Analysis
-
max time kernel
133s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 18:42
Static task
static1
Behavioral task
behavioral1
Sample
a1cc13048886426ba613cad47d71cd83_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a1cc13048886426ba613cad47d71cd83_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a1cc13048886426ba613cad47d71cd83_JaffaCakes118.html
-
Size
460KB
-
MD5
a1cc13048886426ba613cad47d71cd83
-
SHA1
47f1cec0ccbc9ca0dff19e5fa6fc028464dc334b
-
SHA256
5ce3fa670a2908f580b163c4b1e80a5664862f0464ae6925f4bc22266184f231
-
SHA512
2e250e5b597474887c118ea1b66a581412682d347d675a857af3dd4829a2f7c9fd15899a9cc99b6990706466990d180fd7fe80327dc7b79cc6273923b72386c6
-
SSDEEP
6144:SosMYod+X3oI+YxsMYod+X3oI+YwsMYod+X3oI+YLsMYod+X3oI+YQ:H5d+X3X5d+X305d+X315d+X3+
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fc5000d1a4713b45a5dd7b610203786400000000020000000000106600000001000020000000b0113065bb3b1a5bc8fbb21961f37fa3985384255bb7bc28995917c40b77f14e000000000e8000000002000020000000e263e7ccdfa6067a9a46fb75200f081dcbcda3123578ce54670ae8eed747ce3e900000002eb57e1c51bf13f4695de6084a7075df90f1f9c85d1e9804c32d31ea7ddf577ee7ef9e9d76a8442bc765fffca8bc2dbf389cf46bfc48bd17c8f0c2da23d28b848a6c39b5d6e9797bdf01356c17fd505ef50d07ca655e56ea254279cd112e332495cd5da0e4b594278ca05283ba91158cbdc73d06fdde1b44185ca3330d82a1aa705068a08684d5af9fa24c71dbadd624400000008853548df19949be52803bd86639a73bf75d1d87b307629a646e141a074f281e03a2fc893e996a2593e2b59f6754c2a84b95227f55336941ea9c22552903ac76 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fc5000d1a4713b45a5dd7b6102037864000000000200000000001066000000010000200000002fcf1f71a64f52c6395358bd3e187768044b2f7272730bc86ae3d4acc59e6993000000000e8000000002000020000000fdd5efeebd912e7ebfcb5db47212293a46c909b47c02aa2ecb6f32209ee2893220000000abbdc91ce1c2f0d1d149051322ab890b701293d7e36af8c7e959cb49858ff83040000000197003d075a889612a0ea7c64fadf6eb170f8f4258f24928f84e1b4109881c4f3d69dcab79e95b3680398942dee9443d57678f91d8933282d6e39527f4b5ca27 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424379622" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{886A82D1-28EB-11EF-97AC-52C7B7C5B073} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c014f260f8bcda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 856 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 856 iexplore.exe 856 iexplore.exe 2748 IEXPLORE.EXE 2748 IEXPLORE.EXE 2748 IEXPLORE.EXE 2748 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 856 wrote to memory of 2748 856 iexplore.exe 28 PID 856 wrote to memory of 2748 856 iexplore.exe 28 PID 856 wrote to memory of 2748 856 iexplore.exe 28 PID 856 wrote to memory of 2748 856 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1cc13048886426ba613cad47d71cd83_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:856 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:856 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2748
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5627274b85e57e208c136372a9605ef65
SHA1ba4d37311a72a21a90e9da3e7b5e8b02bb7cecce
SHA2568ffd5567d1bfc613d7f96a2da92e9b750b14584b8a7fed28ca2b2a10b4fafc44
SHA5124101ba6b76b02b1872d2c63f6ca6253d9179b9aed927ffa39ff42145171b261dbc50f05438fbe86589cde0884a029bcd2af1b700cdd4707ea7cc50af48a657f9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50f5c99db42faaed1205aedaf1e937088
SHA1c4210e943479194beafa7dd631eaf4c357b03f4d
SHA256b529af5f65d99395e698c1ce41417756bb3d6d8239129b3b3661f22320a9d79a
SHA5123aaef80b7163245bdaaf01a2231f4575740a7cb40786a3528c1e3c3ab828495f2baf8a1e1a330a937b8412d5f5193183a46f17cb790277bedb6aa291000c74a9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD567bee9063d1b85ae1087be0b9bd624c7
SHA13c9fc5c87dbd0fa571a64d9661bfa10e6b90e1b6
SHA256831b949ec9912ee3bb087fc038b1fd43ba166e69cbf3ca838d905af45ee27862
SHA5120e9f1f63b5657f9551a0981cb42d668e43c4ea961f86a18d03f196bb3ec6aa25dfa0379154a9747edfb2e0bf0f6c60b9f575789a26c1e1cecea42c940a447845
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD537e5152658b901ec369ecb46fab620ff
SHA1ce9979030555ce1f34106b36abc4ac594c454936
SHA2569ade2eb630e0bb951b4abedb4f24e9c035faa21c3d47fac5bd82ede7192f5131
SHA5126ccebdcfd9134b2c5cb0a2446293ee556b81bf28c487efdfaf4cf8c46d429855c227c3dfdbab4f646e41a38ab2e76c46de90218a27bf23f46dc5d51bd2835adb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f7280107d6913d3b0afca76ec71aa87c
SHA1f7dacdfe559749bdc02cca1ebc47a2f39bb4fa2e
SHA256a5739be76713698b081912790331991595eaaff1cad7c20151679c0e13250eb6
SHA512755e905c77da0ede6b1fad86d674f8164cc41b1b32ac97d7409c8083a5e8d65c0af45e97d4d1101d9958b4b6637345d40701de393eb641cdc4651c7d891a90b5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50b206ac22f1a1de79d769506680de7a2
SHA1cb5da7ff0cdadb5a30f8c0ed684b9f2cd1578289
SHA256e33df27628b6464738620150ea7ca6f263e2b2920765d2c7fd59ca82bea8c825
SHA51205232ad3db201e2ea6ea65ec77e655d1dc12c5d5f70306b6f6ba639085fe8c00c1ebff1fac2e8b0a0723550706377a043b3e8e375c19118a8459070bfbc67f48
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dd51b158e77f9384f5f49d0f002f1602
SHA187bb65e6320e7ed70d0a86496cf52b5ce05b2617
SHA2568b3fd8cc271f25152b2dcef690e53bf1953e507c853bfdf991e2e2e618ccc9ae
SHA51286a6c9c836358ad1462d156a7afadb7ae817c32506afc6023c099544d1e59d554c9b80eaa2d43fe8ef4932814674ae75b9c69d4cc8c5aa2711db7f0bf7d18715
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5996c85fcc629e8e016c59d71c3836d86
SHA17f525cc03913135ed48e0d4b7b3719d844489f08
SHA25694c00aacdaced57d87a9fd4772ed7407332e892847b621a8636e4678dda835c8
SHA51285ac38863646b5e470131333aa3564b9e3a93807f91ab129789e2ce10d75c10ac9c14a08ba00729c90499b313b2014da2d1942a0ce47d8a37bc767070b4f71f8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD568e6205b0a27371f24796e630742935f
SHA14f310abbaf7b3cd797fca06c4d033accb6b755d3
SHA2568c94b31a2bb4b0dea6b0faadd4be9e68bc2bdd2b5fc1d98d2b8f99180fded6d0
SHA512a448c85345030c59878e4d9c2c30beb6efd5abec17be705c4633141ebb701c81d2c65d864e86a7e73af3e6943fc8e445ae95bd06fcb2645c29662af15b729163
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51bf37a5355aa32b643e21a85a32ed3e6
SHA1e3d8909dce3fbe9faeafe098dd8ed6e3abfd2d63
SHA256f9ef64c67a0792b4e9d645a1ab0af4c86b4f1aced2a759a9ed2848efe4ff61bd
SHA5120e5986d5ed3427710f3df53558a21836c0748cefdf93af42c3ed13093b2edfe808fadea20ec24e243305aa06cba2e08ac6230048a3c426777c10e1b932c5805a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fdd1a86f4b5a305c557bd41b288a89f2
SHA1ef44bf9750c179fc101e83af0aa8d3d1973afaf9
SHA256c0b96fd3fbe0aba5bbf3c72ab4933b2004cbd1ff168ce587be85a4e68dde7043
SHA5120612eb1ca898ca760e1cb062e6bb9db3ad011980190f883ba87692ee98e661ce636b3e9db6d1398998686e1518703650e885e1ed0ba37e3e7dc0fd8e1fc1e7bf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f84ed1827756626b5729789c57d9aac3
SHA1d89ed89102475813b106821156e25d8ebcfd70cb
SHA2568174d3c5bc60b70d10d6607ebaf2c49ae138e4c4aee4692b25320ef23001913a
SHA5125c423bb3ee6a0f3af62f5a50d0b2e20982307ccc24d78a6eee0dad1744c03aa121ed36e59759ee75310785e7f7967eca5794358593a244e1d6879f88415458b6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57c066e4c1b058f5b121533c2c352767f
SHA16586588b8546aec0c4f74299a0e6b90f2151ac8a
SHA2563e6a83f51279db65ea1c956253d869fe7de87f504ae72711e0b00365fea2608c
SHA512509ad695ff55c3498ef0e078a59f300958b13be87b94b8d78d92eb64bc4d17c1b0b5238cd8a5a1d50eafee48df56b8c30a9ec4d81e23682296bd40e89a6c3e4a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bded84ad5cadeeeb5e7ca229b64d6756
SHA1b13589aa31369fe7a5b586668ad655ca741663b9
SHA256ffd582d69668c013e23aa8da86c8dcd4fdff2c12defbc4b835d25fae56277983
SHA5125ad981267eb59a65b16e7cd01cdb3401f196e8af1e78df064ff0c61687ea023812cfe537944a9b9f07bcb0f7bdda45d2c0c802e048f7032a878823393de04443
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5053b7f9a6c24d75111ef39d4f4e82f96
SHA1512217538a8c69f5aa0e2087aa86f1197b411dfd
SHA256397097f876b32c96a84f7fa6468e4066ba4e7e8e296a36e36324c7b0655ace87
SHA51225bd3d8a299cf9fb11823cc3e3da07a74d7a83b87f4bfe769b71b77b2df0f548e9a60ef94e1fafd182ba376fc9630f4aec2c50b5838d145bb428a1e072fcf647
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c8f4fe9325bcdaed2e1d5e5eceedc349
SHA1c9c53a89577dc9f147521fa12444272482f6b8a9
SHA2564df1e2d45efb54114f63bc70c9b0e72ee53bf65ce283c2220d3f9893fee7cc4a
SHA51245e55c76d59caa350cfc96dc96a6a37c517ee656f06215965bdb6b09f39af8b05a998fe9e11834ec6fa1db18cc8e817f30c04b02a5511e5663eb7b13fd28c33e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58f444ce9c932022ccec6dc156a48ee94
SHA10898978860f5784cdf54e6c6f00c010800daaae5
SHA256feca80f15f7a1983a5e45654fda2de56fbbd5baf3025ef37fd8ffa210dcc844d
SHA512e1b85e791eaf7fad9e76ba086a1a578dc16a3f384b78b8da2f4283b29056a00f93d31ab92386258317e889659b265a6f966a55973322eed6a362714ebb1b4540
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54f85fe606de607937f422e68bb49149a
SHA17aacb65718f661e90b4b46ec255e93f54338ca35
SHA25697c47bbaf11ed6fb2d80563615b5b3078d92befda4be6c4db03080b0b0719728
SHA5125c6a1b98bc57502510bbb7b4c6ee5e605a88e080504c92bd117524da7fcf0b58cce395525dfade0ff110c1a8374a5e22c1e3cb869605508f7df464e7f916822e
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b