Analysis
-
max time kernel
117s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 21:31
Static task
static1
Behavioral task
behavioral1
Sample
a6a8e49034667b7d58a4f5a5708e13aa_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a6a8e49034667b7d58a4f5a5708e13aa_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a6a8e49034667b7d58a4f5a5708e13aa_JaffaCakes118.html
-
Size
20KB
-
MD5
a6a8e49034667b7d58a4f5a5708e13aa
-
SHA1
8bb41ecccc37b7dd5de8e215e630a1f099dfbe72
-
SHA256
e064a9ebb1e3d51bd2f121eb171a0e9100b4c89c8044a2c6f670d1f90090c6d4
-
SHA512
28996a0004407b7fe988fc4c77164d46798e59ef6ddeb8388edc4e11bcb5ddeaf9028ca679cec646f34a808fd4599edbde3b21c9ff62e6007a09a00ef9719669
-
SSDEEP
384:Slghs8Fvur0/e4HBWXFWIKmofWVWIOW2Bdgp:SOrFvc024hWXFW1PWVWlW2BdE
Malware Config
Signatures
-
Processes:
iexplore.exeIEXPLORE.EXEdescription ioc process Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000629e13f317205047b25f862f7d5c855a000000000200000000001066000000010000200000001cd6c227e16ee756728d3e4f895e87ca2dde5db56e4608c740d84ae319b4a729000000000e800000000200002000000060e22f0c00b062587302eef115df9016a9562f6c3a0aa1c399f316afa0f840fb9000000076b7997ad0db8f63e631eaf8d472a0b2336db05c37d75f709fa5359651b6bf01ade76ae02b098e28f6216f80ba2d2384d44e6cd1df0cb91dd593442bdd6bbd3c4677a0124bb3ddc11469e9c427f034112b2d180a2ed33ae47e6f7110b174f8208f47d0c7b9d87c6bb6402d313f7e56a8226ef86ce02956462a4129d6f761f2446b8d6798527b967222528a139fe7203740000000846e4eb1bba435e7f8e832c45dff883182f6b76fa1a4535494b2e80ea01c3aaf6c5400d87c8cbe19405b2ae480b378a0f0c56601652dc2fe0478030b94986316 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000629e13f317205047b25f862f7d5c855a000000000200000000001066000000010000200000008599fac14a7f8d62fde7e3294386d9491098da32899956d6cb4ddbe501ce5e7f000000000e8000000002000020000000353f65aadc569b6156275226d681258f8140b1e0ec32337552eec89596a666b820000000e0852e20aa26d4b2cc0a7eb80699b37099aa09c3c91f06e223f368fa65c5ac14400000001487ac436656a577d5d2baeac9137dfbd839c5f5799194907cfd6302857d9e13ea57824291a63cc5f03cd9fb556377136e50418f19ae1b687e5264a226a05414 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0ecd530d9bdda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{597E0911-29CC-11EF-A30C-E60682B688C9} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424476180" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
iexplore.exepid process 1728 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
iexplore.exeIEXPLORE.EXEpid process 1728 iexplore.exe 1728 iexplore.exe 2548 IEXPLORE.EXE 2548 IEXPLORE.EXE 2548 IEXPLORE.EXE 2548 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
iexplore.exedescription pid process target process PID 1728 wrote to memory of 2548 1728 iexplore.exe IEXPLORE.EXE PID 1728 wrote to memory of 2548 1728 iexplore.exe IEXPLORE.EXE PID 1728 wrote to memory of 2548 1728 iexplore.exe IEXPLORE.EXE PID 1728 wrote to memory of 2548 1728 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a6a8e49034667b7d58a4f5a5708e13aa_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1728 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1728 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2548
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54e1b239ecff65f68cc4c488517951037
SHA1722f1fa32a31ec080113d73b8f73ece3e48bb3d1
SHA2569c39745842042f569fb49c4ecc36c58aa13b72083813a533809b9809a1ba3542
SHA51200a096ca0dd242e7dbd2836fcb070e89873c839c047971f2a7280ecb2feee7578ae1ada6dae303ba8c368699258eeb47426f1fa52063e6217e76e556496b6636
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a73f75f96528817ab286f5f168bee204
SHA156db18313cb7c49e76375269bc3602332a7a8e20
SHA25616cbac547e237b017cc1ff52fd85849166089fcbefdec658f8dc9eef9d615958
SHA512bbe1fa856cb12cc15d8462fa88719677c7c9427012d4d07f995b9a501e61a12d36b8470d3c732b843da3ac21a2937f252f99581f8706316062eae851a5bccefa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56ee2510304088f4b43258783427f417a
SHA168488c0fc1b64a27a82835d7144d11f55be5683c
SHA25660c6edab78f87584f1d1ce3056d79bb647ee8074b191248b4bf28a1e2b16d782
SHA5122a8c8a7bc62f3ad126f16880b3344fbf3b2ac1505f394368cb85d85e17dda72878225ed60f9b4abaec06b0115153e1fd9e08e03c335c9e02d38abc3e021a260c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c2bcd377d016254caa4dd0f1bfd20c78
SHA1a9194823c08708013d4a6a56dc6db4d8606acc50
SHA25622c21f8b0b85402b6a29fe73cb9cd27399ad6abb0a05f8d2eb5c39a56b47aafe
SHA512a3bf5e559af12cabeb567a1632c834c3b0a6b6a75e3ec20911dfd66207e0001a02c1984dc60a9eb2f434d44dbba9ce27b7a2b9ffac55300241224bca0685b778
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fce5806017e1458ad9e858f7b5ed8fb3
SHA1b81c8eafa018ceac1a79bfdb3cca22cf94fe4003
SHA2567ea6e1a1ddba73254fc8706668ef92a224d1826d75f571532dfe1b91ddf6fce3
SHA512a18f886d91abff79f3558722d7e7a4cfe6d84e56e5bdeacddbe19c8efd3aaee6bbeb580da0a1b4aa8746703eeed53397f7f7c404f1a2efd91de6dd6e8d724779
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c0b72e29d53bdac863dcbe3ec94d5977
SHA16cd7b239d98d267c5dade22c9534777431332ed4
SHA256e4537b466f5d6ab5ff7bbb99d116dde1f11f52edac3af351bdbbabc997262a5f
SHA51200e32ad140f621cc759f30fc362949f2ab6a7f56d14cacacd980fec656b19a17f12aff230f7d1619d29535695897e3ec464bbea0102f366dd6f055e068ec11ad
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD500e4d9307fcfa3e65e84b76202060629
SHA1357adb538ecb675cb7286258531e8ee4f725bd6a
SHA256ed98f6b4c91259b755bb47b44257e73ad6fc44448a4a5b0678ce8241a885a614
SHA512fac49ec163f07d70104b88557adc9edc9004925080e746bb63ae8c2da37a4680ca99aff0624effcffa07445663f64a8d3d4efb4995be318e0c3af325cd812a30
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5579e62a2a0ca12ffaf131575f4eb925e
SHA1e46013a734f4b4337e87c157872b9cbbe58e2581
SHA256671bfe3fa7f886da3d27297b7081fea4f44bf0e8e16ad9b3c6b735752f599648
SHA512af9dace7671ea470b1a64010101c945bdf50cf9a39c0e004f533a67a740cadfa927aa38c0aa639accd337744f523ecacdee064f971e66059cbf41d1e15937396
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5863a77605c772f223a71f13d185ec721
SHA18b797ea447e046624fd09dd870d58d9a4bedb924
SHA256ddd28e8fc24dccd0424b72753b79f084f0767699a5b4fd0770b1d17c2134b866
SHA512bc1d204a9c1447559822cd418c72a8971dd1b0d7b1b4aa760ad5873eda329794d8f6152662ee8908411f391a9c78ee07e647afd86e89adf25a1ff5e441086593
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5941f5c6e876ab72535f892b97bef16de
SHA149e287c87ce336787d9be930dcd526afb91c7247
SHA256504397b44c6e7d3f046104f1d683be0755a386f15335c73a8ad756eec8776447
SHA512c82545bb079ca10edc516a9f449b634a4f44849bc7aaf44bd3f29fc61c87531e2df3a9921614b7da7a3e99a2f71256cb5b43856cd62e3cb2a80c316283ddbb96
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58618d68fad2d254ec175400232d65e20
SHA1d7a866f8e2e757718e9fdae67ec072f30ebcf24f
SHA256460c1865a755b78fa221bde99640aaeda676b899d5779242f2183d215cb4490f
SHA512b6752e355ee7074c3e7d00f30e6e56cd5ea3751da320fc24f6a70aaad2554854e36a40266c37db83099d73c7ad9bf7761bdca8edb1c6c85821be7209aedd59ec
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5857b754002ebddaffe64cdbd28823ece
SHA1d14835a9cd4021cbe8251001472e2e1e10bc711e
SHA2565bdd166945320db348222a88bd4dc708b4cdebb8505d32ed183772d045d37da6
SHA5122d8c3bb06ab2cfaccb3f9ee24f446fb865f78c090c4cdbe9d1eed49389e44857d3691436f298496596f318a0e17c7c4c453c7c2e8408dc356b24ff729c8ec61f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD558be22cd1a1e4c62bb50abdee1b08228
SHA1f7fb65e14ce70aaeae4a4d144eb40212b405841a
SHA25607ef617baff424f038af735e5b609548a68b9feeead5f5ad6e6e7ac85597566b
SHA512fcee06824a16d53c829a30f1415eccf53b99214adb0842602a718156d61087f0fe2ec967b69a30da86dbd52f8f96c051e54015f014cd5c018e3991f9773e1426
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c0ca801c2d35ca617adb1c55f3103f05
SHA19e06d66845cffbdf23a64c76bc08c360958c5b9f
SHA2568a9027fd392e4e228878d98a6bebfe249b5a10c876a271d51a239cb3b774e5ab
SHA512c001d322ec1f63d54f9f9c85447c534b308453d9053f1d78573883a28fb540f58e6a563bfa5e26a8f5d4d9c73ec10a1dd3839db45d7359fdd365b31a81ec0389
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD555b51df9bb591f9bdfc463f002f3ff5a
SHA11cb67c325f9dbae5f099c8b0aa129596c2d0f45c
SHA256aa7f2e8194bb1914bf305e702258c3df18bfd566b566433a2b2c40b738da2ed1
SHA5120188060ca3586e93c582f22d4943e87e81aad3d3c564652a0cebd44cfa218c6ab2a93151320f35a46b60deab6c382bf7f29e696d6baeced8e43841c16779c717
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD532df7aac2f312500fed34b3f9bda45cc
SHA17f5f060f0d5dbb30ad769064722c63a53afe577e
SHA256048ab24adcd6786fc517cb7a026495e83f218d94198bed4a4533e415fee512ec
SHA512b43194c0259897e74e68921a73aa83cb4fce777ff8cae848ea8831af6d737cc0751622001c6394dd058045211beed90dd8e087e79cb29c35eab7de0312e1535e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50d99d3622d96e73ce85173a0eb108234
SHA1281c1829c169e73313fbd4b332bfb2429ca2f3c7
SHA25613bc5d5484d541dc7c6c7d255a5d7462cf3a26f7c28e04cd3f2424055f304b86
SHA512f1802db7d6402548e6040ae4a9a5b3b40958018a710911f855851139b26c825e10fbcba5c883a6cd9edc7fc811fc532ec8760d5ebd5f0810d7e238e71561f1b3
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b