Analysis
-
max time kernel
134s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 18:43
Static task
static1
Behavioral task
behavioral1
Sample
a1cd96fa442e4eeabb2ab293e5dbf073_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a1cd96fa442e4eeabb2ab293e5dbf073_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a1cd96fa442e4eeabb2ab293e5dbf073_JaffaCakes118.html
-
Size
2KB
-
MD5
a1cd96fa442e4eeabb2ab293e5dbf073
-
SHA1
83a62de5af901518c649dc241b9b4a37e9925edc
-
SHA256
3759a1322f78d0b769167e1a075a649b279a4fbfc9dccea4b84574693a34aedb
-
SHA512
260eb0755f5948688a31579575febafd81cfb6ee826e947dc16611447f1ae91e31cd6ab46566c609729c2fdc8f4e10b9a75f70df09854508036601e26c8eb66b
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B22F3AC1-28EB-11EF-A5CD-D671A15513D2} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a039050000000002000000000010660000000100002000000068d970fd5f682ea3ffa677a495231c88c973acb6dbbb5327871e5cd10f296567000000000e80000000020000200000007989829e47291f03800e92429ccd361cb4c5445e77a9266d623ed6453b39e7d420000000619fbca8a260798956f10080d67f6a4aabe92ddaf56744fbfcc168df569029b3400000002a61e81c522f99845991e4b8f2d139e3ae95d33828c0637b5a32bd5bec8ef5246b2b02c117e38442373c7e35ab1cf9cc453bfdd2590387a3675d5ff1eef21735 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a039050000000002000000000010660000000100002000000054884739dead4802ad60214856409b191126426a3a97fb3ddbe254a726c2f0d6000000000e80000000020000200000006029fe4a7419913d0027fa15288ec844bc1f03daeefaf60238c856603c3b6e6290000000c4e32ecac29ce8f2ce631765ffd029734b15319f9b4f8996e7cd4aa1778eab9dc8a73a94836415dbf375acb3e6acfd80c881bbdabfb6cc447a4626b7a679a3b8640f00164492b92b37441f0e0fa823734f8400a890238ceee159e8f2dbc3aa7b6815110f3260c3a388afc6ac4782e695ac7e86737479c88d3680d20360204a4857fd5ecc606009b0d6639daca9a21c1440000000cc14243ec90a9ea6e636e02866f44cfa53ebd8d1cd1c01b3c3246c6ce9e0288f0e82109298b1d19ea25a59df2662dbc7df1a21908030135130d7a4b510698fde iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7067b086f8bcda01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424379692" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2208 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2208 iexplore.exe 2208 iexplore.exe 1956 IEXPLORE.EXE 1956 IEXPLORE.EXE 1956 IEXPLORE.EXE 1956 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2208 wrote to memory of 1956 2208 iexplore.exe 28 PID 2208 wrote to memory of 1956 2208 iexplore.exe 28 PID 2208 wrote to memory of 1956 2208 iexplore.exe 28 PID 2208 wrote to memory of 1956 2208 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1cd96fa442e4eeabb2ab293e5dbf073_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2208 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2208 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1956
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52197100ab80b17114876d43ad6fd40fa
SHA134757274b66d3d235f6baa6f9e6a72abb5bfc515
SHA256275b59bd0b113f1cac4e078c03ed38a88c97d749364b91419b295f411412c6c2
SHA51275e6c8ce4a82eb1111f768d2ba879e21d15f3ed8c4dc59a054bab9757ebb92b23c441e54e2e4e00adb35fbdf70b62f78137391f1daf3361dd91ecb193329856a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5221ec0cec01281b0cbc7b40b1a78d789
SHA1ac6a4df9e8b5bb807187f0aa0e09578832a9f1c2
SHA256d1f26bedda4c399eda805b490cd660d7d68d9db827abb6849dbb61dd2c948e59
SHA512797a84f1db5b479d51645dcf96ba9575887ee6d933d1dfb6d289fdef37d665e3d414d4a56f9d598dc6af71963f8a588895641dc0075458331f492ce51cbba395
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59be01bec0ebece8d947e4fd653c5c836
SHA1b298bd06a933fed5c187324a1fa1913bb88b6a19
SHA25629bc6d7d7bafae72aed695db8a4a908de1e6b0dffc9ac8eec56945e56b9d4734
SHA5120d34ed3c3731d7ddbaa4baeac91b24446a1e174ebdcc6b56b4a21c3ce49011fc32387d64ab367d0a419985af2bc55bf4a5f5f68992d1a3482262574f3babbc30
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD577ba1ccbbdb23b5a1cb9112a0700f26c
SHA168ff90c7a50b14a8c94f59eb4dc0ce3ccd4578e9
SHA256bc2398c9afb556a5fc3e566cbfbdeb3688b99898118adfb0742e50b72e9a2e08
SHA51242833015f1bf9ce3bb53da491feddcd49be0eb094ed9228d938ff01e676964d494b06985ee60bbe22e8ea70ec53975f5ef9e6635ebd07345ca2f51dc34daac77
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5478e76cc52826a4357c0e5c5cee7b24c
SHA1afe3ebe505ae590f6c244cf20b3668aa03b44bad
SHA256211341c91fbd2b2b95e3e8a7bba86690e4e4bfd889c410a8131010bc6c5e64c6
SHA512e154e4f81a5751fb1d982958b7ca117c4163633473054a8976e12bda2fab6005f0d376d98fac24a7dac73b77397296a74f497a55a0319d8c587b8513f56686b1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b904eb85700643cb04e252a547eb98bf
SHA1f4bcec5191b9d397083c333672616a9257586ed0
SHA2567d8af3ec9687ca54bb05bbf6f1afff16d0ae76d31d6a351ed9a78cad24eacc22
SHA51236fcd191aa3feb416fb4592190dda1e65956575110fd52b7f1cf24c7804281fe63510c3ff320a1d7483fb3c922676f1ca65f60e2df216085e1fb973404f9a362
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD596ac29f4487b350a3fe795b8a42998eb
SHA1e7ea7982349324597f4786f29fbcef24cad1f4d2
SHA2566d1fe3e0cd709d8012a6232cc7b7327608693410aca2eb31ce91cf38d314105c
SHA512c905990dbd99c9931c4abd5c0fa13dabf9e4590b693f09d9c7e6173a0d5648a7012ab910da76869faea6481d2a91d8c2a498b22395db24496d9957affd42e940
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56cbb748da085f9bfd01878ec5485e791
SHA16bdfb4cdb0916b382d24d2ab2fea020d4fe46469
SHA256e47d2e02c8beb64cd8f6edc58f2732ebd094530cc3e42f424eaa4995a647676e
SHA512b3156164bb42393d7748b513d5b4f24b6f679c4a78079d895d2e810fa7a2bf5cd16c498e49a63bd1beab2dca82518752d1bd402053c9f3d16e2d8edae14969fd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f9d42dcc6157bc74934022e432a2d856
SHA17dd34511ef52f5d9139370d458eb245264ee2e17
SHA2564e626c5a194d663288bb4f3c887507972d6587630269bc8e8b9c0459318556bb
SHA512e0ac6ac13a01a4df2c034d4a801a600d2dfc0d223456eb0b53f1e55f95e7d8d26e863641a4f41bbef5952ea9fd1461bb144d9fb1acc1012a68eff98d142ae2cd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c1dff4f3c6b6f4b3b55bf62fba54ec4e
SHA1694e53bcb23c1526dee033707569eebc49f1e95f
SHA2568aeca9240573f91d5e165d05287d827cdf0dd391a5cdadbf4a89d7ba663c4bed
SHA512269faf6c399e5e9367a5add6e5fd3546a101b77baa3889c11261f4c3866a01ff95a01710cb8845f6ba41fe9134c22777609e13388c917206250a3e6c4554115c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50dc5097f08dfe67c7ae4ecd660fbc21b
SHA120f1f1f2482e235ee04d91b9fc965b1767cae74b
SHA256901877dfa6142b4425c845a6d9c5b4d1047b97b6eb012a8f7ab3de9ff1c8e103
SHA5125326e27d626f319027853a2081f07a079ec47f49edca8309a4a707f0fe08c784438228c7c30a410b0feb05a27a2bf596039727ce6215cbd5604e02d1bcb52df8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56334726ada5bdb736851b53aca4a1323
SHA1877ca5f3c12feb60b4d4d1677f822ce09f374ace
SHA256981376cb18a3c8cbf1f1340dea6ce0d38fab8468787759d14324222da2369166
SHA512dc7a8cb98d2b9d901386a31f644ab982416f8ae0a158ee90a30a20f3f50065ac7faa69bfa69f88c35d07931dcaf8cd244632a79ef77cff9177c5e18db1de932e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fc0a9f1fe8bd8e0951762c5577ead197
SHA1ddcd964d52927df8b686fcb479255d6202a18528
SHA2562d08844c2c4789bef52e348a5112c8e4bccc9589c7ca639760288a5fe45e60e6
SHA5122c3fbbf431d020a506099a55833e9d847a8c0f3eeff950f1c93fb625fa46b644c35be9f1d379887200f4dad0d1770b6a97ff9f4b3e956327ecdca46751023f96
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53d3cddeaa817fb8a5c353e6fd307de67
SHA1e5d836f657c6e9218ad36013f47f9adfa31007c0
SHA2565e2b660686e6ead96a82e1ea3b425938e58a7d95fca7fee1627a284f347e5e7c
SHA5128e5f9444c08c7d385a80862c65576b58ed55a37080c5c6380ca394e8d38fd43aed81a7244d06d1f1955fe5411bc558ff0bcd51a2dff9797157b2d29f2738fb45
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD585f3a2de2c60905f407eb24eaef7eed1
SHA1cef185350c9d62b99ee752957cd533e5a0bbe75b
SHA25619b0b38daf561e29eb52a69758ab61bba1c3d09d912896771f7788482f78cb9d
SHA512b64eca8cd797f033036a087de78439121dadc227881e9a0c8c9cd36f4c86d789bd034a28dfb8532d495f42faf4a8867cf861db83a52c191f5ac4d41a8cf89940
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD509815b628c0836bde83edfe607aecde8
SHA1c509e9552b1971d9d63679cb6ed7be316c0744c0
SHA25657efa45762db1a94bece44c21ddc7b8c5aef6f0bd545f25d2752fb6fbfddea98
SHA512846e55573c71db6b7b286a6a1abb8e9caf71e7c5f234d0f1b912b6fd3132d5c4c6bea9325b007d13226b7747ee77622a6eb9e928d4d127fcc2127fe34cc6c79d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58f86ba7d889937056817159ad91c9f79
SHA1c15ad18435dd539907b6c80a0c6eb6bfb48c00b6
SHA2568db0b76f3ff93787254b955a7c623837c9d319e4f8b92e7baac6d9d9e7c9b502
SHA51202a8211c6081faa7a67033cec462999e1b567f454a516b9df0a7b32b8e04260b52784cb1608b3529bb2ed277db21c2bd19c3e6ea397cd1ee1b2052d34c89e69c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5045edfe31b27a5c1704e3e20a2f4f5c1
SHA1476d656eba674198fbf21ad4841e5218bb1094e5
SHA256f6a8ae94b67150c55656bf779035efa0bde04894ab1eef83687a9757028e9475
SHA512bc05b7dbecaa67d889243c68fafecd4f5adae3d85953c446acbea839e470052395c34d5bf945a4984119bf8399edc5f6da78f0c01213975b9eab732df42291eb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5961f745fe0b75b582b384afde6f811f0
SHA105d448f242978b7faac3349d6e577ae1787c61c7
SHA256ef5359b9cbc1a986ec98e4223010309d2c2fda9eb46f2310e2a32fae7bb2deb7
SHA51274ed0fa8cc4e023a0dadb7965dbc96d544b5f0f787f02690d4812b2e2c03c7344f699429b1bacda34fadc050234173047b84a9507a45af6ffeb2fc6b2a2b62fd
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b