Analysis
-
max time kernel
122s -
max time network
136s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 21:31
Static task
static1
Behavioral task
behavioral1
Sample
a6a81ee3514611287f617b6d1bd5f231_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a6a81ee3514611287f617b6d1bd5f231_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a6a81ee3514611287f617b6d1bd5f231_JaffaCakes118.html
-
Size
460KB
-
MD5
a6a81ee3514611287f617b6d1bd5f231
-
SHA1
0e2937c1908535a5431b399b0fe5c1dc8c178eb7
-
SHA256
d6caea1f1a03bb275e670be3b56e5d908febb85d67b83f29e5939442e1ffcce8
-
SHA512
838d1933c664c9104589c0d97f96d8315d2a6a3aab494b3942611f23f51de1f572f97e35a01f6431815cf007e46c92b0b124abd3bf4d0c69e1c4db70db7c41cf
-
SSDEEP
6144:SBsMYod+X3oI+YSsMYod+X3oI+YDsMYod+X3oI+YLsMYod+X3oI+YQ:C5d+X365d+X3l5d+X315d+X3+
Malware Config
Signatures
-
Processes:
iexplore.exeIEXPLORE.EXEdescription ioc process Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80ad0d24d9bdda01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424476158" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000000db4e51d6a1d1936a69b630e464678df8af761fc766de13d4d798e50723a5f5c000000000e800000000200002000000025331ddca8f05a125133ec76c668f23b0dcd9cb78508e9282b09978652b23b3690000000e599e28f121625f88f8cce5a3ae5628a6c5e7cd624622e95937f7764a9c6f339bc3ade47ac782f223a7ef3019f17c950bf6a83ad14a33d4508f27ae7abc3434e688dcf4f4b1f76cc1f800c8d1afcce71945df775ad4adc144a8234b64823e64c18c61901fa711de4bba3c1f48893c5221ef3c195f768c99bbfdec1c0884258000d67b8a2ae92ceec106c030e9e65a39e40000000b3aeed6015eb4f1bf3800b6d73fc37f4c9b8770b8a1ff77371d4d2a74beeea35dece9579225d110262910fd4a45ca755f80c6e20d0e0e00066151d52f239f1ad iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4B460551-29CC-11EF-8B35-D2952450F783} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000046876dd51c2e70daafd4d978bf95bbe37413e6b18e90a803174cae6981bd806000000000e8000000002000020000000d9a2834cfb16403d1263dadd9c74745615d74d91f12ffe4d2c49e4cd1feee27d200000004ddfd0440b172081364f7e05ac9a4706307fe8a3e84d320c93757183d1d9c4f5400000002dbafbf14be90b30cfbb605904fdf1b780515f95ff2ca10f5c35af06689d3e41e1d69f22f29b32f5b3ce2af22eb00958ebb2f8ac8978ac1a7242095baa34821d iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
iexplore.exepid process 1808 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
iexplore.exeIEXPLORE.EXEpid process 1808 iexplore.exe 1808 iexplore.exe 2784 IEXPLORE.EXE 2784 IEXPLORE.EXE 2784 IEXPLORE.EXE 2784 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
iexplore.exedescription pid process target process PID 1808 wrote to memory of 2784 1808 iexplore.exe IEXPLORE.EXE PID 1808 wrote to memory of 2784 1808 iexplore.exe IEXPLORE.EXE PID 1808 wrote to memory of 2784 1808 iexplore.exe IEXPLORE.EXE PID 1808 wrote to memory of 2784 1808 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a6a81ee3514611287f617b6d1bd5f231_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1808 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1808 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2784
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d91c74b13a2953643dce397c119ddad6
SHA1724034469529c4e801dedb58d7a95c02be821306
SHA2563c802b448905eb6d407031cbd768e29cd766a421d9ef6a234e5f94b6195a07fc
SHA51292cb4553e1f97074dbec3d9ec01e828d49e4e200d78d5d9184d241ac5f24378e8bfdd97bcac246b21bcc15d6c8534d813eee5b653f5c8b6c7a408d69e28b8585
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5683dea4eb8a96d7d6abbe445bcf74210
SHA102ae844c502c5a7d8bae2bf1be835708e23ec477
SHA256210ed33273102ada6f7e1161c1465d2c423fc22f1b5a5c3de00b7c9de4d15835
SHA512e04b26f0b37a3f49c7008ab9a0943f0d862bc97979301f971cd45696571822e2850e48f61ca5753fd9961eb4495fea054c788bd48fbb0e2309b938739109ccc4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52067253a9845dfd1c88efaf472bfffc5
SHA18ac881897fbb896ab85ea6400d19196bcb519061
SHA256240abca15dfbf5601bebc71747688f1654f625b4e328292a86373224671321b7
SHA51207ed1ec80793b75bd45bc08dc2193042199e4ad56b47e61443db931102a9ce59b091cc1cbb382fed70c5cdd9c680ce0dbe7423fd46fb8683f534e93a8b51bbc6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD572238670a7468450de9898a44b66a1a1
SHA164887ef3710246098133b634c9affe09bf52e7db
SHA25639003b827354d7fd305ef944b142da2ef2c928a0faf947689a1499427b67b6d5
SHA512b33ac01a8014974df0ecd84b82a0ae4e8b1b1861ed88e1338b7b415cd690219c96bbb65a43870d8c2114a2e8366c80eaa3de5a2ac35b6a22b46e1a79b324b9fc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c3750587a094f700a0004c262067b368
SHA151c32052ab25dd3409eda29b5eacb85625b22463
SHA2569fab7cee9cc4085e8206d2284848c20123f71c8f9951d0d06edf3c1229c131b9
SHA512948808d6fd573b532bc613d3b045f5ce629ac41baaee0fd9322ef8553d5d99f349a76887ae53b259946482c53bce355aff58c82edb6d99149feebb3fba5aa27e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e6f000cc168b94cadb973bf61403e86b
SHA10ff69fd8d2b605e7b4c02fe53148ff9067957a12
SHA256f2e8130b20d600f4559c483bd75fb20bfe9193c3e1a119206b57f82dc5367646
SHA5128593253b8508f0c0d671477c10f284e55b849b7472316a6245c02bb658a9222bb0f66dc7d0fe9877ba62c32164295a03fc3c719d0bc1668d35bce5bf6b48742e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bd5de310968385dfe8ab1907a06a50f7
SHA1683503ac661512e4865fa15ea3dd5719647306d3
SHA256670d6f3b3f6cc65861be4bfffc53aff6341fe74d81b791a35c2d52e77b6c3d78
SHA512f5c98b28478a7b5e81aafbe56e3f4c679f0e089be8bca008222a052d4805a25131cf76fd7015bc99af3afaf499f7d2618fd516a0e320565cdd43f11208db7b6b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52acb1dce8de85d2b9ee04cfdd2dfc16c
SHA1ded2ace036d67a3241e916eb8116a3bd1803770f
SHA25694e1fa8b9afc712b1bb92984b6717fe8651557183e8d174d8a91984fff2a6a1a
SHA5121f8db78c8dc45cf6baedfa44206da1dc23e7e5452ab16f2b7adddfff436bc51be048a52a8cc945cc2f1fb55cd837c80f0b1506485154867736e2f86b41cbef95
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a13826608a10217ed0336bf9faae065c
SHA121daeb9d71956d6149f3a95c7be0280bd04c9667
SHA2562bbd221a3d9411fb63dfd6d42b08ea5f517ab09c14ed79b99234532f4a485eac
SHA5124aae69b4627d8808165998bc5b6552eac08339551c5a3604b8a48dd32f9454b43b579d3617fb67826f624f00dc0f561ad29f43086e219a4ca15f2ce3adf566bd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53a8d879eca96ffa90761c823e86153bb
SHA1419320e2c58a3a6a96de59f5605a5db7f647f78a
SHA256c63ce36de7cb58847b4d22fe69ec57d8493c3a3f2b10a36f11a0e0d80b384734
SHA512a11cbb030d7bfedd81f9caf571287f02a4d9aca36b6c8ce58a7222119664335e61993daba2d236111b14a3d8deea213fc0e57ee7fee20167161af2a1bd6aba7c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD501a171e85aa25e4ecfa5eb7da9132399
SHA1c77ec3c06df7d4bd4de919de8286c8ad59b08274
SHA256f2c3d88cc6de7e5cd9207b744b5f9de831315076f93cc2329899fc6635718801
SHA5122eb9533a55895ccf3487ee18da32f9d91265892e55f1844e2c02af109f75418cf0f9851ad3bbb69dbbc7a7c4c6447880e3b0594ec863816a73c085c237af65b5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ad6ef51733d4b2f660ffc23c2c705d42
SHA1d02b85aea231e2e4480a58659c93cb33084dfa6a
SHA2560ac798614d090e4f61495d56d5531c2bd32696b83cf7e4c8449dc87582b46304
SHA512a628d8d90d392654ca1d35c8177d0a7114abce2de09829e5b8cad0be5233a360d4bb1696e6226f2cda2c7c305809da0d2a8d1885e57443bde454c385eec229f4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD574c16e0659635eac97e5a72683adf50d
SHA1d865ded742ad272cef75ac11fc0c140e4245b45f
SHA25640c27cac335ff8683d7154a590d377d67609dd39e36dcb2388ec37d25cc6b660
SHA512571381a4cc13e630c63a6aa40b1013cc4ef9f53403eab7d84e5e4ea0c7e9faddcb1c848fac1f78c4af1e9c19495345f03c1db90911a8a5415525866fa1a8d813
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD554232f2dc856cd581d3637020658a92f
SHA15e563d4ff65b87e80ee3b3ce6ddcccfbc54ab0a4
SHA2562261285cf6e36ed7c924a6aa50a1343cd041805a558f11e047b5e3572124b5af
SHA512677ca925dd06ce2c18454194f47ef1deaa6c7e209f84dfdc919c1999fe774657af10ac73473499bb2ec8946698a108a4ac3bccbd61d86527661ae9ef0ec0b23d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57c9144fcec3883611492a209b4b7d6e9
SHA1738ced34811d201547475b0d983937ec6ffce302
SHA25644e3b458debe7b093617230f6d56df3be64483a905250c616924e9ed9840b1df
SHA5128fb52016e540ba1ffdb538dbc0c6854b30ebf4e1c0780ebc3b5bfe462f117dca1bbe0180c3401968f2facb5cedd7747e55652fbcb34bc4605eec032d38211fdd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51bffea1149e69fc060f43e0b42e359e3
SHA1019ec6f56975b4038089be1b3c7365f434ba87da
SHA256802f6d59102b9c99a3f56eb280a4da0251c9be56d3c7bb32629870fb3e849bac
SHA512c19414dcce3392a22634c62d2fb4b5d6137fd6c771b24cb48cd3406b954eb2c69cf922be9c75dc1ba4c274bfd22f4f9722cd7d32448c4bcd09626914ef0bde46
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51c6eb81f9d7ee7a6bd3fe40b29d60889
SHA1df93a63f8b2b81bdcf4d8cc10d7e46c8dd051290
SHA256f92d03ec17e6af2bca78792dceabe3991390187aec3d699be2b9f80ccacaeffd
SHA512c629558ed0d3088cf7a059580593cb8b39df0e0d9ddde108826455feac645f77b11e41fb6f53833fe7a05379d2837608cac90f206817f496b9cc369778ea00bc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD554439bc67d4007ab745e7d1319e6b93c
SHA16061c0a376b50dea73914e8757dd862a329ee2b8
SHA25642dab99bb09cff05b6b61c3826a64e26060c496d9b660f26ed807b3070e96c58
SHA5124ed16065fad24645858fd69667acec1cd9f96877a5be25114dcd0634048bf4d9328d723220807e77b7b02ee0505f723110855bb77f40ecf4493fbea80f50f8b2
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b