Analysis
-
max time kernel
145s -
max time network
151s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 20:20
Static task
static1
Behavioral task
behavioral1
Sample
a22d7decc81eaab51746b39e7752cff4_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a22d7decc81eaab51746b39e7752cff4_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a22d7decc81eaab51746b39e7752cff4_JaffaCakes118.html
-
Size
36KB
-
MD5
a22d7decc81eaab51746b39e7752cff4
-
SHA1
d7e463235e7853e60a518dab379f408bbaf10d67
-
SHA256
e4e1cb11821bc30abc09de6b34e10477555ed6d1578215b6b99bea019709e42d
-
SHA512
ea405e25311b511b3f67d87bc121f7210c682aaff476963f45fc7ddf9305e8c14ec977dfb60190f4af893b15b46614742bdb48f4221019a7a1996173f7ea6ff4
-
SSDEEP
768:gzl02ICmC3C3C3C3C6C6C6C6CCCCCCCCCyCyCUCUCRpjgLKj9r7/FYbZzSP8AJPK:gzl0LNEEEEnnnnJJJJvvNN+jg+j9r7/Q
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424385494" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000047ba048956f3b866a103a9f85838fc0d8af995b0f0557b9306e5d3e767b825f9000000000e8000000002000020000000d903ebeaed075b7b91db78ef5fe03235eb5dc622616f453155339f05f8f165d820000000991a60313499bac708dac48005a6a16e9100a236183bb39cf0eb9abf8b9b2de5400000006eec957c112183088dd190833d84ecf2a387376f1b3ad2371eeaf5d505d9e709fe48345f127a8a80041f1fb3a5d6363976ec378e13c70ce7efca68c247848e8a iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20443e0906bdda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{32D92CA1-28F9-11EF-AAC6-46C1B5BE3FA8} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000c9eeffd24dd5d3e97df8d3a3904951011c83b2612501cd155eb2a552e16aa6aa000000000e8000000002000020000000821224d1b4e0d6e32d18f277a0ba0f891948fd80433f05ded71b564f2fa4976b90000000b9fe6240341b90d49e2a45a674f4c8cc05c74d19160033dc9c4e233dec29cf98a1e25fd452caca43a3e160193c25cb2e179c06ec4257e2a7f4aedb59689e60c82fb820d30c3d14c11df65c362332c11120cd204aa60124dfeb4aabf5d3ed2610d47a8f688a85e50e2479bec237820a4934101a68e8d80639149c49fa7940d16430b16e0bacf33076d762d59068e3e6c840000000c32b9cc06eff0597d28a37cff5eb29c79607090922cde198ca575cba98f92dc58ff5c4cfc3e7a580c4ba44b7f8a7786535eed5754cc69f99ad4e1a7ad5cee54a iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3016 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 3016 iexplore.exe 3016 iexplore.exe 2352 IEXPLORE.EXE 2352 IEXPLORE.EXE 2352 IEXPLORE.EXE 2352 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3016 wrote to memory of 2352 3016 iexplore.exe 28 PID 3016 wrote to memory of 2352 3016 iexplore.exe 28 PID 3016 wrote to memory of 2352 3016 iexplore.exe 28 PID 3016 wrote to memory of 2352 3016 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a22d7decc81eaab51746b39e7752cff4_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3016 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3016 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2352
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d07b737344e1ca13edf02af897713c5a
SHA137253767ba680663c99a0202a606ac21ef199644
SHA256dc469fa4dac88e9eefa4f884587e826a0586146e36e782d9c47479e35fca3973
SHA51218fb1d53f9243cf908709a09db2e0fa5b718ff0ab4cfb113b7ac22ee436622fa3d2d6f1f996521d0a7537b2cad543e0b5a5c29371af55f99ec8220188f367bb7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5eefe8479a8b4f75d9cda09bc91ce76e3
SHA17e2817e03cf3750aaf6328a65b8eeebd4d40d85c
SHA2560a15e55e01c14d7c4a3d57b75bf6c71ef9839631461797342330da59c87c4721
SHA512859bbfdc54a77b53497a032e6a157bc5de37fd325e3dbc107e42a2eec2c06ac5406ea0e606ffafa3ef0b9fcee5b5249a0f9a6ef58969d61710f9d24394ab8475
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e9976844a3ba1d47edb7e94d83c71dae
SHA1bec654195307e8ff44e129ee7f0b90420a8a7d8b
SHA256733c1c9fb0ea656cd640f3ef9449c7e0f802e2bb80d3d743751586ac3fefe37f
SHA512506c09384daaa94644c8d16743910990b8443ec3efa559394558996d50d70cdf9ea5b8572a08947a5a4e770df1018d77731cccae04c0a4fdbc9f5a0576201b60
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e10e1b43449d62e9da680bb4309e6084
SHA1b9e9b8b46c4c77468bdb5d6e6ef874a0444e7f3b
SHA2569af3ecdadad7aee44562bd4288702e2fe4d9f1c602289f0782277725de80e673
SHA51286d64aa557853ad9bdc4030eecde343d816de079f9ff03e2467b45d874c3c9e815d3fa3e79323c21bfc13bff2e0ea96c8756f2d57e333df560928067b169b195
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51a2413a92881193e27e6e4613df1a853
SHA12f26973908e642011621d8182ff294f6aab95d87
SHA2567d7f0ad2973bc35a56185f376db619d70c138c2bc242c00015125b8f4d0a2430
SHA5123b1b37d41257c10b3f5756e4131108ab44727299cd25ce48968cf5855461fdfbed17ab05a0372e8c3c7c3ed86627054888342ff8ff131ab9315465c94340f6e5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c9a98157b96a2799792cf102df75e972
SHA1b702cd52f4c9f406c01ee9165df3467a469d2b6a
SHA2568cbf70a9442da0b4f4bc06b40bacb615c87a0626aed11896b256b8e49651be95
SHA512a9e09b0e9d3b7cf87c39b5acafe2b2fab5270b6485b46ab2594b76a8f8f38d295d58c538843516e5808718af7328d51f1875cde1baa6187514274c67a2f52336
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5854e2352a907abc53b85290fb11473bf
SHA1f835c6842e935021655e98158c989a5710371750
SHA25650d5c14ae94b915cd694e3b41f532f12a0d8f32afbfedac045057c04435e4be7
SHA5129d0e796866f08393ae4c8fe5e2ca651aa335b325129eae091d7c68d603879ff7897e4946523b29487376cb3773707d87ef9de8d23cc7011a9a40ab9f2278b112
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57ccbe74fccae119e5959923196e23e06
SHA1de96dd0da25173faacee1e8a5746d64251e591b3
SHA2564910005d5cbd36d4310cccfd5088c263f8b12109cc0ca48127b94093323420c2
SHA512bf10f39ff364b96980e25f5168320f7d2e8ba121cf9d533a4a56c2c339854540e934cf52a2e9aacbff388898413a83decc9cccc080391055fd1125def845e283
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59b39a6b4ac0cd90dcd6a0eef12302b3c
SHA1f2e4b63a2286bcc4b169e3998b782a29405b80cc
SHA25669354a7b1fc44a0d55983c06d8f6427c7eda369d4006483ed9941efe1b8971cf
SHA512e832a20422c1e8d86afdd5125798c28c86417c81907b162ecc5bcbe1c8a36e40054e6ec0ff387eb1d0ef88ce669f286c8fa474b1686e3107e5e001f93aba45ed
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59484a81e8425345b6ccf54162c43b8f8
SHA15a41ea1b5b9398f26847413debda32dbbff8e881
SHA256dbc6571a6bb5a4b8ed3f5af04013e1b74ae704b1fbdb554515b2ef06e787b684
SHA512054fe40465a9ec6d80375f7deab5559fe22b82949c609ed437b14680689d14448f8ebb686b5cdac80fba227d2a5ef01106061e1232cb32c4687f1df9417ea6f5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD560e8d156f55305ede6a40e3c151b68ff
SHA156ebb15c0a19a3a4a22debb92253d0a8caf3de34
SHA2564db10e334da59f179801c1af49d524aa3d048b142a2d89de4802a7a4f2cf8be5
SHA51223fc2631875985d1248510c0d8736e135c45929b0ff8fb656436077269c0362e2d41a917b546a6352eac944e507c51c02a1552ea34ad27f54542312b8cc3378f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59a1a3f1c11ac1063c9e8d30bc6c7f023
SHA1e8617b1eb6c661e038d0c0a4371c18491c590fb1
SHA256fe1b0d5c826e6f94770945753084bf62d64c7b0742944129f5fd2825628615b0
SHA51237472f062f8cc4ed2d8f197f8dfa4e46ec7b3023f23f3a5d3e67741e6d595fcc446bf4c67a7196acd05b3e4067114a77ad928243ec470feff8f8b0a1a2894dca
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53f128567ab882fd0a13ad96cba91b704
SHA13f66b6c22d5ca1162570a2e004e2fd82e4a54d80
SHA256ee62fda8313d3f2805caa006bd9dbb62901ef1dd1afdb293a64901b7940fecf2
SHA5122028d93c2bdd82c7ab71ec7ab6124aa60c0485855b9ffc17ca7419c11b8e2efb2befccbc02a24ce4cb9b26e47fff56cf9571513eab8dadc1e353bfebd61dd2f7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD597b684ffa91113c117ccade58d97dd15
SHA1d63d9e594adb5c044f3b68b447c247a0a0aa1ec5
SHA256993623efa9340a864d0085be8ba56cfdc7ecb5b21f88a1047d47539b5656cb60
SHA512c251520f6ffe346aff34f0813dbed2b3719d19ac9e6d61b467a32b894445c45d7b2201806b5c8b2c439fbe939f6551d640132948565452535cf5f83694e3982a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD552e481bf091c243cc23132e5944a965a
SHA1d9db03b52cf8db27ab4cbbddfb9279c4e66591a0
SHA256d839b76da785a640ca094c8dbe8d021e7ce71a4add32e3d287d33578c1fc5b17
SHA5121f0ec56a1eb47b8771643192e6b2c0326aa04ced148d620546a9f72202ca13fbb3dc3bf9f2b9c7932480625e234f7f6905a3389abb70dbc840ce721fbf81ea3b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD532864ac8d7a6b5d38781397d01d34c90
SHA13b844d78aef6fba7c4b2aae4e44219d680233922
SHA25621143f5b768493197207fa3ca1e0f6c61a50b5879b95f2fb6e5b756f8ecf7173
SHA512c09a29a4316a86692140133829d4f928526932f301f26f90466b8d3582742d0b9287bb5a9c3a67eabacab40e37647a230a0a04220120b314857faa224df64728
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50f0b3c30ec0311dfd60025dcd50770a3
SHA1320059800ca72c56d152c3183850290c2c114550
SHA256f33c335d2dcd6af14940f39faa3e8264541f9236283e15d5243a85530354d5e2
SHA512e45f95b001c37310fde61dedb3ba0554f25579622d48f341948b96cc78c82fa5701c7953aaf6e2917f4aa6de8aebdf298a5f75c9844e8adef2ae4f532c15b16b
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b