Analysis
-
max time kernel
136s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 18:19
Static task
static1
Behavioral task
behavioral1
Sample
a1b488ddb577ac076c1349ad8a0a027b_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a1b488ddb577ac076c1349ad8a0a027b_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a1b488ddb577ac076c1349ad8a0a027b_JaffaCakes118.html
-
Size
349KB
-
MD5
a1b488ddb577ac076c1349ad8a0a027b
-
SHA1
ea228b3952afe56869283f558677b8312272362b
-
SHA256
153d5d645498c80019342183e78f6a54d764d4de613b995d49718438edcd632a
-
SHA512
b6a66dd213d924d962308c2f0eca332c281fc9cdc68eecef138358b6750c2b8a6f43171db29c0f5bbef3e6abcf9954ae618a7a7a6fe4734614e5cda40477c000
-
SSDEEP
6144:SzsMYod+X3oI+Y0+HssMYod+X3oI+YAsMYod+X3oI+YQ:m5d+X3y5d+X3Y5d+X3+
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4A017561-28E8-11EF-B3FC-D2ACEE0A983D} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000f64bd5298f75ef0abe3324b32c2c1138a9e3800feb77c4d68f3ba963c6f6fbfb000000000e8000000002000020000000a0884c0ee8b0ec9d8573790194563dd72705fde255a6ad70119e5839fc54d20690000000d0d80944ce9a90e1f25749071cace380d34948bbf4263f204443696229ac45a7ec280cf6d344574fd2e41c11a04207ed74f3c5e05668c8ae373ed698d6babb7e653ad3393ef5960424407a28a0d1e02a2118826aa377d7a785c75f3ca79d703fa94f35d1d2db03fb8609882b3ca4603a8344501178b48dd31f25bcc190fbc9e10ce5ff4d8b4efdfe7123d4759a8b22c4400000004c80b5df3a0c5d576506cb15234f76b75b2166eec8fa68c7b92d14e67a104eac3aa28353abc6cc2a71b6aa0e517c1845654740e44e735584eb8c6073ea19cb15 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000ea5bf29a29c369042b336fde6bbdae5ddaf283e163438ac50c7683722c9eb7b5000000000e8000000002000020000000bb7c39b1b67775955048d9179ee8655ef11309be10f7d2c6410b1e3fc1127eb720000000129cc648d4e432c1d46994bb73edbd09719cca7b45f478a29e0f81e76614088e400000000c7aafbb2f1402d1010c12186f8a3baa36144515ad3ae72a392089d60512c6398c1dedd174d4262d6172a67ac906a490531b2718e1edbacf7a02ec511f2658a7 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424378230" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70d29e5df5bcda01 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2860 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2860 iexplore.exe 2860 iexplore.exe 2548 IEXPLORE.EXE 2548 IEXPLORE.EXE 2548 IEXPLORE.EXE 2548 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2860 wrote to memory of 2548 2860 iexplore.exe 28 PID 2860 wrote to memory of 2548 2860 iexplore.exe 28 PID 2860 wrote to memory of 2548 2860 iexplore.exe 28 PID 2860 wrote to memory of 2548 2860 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1b488ddb577ac076c1349ad8a0a027b_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2860 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2860 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2548
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5730db1131eccdfd04d17023536fb0e02
SHA1d574cb001c9a1e5426d84addef9604b58f14fe03
SHA256b5d9c7ac72c77030edf433065b66c2618640831d5eaaca17b473953b6ae360d1
SHA51299216849f80fc727a02794992fc9d89adc75b8665121a4da5e303044ff319c153a963558e4cbe19642ae0d79a646fa4f718d44e17fabeb300759634c0385dd0d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58e4190d5de192419bdf933fc440f9e64
SHA182c4f98825b9ac15f8203938cb36cfd049a176b7
SHA2563df193a185be6cb1595ab9595990d2445cf6c1a7c9d291ab8e4824a7cb55a511
SHA5121d9adfc7070919baf5fc1cb3fd3b085949e7bb33352260f8ef1fc2d16f8cd4b6b0f09c75156dce9fe3f28dede18b08c3894ad32bfae933653ba23ef2d0b0ea9a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54ae7551f846d5ab15fc6b3564ed4fe18
SHA14da7d41b0341f8b0df795ddea8783beee8604931
SHA25625be5b820ed7e7f4254b98fee48442b3d89ea3fb186892303cba4de251568adf
SHA512aed665411488cfcacf95ece5b58b5c2b415255e33d912cbbee645c31517c0c7aea64dee324264e9b4ebf1c83340b258213a2940017abfcfad1775cf4769dd359
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b84d770c30d465be55e198eadbfcd86d
SHA1ccd4a4310284fd667202c474bf4e76833bbb1f70
SHA256c62307f5748c67fbee8c506a18a004ff6b3ac6ab293001e412b67862793be118
SHA512ca848c54af6badcfba1b7e50abd84649974a4209bc381e1f975f55ad8b6c32e38d8a0d17d9a53a09deee5115e0f4bdeb67b837683d4eae89ebf96ae72e4e4205
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f9bac77206e0a9815b707b1377ac32f1
SHA1001248a6b83196651ad66a946c27d3b95dfa784e
SHA256d23bbeb5e721d3267759d41cbee6ff45c8d47ea62ead73fa3d03cfc4d7fdb6cf
SHA512eca00a95a17b4368119760eb8acd1e11b2832fa2bd72ace6b0c7c0accf11e337ca75a610c9ced77ce0ef17cac59389b82d06966d068c16517d18af190ae91cca
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD545f16c4b52bb95284a69427bdb30df14
SHA1b1b920b6751951959705eb7d2fdfc224ae87f91e
SHA25639ce1a1ae94ab293530b89b6c19ac09bfc9c60c36386db5bbd526dbdc16fd58a
SHA512ea68939a006e19b43183071dfc735ec721f841b46c8ac92b69450e7be1c37c2a4106655cae26ca1200fe348753eff7da812f2644b4f87bbe3cb82252042fcf3b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5acccbce62436232077fdb2c02c7c34ed
SHA11e5d9c95da3d7170f3782029290b37b37aad91db
SHA25662888d94d6223c5f1c6314af135b70c4df3a2721dbb11c738689f1ef805d9d79
SHA512ebbb707389197ff4dcd057d238ffa3528aab7fccfa893ce2ea540ab42b05e8f76bc7bc6790bdbe883680fc13167d68487a1b64af064b1ed2e8f635994708a08a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57baadddcfa53554c9a51e819de6fcd95
SHA13f678ffe60e88c9f4d3b6e52771b0a683cf213fb
SHA256d140ccd9d0caab99b88e5dc8ef9cc0eaced923ba386519f54e604feb2c946b59
SHA512aab1d45588e5d384dd237410729cfd7bce00385b6e70344d8bb9d2aac0807d098b01ec44f15b4a2e28d65c594ce0bf2faf1bc4c59ef45bb89bda8544ab88e8a3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD597cd66cc957c7c87423adad27b260997
SHA1f75bc8792400cd8d6d904b4dce0004827af9a1b0
SHA2568f87191527fbb6243cbf67bc67d82f14ecbaa8a33e9f7350a18a7e026e7aab75
SHA51273a469122f1311757e6e1fa6c804b379d3531e09fa00352dd637d821520f963bacb91c4cc7584b7e28bfae37615081cebe8b7b1c7b9901a8b558560681644168
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57e0f96e434a745acf40d505033f1504e
SHA1ca2862ecf4c246bcec70c052706b4df09f17c0db
SHA256bc73742f9b4767ec0bbd98228adf4c06f7ebd07d165489b57f8e1b6ee41b8c82
SHA51281c0cafaeb5b7ac2dd5ceb1d1d41a70463a1b2349bfe8ceed9b0937472731bca19056fd0f8aae9dc049d301f8eb083b992c007d0fadf1ee6cadecdbd0bf6ffa0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ce078039983c35b4096899577be0cf66
SHA1367a09767b90a09247b4e586b97712f5855b6433
SHA2560d0d7615feea7fea9ec4b5601d01036b975436d0b0bbefd00420a09b905ccfa6
SHA512ff05659e3c8fd69a1acaf9e040f615882949e544068d3b0eb25690b1d924223b06e85bfecadf052d1e9c41daa63d34bc87afe7c260967260fcf77adf35bb8177
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ad065614e2aa92bf5e40574c75833cc7
SHA189d6d11609886f85900700e1428e5e311cad25b5
SHA25638d65eb7f6d0315420bcc4e8ff15dadb749cad9457a99ecefdd12419055b7780
SHA512c74dba5cff0ad83f8263184785bc971ab5c9f5aae1739a8cab3c38313e5477a275adb50ee773ef9a20d23114ec96112eb52ed6b52c86bc86f6fb40d2f2552576
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fddc24ff7ee919b765db2a2bdca11b92
SHA183ca04237b7ef5ae368f4165559509f66cecda5f
SHA256d64e4792ff110ce3d1eeee83465be8806a8eb70c5aa99f0b7ae86608ac3fc35d
SHA512e048062dcaafa502690813f06049e2f3cecbfe78270f5c8aa06777f7d861f43f04fc0e970dc4623da5c0464acbb84b8c09c242379f01f45282a1cee80b3b6004
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52a352f5348d2511ea3a12ed56a300b68
SHA18706224b5f184fb37d7d01da77c84b322f9b1a8d
SHA256a6a8f0fd9bc10e9743d0ad03db190686b275582ba52826aadd68549af61f0fc0
SHA512439f3784e43ba2e4c2f381aab65ef262f169de01096c2180c24189ee738a364b299eaaee7d5fa2666534ae801e5082b3ca42da75a6784a26c0c50593a37025b9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD554b9b37a8b8bcd26f54b66f30f2cf1b2
SHA18cf2e90535e982fcbd87a33a616cc9439fba58a8
SHA25608bbacfc333ee11720d45b1eed54cb6476bc7bf863b7a33ca660beec0b2ce653
SHA5127f9a7f275803c106a3daf7cf6e1fa2ebd5c93c1be376a61b2cf69761fb3cb33d9a62e81cff00ae5ee20e6b10c92d27cdd9ec0c1f84b3feb2bd9178265b2ad657
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD550f904be2154c24a35eb226e4b442de9
SHA1ccc0e946a0a1ac278600c996d3c63436121309b8
SHA25614b803872988d001b52d5e1fb7274bb967d3583ac4ed7fe137dd939c9fcf7738
SHA5125edc7de46b5a3e3694aff8efb90f3db7c06a97352c3c8a2b3e0b783fc9913ab5bfd9c39f4ecc5cc2c6f987f715589560c45fe9ab12588788827da2731308db3c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50008e623e75d5de367ffbcc5646b07e6
SHA168b68b2b682ec64341cc71aec5bd778348431d63
SHA2560d7cf46041e6eab0e67f2a99d2994c69e66e4a65a95e4694d3444cd5e9872251
SHA51223912134ad03cb626bd22dfc781ca8f56036806c9eebc57f595984d047da10c6084e35acb6e95aed562a9236c0bb005c984fec367ad7b9b3592c5a5d4c6824b6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ffca653c87cb5b14224ca2f2f760827d
SHA19f8ad860ef1904555422b87ba2b6432d348ae2f0
SHA256ee3c1e091f559c6ea726af0f8d8fbab9ea3347fab1c07fcc750d55a2beec6952
SHA512402a57878c22684db46afa91846cf6a16b886bf0ca4570367b14c79d6174ae936c4a5090946a168f4990bb54c641408c03bf69bd4618841712b510b27c1c3929
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b