Analysis
-
max time kernel
135s -
max time network
136s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 18:18
Static task
static1
Behavioral task
behavioral1
Sample
a1b319d7da978e3f2baaee9c11cd534c_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a1b319d7da978e3f2baaee9c11cd534c_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a1b319d7da978e3f2baaee9c11cd534c_JaffaCakes118.html
-
Size
213KB
-
MD5
a1b319d7da978e3f2baaee9c11cd534c
-
SHA1
148cd61dcd8606ca46f67472cb0b3793d4fd2156
-
SHA256
71192d1e9c6c97a3e05c3e0587fcf899d18de3e6884eb7e1d33fa7e3a1a823cd
-
SHA512
2413b0952bed136d7ea31dd512dc8953917409c6433fee0e4eac43174e2edbe1d217fb1625ff811dcea9ba81ce582581f23e8ff5467bf1a65a21be641f33bf16
-
SSDEEP
3072:SmtewwHK0eYyfkMY+BES09JXAnyrZalI+YQ:SmmgVsMYod+X3oI+YQ
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1C4D9951-28E8-11EF-93CC-729E5AF85804} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424378152" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1196 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1196 iexplore.exe 1196 iexplore.exe 1804 IEXPLORE.EXE 1804 IEXPLORE.EXE 1804 IEXPLORE.EXE 1804 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1196 wrote to memory of 1804 1196 iexplore.exe 28 PID 1196 wrote to memory of 1804 1196 iexplore.exe 28 PID 1196 wrote to memory of 1804 1196 iexplore.exe 28 PID 1196 wrote to memory of 1804 1196 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1b319d7da978e3f2baaee9c11cd534c_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1196 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1196 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1804
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5f8467a9b4788568705c074b8ba4746ab
SHA1308d37c7361834faba01f64030f3c7406a9909af
SHA256a8ed0c6374a3b8e94c879590aeb47eaeb08d51a218a90b1036a4c193ea56cd38
SHA51284c1eb99d5178662e754ae5bbdd9aec870a66ad4af602360604f4c9bef7813d1e986080cd33ddd224bd6eebbde9f883d3fb3d9e56ef7027a97bf29dd6688cf31
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5d6ec293d2a7d5750c75927b37f26e2cb
SHA1910f6d9c710dc51eb6f08e8514295bfc4bcc3177
SHA256ffd251f3b917f8898ae6ef7ec141c4c2084d9adcfcc8e197b966e41b306fa7c8
SHA512465a8567d0004b0dba7f68f8f18407a25ac583ba269f08b26cee999141ffa32a232cbe3b71c42d09dba00dc98f9a28dee066542ca77feaa2f8821c2d70226229
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5e4141fef9f4738a8390a2041400c54d2
SHA1f250e7c573275306d5b89f59c9aa919cc4a9931d
SHA256c73311fbebf14fd07ed685cb97792beec544a9c0e546b0cf5b65d0752a236c2b
SHA5126f9bf75400601fa97d3cbfe74ce819f1bf4a6c5cd9b586ed4ceaf15f410cf95116e349147958b671bb7c144141a068ca91b0f47951cbe993ce22dd215f121704
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD515cb9b7e0c7f21532d155e6b42d3ccb1
SHA18df742dc37ac54e39521e8acd7e0b267cba2e190
SHA2565614bf5d0be5dcca57850bce14fa02b0fe26812bb699947a8e8b8ef6c2e97977
SHA5123a99eb09f38faa43c2ffbc81cd126bbda320ea6d5fe2018c6adc37341444fffc899c202d6c48f62c9f096ec17686e9b06fdb305dd66a5b9a6fc3655d9329da3a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD54a5581d9a4c04567fa5834a382e828c3
SHA131c9296941e88d642b7f9677a5b3b062b9f6ab8d
SHA256835a0d14f64853db3b7b364ed116dd6e9b7977b1c3d5456d2ea128d74cf7fc55
SHA512bd9c841e2d167daa2a41b75c4352f8830c04ca918976c09f18d9b3e01cacbdf1b40dff9b8a9e22a4c88deb5693b4453fcc268404b7e4c5b6b50b2e1d425cdcce
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5b289b71a5d710c8677b40e6a825fb754
SHA1ab67f16dedd2acda29d3d81e197d6f95bc35395d
SHA256a397724467926df18131e2ad8c4c4e1c0e36a7eadefe62658f031e6fd95f30ec
SHA512dccd7d02294435eb323463873c8c4654384a9cfca69d4ff0f9c3ef8d555215af4856e6bdcad55750bf07ffa8263aef5fcef583c499ce29ace747880e8a37f9b5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD50a969db1272d2408f4b42a9b919aa4f7
SHA1a3c7f0f29df5f1922f88260e6267dfed66c4f6ed
SHA256524567bf345acbc4864a4788afbcb3b4e27e95cac4c5e35d7db6bf64613c1823
SHA512b316089a4e8b587a6fa005c66eef6db2d227be98dc98b25bbb177b481a754f0b6767647da89ed1e19a9fdac93f9390f0b26fbb2c85eddb520137cbdbd2f6daba
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5ac1ae835fe3969befeda1a5cfd609d47
SHA1dd905fd4d975619c3b00ffdd12ff721002aa111b
SHA2561f572091d9a0b7b66bf57c8103c63abbbc2970ebca2010178aa2e721e8259baa
SHA5123626a33ff1c5a7c0a81b00ac3319db866467489b5e71a5b6ed0f21708d8b8d478b27299e9d484801ab7d844e3b045dadde4b782eb211b5bb53e5e4555383770d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5d424843f6cdd9e1904dcf5d027dec8f7
SHA113c79fcc5172007fc90286b55bd9135c7f4155f4
SHA2562975b84a87119bb2f0bcf4b21b9315fdfefb25789db01856325106927c8039e9
SHA5122bcc05724f8605580e894ddd9b503bf98a703a560eb706c138deaaa38bfe05fb7f9e33b2c25c560884feee205e2b3d03ee146738bc8bd3a0c10ba3b10339b7bf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5837ce6956ad4e08e962c69b6aa1fdd40
SHA1418ff2e14de4014e2ac186379ae6001b16782f42
SHA25634e72b6a8fad26f095a81d845811a6b4c67d11e1c90d620eb5255154660373e5
SHA512b6f47077baee90c786b565ba1e47aa1cc4ba9517058da336894188a0c4690d33eb332ba2ab70a5db347a39fe1a67b50f81b661a1f5c1df063b74bd1420056ba5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5d751f298d0d58f7c5b7acb0f549a6cf4
SHA15a0cbd7de9c16a099b2ef05cb451377d8819a93c
SHA2565fd76bb79a00891c02a02158418ffb4bcb82fa5c7667aa55f2baf8118ae0b455
SHA512bdc0a08f02d8334d35eb3bfede9f586e23a62be5245a4fc3ba66c71458a47e4e15e6da49d6814a5654390b0f4da852cfa3c2de27fcc3377d0c2006a7ee4ec76e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD58caaa3600dc9893eda15aad78223df0f
SHA103bebee083ff58c058e5e3d64fff2aa264a542ba
SHA256a901889a2d697d053c50f2c8464605e1335cd459d972ab742d5132f9e32d90fc
SHA51239b648156ea88a2d79753d05c21d815b90afe0761b05aceb1432ea918002c17c06326dc37af4d6c09c7c1d2a658e91b1f9d0f6021b2205a74392c3d8f0733cff
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD524e3c1a9a84102afa20bd628c25ed1d8
SHA15f170045cbd2d82ec868341e792bb0c841c3d615
SHA25624573912bb21e75313d5ee523738560b9febdb9ca01367d7e62f23cc7101aa7a
SHA51230364227cb30870153680b3b24a4cdbaa652adca268ae4db03c1a171274a87e947b5405c96bffea8a67d71060e21c2dbc4ed1ee147457cedf282342d76b003e0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5b275d2ffee3ed7668afc9f3c4db47690
SHA197964f8ff3e19637cc83deaada4dd9a179725a69
SHA2561149c23042f0f762e4b13bbc192dc817b511292ed273bfe4ff88403327a5fef8
SHA512b2601170bbe578c8d366fa478d8d65b035881b27d0ac03947ced75fd659ad8f25759d4d6e8e8905e384ca2b4ac5441d663cdb6470c942bd5ff2894ad8070454f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD595fef775015a597bbf267db18311c9c6
SHA16190b0ce5f01c8fb2363980f2f24d52753f8f6b4
SHA2568766cacdcf5e739eac1c47445ec639062f3840777e430b277537769a3ff7ec9b
SHA51278eede78ba313810251b4ccb2bc0cdc168a7e01f246ac18ae6642ac76669bb885d8b827fe88504e5706d3f25cb7455a16ec0119bab62131b84dd9fd7f175fd22
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD562001f37b7da8109bacea24f921798e8
SHA107fab1913cf7254182857e13985d07aa1479fb27
SHA2568f4c0c7ba60d3a7653356134cb6ba1235c3372f982e08bb349323aef9eb8c706
SHA5123d30de1f2c33b62fdfb8da8d5e945193186ef090879db5ed2590dcd495588faa1ac52623edd3f82f6660012060093166c1974357c88b2a10bd16a9afa7b0ac6a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD59c5fb9a0b2b6d08a8eb5b91af7fde215
SHA16c36d720ea66ebe551bcec45e9e493644551d6c0
SHA256e73e880c90be674518c1b8483c42003f9f31315316d40c220f2ee008feed03e2
SHA5120d668e264eb4f51f59f36de31e5713af33c6f118c345e1fbad0bd3a362be1345722f7b10e93f3c90be56ceec0b727c5b8f178ab55d7add9f5a6aeb24c0fd7cbd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD50a1a0b1bba1d1ca0b5cdfa4cf30b8255
SHA138862df2a847c7dc4e5cc029b0d4ff484fc66df5
SHA25694552a3f33dd6be8e7d4880bf4ee6ae027dd90d3bcfd96a8a2264b5fc098b708
SHA512c36976f0daf2ffde453b3d7f525c543cdfdb572c5b155b317a4a9640e39f16b410339e44fc179e94b0b787c1cd8f6ba0ca12dc269d571d15b33ca65d559609f7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5392dd0883f43e94d9a1167d2d38e84fd
SHA118af127eef6f64f1878a113b8d946b268bfd72c8
SHA2562f248092124fc0cb0e0cb816d9b69c4f5ecc22baf99f4dead71a1a3bb4d22f66
SHA5129f3c5b5f818963125be40f9e96254fbac300339adb8be9cd9f1bcfb42aefb1243be4d8d81424e437f4716384568be187925e09f3bae37c967c2a807fbcf42ea1
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b