Analysis
-
max time kernel
139s -
max time network
141s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 20:19
Static task
static1
Behavioral task
behavioral1
Sample
a22d41176912f050704164372564dce2_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a22d41176912f050704164372564dce2_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a22d41176912f050704164372564dce2_JaffaCakes118.html
-
Size
3KB
-
MD5
a22d41176912f050704164372564dce2
-
SHA1
dd7723c9e11d511099e19e986716a93f2e11cded
-
SHA256
13c5e678d6a2f9bb4b7e7afd9fe91d5c5a09c2e209d00cb3cc60616685d04a7d
-
SHA512
8ba0fc76b795ed7cd0fdd9041486d868b665724a0591ac228666aa5173c03d2fc95326b0b624d9c51fd8ba3796389927b92f1c155a858d9731d58a0b09e4b078
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb810000000002000000000010660000000100002000000075753ce36836282b41c884d8e70661b4f4d559ac649a31ccaae4581d7147f0e1000000000e8000000002000020000000d579a3d9e3dc321e0c19dfb446048c6de36c5465f812d8afc55fb403d4311cf020000000ca7f48deaac6fc3f616fc6dfc378bb5bf2b0739fb40bd695e2dd8935fc6bcdbb4000000038135b22ef79ca301f01449df948b162f6fab96b4757e55af12889eedb5d54e6e1b6ea3e8e7fd9614717013dcc81b9a6b8cc2be08a1c0da7c6d403d3882a9125 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424385460" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{20BDC491-28F9-11EF-91CF-DA79F2D4D836} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000008c3baa04c81a80252c5bc927fc68cefbc889b1ab38b709d9d1644ba9b5ea4c60000000000e800000000200002000000068a241a680c2edf0fcbbfde7862a701c107d689e40230a1437df06847ce76609900000005c06e0973e658106b67e4e24adfec956766680bc005b955df05dc5a286384820dd220cabec3b8a46b14d0e3570d1b375549183cfd9efff81e895224f6ff6fb837661e22d6a4898d9233ae3f995f39177bff52a3848a1550b6bd0c74f933779ce2df23939dbc93db82ee1ada1c17b256d86ab4874fe978f34cd80bb44e7f3e173d72fa2d7d3f535a2b5c233d66dc2e0f54000000082505715740d57f5ee59446a31644df19a30b6a48bc828433bbe1d057124148440c6f40d08edd3a757abb92589f6742694ccf35963b20bf5cbcb63eca6f88089 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00048af505bdda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2808 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2808 iexplore.exe 2808 iexplore.exe 1720 IEXPLORE.EXE 1720 IEXPLORE.EXE 1720 IEXPLORE.EXE 1720 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2808 wrote to memory of 1720 2808 iexplore.exe 28 PID 2808 wrote to memory of 1720 2808 iexplore.exe 28 PID 2808 wrote to memory of 1720 2808 iexplore.exe 28 PID 2808 wrote to memory of 1720 2808 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a22d41176912f050704164372564dce2_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2808 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2808 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1720
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD512c9e4a083aa00c34ba33fb0409f7f80
SHA12a868aa4e779aa668ba0a9556e75d8a4a9c99b7d
SHA256e95e4ab4fc44bbaf8b6f234cdb2e3e7b6fa144746d2570c119f39040d388db10
SHA51215a8da03384abb9a05e3d025575d427ec362d559658a5535c0869cd138db6171218950bec45547628d18c2ee2f461cd7c24859367c553e4bee1f638fbc6f4f0f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53240565a2c1a03c4ad5c68eb2f22cf54
SHA1597ba6fa1dd6c1f759db4102adc496b4f67d30b6
SHA25688c98f7abab042e33bb3fd131c70bcbd0e3ec5b024ec67370d75f9b73a6613b6
SHA512c88c2cacea5ab59bf5aaeae90f0a44e099267ba1bc18dcee386c8bd6bf568f6b024be5e649c6ddc96a9f59b21e7604bfa3ff3bf9e71fdfc456fab5540a8edb6d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5159d65017caaf8845a1ca92a8447646b
SHA13a2a286ba3a15322204911281fc1b9f138fdaf7e
SHA256d306b0d51a6c8cdcb835823f6507441d954f4e60309a65e2bc515b6d68397741
SHA512ae88cfbe72a7363533a697b322ccd8c79d54b09f747e3727eb771133060e7ec495c877592cdc929dbd1f8bdd18869f8b6156091600e82264c275777d2aca93c3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ebea075477c3267d73b529f010660d24
SHA1060839072df1c5973c9cce5dad1ca417b235faa1
SHA256d19012186bf86108fdbb81dbaaa25d1f3686308959f8ee0af9e87714217ffbba
SHA51251530749779b38b3f9dcb560994852157ceaa22d242b0363edf9ad0924c16709785ca34fc08d66ccf4df732ee5db5e1de6056a5794345932ce1afb3d28b62421
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a36d44b62f2224888d58d92c0be42d91
SHA1b815640fd42871feb84dffcdbb0b28c374c8341d
SHA256a7e9bcb87577f65c530950877d25255d35abd451353e4e75cf325ee0caf459db
SHA5120a0cb62e40c7b4bb23438401059fc55a80a058c4788277cb0f4cdcc7fe705c16c4c714ea6a6206f5a8f157d614d04bc8095c19bafd4f1aedf3281d9328de8efd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e859a87de5406f5a7c3a29daef4162f1
SHA1779dbf1ecda9683eeb173109727002f490e6970d
SHA25615a4703b2314986c94f7a694713236f4f13b178355c85ff2bba73b58bba4f747
SHA512b5f9605913903e6679d317a7ef78f35210361f4e98c68ee4c618c7c939a9a333d7ec39e78dd00dc7c2f8a41ebb310949eebcf178d6fea88d7e0c9faeded5da6b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b257deec879bc3f3bed195bee8bfcbc8
SHA1ddd1840dd34564272ab8c81d9966920717bc4cd7
SHA25678c02ff2cb21ad2fd1d31405221dd3b4445e8f656608300f18fbc8e7683aa659
SHA512bea2e4ffe332f901fb717a4c2a48c5351dcf8f9491bb3bbb89e62cfcda164e91da37a1169298894556cd93472580e4fe12064570c8dd42940fbfe3a8bf5626c7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56b758faed59a7ed2f45047c4111a255a
SHA1ce5feb0a75c64c1bf3d6a1dee9f0fc3dc2e7f5fe
SHA256d6e8dcff77db736e41944876ac2585f495276f9b4d099017fffdd18eaac194be
SHA5121e6e765678882a7626e0847d0a491e7cf9db900c5f16d88c0d42fcc130b5f01f626c58c34e101f0c463374b1cc13a9d0b59bbd1274e69b2416d9b98aaa1c3727
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD539c250a106b54473c2f1bccc21353290
SHA1453c6ab08188840d6bb6871c21fbd7b10893c359
SHA256172c0c2e950925d30d1a98afbef828144046e61bcb5831ecc0da5ebc14f16a39
SHA5121ee56ff9a3105fbe4dad2b3a1f47514af6dcc2b83e84787106444d48d82567f3c98106520142ce5ece618987ff6ae1ad75fd86926499d48837579a28bbd2e21f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a9294dab061637588c988b494cd0d412
SHA1be3ddc929f54a8c84d787558c8bf7184140ed9ea
SHA256985ea9a9967183e6fa1a2e64c854f205cef2613e1591f9208f8b3ff4d94def79
SHA512811101de6cc1b0c029bd3e80e792c057524f8e535b2ba37c32b48cec75624fd836648242e5ff0d32213fcdfed3fc62b16ebf4d72bc052118eb885d8b0ce30947
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d3c6d378205163dd84187205b7ef8df7
SHA1bbae87b32734a0c9b95dc80cd0bbf28100fa126b
SHA256f2ccbb8323455cac610c6b2ec21deb7cd6cf4d2accdcc1a25c13b9fec3585ffb
SHA5125bfb22388d490b38dd30bb31124bd3190c8ce30087cff0901ad7f95a35c6b17d27916f375c58482b3dc956f52a7d3f4d70af5b75d665f9f0c0683cf7638920d3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fb54c95c6ee33934ae7e886f39eb5ea3
SHA18217c507724746d6667ec96fec26c2d3d1971c84
SHA2565a114e056267b4ab1b4ce5b7d4ad87722b4697a7536c63aaf0ab64aace9f3e27
SHA512a7d44228ac4a0c50acbe72cf4d351bf6db9fa73f781688fb1afe2f525ee745deb59f0212a4ce6d9c9e0f68d727e7008cb4fece4ddd1af4ab920f936a865d4977
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50cf92edc7b74b00ff4c5afb5aa27664a
SHA14e3702f48ad34884b4422857ec1b5ae9e67da922
SHA256514f5177185736cb86ef88692bcb3b6effc5e62397ce5d6a5bfe1b17fbf41904
SHA51234282ed432de792d0ff61ac0c6b6d11e6f4fada3d2155a61041db09bd62650a815d2627f6531f69e9708aa7e0883e4fcaa6727476ee00c65ee9bceaf69e31d09
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5134b79d5671b846b9fa74f585696fd17
SHA151c6ac50d6a357490b8e494e859fd7a315588940
SHA256c234fd99166c4b815a97b567cb602eb6c1e25957088db176517bd5f4f3a18f5e
SHA512a57b369b3f6f31e15d9644a9b662bef44a309211d9c7d0cea7f74fe439201e7f1f5b99662ff54f873441ae0bb8e25bf615c27681703b2eec6c3ab48eee239128
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ab594d32aa133a7d5bd51051fd8be1a5
SHA146dc371514f42cf588125b28fabce4fac2369604
SHA2560029671a805c7208e9b0fc67751bc481f5004c9aa3de4b95d0eed6e6b5450842
SHA512ca98e6645ce1c26810bbb33b37e7a30fb5a5c083477c8a1ea1e8ebbe0f50c6cc1dbebda4940fbda048325b20ef3812c78a7c7a429eb71b162ebf85fc0cf9e343
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56d8ec6d4334acf10d5d195634d271df4
SHA119bdcb3d7f258144f272732669aff58d0e06c3fa
SHA2562410506f99cd1e0ea8eef9a9e5e2794b78fa86a51f1cadd5c9347ad0782ae4ea
SHA5127f13ca35c60f488193dbb4d7c17752fba67624b8c083b3387818b5e40b4a58f2d2d019531675728402e463c8d9e1b935b902a079d126dbabcc8e6684c8276ef6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cfea01dbee928a418197c360a6051742
SHA153f3c51e70870bbedddb5ac5906d25a9fdec9bd4
SHA2566ba248a29c0b9964669e84fefec2d81bf67c8e9d6a88746196d2542aebacf5bd
SHA51237b296b4aa48be990140c548cdf71bcfae10ffbcc132c95fa45b6a6679284078e3ea5fe865d6b910e61a90ea448ebc32542a3e3da055a33f45186d32e685d0ea
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD551a5bcd69505e65f8777fcc1dad20f85
SHA16cccee5dd856ff7cc34df8448fbca39981a27f40
SHA256d48f4dcb4d0241e3f60343dbb8e7e9209047b34cbc9c56bfd6caed2398e6ba34
SHA5121e3dde610dd1be14d1389a69a5d4668191fb97a886dd79ac1f3dbeba7dca1ce3b6101de6622a3a1cd824bf87312b21f9af383cf4883ece782f8679f507f557df
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD517f69251dac662092015f9ed2adb92ce
SHA1999b25345c3a0101a44f30a0b22a31c6a987ff3d
SHA256882ebf908a9c35b193eb86c7abce70964224b41e49fc39d5f688d389d13bd2c8
SHA512d86d5318fdcc23dc1fec5b55b276518b9fd0b11dadc9192d95a83d1705bb530c4979a02d68320422736ccb57de97430f0780be33dbdbe2000f4de116d13f6c43
-
Filesize
67KB
MD52d3dcf90f6c99f47e7593ea250c9e749
SHA151be82be4a272669983313565b4940d4b1385237
SHA2568714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4
SHA5129c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5
-
Filesize
160KB
MD57186ad693b8ad9444401bd9bcd2217c2
SHA15c28ca10a650f6026b0df4737078fa4197f3bac1
SHA2569a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed
SHA512135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b