Analysis
-
max time kernel
133s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 01:11
Static task
static1
Behavioral task
behavioral1
Sample
a34ee0c632ba247472d3b435a78dd0bb_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a34ee0c632ba247472d3b435a78dd0bb_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a34ee0c632ba247472d3b435a78dd0bb_JaffaCakes118.html
-
Size
112KB
-
MD5
a34ee0c632ba247472d3b435a78dd0bb
-
SHA1
8d91b686332efbe79e674b447e4b671779866b7f
-
SHA256
889e5a528be6fe9862c37952f05439f6cef2a0b21e8992c2b1fb0ffbc9bb9271
-
SHA512
cb3f068c621e3f02f76f80e7f8c2a873b057036327c8f3aa8f482d89292dcc95ebac2000aa7a98f347f545d7b2a2a2acb82240c26e807c69e2500ef2cc6b94dd
-
SSDEEP
1536:SUIeK/yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dK:SFyfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D15336F1-2921-11EF-A490-4A2B752F9250} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a039050000000002000000000010660000000100002000000018fc123e3fc6277388add9cb4a86e374f6deae13afe34a14d059730fd4939cfc000000000e800000000200002000000020ecd4446cffc9978eb086c8af8f2f180e07ac2baf20240a3102927ab73edd43200000005b9ba21f2e92d3c4d88214fba23fec7fb8f8c55ea23db48b09a79672cd8e3366400000008c053399eacf0726b13ac47ff8402bf07b12d55bde4b5f72a32733cb78135790da56aa95b84bc92396e2c1e28fab98da61abd894bdfcec81a333885773033e54 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424402937" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9089dca52ebdda01 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a039050000000002000000000010660000000100002000000054821797922893f817749bedd8979af62c757348ffbdc67b130cd783a9640674000000000e8000000002000020000000d06dcd1fd9120396be2871f637e9046df5a4cd0e4910564f4998d0004798b46a90000000a8657d86e8630bc2614b0cd35ce75bd2d9091fc288661379fda19b99f814a0cc3c8e7c6cd75d72fac7be9baa795275a0c771fcebff697e57868b04e33fe34b73a113ae6ba5bb1ca41a07b37a867362d0610cd5eee219cb15984382cef800d94fc4becf2f86efb08c207e7fde6233ca0c74079803620aa3e0c2501296e59f332b1609497c011cc649e273d83c38c9dded40000000559d834c8beaa2281ca68df3e563bb9db1212ff3ccb22f6aa2d7a88d2e6c39c77661623224b07096e5d6127f67433b44e34fb136fad4eab2e967969e0505af06 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2804 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2804 iexplore.exe 2804 iexplore.exe 1720 IEXPLORE.EXE 1720 IEXPLORE.EXE 1720 IEXPLORE.EXE 1720 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2804 wrote to memory of 1720 2804 iexplore.exe 28 PID 2804 wrote to memory of 1720 2804 iexplore.exe 28 PID 2804 wrote to memory of 1720 2804 iexplore.exe 28 PID 2804 wrote to memory of 1720 2804 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a34ee0c632ba247472d3b435a78dd0bb_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2804 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2804 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1720
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5caec4c7a75a6cb3b5fae619a56f61da6
SHA1f7d8de4c295baab447307fa0ca8f9bbf0b6034b3
SHA25604dcc300f8781c07bf7523506f0c959ac110f8e45850398da817accfd34cdab7
SHA5129fcad7bd31619ed601652e4ecc49f814e156b21d95ef86d764d83a37b2d572fe14bc78a0d94948791b4500e8ccee66bd79e533a5518970f99b8d9705d2dfeaf2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5918c4f1a79d7f33dc54eb1232d5f7310
SHA133512c02a2edcf857c83b0303cf6acb3cb6a558f
SHA256c931542d9cbc77869d08b5e94fac7cda840e0bf03454281a88f15e174ecb1af6
SHA512730a79839e01ddada068f78fd438a06ecc4f6e7b7083d1c751f4d4363ba79f51220f3a818e38feebc9bbc02ff374c7d41a0ec01c635b0f10ac474a6f7ce99dd4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57add106c96b40f3f3d5c131ef330f6d5
SHA143983ab8460ffd9850578296dfceb41dab58b049
SHA25667aa2e049ba9bef441a7c394bb7e64f88fab9c7b3cdafb38289a963978c4d0f6
SHA51228b28207774036fa4ef8b4a56bb3bf24bb5806abc194e286b9adfc8dbcd2a503274549742d35d6db66ac92a790f8980609da8557e6471e6c187d2dc7d130e002
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD507fd8a64bc212da5809090ea1900d2a8
SHA1e04f06b32da58a0679392c71f579ae990b6e8939
SHA256fae38f03822097f6e240ca14b49b15923a4c380255a28ef90eacb80d7485b6f1
SHA512bbffa582020a945937b298b2e24b900d87bbbfcc536421d5061c7dc8f0d6bc47f0760921979293bb47d0bd0a7966eba81606209fded3fdce8777ac26699a8e5e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD589ad8dacf2c0dad3ef39e3f29560c7b9
SHA1581bc2d4c209dc1b597c2a3d479b92996936e6e6
SHA256c9899e4f8c2afc91ed779c2318455b3fc2214d2278071018074f34ed223c175d
SHA512fd8f3814f0fbdab6229818aafcb472043a33e5e2c5c725e929dd2004f96a125de301c288657d9ae6c8b5525e8ec72f064c2c77017f217d652263dd94a61cb726
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bda3e5d1c3f24ebe3a0a0f8ea06f4944
SHA168a0bac5f8012a387e5061d69ca6e2f86399b326
SHA2566b5863a0e14650ee01715fee851ee773003ec4c2097250e653f32c720bc013bb
SHA5128fcbb5c92e5bddce5232d80a92a38fcba1281dcacaa6924c0e9145a04840bb7d1fbc0700e439c33c13d308bb892201d11678aba1e5568b4f94ebb995ccdd6e40
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b5f5ee0208cbdb3a2d2aa1e7615fc076
SHA10ab17bd63e47a661b7da0b10c0c9abde42f503df
SHA25683c8a0b308f5b5c580b48a05e7352e2048ba51a09ecb5e811e5319e26f2b33e5
SHA51287bd67f0af3f181baa20ba89c651a252e2cbf953ef96d9fcd80b51b298d46b78d3836a3529d822027ac51db5d4fc98804113f2a097da5c638cb632e6ddfb168d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d4b0ae739436dc168e4e41cbc5037c63
SHA12168f018ce5bcedf1b45a1825079484925a4959d
SHA256b67c709eb0c50bf82e019aab7e17aedbb303ac61adbb5e982b9bdc1d73862439
SHA512ce28837ac198f96babcaeae26661d86018ff382a0dd824bee26c279ca52d79ac8311113c9cc3a5f1abc5d2f0938a1681661d441f8560cf65d91e9083b98b061d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51480f5468252bf2c4387ec90797afdaf
SHA1f37bd652b7cf8072d2adadc2ae8eff90d1dd53d5
SHA256b0a66048945af5a681fc0f189f0f5d08f7bea2ec1a0bf74679650bb1711fbf8d
SHA512a104e42f78c0c2ec143169703b5314d2eba7ec4fdfb7938179c19ffaf884e9659acd79ac2b17d9f8c5465550d096df8d52ffcb02ce5188f35603f5f06952519f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f378a4f331d12310d43702574a5cb6f0
SHA181f9b85259fbe8ceffb4c8120c4ddea91f9e5f91
SHA2568cc1bf1b633f39b00bfa1ccc3747fcbb9640edcc2de87e44b556a9575a9241da
SHA5124c67efc58eb1b835c268a1a4c786d380d1e42f400eaec6c904e5a83762cdfa102541a227ebf0f1798463033fb0ed094719a5c6714eb3b3d0be2eeb41982d3cd1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD580a77429bf45206051e78f254f1c5fa7
SHA14165d52497c50da4bbb908bfa55e6e5b083604ed
SHA256c15b4dd61371f83f784ac8cbb7c3cd9d951b357675540e79998caf97d8560ffc
SHA512f17408de472fe81eaf257fdb683d954bb84c4d7f2d18679f80927d9724b7dc9318f098e5b84b86d3efa27daae6153ebb7f60f07515a87e7cd18404f28ac49eb2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD577321593beed9d85cb843a4d9d7cbd8f
SHA195abe0af07b76db317620856131333fa98cd866b
SHA2565d5f92fd42f8209c7eee79db453d3e1a630bf12711e03c950a5c70d627bdd125
SHA512497937651536c218c725cace7ff2c84a3ef07004e00b2736257546aa3c6a1e5e7a05631f93fc58fc731b5739e22c37ba271de63e2eb65e0556656a810dd8528a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD507d0f1d6406e54923c1cdb4df5d5d01d
SHA1f4021c302aece0e4152268accd9d9f7fff1c7c19
SHA256198951ef48b6d139bf0f27934c77a3eda1bf797584dd61452e6c9c90476067ca
SHA512bff5141a925e2c84281d048e6fed75314d82c94f6a6873cf92dc64b5a764e874bc06fa13d959f2064a5e9e62ba9a7ae5f4667db7e5a836d265ec5d7eaab8b119
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c6ba6f77893e7744be4f6943e34be7db
SHA1e12c47a674928013c91775f712332faac7fb2005
SHA256605a0850496f590e0c5a24f88ff908a6372ce12e67de0ea3f696c8e6d72a629c
SHA512b161117a1539a77e13097c68e13922c471031bf259230a034916f4fd0762f3bf582e7b2d8f487c3c686dd879e9063f7ff901cf7fb99d6f3768a29ab91ece8c01
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5340b0472219b46d8eba5c78e4a9326c4
SHA133cb86d9f706f9a48ceb47b1aee547f31280b414
SHA256aab5da2f33d4b3afbac80baceecc7b6e822aec57a966c8b53020d3ddbc1a1ea3
SHA5127d7ab2c2a4f4f1e63661b925a0a696dbdb5e4846e0eb1f8fe34cdca8ad18325e64db956fe98728f45090306ba0796384c9602bf88268cdb5ec9ec4ac4ffedec8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD547496b59b72b3aab242b54281241ee44
SHA192fe9eeee5eb045ab7bcbe7563c3cf0b9f3ee5c1
SHA256d0d031ad2ec304b26c796d200410504ae3a0a83074d3b024df17e32da226766d
SHA5124117e54691f8c76ba7443c655c65b17baff3cbbdf92e1b0db55a04ab8c09a128ffdc6d8f3116a72d9b5256b1007298906192e98dec344ef4d11dde4907733745
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD583b8ce23d648268a508d94526301ee72
SHA1faf4c46517ec1a1c54dbac427f7fb66105eb6e6a
SHA2563093c078f42e7b54e5a06c239d10ebd1fd54754ca77b4ddc376d9e000eb40468
SHA512c781c95d27578ec333b0ffaa43221a9a3f6bc3baac8d2f033e76957efafabe1c9cb13bcef67046831804c701e51f2b0b5fe12f6eb1c53c060f317bd785b6820e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50bb9b78cabeb80757819407e0a5b2424
SHA10c6768b8ce4225a884acae1eb2ccee477cf0c2e1
SHA2569a5594cc38426f0c4ee847b21af724d9f8495d99bf7d5c3f5ee93c1551bb9fee
SHA5123a04820c91ca1a513bb6390647d422caabe1e1d3a32a213b8f0814e1a2ebcc8778fd8dcb9bb4bc1c6a59dac8b5fa6c8dee533a9d8b0d5b147e510557df804534
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b