Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 22:00
Static task
static1
Behavioral task
behavioral1
Sample
a6c6d0e99fadb550aab543e457c1f1ef_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a6c6d0e99fadb550aab543e457c1f1ef_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a6c6d0e99fadb550aab543e457c1f1ef_JaffaCakes118.html
-
Size
56KB
-
MD5
a6c6d0e99fadb550aab543e457c1f1ef
-
SHA1
ba436fe31d449e43c393854886ba189b96b2ddef
-
SHA256
1682faa67b2351f9b5a9da9307762ad30fa2da54530bb4b81c3a48c788960e0b
-
SHA512
ed30c716627fd4120a5cab934cca9cbab01d2bd7764ba828035aa3942a9d828a999ceadc69b0128452ddc163811c7f28ee344b3be68d4174970b803d1036bac5
-
SSDEEP
384:SI/O3qUl/Ug+N6wOLpqVpGHjV6u1bifBrotXifDcQb07g3J4xH1JgWkQA61BbMBh:SoO3NF7wIwVpGHilJqH1JtZbEJhh
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0b85b29ddbdda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5428DFE1-29D0-11EF-9520-E681C831DA43} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a03905000000000200000000001066000000010000200000003db7a4700d183d6066d8d4f08158e80458fbd390c90cc4e8f117c269368a7ece000000000e8000000002000020000000ef7d202eb3e897beb564349adb60dbe9f68d241f96c91b4c7a5e6640ab8461af90000000e75d4dbd9b3960c1c621426b5842ecbd30721b4f2f40a0d30994bc2f74ba6108e03b6932743a0df9eff4aa8eec519c2bc11f20c7cb0a77a983424d56efb2e1f2d6162ee9487ab703daedbd0adb0a48b8f1a4ef7133fa0e059c558112ec5537fadf94ffeae323331ffeb924663dc92bc34c7bec6faf2f51387dada55cbd9afa6db2a49de4c84108e0d8bf5157c42275074000000048060aeebf542b1c359ee1f8c511635ea73341d350e5521484d5f18f70c26733a4e312a59dc8b38f2ca95220b425a2954b1ce1ff858b4cffa313e20100223d32 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424477889" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000f20bbf4fb749c5f79c06842aad94f56560a5096a101b953d90ec3f68d5516b4b000000000e800000000200002000000056c8ba5b63dbdfc5583da2377195477b8ce7a1475cbbca9d185a80fc0744631d200000006e3f137a104096d76468814fceae4cb95bcecb123343b482c5018874c92db8064000000073f867abce9ecc314dfc7678364d9531799d6b4a86a61994b9df65bdc4d9a89062d42320531f5c844370462517068c45523cc08b5603a37c1cf98442d8c8a464 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2968 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2968 iexplore.exe 2968 iexplore.exe 2192 IEXPLORE.EXE 2192 IEXPLORE.EXE 2192 IEXPLORE.EXE 2192 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2968 wrote to memory of 2192 2968 iexplore.exe 28 PID 2968 wrote to memory of 2192 2968 iexplore.exe 28 PID 2968 wrote to memory of 2192 2968 iexplore.exe 28 PID 2968 wrote to memory of 2192 2968 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a6c6d0e99fadb550aab543e457c1f1ef_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2968 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2968 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2192
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5179b16b4cffeadedc9e327f56010d561
SHA1d3eda7ca5f78c47b1265e59de592b1294a24d519
SHA256d23219602732c0704bc01630ef6c99c2581e9a2367fd4791f07180759372b0e5
SHA512903c2ef14ef03071a46154da838499844008a7ca0ab624cc4eb0affe22f90f7f03cc6c9ce459771b168ae8524a4054a4e42be57ea2e1d0d43564ecaa33223ece
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53854f4f20a9580ef0ed254fe604809e8
SHA18611a071c3e6977305a0eb6da7d541549af96b19
SHA25698d9dec2793b79738afe47b81a0621d0b1c2c667a68d3552f32872ab117e7423
SHA512dd094794c2a303338f77c1d19c991d6d4ab0a9889ab669bb142d1d35aba3ff8d3ade4f4580748e445103c6ba2e9e0bbf43ab74b8479c1d91c3e58ca13afc687e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD515043608da08698f89369bb7c8b2ac10
SHA16f31d020022ba3865ccc7ee3f86e2dcb1aca870f
SHA2567f72077b6cdd03277300da87e21e1536b3041b06206d19b052689179ae164718
SHA5121542824d00f63540e6e5b3cd2442abb2d20d870a8135d78bfeae490a1315c502001b02c81b8c681172cc02a93bb6e2173c999e63cc8dd373db8ff0ec521b4c46
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD552eb52c80fc1492da2d08cd092ddc4ac
SHA14da327a71288128656d487e0abaa720027dd1ff6
SHA256c04300a4521dff6497ab1176be866d7a498bcc5d3fe18168208d8616b31b88d4
SHA5128c634bed29e1984a86e727ca61a59ea8cf6869f2ab4b8dcfbdffeaef0cd168fbca7ee52b98b01e513cd7809227ffa69a27af1dc8f3898aad162fc5219c527ba7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD535d2757a1436fefd9d13750caffb8c7c
SHA150dfebaa95cdb249fbb73a359ed5c8d03869c596
SHA256dcfd7e5799948e54888c9776208b576d3d1f77c9224e3ba8a874ab42eace4e85
SHA512ea64db19cf61ebd27cadfd03e9a7bac4112c4b5fdc0e3a9a6661fb58b626c12362b3d8cbd1b6fd99b0e37a407eaf6ee05453e77e685900e6de8849ea0cfe18e7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD532d92f1c5e62490bfc6d80495abdfe6f
SHA1a78aca15dc45f1337793c53a0a7a0380ccf7be8d
SHA2565f7e87a37bbed5aaa3eaa9a384dd5a8b0c56961d45e3c192cdbdc22fc958c3c7
SHA51225b93fa9014aa5681725ac8884dc75aa3f36691ed95c1ae1385927301625ae8ba1c8cd5d02c654430cab95682fba8af7d15f8ba10855fb70c7687be13fac3472
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5baefa72deddfad50e47b9c705264146d
SHA1ce6fae9c9dec64f43706babf11df7778f0e06128
SHA256a1c8d08600818eb8496621e576ebae504423d1a97858cf92fbd4a8346c25b7d5
SHA512be3ba1693f70fb61a1375d99dc8fbcda7920c3b3ca18e893b91a49ff7fa669bd25e14b98768467e2632aac9544c2e63cfad85a37d74ba95ed2894e354547d433
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51dbd70bbf4ea1da2f4af504256b04b21
SHA1e7a38a1aaa7459afdd11fb765425fa9e3cab9f8e
SHA256c865dac83a48e78968a92e2f4753651ecd298d1527268192025b1af229f4e554
SHA512363d7ed2d28b699c7c70629691ffcfadebaff67065ef9ed531ad5e216d824bdba031f2b55e13d9aa44f1d21beea84c00902e7f94a05bf4dc75a1fa7959117f5e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ac8f1bccba8f16260562efaebc73a3d0
SHA1e06144f85487dc813c3a89a0e8b4ee6ca61bcd5c
SHA256c0b455912fa64bf9c291c916c99e70e68408c367b8c430dd776800dc7949a7f6
SHA5121872338c91f34253b8607928e648aef73eda64b365ce9a87a4b686841c672d10dfa871ffc262b6352ef224b0191a723c7f21ccac313c49e50875eab22705cb19
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c7bce23a72a4786684e150277fe1bf12
SHA1c914db329661713f8c4ff16a850d5a10e0044d54
SHA256166a06937801becf369dbd661e14695f37e143ce5b10f6c5d05b2d48a17fe42b
SHA5123f304f2343ecb91b73c9800034915fcf5deb214eeeb1c6711eff38d44efe836bce14dfd0fab12b509e80acf8854cba8e9e67bb369471feacbed3fc592d931c56
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f69a7b66836ac9bf041a7269a11b5184
SHA1be7480989585b2f1770b76fed75721f03a2b22b1
SHA256b03e92ecfd799a2a3d7306a1dd49b677565d3037bcf5eff305e6a803818184ad
SHA5120b5009a0b0e305c752c15a761d6a2608be4c58c86822c386cb47e0875b1f426e200f6f5d36982b4fdeec3ba5d2069e09d739c88dba6af1ded86916433949738d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57f16665eeed1b259417f27f70e0db4cf
SHA128bfeb93c0d9950bdaed1ff7819ab12ea4539496
SHA256b6eb1b3b6de335c36047ab0179653dde373e0b069fe6f686258d3387bbe089e9
SHA512df18f4f5e2f609735c750827a8b8fcafe77c93b254e5098b89279db36ce7aae9cc8f702cb7038ddb0dcfbad7655227a06c151de0377ab48d039a922f938f1ad3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5820481cc0dd92aaee6c7a38ef91b65e5
SHA1f08b6a8cd2618cd0a00ce7e211c0112eeb8dd2f8
SHA256bfcb242355341dc65a5a7a4c0f6ccf3b9f2092b057b89d2801a14ce356e3ceae
SHA512dfb0656a7ec39cdb7c6f709e340be39957a7ada7ebc0de0aa905311585313a25eabcb07e0fd2dd0edc2dfff7188960ec3a172a8148bdbd2be53b14e88b655459
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5978b6adb1a2a89c64489f8e86ccc323f
SHA1225e3069bc5616209b379a1fe0eca12fe062cd9a
SHA256df700eb725703e2148dea20ca2ee8b67910d6d50814b40a6e21fd177f07396d4
SHA512111e5feb7de5319ae605bdd25fec46b5b296c4533815e9e94eb4f619c2bb81fee24d1e401802d1a7408ddcf70af19aab6eecb7eac811ea540e1580e19c5d523c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e39151c321f8c189d60b3171fa2422f4
SHA13dba2492119df080ee4c6ffe6aed4edd06b4de5d
SHA256e727903e48a5e4a2b66af831641f77455dd0a4d99a95506137d99dab20e50fe8
SHA51277e87a7a7580ea13a96c103ea15ef5c39bcd02eff967ce75e9483a2ffeb0ff987fe3fab3b1f0561637b3f2b655979b9aff33365158b534bf35b1ca2125189aab
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52267d6e26954352597f914b349df83c7
SHA1ec206c86a0086dae6568fd415b7aa3fcf8b67193
SHA256533d9a1acb2b34534acb24bffc575fd29ba7ff98f2fbe67c0f31a3d816d9b958
SHA5127aed50758dbd91540402dfea8e78682ea7cce2d3fa7da342cb81b64624d9fe739674aeeb5460a445d0df7e7c006fdeb63d4c70337fe709416370ceeca1371611
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b7ff3133b386c14fb15976a2a9839ef1
SHA1781bb9a792e202edd036086564d2aa74922d2173
SHA256426bc953b467fc0ca2f360a0465c911413eba44e4660d36da4530fe5eac91469
SHA5120a61f75fdcc887a3bc7b5a6e798b8443d1d183fd6c693db8b421a823320ec0020c581ee476b2f3882faf2dfe49b87019f5a4a7f0d86fe4a8651818b180e5f4d3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bfe0d36d9aac521ec69be2bf8e5e8106
SHA17d7732d6893411cd6aec4742afec4d5d456c7cde
SHA256f98cf95177a04b2a762fcff1499734e824e1af62b9cfbaed75d759a76c3fa29d
SHA5120a8cb0b55c05c9168915ba12f46bc58a717cfb26ac3649808b054eeb8c71a721f81fe88499be6e22f05bd8c0e831d630e95a08b6110c481e79f4a9b665535878
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b