Analysis
-
max time kernel
119s -
max time network
133s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 18:28
Static task
static1
Behavioral task
behavioral1
Sample
a1be259c8e7227504b9174706f682f87_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a1be259c8e7227504b9174706f682f87_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a1be259c8e7227504b9174706f682f87_JaffaCakes118.html
-
Size
4KB
-
MD5
a1be259c8e7227504b9174706f682f87
-
SHA1
79d03fc33fa79897bea36917c801451cc9284d3a
-
SHA256
4482290fb9d60383f58637bb4d33aefd1a32e217bca6724b8fe1877e604af928
-
SHA512
8ce3ffea43d36ca53986eb56545cd36f09c89adf7f03ecb2bfcd445e39bafb091889a7f669ab8c40e431fdac1352c8653ec6b0f1073ea88120aeb5db872044e3
-
SSDEEP
96:ziETPZmV4MSEPBDvV0n47ej/hgOKiljSR1QnyneqhsotFPvpV:zimwV4GD8/h/KiZwQn/q1FPvpV
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000c6d80556547656cd441639e568dc8c118ee6833bb9c5a05254113420c219df83000000000e8000000002000020000000f10c0817e1b66bc9c6e5bfd48ec36933b16da7a89f814f7215697397a6344638900000007dbcab4f949277fb52624720c399442224ab814bd992936e5cbf727fe0534de13b54dad5d279599682ba63b395a260607c4e4fdfe772c75e120705d6cd43ec82cc26151e255b6d96d16f3a4eb394c643867b755d07b62ad2b22da0802d72bbb602334e9a3fb350b079617f20087f32689b27f0fd16786ef51612d60966683021376d5f846d4b9ef87646219f16f4ac0a40000000f9f9945eea9ed488dd06b0218f2e829bc392cb44d0210e56f9c1ce3550579025c14ed8d8336181c51549f68a8a63cc872758e189dfd8b41f0d405223883967b7 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9E110FC1-28E9-11EF-A1F0-7EE57A38E3C7} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424378800" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30d49b61f6bcda01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000a18c7f6209710ea09cf9a04ff196c3063cf1cb9fbf8753aade121b3da39d3002000000000e800000000200002000000028613cad31f4578d96a3944dce2db5cca7fdcfdeb399fbb10cc7696f817134ca20000000f2099556469483af444d33f7b75316a25704fc15a549edcdd2a2a022403e204a400000003b79c985b4ec46f95f605ea5101b17e6521114c119a96bba2fbbdecac81c3203c437f7f3a0ab2bbcf2bb35f0756da5c3124091613ca1708ed9505876a4c7f136 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3020 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 3020 iexplore.exe 3020 iexplore.exe 2996 IEXPLORE.EXE 2996 IEXPLORE.EXE 2996 IEXPLORE.EXE 2996 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3020 wrote to memory of 2996 3020 iexplore.exe 28 PID 3020 wrote to memory of 2996 3020 iexplore.exe 28 PID 3020 wrote to memory of 2996 3020 iexplore.exe 28 PID 3020 wrote to memory of 2996 3020 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1be259c8e7227504b9174706f682f87_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3020 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3020 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2996
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5db0de3f8abb9b90fb9f9e7af00369997
SHA1be6d739f84f8234a9bb687962bec814195e42c95
SHA25628eb661cfb7ca1fae5f315b16f8c0fb7e2bcbeb4b9a9e17d998191824437e1ff
SHA51232185ac09b5e3e48cd8559fd6e8c36401ab3f4fe0d0b1ce98aa5c2f40398b86397fc384c8c3a21069031003dcdd96f667e56a71dfb5db02d3355ca10135d2527
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e59676200b940fe96f7a71793353125a
SHA1d39036e1baf6ff1ca0de024107aba80db2d10199
SHA256c1ffa98b7855d21001f7db0e4ffcb26fe60059d8592c0dc53e711fbf5f08e2a8
SHA512f9fff508df924799632d80c00ce809f8c1eddac36b2f93c27e19c84c22af401c0a5fb86c2b17e294dc0005ab35239b674672e3abe5f41634cf33af2a68efc956
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b6d727a06241d233ae39504dd86b9f37
SHA1f9f05919df3967e1184df36cbe802bbb349d1ae9
SHA256c93de4497f95f9c49aa794a02a6ac63d27b2de60774aa61ea56828b4d49bdf5f
SHA512d09a1ba40223d54be5bd0f5e87779ae4052c388571116f3bb677200aaabcf01611715bf1c73c34a646687597bc3ac99198d72d025518877e130b46d7f3086a94
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58d2c10803244b51acb020121b99dddd2
SHA1f7a8929d31fcbc55a9434c6d9362dd31f78eb730
SHA256868721a08b0a87c6fa2bd80ba16ffe3fcbd45ade82f26d8612583df0c903c61f
SHA512b131afdf938e521266a02afa56c54ab433cca260fb5ec8975f79591b2853ef2f7b0dffefb6ca758a45052f5b7b40c87ab22522b155b2e7aa509706e775a39b2a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c3a0ee12b02bfaa1a2e75b49a0c1a8ed
SHA1c158ab2fe862d43ac338f15e294fafd97491fc1e
SHA256a4aa24023f4cb5d3095c4d1a01763ecddd39daf98014aaac47d6496ceab96242
SHA5125a34829fabb0daaf9dd79f7668f9000faddbe040658a8cfd483c0426adb66441434464dd6dbe42b0af75d2b30c9392b4b80d402e325ad3fb83984fc799947b6d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e9723e3bdf31712ce5c2ef6dad617aea
SHA1dcd79edebf0ec9d2cf7c22e825c6ae626387ca55
SHA2565a4e0a2a92a6d7f6c9c82edb299b4eca010b3f0abfbeff3203cc83dc62810d38
SHA512494e94b7e6233218575406e935a0196e2459419ae125b33aed8e19c65c1aa10c90133851aad8665a76ca847240b2f9b12cdac7f829644b3750058422f9072555
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57de436166cc3407888b210b7e850ddd8
SHA190c0b6caa42657419cb899ae924d8ef21fb349e7
SHA256b9f494c585525313054d922d7c5cfaa5911b3d02be2e258bdaa1df414d1cdd97
SHA512d42ffcd74dbe4f0615c97303a699723d80a6cc570f94ff59f5b2e3b9d9e79d8e447d7beb08226dd1b30379f0affea6f0f35cddb408dfece2582142448a76fec4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58accabfe2c557990de41cde30466db8a
SHA1ba903317567e1bd5a27049753dfd0978f704b537
SHA256d3e158fa486336f8fd4907074326f03e7a1f490516935a6aa04a1f8f1441dbcf
SHA51229f23c4fcb5b27534344f71261e1cb1bcaf196f55bea0bb81b3bf8f5ac326c5f3f480fca4c6883d6b04332a45929c24358d9e0ddd151b4f17f4bed44dbb3a02f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55cc05e787413db34def597b02ccac4aa
SHA164342fd724d71811a8f04f2eb334df56bd54e3b9
SHA25628c083a202e9817c3c94884c21b41b9604c80e811f753c8850a0d0c71e10920f
SHA5121a2543f6286ad8d8263bd042957ae8ec59ca63163b46bce76f86fcd39ee463c0668b2b7d663200c5ad1419d0eda3cf4e27ec5c9cd047ef6eed83d2247a622766
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD548622b8470b8b1f3e37d28935b16b286
SHA1129e032b7d50b7583ae37ca212b79fb6cbf4a03d
SHA256a69b4c94210be8581ab9142dee82a4682c4853ea798e28ee1a8e6a9de1caea0b
SHA512e78d01bb2d0b27ce647647d26947fe5331682feeb44ae26afc5120be91a6c7d338b7f329cb8cdf1d1ca0576cba59260112a81257a6ee44551420363953fd8213
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e4c85bd0a3afa9232bd24c18f830a896
SHA10f72df3e5047b2e30986ce0349d1572394e78711
SHA256db10c070202af2d0892388cff054c95e9d9cd75ee052e699dd40f489b9e80b60
SHA5123f8b80ccbd1a8d02664f251365021d0ddacb5b79a472f66b9ecae86bcfffbef16577d6d1284e3fc57387958926c01ed7453037b37ee968805d80aa81cfc33e3c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51dddd703e6371b6099ff1e73a558ec1e
SHA1174c1210fa9c7e0389c11b7fff7fd4b611993a7e
SHA25667b40218a99bc5acade9edbe4e55997f2c20362ec9c6e6a9302c8d03e7d20466
SHA51280f70b35f769534e9d5de6de2eddc08abbb071b4711ea3102d20d1aa0ec5463f0e251b448199684aacca07c0a9c11939f66fbb77058c4fa9f0e6452f48b92606
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57580925e817b625ea22528568cf20f01
SHA16cf463d2e25bb1c890617ea605973b9c9fc7d7db
SHA256716d50da7e73a8e7be291633a9791034d5d065ca38905af227a68043bd51406a
SHA5120d6c4560bdc514f2b4756252407b400e57f69a68c3996f1e5aaf3d0aa2dbf8360adc4c25caa15983177feba62544c0f028ce9496e627cf77fa660fadbad7aba6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a6b2fa18d720f6550483a35ac91d32c0
SHA1e8e2b076175059f3270cb77012e92f4e943c10b0
SHA2563a65240a3179df1f0e9befee8a7a3fce6fbe8a510a053d139e0021a655de49c4
SHA512b88168198c104d3cc9efce2e7f277e0c5891f4ee9149b66a1a09c3e4a3849a379b3f2c7b8cabe668f9833b511a66ce95f5c55af10f0093fa24c6680aa7199af9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57364253ee839bafb88eccadb72cae307
SHA1f8f04cf99e0879a020312bd71f80973ca9a69f28
SHA2568ed8c15597c0266a7a56782c34b98aa6228e90e2db133843d102f3d527a7d9a8
SHA512cbd21f830f96d819d7ff823578e3aee905788282bab1574b8713064aa564a950d609ead35f9a75042f98d7eec7e2e75469b957aa62040c764c269aedfa7db6a9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ffb70ac5c208882c262ef001d17b4531
SHA1fb846d604a0dd20173a34073f0edaad6bc9095fb
SHA2568e17693102d2499cc1f1e388f190d7307367e508ca95620636a4cccaf14c9bdd
SHA5123bf660d324f27aa42fd093e80ce5b5818349b381eca473845bed41bfc5286c370560252dda6996fd65176b3197d14c448e2136f882d4efc3baabe6cd507a298b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD535d3e3c71cc5dd1ce6cf2a0596012520
SHA1629f815200101ee734b0ec3e48002577ef9b9d13
SHA25604447a38013479f803d9599ca1142b851fcbc0d31d7bcc7ff498ccf7afd2de9f
SHA512f633e8ea57da89ee5aa78e3fdff7d83e3c0d44d11cc79c5755c8014fe45edbdbb3a6147ef6c3a3a39bd68a56b452110e11e8c258360848de91023215d9b97a93
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5713a7c0c406ccfb6ecd493e83d526d9e
SHA1da384a0998ea3e7c7e8fc611e65a668775cbf76f
SHA2565061d668940e6a04477b2620398abb5b005187301ccb758ebf9526ccd67e193e
SHA512253b7b047416f5d8686a3cb0e8181c96b57031c9d5d4d6b972adbfd8fa66b567865986c2f1d65402ecd1fcd636c5ec2a418f9c702d84006c5f88b1ba774267be
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c276aa0a1825315cbd10269ab91dbdd3
SHA134d2c321331d685dd5d8f535f3ba3c97f120886c
SHA256b2e3e853953bd734a76101ac85556e81fb3bcceafb47adaa824fcc22009f04ba
SHA51227eaccd5c083f941f2c2f92c958408282442e834278fe5839caea2e947188b3bdbeb7e9b94aa4fe4a1806772cc0a92da6dfac4fcd27f301ece08a7f3b5e86ba4
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b