Analysis
-
max time kernel
119s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 20:20
Static task
static1
Behavioral task
behavioral1
Sample
a22dcca8a6093a00101156882f769301_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a22dcca8a6093a00101156882f769301_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a22dcca8a6093a00101156882f769301_JaffaCakes118.html
-
Size
125KB
-
MD5
a22dcca8a6093a00101156882f769301
-
SHA1
22d1225f777b88f892f2e777f73d5b16dbf742ad
-
SHA256
40f9e73c11f71121bee44541f3d9ce54db71387ccdef62bebadc29e1b9f2f843
-
SHA512
9f6f2d053c28df8c95931862bbf2fb33e8184af50995c6dcc190eee6eb45cfb8422f9508ecb4c0b6593fa03d2cef677f428e7fc18d266b6e40327d73b5abe5b5
-
SSDEEP
3072:Kkrc1gtOoFUgRn5DfXk61Xt6TPKEzmNH0:4mR0
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ae137e0c381912458d6bea0683811b8e00000000020000000000106600000001000020000000549eb498887d0106483a7c8a3110d1ec04b5c11e888cd38a7951963d3c0c3117000000000e8000000002000020000000ae931f08419c21329af4c1c530b4f1262d299e1bcc19b94eadfe31b45e9460282000000062300c564465e8b55d4eaf566c36702a12762b73aabd7fac72bb4470fc1b890c40000000ed9993babf2df4e379393c473cdd38caabe5af9fe5385770739b8e0c5ef368508b9072f79791db8970a2e72ef8f8b3c3df34727f300eea9747479922f534d847 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3A7470A1-28F9-11EF-8442-DE62917EBCA6} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ae137e0c381912458d6bea0683811b8e0000000002000000000010660000000100002000000054838f6f9084a60af4b636cb93239e27c44e976d1918be8bbc1f390ca5bbed81000000000e8000000002000020000000f89fd618654c627826c292ad98ec03a757550735d6e811f76df1b7c75bd3208b9000000034ec43fc8b713fc2b94046b1e5901de6e02b01431de82a5a6f25b2da03935b3f615f8d5a5b855194cabc6906ef34a2aaa58bd8ce4c13b2e543b6b8d4b86f845524833d0ac8e2a1c895e7f68aa27799ecd31abb30899f8789232b047e67d2a04cf4342b520e1471521466bc5572b9c7304cefd8d5524170187ec4e36717d73496c6c9a248125de58d6c842e671df0a2e340000000244f83484d7d9c7f16b296cc01672b6fedeadbc5747fd380056fedd326374c8295030360cc7dc5516ea3f624946b9e55056ad4331e3b6f2c11ad47b3dbd3652f iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0a0150f06bdda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424385504" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2752 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2752 iexplore.exe 2752 iexplore.exe 2880 IEXPLORE.EXE 2880 IEXPLORE.EXE 2880 IEXPLORE.EXE 2880 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2752 wrote to memory of 2880 2752 iexplore.exe 28 PID 2752 wrote to memory of 2880 2752 iexplore.exe 28 PID 2752 wrote to memory of 2880 2752 iexplore.exe 28 PID 2752 wrote to memory of 2880 2752 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a22dcca8a6093a00101156882f769301_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2752 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2752 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2880
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5573f6fd80e442cba58423343440328d9
SHA186372d29785731c791bd7870a514047674b7f588
SHA256f64de27fbedd9a71f7af184c0ca4ed20a412243015dfb0e927b9c43eb288688d
SHA512f47b4fc3a0a1b6dfd79f6186672efc0b1a872683a9af2704420d4f667935d723570214c35053071c7a736ab741e8c8fbd3eb2ff13bf5b00ea382e32b04ceb135
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b0343f1e992e0e0841f9b1fff665123c
SHA1bde18770a25c16166cc8d209b83edbe6b9dddb40
SHA256432346891b8863bbe7eb89ed529665738786ac18211a7caf1f4f4bb975ed2794
SHA5120fcd56d405b5acc561aa0ab1753f46e855bbcf0e7a0b26de34a780bd5d66e11bd7cacbf03ba660d648b1d5169f42cf7d63e29c868b775f65cfb2571bc588a0c9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c3ac816a8dae4eb049247fa807db1bcb
SHA18bbbb960f4447ae61171728ce4c33ac0550bf9e3
SHA256935fc88589c93ff0e0eaa30facd56af37bb5ea2343ba00035d73e092a216ccce
SHA5120a93bc236e24c0398a4ab82cfc4b131e7f10cb22694ece40f0326c3f3c77403c86250f203ad649197b98fe448165b78122c59ab7da44c1bfd6abd569a5331c98
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d981771d163af48e4100d5c357ff12da
SHA1b836741ac7b53bf921813d14e0b25b537f125eea
SHA25669b796ef1e47d21e98d5534753e0ad90129043984a1b389913ee603b3aecf2b3
SHA512497fda773ac03dd7cefe0044b62179aef9f952b03ec9888821dd26537bc6c73447ec40b0cf5e447fd2c61dd60a1e77f2cb183560eb4c7882e1d403c1e4c92b9a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5043a8f149084dc59fd40881ce38fa961
SHA125eb0f30ca141eae09a858b4312a14670d30d816
SHA2561ce21718e28373928fbaee017deb2f0e5965848e390b3d224e810babc120aad7
SHA512eca0cf931628413a6711c9bcc7b03c14add38b25f783ec9866b9edc424e81fabe82199a9fcc6a116531994cb62297abbdfbf4e60a37f809ff2057b49249d6d33
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5834552ae16617a5d436b134d346c0495
SHA1135a0fdb083e10ff811dc679856b3fd877700fdc
SHA256178b295998483ff35f225e9b6faa3cb3f35531e3324186feb6f4bdac86e80aae
SHA51236b1446dd3964b60e8eb5805b64251114c879f0816c9ba835cff58539eaa9f66e0584b4b5f3ebf7cf37f5603a3c09bb38c7d7f2ffa57edcd727d0ba72ceae48c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c2df29259744ae5147c4115d3fbabda2
SHA158505a66a798c82a8560f3f39199da843bbb771f
SHA256053039c554bc44a0f6f5d792c8784b9ef78672e140261e449e4beebf0c8594f5
SHA5128a3d642a513a17c57f5ed929f12a2bb28ec29e9b652742824124e62d9d97693390bea27f278555e31cbfe694447aa2db5abb22d1f69a7a5de5462e2205453e8e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56df310613e544f5c9906f10481c61349
SHA1cd482b84f8056fe2c019c01e38d831bf6a8df6f8
SHA25635e49af290a6c6121cd78b52d0996f9ff977781e7e7b8cf39d8fe7a389617cec
SHA51286db2637fd7c81de0be7bfce0ea99a6ff5bcc0285dd9e2c0696fb4c3dd237d7381ff24804ac01e2a8f457a4f51d6fb9607b6e5c13e2cb7a33c5f14455fa8a6d0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58f9209c103704645e078de25ac59bf4a
SHA129faa2629cb19bcc69335c43f4fe4bb73eb4a1d9
SHA25667807996c64a87a51d00b07a90e885caccdcff4c2d85af2ecae864b25b094a96
SHA512df14f3b76fecd9efa0952d48f751da5e66bd8af7758de01d52ae3b02b7c8f698e5e7161588728e0543f5d54f667dc58a861bb8ea354af36b3ef90902775af0be
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58f65950a3ece1cfbd6c12c85cd636255
SHA1e9a5df6beb5b649315695447f4842acb19f547db
SHA2563481b0e7b544326fed29c7a13e63ca9f378c735896c191ca4e845d811782c501
SHA512ebbc4ed2aea4eb85eefcecd70d2c6910077d3e59910dc87f50528658cc48062b833ff7a661bea5ec1ed34ff4317a88f2510514bd4dc5bc7911e71454556cc980
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD576cfa49e4bd4b212b09f91b43fd027ad
SHA1f3377e1bd44a4063430140499e4c65ea83352c65
SHA256b859993c73fb874766fb116942d2d5beabe1edc335854f5b931b0f51f18239ac
SHA5124acb54717e09b19cfe69e9885c4716fa687d26cd5ce19ccec87d475a5ae6415b61ddcc1cae281bcf2af930bba9b54e8ab6c98bd6caf7ca55b3b24720dd1b350c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50b7c63af5626d9c18a66c36edddb0424
SHA132d6dbdcb9bff7faefed48454ba58d5f068f1b3a
SHA256ff984db0af66e68a8a9f78006a898ee50a36ed7d5e81a1ff60a081caf2daa60e
SHA5122e3352c8063be7efb9440972df008f6d7b4da5fc72ada49aa6e3a67fa4fb96b7d8f8591ab44ae84743ca4ee95c8313e69fae111565efbbd4ad93e29a8047f620
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD598401b88259f7b32467ced73635bf311
SHA11dbea7e10c4e300c8671d44cc374e3bf22ca2bd4
SHA256f741668afb97bb762eebc8441edc183c572e758e5f09ff28f0efcd279fa00b79
SHA51223156f18d0e3e920384e59707d9dd6719306a0de68d4783796fe1ef1db0a4220521de94856f6448ddf821059a6fbdeeb048a568a78407afd6e0eb9ac3e4796a1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5565a90e1ef7af6b42cfd40cac26b53d6
SHA12f9a094a77ec35a00f43d0a96ccbf1106e6c8b27
SHA2563c08e054ea6af44d5e0cf1d0a7d0080df98c1f182ce844ceb53c68526df8c664
SHA512377e744ff0fdafff25cfbfcd6009a30c8a1b2cd0fdd337cd49937070099298e1bcb80445277b81f37645f6649cf0c210b80c5d26c9e3850e19f07cdf7eb5d4dc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ed1141a6a1093bc194930a2f7b9155d4
SHA1112fab51b2e33fdc5ad60a0e60e4ffb4e27ce8e8
SHA2566fa4f53d286defe7a6f4eb0ff5764e6675c406eb4d4879caec1a259e833e669d
SHA5124e1eca7b5e8a82b098809e9447f8f93825526756a84607d9f307d06c965ac3f2460ca8eab733490a8017fe59f6e58eae17dab4d7a3cf9b782f2f0582207cb289
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b682fb5075a2eb15c5af04fb6e3aeb0b
SHA1804386666c2faa7d87af39e8349d027ba1e60adc
SHA25649c22889a1485f1988030e23cd83cfd93d5e0e98a8a8ca400ce8a289cae01b18
SHA5121259234a8b485a61388c63a465f7f00f8fa310ead5b94efeb66644491aa8d6d77559541246fabec3a625952d40e3f924850f0e8a878dd1deb96b18f8fd484489
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b1c61e3e428e47e48ea69b8e7c6df474
SHA108d646b8d0a22506460aa0807b4cc864315986d1
SHA256f4adbc2aef3c57ecb5e9131e097bab0cf37ed58077417e066b62249c0fd56958
SHA512a18164b87bfbd4cc3c61ac110789fd7f1c4ffe100932d1fd3cc1b427a158706c2e1d46dae25cd7c74fb21a58398f55e59b27fd5d12461e14ad6f1b73eef0333f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d90a72d81c66ec909ee1769454aede36
SHA14747cf5360c98ef59368f01b1b0dccd5226d4ee3
SHA2564d6edcd990caac0c7e612a4489850c06ff88ed146f839084f16515d066b091e3
SHA5121008f450c73205ffc335f612df20f850d5e4ff59a11e2f4e30045385e75e160d662affee9267fbbed01e7cec163bc4b50e34716268e992200a996949ad6d0367
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b