c72ae67df691182747be08d5a35f79ed02c37d593abd9385148abf95f3c12ac0c4772764f90fcbc5a96f6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f8d3f366a447bf72ffbae5b4048b5483
SHA1e3ec0d8fba75eeda8bcccacfd66e1c5149256592
SHA256e5920ff5a1eb9e5cb0136122867a1f22456997db16b528515141320ececa31db
SHA5126a20c5476074b2cad3a7cd730acef8e69139b3733157ea2244cca9918dc3d66bed178644bf59c84884c67c54f844d74600fb8cf53de7a7493456cb19e8724e1b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57e5f2759c5ce2bbb7f0d2ac4e291bee0
SHA13cebd5c81845a5d0e144f3a306e1ecebde5cd662
SHA256dcbbdfcc3376f8eba6dbdc46148868f110c5b0b1e028dd35ae745473e7ceafa8
SHA512989cded31f1d1ff4a8231223baac566c8f0c227b66f1baeeac2edfaca046c0f51588f1acf2f90132308584f48745457649dd099e3adbbbc9795d789a751759a8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51f34b832484bf9824ffa4ae77d624bba
SHA194a355cf3f5d25b145969490d330141ced0a7094
SHA25687d8e577196f48a2a4f124f0a62bda5ff21d5325c9562398cea7a0b2a8f661e3
SHA512357f8663192de7d575c91b7d66df10981a05e4131daab61344809de4a01e36bff06dade729484b1b5d62242a40243a27b7cf945e14dedd6418c2777ad6efea0b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e8276de88c59b7c181eab78a7fd40c68
SHA10a02c378851b39214a77cd30fb1b03c945ffe278
SHA256cac17881f36803abf68dcf9fe4f94c3935e293ba2a44a56f2dfd93e2de6618f3
SHA512e22cf11d5d459f4ef24dc87068dfe3b834c08e5ab644365851eaa367ffda0062285a522772318187f1f1a4a03c19176b69c04bc2258e595931d587a3d70fe8cd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ae54e34aada764fdb366729c7e52d16a
SHA1b24fa5c6c02e10fa58201936ebcb63ea0e549d2d
SHA2568f93e3542db6f52569a84ed0b49c67c3209f5f886c2002ce17956f9aa9af92f7
SHA5123f181cc97967d50f9535d2f71f827c36872046db3b8ab3fdedcf861c38fa53ae29c02cd43e8006f7b66cc19193ee4888b89ac67a03e6ab63f99307e9c8500193
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f0a00ab1fc35a2a92e54bf23493a2cc5
SHA153799e17d2e400f6577b5fb66102513418f08ee9
SHA2569163ae55906e1dc5c71946119631b51df118afac583861b33944f8fbfa6dd2cc
SHA51254b686b2a65fa526572e1e38dfaba63f6be1f9d4e6be9463202824b67c183bbc8825c4bac86ff5a7666f48c3ccc2bde77752e2dcccc29023846093ace116d11b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50381ef6ca8df0e4a6f76523f6501ad32
SHA12087f2c84edcccb269305781cb98087b53ab0ab3
SHA256007486a57258aab8544911619fd71d304998dd0ed85cc1a9f4dc79a8debca577
SHA5125b5b48fd33b912449e36730dd3168719b53d186ba749bbc2ddf180bd1d507b0bbbe9f532c259ddadc3434d7fe1195c0718dad77d60af1fc48588856344285a4e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e311d0fdd7c29b92bb0ede3db7976271
SHA192ebbb6d19b3f0a3c3d5bdaac47358fe22b43980
SHA256c6c48fd76335ed4954be85ec78785ea14d4ee76fe30f8743853f98b02a75508c
SHA5124b99d9113a9aa8d43aa862f2ed8ea71b28b937a18cbdf16b146dbd145594efdcc059f0beda5b7eeb7ff88a79a20b0b76a81d1405b5aeb77b09d7fd9cb6c9c8e4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD525e72de76b0de58b08fdd4a6d2c478fa
SHA1f29ceaf875a4cbdcee4eae712473f128e9db9878
SHA25606a8faaa1928efa810bacd54452780d968a379f23c363cb7c09ad666ded40b9a
SHA51248ea2147285d42b62b412e18936838a27029d95b47b899aea41f6e5ed65479813b9fb26360aa0af8de38a8be2304f268fe9e0c2ba993d45b3b964695c0b735b2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD565a085b3721d3634292660aa06f20bb4
SHA1552103b5b1ba5ecee68a6e4b840fa4e0428c4b15
SHA256eaa2c8f9b03322d000a79b1acb052ed42552313baa0616552969fd1b3c830048
SHA5126cd82e4ee0a2c1bab23afc6e172e02fcec7b2bfbba4f510ef31262ed67b3b9c403d420534bc45e80c44d4fc6a0458713fdef206610949a2704b13dcce5977680
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b