Analysis
-
max time kernel
140s -
max time network
141s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 20:19
Static task
static1
Behavioral task
behavioral1
Sample
a22d3bd730d022b0f10c58d5f8968b05_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a22d3bd730d022b0f10c58d5f8968b05_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a22d3bd730d022b0f10c58d5f8968b05_JaffaCakes118.html
-
Size
30KB
-
MD5
a22d3bd730d022b0f10c58d5f8968b05
-
SHA1
b7a2d7df04427abca1c77160850aa3c6bb1dd819
-
SHA256
8d5e642b8f29e50ea7dda2fba8fe4aa680725f32155e55d61c2f5e2477316d29
-
SHA512
44fd584b3e87a623f642ef3a82a4d8741de464986e944a9b29546010a5e6e12f67bc228250c4b6c2d025b4f2ecef9218423edeb0278957b3447a3a31461c93e4
-
SSDEEP
768:SOpA6LdChChChChChChCRWbLZSeFl/ieq:SSAUd222222IuSeK
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1FA0D341-28F9-11EF-B477-E6415F422194} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 700f311906bdda01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424385459" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000454077409e47af9bf22ed11972aa167cac8aa1ff1aba3040c0893bc65fa55870000000000e8000000002000020000000b8ab7b89dc4b929844d4846cf68c32b60e9fbcc9b69ca46b29e3e8a82a4f104b2000000024a725c08ccd81040d6ae2dd777dba621716cf284d5f5fe720cdd77d45013de440000000a4f4df641feca35372312bf8ab97e06cf88e631b8bb5a54b61434f79777ad7622e627bfab20522b40d61f1c9b88aa730853063a42b54cd54ab659e6dcac0ee39 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000e796e0b3e5ea944da03fe762835193a6d55d191c4479eb5ffd1c9d2b3dddeca1000000000e80000000020000200000002c261c51071f1b642950636f911ac9c9a57bc76a2506ec6dc6bbbdc1120349fb9000000042e11681796e154c4e2fd7ae103252626613499a779f412f99b8386d14aecf930fb8ac55632087e8148f13dbf8c20410f13edee293aa17e0bbc9053502f723ca7eefba9a9362ea082df7786b37534589e84fcc61b7d6230f88914cda6b1c6500405cdbc67888bd99d334ec7df9bd6c5588f1732d364e2da3f3d78cf8e6a6cd33cdc0b6acdc6bae21e19082f4221ea6b2400000004e5f0c1a050c37fad8985c750be310119cb83f7598726f81d328111207d08cada3a0c60cf05db30ac0a628d6c836029e941ed2bfd8a73297e067ef5db46c5757 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1244 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1244 iexplore.exe 1244 iexplore.exe 2352 IEXPLORE.EXE 2352 IEXPLORE.EXE 2352 IEXPLORE.EXE 2352 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1244 wrote to memory of 2352 1244 iexplore.exe 28 PID 1244 wrote to memory of 2352 1244 iexplore.exe 28 PID 1244 wrote to memory of 2352 1244 iexplore.exe 28 PID 1244 wrote to memory of 2352 1244 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a22d3bd730d022b0f10c58d5f8968b05_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1244 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1244 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2352
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54fc22ee8dda8be30ba0af20c1d2e756d
SHA1a619d10e009746db0f6ac54030b649fe20ab765a
SHA256beae6c31d2fd86b57d587962138b2b192fd37cf1f3695ce643ce6b9f7ab4cb4f
SHA5126f88f1b52fccd390bd607b9ced0c65c228bb851c18afa2bca3670db439828b502f67631d52664669934e2a07ff8a9ebefb79ea9030e46cf0e1a03ed1c4cc41bb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e7b311bfb0ccf3a16c3fedda7c4a285c
SHA145782b9cad216e1b67842250e39aa04ddc98da80
SHA256473f3ef3b580fe6e98aabc99485c93571de4f4484003df19a3bfe049d3d0713f
SHA512549a65e0c52ae30b3944f9d595f9b850f82da87b472ea9792b08c9fffc138dbe09efc5c63528ff760d03a91e0d5745cebeeb3f3af6b1d500cb1a1c9f7c205173
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5823633f7033ea984cbcd823fdbc934b2
SHA10b4a594d2df2f6aafda6f5415e78e64267b3d86d
SHA2560c77a926ff9405badb2f72e3d2116c74b41b0db43af744c9b61a89a8499fbf50
SHA51272ab1690ffac5de6bc2f38c92e62f27e33f68b738480af436e5b737596112720592e00bf3bb874bf620ac76e08aa5158e6b4bf35faee11bf00049a6fabceac7c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54575fd2ac42e7ba5af945782b8a98736
SHA110828b7eff7b1c61d3e59c9ca928a6e12a776939
SHA256820d2d7a9bbdbff8d5ae7a15c30c03ffaf9f60814ff4cf526e8a8df4d76b43bd
SHA512fb2ec4464ce3ba284ebbb5501c1a4a818b62a38172cfcd2009b07f4c80d78c4c97b07a28f46e3d03292a6dad36f06dfb9d1a7a2b1f669c6f6012f52c6b4c4a90
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a08cf284b0f1779f5d875cecb06d3669
SHA1bb4594b28e4a252a5e3caa32150cb8998750bc82
SHA2566fb6888bdb8d9b2b7438d4c013e105c67b663fb7d644efdf781551bc5ccc80fa
SHA512037ca1c24c12adac3e98c49e9a6fb1f013377072fb886d2863f98c7ae5baebe6f9d8b49a0ab8654850af5e2193b7bb4aeb0387a32ece2d836b00ddfa1bc2376b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51e32af4af9be19facef369772dbcd994
SHA1baab760097ccac9c9557283d9c37a80cd7bc7da0
SHA256b9494aaeeecd783bd0bcb445d3df245bf0672023acbd5ffe05f7f42d6056df0f
SHA512f4e9284db62fde029d89d82d934e55664722782718d3f1c086efd6c04b7b0456be322ffe74fb3a5a72ad7150e22295adb82740aad7175a7341b16928d68318f2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52a46c3fff8c337d4bfcdc0a0415a8103
SHA11246496d8aedfe4d3fff519fd17ac7932fb90902
SHA256ac938d91d3a7a737a761c0316fc6c8964d152363078240cd7cd54b506e487f0e
SHA5123bbb07bbc7746b7483cc14b50908da8f808dc3ea0c57a27aee6c393cf2e7425653c8b42150a79243d511dd638e086645d6b3c780d24af2086fb8184d80359167
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c9249289d88f09c0b4a2a3119c2ed295
SHA17da1eb2b26030295c5cca7ae3dd5b21bcd8bb5d8
SHA256f1d0dfd7e5227482aedc188a8a92db7c37b8cbd9bed1fb326355d73cfb7c50f5
SHA512f249faa1b728748a86e14c4992221f96601e1825b040b13619ed42631bdae2c73e90298c0b58726ad4a1c921d044e3ebd4702913b1c7fd429a2a19b679f7f500
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54d0fca8f0043726ff03a3fde54979f4f
SHA16924d12f4cb8124005febeac39dcd6df1e99024a
SHA2565bdfe17a96255fd7f0635a93e6592c2e8f58f16f3e5758db5ab4664593e32234
SHA512c88cd7a7aa9d1fc83c44d3826075c11267c8d7c719d4c76fd0994b3c3e9b103a402abdbc70db5b2b0ed2b76fc6428767ea52a5190ec51590429b467c7e0c76b9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56f1dcb2ba23bcb509f0e94191ce66795
SHA15a83f9c5a1a531649655c45ddfdfdeafb2c34ef4
SHA2563f9417dd243ae4a7752e29c452596e134fdf914323d68c0ca29843b2f5985d21
SHA5126ba658dd182cf8b02382f2991e190431102f35e22c049095a227f32518af6a827197abc8d40948ac7c16f8d7efb48e6fbe4d08b6683ace97d835eaaf54625d1c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57079843982a4b1fc10e46293437da99c
SHA103d6ecdad9b502e81df0bdfcd41bf1cbf6767d75
SHA256bb451f1ad77e9b9ad3b75da26186051c5ad7d2d7b324e73bdaa886a468b5dcea
SHA5120d63bad68d0280716e12c660df17565ed0de394b282d9feaadeb5e224988b344aca7c7aef3066a9c95fd46fd485eca0b5251b64026d7363f00704e5fcd17da9b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a3a5c57f6580de8708e229db64a66c58
SHA187d7572e3fa5faeb34efae3eca205c3132516055
SHA256d4e9bd9ae6679f614699b2e7f5ba4f6778bf7248d8d6f99100944057c1d2ff89
SHA51280c2ca83c6695e46d5cdc3dd9c71f07686c59f7dbb87bc979de4f2ffc95157e501747448e1633fcec0810c5318532526755503e03d53252bafe45cd4eb999104
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ae056e0627235221eb2814a3a0dfe5f6
SHA14f2c512f265ecaf9660344c79a92afabf3d03cbc
SHA256e685980db8ed1525c6b7b059940c08829889bdc6ad80a48549d960ea0fddfe8b
SHA5124e1dd4f7028b8f9fbf02ddac91d00a4f9760c17ed0b19aeebb5ea67189f500c6a429d57164fc9c3d3b2aeafb76f5cc907a03611af1a980ec7b6e1e47c04b42e4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5468c41da4361f878a3df8e13e9859a45
SHA16f66a427aa9c62b1baf553914304954d340c5272
SHA2565372f682095c2867a4820b2e30f841ee58a6ff318e80f6d6be980c63e16b2609
SHA51271e1fb220ab36282921ca46fe7d3845c410417a85c8aea1543f7854c8bde66de4dd17e5a3ef64517c6504fe5c129e91803f3b89c826ea3ddde9437173fa8a3fc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59ae60169994c2eaf4cdbbe679d301dac
SHA142501df17ace5042e20218f6ddb83fe5249ba48e
SHA256355e0283246302dcac2a956d9a5f554761ed24910a5c539978d892e3bbe5b049
SHA51262265a36061343f7fcc0aea649f26aa2e9da89a15be4b0314251491f5fbab57613cb41df65e630a7534b35bcb3c32b72def485645f4ca6e07e3466c7e5e134cc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52fef2d8b57fb71d42e87e431d5fe3d41
SHA12980d28c05f8f7bc44f51e63d4cdeb04095d8c67
SHA256405a21aa3c79ca1bb14cd845b77c41bae21da8330ae735a01eac23baf8256d3a
SHA512c8bea46f59e3cca2d5aff24aef8b6049567a52586eff87085874119d86e5a43054e689fa7b4f40030623d0247ee230b21ea7a3841ed8d299b9a8a946755eb2cc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f8d8c64862893d16bf1b02164acf0dc4
SHA18ee199d381c901d4952dc1a1237f838dbf9365df
SHA256f54b0504d53f467ecb4aa8d5450719abea956cae0ccfdb5fc55ed7d2fdaaface
SHA5120e34b1f296e0410c5ba51a196db20b6a7a0ae80f9472478d0a96a98bd8f668911eefb4d680b4bdea7b9b2283ec17c64d23419d828c66def84e7b504f701cf89a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b29a969f92b51dc86cda8db2a38b221e
SHA14e00e458c03193c0f821d7fe5256b56289d01e2f
SHA25656943c3c3897f156ba84238761b3187def6b425a9e0e03dad72d5f9e59c779f1
SHA51231d05164a26e7a2cde9519b478ec837c05b8feb898f65d294a6ccde90f751aea8d29c2e0ca13668194785c5e65f756b598cbb15a217e01ed8816c5dd32b276ab
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59d4ce09f225c51c613966371ac12c11d
SHA1ba363b9e792e622314ff30dc1d26e853c83508cd
SHA256912bc92f9f80a626b98eaa51124e197b2468c646558b2a057cc1c09e906497aa
SHA51247584fcd9007a3388891f32307f6b16b77b0186f0e7608d1cb12e2366107d0abaa298b2f6189880c30f0021623098b642a31e6efc65cc7d045a3ffc4033efeec
-
Filesize
67KB
MD52d3dcf90f6c99f47e7593ea250c9e749
SHA151be82be4a272669983313565b4940d4b1385237
SHA2568714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4
SHA5129c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5
-
Filesize
160KB
MD57186ad693b8ad9444401bd9bcd2217c2
SHA15c28ca10a650f6026b0df4737078fa4197f3bac1
SHA2569a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed
SHA512135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b