Analysis
-
max time kernel
118s -
max time network
136s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 20:19
Static task
static1
Behavioral task
behavioral1
Sample
a22d438d9dbb2e242f3e5274492881d8_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a22d438d9dbb2e242f3e5274492881d8_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a22d438d9dbb2e242f3e5274492881d8_JaffaCakes118.html
-
Size
2KB
-
MD5
a22d438d9dbb2e242f3e5274492881d8
-
SHA1
32c94f3374790a98172f4bda27509025018f53c1
-
SHA256
982fb20a3705316cb6091fbf802d0a82c6592d0cbda1253e928666af3257552c
-
SHA512
3a9f5228e80d7cc65a50df8763c7ec57287a89822eaf5e72fbc952ef5b224075aac3a6065fce15bdf63a2998ec24c64b21129ab83eb98c5d7f1fadc6e5e618a2
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0d165ff05bdda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000da0f39b6c5ff1956dec3f3720e6170186f567a426dea7ef81f925243bc371703000000000e8000000002000020000000ea615c5b1db43701ff8ef45b371de0e90b9873182ef2b6e449ce5b22ab99733f9000000022535b102e15b49b08afba218f56ca34c0d7c1bc80c4cf7f58d4d21a3d1e7824cee2d4bf077d74ea23be0db76241c31b2aff0c290a84b5eb8a0be3a57fa55cee29bd3211301e698ca8d6a791e3be56997bced0679f6588835770cdebb40b0eef0ac7fe55d410195294e9f82ba0aea55dd6f3c170616a55f2bacf987d0b195a624a04526596f2bc90f7eb343214726e3c4000000011d6d1288029de6c90b43e12aa46ae9fb30eb1447a29373c285f6c414ae53ec06f82d4e22810cca4270f3ddf04bac91b0ee16c3d2273cd2da8d1439d9e7e5084 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000dc4da887b697d3f7c803bfb4cae3cc0d59ea88e6598984a4ac32fadfdb54fcbc000000000e80000000020000200000000d6fa5c90ac9f0398c60032915588d70e168b81e074376492b8abb214f764b60200000007f0566318e6e0ebb6ce8d85a169c7cb10a25a560975cb11bfa4848ca66ecbf8f40000000a65ff5188d5312592fb061224cf5c40af106c463d4d65f5d4edccfd98129bfadb12351441f3dddc9987e57adff0d03a2e1bd7e479db5514b7a1cc159f95ea187 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424385474" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{277A8F71-28F9-11EF-AC4C-424EC277AA72} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1540 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1540 iexplore.exe 1540 iexplore.exe 2624 IEXPLORE.EXE 2624 IEXPLORE.EXE 2624 IEXPLORE.EXE 2624 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1540 wrote to memory of 2624 1540 iexplore.exe 28 PID 1540 wrote to memory of 2624 1540 iexplore.exe 28 PID 1540 wrote to memory of 2624 1540 iexplore.exe 28 PID 1540 wrote to memory of 2624 1540 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a22d438d9dbb2e242f3e5274492881d8_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1540 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1540 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2624
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cce79a26421722d7d4ac74a0ce6b46b9
SHA12b88f31ae7d42ee1fda32750525d7b5bbf3c84c6
SHA256b37c9ef390534c394aba358272bbe4295c1cb77b34a02a22b350566d9a1aeac5
SHA51252cb0ad11020f1cef4592f3793fd21f455b9200cde05538011ee46b6814adeaba22f04835da47be15fb7bb2e9a0814e46de2ea343282f2b36e85309d742f7a39
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD581fd253d6cfcccdcaf4dcf8c56238cdd
SHA1a7d792fdf05e146c8616c8a88af31a220674acd9
SHA25685287bc19e187bd80ce86e671399c05c265bfdbf56f49563d269cb23a9f70aae
SHA5121c23a83ee88098e067f93166d3ab52638b783dff24901fdb75347f590b8c8e4dd0dbede8a23e1b609a4eb9acb3b91ee74745cf80af64d3be41d46b9b78bade37
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52eaf4c29c67a7e479efd8dde1ec986e7
SHA155632d3d9568e2f3718e6fdb2b0c09e800113776
SHA2568831ffc64cdcf08de8c69bd942a01d62b45d4485a6952c69e3c5e9b4886351aa
SHA5126212d43cb7c2417a2f3fb27a5a5d373110d338a66b3a7992026b4eac5919b767268adeba0adf965232be2b919c4f9d5d03abdffcc3a1d4d458a78d721a413a8c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b264dfde9cb0a84b1791b58ea6b01197
SHA1f2324e743bf811f8a7faf8b10bc9bfd05e632c87
SHA25601993c488c8eb9504add1cf84c18ec98eef23b7319ed2f8609a1cffc6868b1ed
SHA51248869029554f4f3526b80dc4ed3e055bed567815b4b899387175fb8a640938f1ccedb0ba47dd97b4bff3a56ded73207e8368910851d7e6916725ea7504822b32
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50329b102755ed28912493690a175a12a
SHA1711225dbcd97a4682841cdb1cabf0f95c1de691a
SHA256ef1b9019e4db213ce48a9b69c6bdaaa053e2746ca3ef0ff0e6bb968377cb9762
SHA5126217f7c874c60b352dd04b7e5c0197896ab920429e72fc0fe4781dfa9003b5ca9fa59e74be626dc8cdf67fad6710081b8cbaaab99e280f3247ecfed6bece4259
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59b6e083f7810b9c325c605b3615ffce0
SHA1cca9d01ea640abe62c8344e370bfb5c9ab24b548
SHA256cd2b55ca52a9087724f0db770a5b92dc5189dc26dd18f9eca3dcee4283c207d2
SHA512a3d83b076194e75339923ca8626ec71551529740f21354f824741f10eca4b7bd12cc321c3fb9b3584a4ebaf39de4fe84de821539a84688ffdcd13af55acf1900
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5de913b1d3a52d5742a92a2f03d3fcbde
SHA1bf97b6e3168d2ce860679cf2fc02cb46ce2d0ca2
SHA256fe08113a795c54d2d468219a3ccbf5bbb5290e1bbfacf04b69c12c5b45886be9
SHA512b3792fd53c07fcc80d634266dd7aae09ae89e882af6fcbf4abd7073943eac42f5f7220981382b98e2bdc6a3b111acf05d256245f676a1610850c3562c91ec989
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b7d97477fc6571bfc4c61515ed0df7a0
SHA19b453127ce1e363dcffd2067155002533d503864
SHA256fc309da023176565986d7f7d1d8869a441522b3000660a0d6969dbe82e4c4d32
SHA512e13dc156a0a2e289d545ff140a359da7d1e7a554aff178c4c18a560f12045a0a79fac2de8d974248f66b9e699c3ada115e372a0efa6c6a206fed86bb0b29a87e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50d93e0d5bf6f8a0c25be7ee527cdee30
SHA1b00b0f5ba6ad838f54489683b721d1c639ca77d9
SHA2566eccfc33794b71e2bd197e146bb752eead4df181cddc29026a0f414cb57f31ad
SHA5120dcf1cd17d769b8dacf5e70c097d7c9c31d7803eee8dd6ff15f09734742e5d88559223ef3e427a4f7d03966003ba920e9a2cdf14afb9a1fc3b5ed9cdaf37794c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a927c249f76469710cf95c94158f0a07
SHA1651a0ea98799ac10a9b03972be690d98e3866ac0
SHA256c706d1187e99f85f3615d554a7fa722d0c2ec5a693558b2dd53f747563703cef
SHA512b94a37e49d1842f408b1e4f6410b10faa76379003a2e9f4b6e45644e00559c8ffc14f99bb4feb7484f335254968b320da2102abca7409e6f0e26a8f8c626b824
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD522b385e022bfbe99ece8719c7597d575
SHA15706fa54ec1cfbadf94ae7ec336969aa7b02d048
SHA256a1cfd7df400895dcb838552a2e628da0548a4a6bc276dd2bd19749ca6e4daa41
SHA512a75c483e45d3050a60ec72746163febd099c443cecd7a5a08b3d30b3894ee45d984aed00ec4eb064ac1765a7b18906ab5267454edb9188ad0d8a4221ebbe1ce7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f347d2dee60575eaead84a7f6f18751a
SHA1931c1a553aa399ae298e3f88f6f328bf4ba5fb28
SHA2568fc3691a43015613f4e2f678bb59692ace15bc75ce67f9ab3bd6d5eb0876e047
SHA512ea8098e645475981d97eb52ff2eba0f1b9a298404784cc62d4f15d399cc7cdad271f93399c0b26e726b180f6eb68fcd54d3d70879a80b5965c92fde559343fcb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ee79b91bb1d99134c2c91ec351b8cba5
SHA178e529cf32b1f9fab36416f4d97202e95af9e87f
SHA256b1956c2580af778457acc299c7c193db61e1ffb05aeaf538de289d6b78c13a56
SHA512f35f10912e2026f32d29e0bfaa7cc9489fa8c898a99b3ee8f0296c3e1ccb19954d90477d0c8ebc3ae2623b154e72b160f5c631702a8124463e1b382b6a882c14
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5771930fe59a4312d82ae83d0769a0ca4
SHA1464bc1c21c329149384f5b491152819fece2406d
SHA25606bbe2f7a204b5bd6d2ba2e39828f4e309e89d1f98bbbe907cfb1aa7564186c5
SHA51221aebe70e6ca63c0e496c02bf16d8cc0f40363d6ff9e27bf598c8d8b3cb81e7c71ae12aa0f5e2fbbd2bc1d13e46af73b760113a3e8d7d3f5e93ade87d2d9a730
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5af214fb1deae26caaacdd6afd079be5d
SHA1e14f4597011d6e60487f945546d105dce3668128
SHA256dc7c7ff1ae36811d78184e3e399dcdf6657b0ededbc84ee86bbde1a45b48fb79
SHA512466d040bd6ce760393d616cb86f7f94bdcf34199782b84651d3ff0827265145d5f596d68ca90aef155f33fb0297d07c106c97a40e04d2281a7c50fa9171e1556
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5acb22b7960d26c015d6a2a60ba287015
SHA1478f1a6fa27cd868ab071c39a1bdfd0dd256e57a
SHA256c47eb5b5fb4d60bf66bf15885dd2f96fb2754535e054c15187eae53d1f7a4cab
SHA512dbb6e15fd3186f254efb2f1c8539bd6eecf574afe919c7272d2b493e0f3e6b2cd87fd162e98cfbb1d5c2e0e8ad98bcaeb9435c02d932a8484bea5598628fe283
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5227109c29f3655e7e085ed688a8dad6d
SHA19b1a07084290bd9dd94b02f9053aea0ef6118019
SHA256b6149b907d660a404c2733a0355dc28246d21607a26a26caa4b65d5f5b8d8887
SHA512249aa25164d709931044d36e4016e093bed2bb029268b8087dc4dfc40b67548b366967942e0608c7e04d631e6ddfe97dcbb83945951e3443e2dd3515413297f5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59051332f60804ccbba9ceb3aa18a4831
SHA1e39e854b6e1e95ec804abaf8b49f6cbd8d328303
SHA256d19eb7ba89abbd3a54e12a24a16c38a55c4d2c666db7288397c9b9563c01a994
SHA5125a42e22958b2fe1d62b60cec602e6e6460eabd8b22df52e818efa65aaa0ada7b34cf9c3535f08584f221b38b7d197526f013f144a339aebec0b849573afe9266
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52ae59d56a348107eea5d3f31845a9f9e
SHA16b2c496a8209495ac917ccbbba436b5779861514
SHA256a871ddb28423a5ec33b39000dec795996217771d2527d911f75c435634fb4d0b
SHA5122a5caa1deedd1878b4440e4ff482b121854802df5bd0e99d86a838dfba0733c4b2ac97644dea05650ddbd0f86b84e9933573c8c37780ad1985f204ed2da64763
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b