Analysis
-
max time kernel
139s -
max time network
140s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 21:34
Static task
static1
Behavioral task
behavioral1
Sample
a6aba91686d353a88ec0f4807b2625b1_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a6aba91686d353a88ec0f4807b2625b1_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a6aba91686d353a88ec0f4807b2625b1_JaffaCakes118.html
-
Size
67KB
-
MD5
a6aba91686d353a88ec0f4807b2625b1
-
SHA1
9d57e8116f1efd52d6908eaf2b33e406b657029c
-
SHA256
9203f83f053f3772dff5e4451eaae1d7400f38b0f805eaabb827bb29f04f056d
-
SHA512
64cacf61073953fbb521c69708b05716597770b5bf7242f64c76c5c2f4e8aa3f6d1028ca3ac1ed8bebd6c7effa246a50a8bcf7b88d54a90c5624431ade48c7bf
-
SSDEEP
768:Ji/gcMiR3sI2PDDnX0g6Zi6JpHhoTyXqwCZkoTyMdtbBnfBgN8/lboi2hcpQFVGo:Jd652T04en0tbrga94hcuNnQC
Malware Config
Signatures
-
Processes:
iexplore.exeIEXPLORE.EXEdescription ioc process Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AB264571-29CC-11EF-A293-4AADDC6219DF} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004588795888659041b8e6a41dac735ffa000000000200000000001066000000010000200000008c1a66453e76811e4122ddb31f13ec527a4736673b548565180ed109978266b7000000000e8000000002000020000000ec7681a8f38c0187a17497e32bf63e7b9bb9b00f3a4789bfb55f741a0e7ad390200000009003f077cf949ea4e95e7f6ffc8271ba97f5f0b85fd5218a1cc5ee2e5c145169400000005cfa83ad1be76e674b2d78a3c165aa570913e8a015a5f04b318286bdb0f8d0d7ef1b2402c6f19be53a03bc303275d6455448ac766b37151f97c7ab106cf0a99b iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004588795888659041b8e6a41dac735ffa000000000200000000001066000000010000200000006aa9a3f5db6ce3b2c30c31e8f9fd6499660cefc51ff07ac01e443e05dc1c2ce8000000000e8000000002000020000000f1a29447f9dd953a66fb524ea333024852e4f5a308d9163be9fa1733e0582b5290000000b6ecf25bdcde78a135ff1e219ff27ee06ce29f56b405ddfabbe41dcc21f81163ababd59f11ffb7c0580b0d08660fa5d97eaec08e69cecb2a91104b3f9308ba7af7da15e43dec336e89270b4efd8e717027c4a66e3a32f6bc45c5e2f5f379d6639dca7a7fdafc2d1ce78c8c98928343fbab5f1a226d6b0eb309cd6d9d26c4c838060c7e945aed055f0c7ef99ee224b1ee40000000f88358ec412c1c7abcaf7cd69eff4ea4014eb2ae227d81e3b4a7267ffd00a732beed600f500fbdd39aa21708bdf0cf93fb456164ec90aff110842e57b7e04d52 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 905dd87fd9bdda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424476317" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
iexplore.exepid process 2172 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
iexplore.exeIEXPLORE.EXEpid process 2172 iexplore.exe 2172 iexplore.exe 3008 IEXPLORE.EXE 3008 IEXPLORE.EXE 3008 IEXPLORE.EXE 3008 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
iexplore.exedescription pid process target process PID 2172 wrote to memory of 3008 2172 iexplore.exe IEXPLORE.EXE PID 2172 wrote to memory of 3008 2172 iexplore.exe IEXPLORE.EXE PID 2172 wrote to memory of 3008 2172 iexplore.exe IEXPLORE.EXE PID 2172 wrote to memory of 3008 2172 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a6aba91686d353a88ec0f4807b2625b1_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2172 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2172 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3008
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD567eb4efdc0f4f0323cef79bda63b2337
SHA1d2f0b97558c45add1a5b080582ef08b6ee38e3e5
SHA25685d93f4608daa118f6c494a7a1369595e9daa6ab59d0230147b8c0d892f0c97c
SHA51232741fc4bf7e8ecbb6b69151f5f8dd1997fd5f43b9b462ef9dde589cce1b507274e0325082acf9d515b7960a6d8044b2459c099ed3adc1d7d9498f00367b1477
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58e812fab7fb1b17a79381f1ad8255802
SHA10eda42544b3a4ea936ee1b3f8f364291ebb4f598
SHA256880b8218ed45a8dddad1fa54c0c62d55fc96326e9e639f988a88745a5d431c65
SHA51259a496f6d4fa626b1fd581d2ca67a12070e0be174e5f52f2d2647270903ed112100607a98675676060368fff048277f6ef3ad60a76c232759ba38fb5af2b52cc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e2bed2fc5c138fbd4b0483a7ffde2895
SHA104ef828a719b532520a14f705316fdfe69654179
SHA2560c09a35e14a2210c4a0b1b0e48d9c4b71216a0b8d0e2ecebd4e531c1c0a1ad90
SHA512f3b1ad514266d8238241e25958580d68cc3f3562f5f249cd1227845e1b2169ac5147db4cb21c292c5f14cfa6bfb8e64ad70813b545e20ecd9cf7e8e9a1af0e00
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a760d97c71e5d1ecf47717e5b0cf2183
SHA1aeb1b559790589cadd710ebc8f323e57b045e08f
SHA25672909445e28c706463269cf26f7228ad7c80beaea46da77618b29897126ea18c
SHA5125ce8f4f86654f4570da835cf4cd5c195e59742ccc5224d749e3127a9f3e923205aa46be68b815fd664c40433ae7d91b349e4956c407f6f4da99666252fed9cc2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b943ca2f3237119ed76e67b7929d5f76
SHA1796e14370631c59e3799e80da7a8998f59ccf4ee
SHA256469f96d9f58039e26d77ea15aa9f42a1c53b5df02dd281a5f15e5c4db3627c6c
SHA51235b9ca8604cf69e789c5678d9b63ba550ccde0b96054af9a6fce82885fef3fe50ab77af064da525fa730fa8981f7d1f4194d5e886e4237810d6c3ab478f58e03
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55fb95e12b93a0768700471a9beddd6ce
SHA15788f12fd9f8b6333b5c9c09fbd5f03166538359
SHA2567f0d6493dc2c1f169e4e43bf04263ed257e97079da20e989569944d07e99a515
SHA512fd49b0acd6e943497c17f9ab94b322464b7ce335a25bccd5ac58a9769ad52bd09778afd0c0a11df70cae034665a032741b0fc2145aca8a6da82a1eade7eb74bf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD574ea1a4df0659e7556ca356d09ab18e5
SHA199b3f27acbba18757d1786865f466923fc78d839
SHA2567f75347ac5c9171520c1443ba9420b2889d5b60a5dfe32606de1edae902517e7
SHA5124f698f69608a0f8682fe50810ffc288064adcf7a1d8fd1bade398f2f827af9fef9ebaf87d622af5afcc852c912168340b9dfa80b053c8da307ff40bdd68a882b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d04ca72c2d560cf6b7a62392bb3411d4
SHA1572e7f94eb1e6b57a91dc79af8bb2a5c9c487a57
SHA2560cb4e20e2aeb17c5e7259a3f27789c1386197fd9ce617869c8b96c2dd8be6ec5
SHA51258a7044c2ccff94e052df304e4e517453709f809f266c7baae78f1aa5adaccb762915e18547f1e6e251e0dd8aa6ff68a5b0e3aaf7bd904d70965b8a3a519f7ea
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57be77512a21c0cd30a6bfbbedfe5fada
SHA17956b37e75949b0a9710f17726abf3b164a33044
SHA2568a1ce64493a723f17c37c1387840528f75061668b3e40eb26333ce89cb0337f4
SHA512977328799241d6adfa9982dcaac97990c3840e7f7b7016367e0cc3d3fe39256dfdeb5061edefec11cad3da2e8a8600c6ea07403e67ec020a052e25bbd85820ab
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD522b3c79584d599910c8185eefd3b0acf
SHA1a352695fc03a72e82dda3303c0759145f99a4570
SHA25663d6f19f04481d31f0983a58958646fa099aa8b4508f23ed82982cbd17a07172
SHA512052edbc4c975c38b983ad589218846b392a7aca41d5eb6459d8235dd9d414148456148bfcc831e5e4f3dd7074b24aaa8c8bbd9dd6f2112808602e3087dab25b5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD574cc13770ab0f9700f151921d657be1f
SHA1e21c7189b1d57bae79d6de20f106097157314893
SHA2565eda31b1621d2f218c7a7420acfb0a12c9789cfd122e700db5a63d49ee5627b2
SHA51233850671c4c72fb1b70dfb4b702e702212455053f1e17284d111f401db1062fa95aa67f2e2981266c239dc08cd7fe37209afb3fe5a5ee71558657b84987368aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51c3260d688f9db97bf66f8b8c43ca37a
SHA13fd4f7f95d06c62c911de02839d9cc704eeb0cfb
SHA256ece4656b516f26f5304165750851620ea3c729a8f0ff28ce13d32d1811d7593f
SHA512e90f766a2d03f74aa40ef67e032995dd46cb7dff89a337da9b4fac4ed655e55dfe61c0d1a9395baf2e63d0428126bbd24dfbd543e11e888d543d98edc1bf126e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55fa1c4a6b52557c1e63a6304e3cf9a69
SHA1038af67146940426cc20968bcea6217a2041f9de
SHA256b438633ffc0a5e939227b5a83456f48b1751b0b74c3fea0d676ba95fb3a2e45b
SHA512d700ddeeebce8d1a59de1b85ec267400f54639bce56b101db59da2c5c874759e32dfecd8b7963eb55d749e26562f8df663359f596e75b9998d317c16837fd53e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cbe3cc1ccca311d20f6c34de427e5e63
SHA1783c860fe73c3c311f8bb0b75c40fd9895c4cba5
SHA256b7c1ae58dbfccf466d24e4ca02f7d16afcde1c7fa35becfa71497d6abf3b1a9f
SHA512c1a8e1e293debb7f2df9251090ab30c10d16a2ce4f710a50621dd467444525fa290193f2f5ec4fdff95ff31afee1e2bf5cef65a1e664f80c6085696cc16ff622
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58e589e0393e47b533cfa9cee64337a45
SHA19e7fc1765e4cc10cb9eeb7a0ff0ae38b89770369
SHA256b85523d7cc62886c7e30f81cd584f2bda6299f769929b60dbe571abba71a5c8b
SHA51277c0393eb2841b917c83293011189e4736f1cf8d2be74e7ac4d1b2562086b8a6074ccc5fb1bad8913b9996c71cc41319457dad7d1b5e2aa99bbd157c56a09674
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a5a38c9f2fc6be09243c1097059f1c65
SHA1525c58f8672862df6b95e65135e5a9ca8dffabbe
SHA256158924d85b7be37d1739728ef1fa54d9907ac8d988e15c510764015e9b2e23a3
SHA512579683cd6b50e38f7c607996e6bfb988a40ffa5722fdce7e37e51d8f52f0b7728daf2e727bb287abd59cb2379608d985bd20e036fba36689470b27273d1cb7f4
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b