Analysis
-
max time kernel
143s -
max time network
146s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
13/06/2024, 02:42
Static task
static1
Behavioral task
behavioral1
Sample
a391fc0ddd54d2a8a95276df641911c6_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a391fc0ddd54d2a8a95276df641911c6_JaffaCakes118.html
Resource
win10v2004-20240226-en
General
-
Target
a391fc0ddd54d2a8a95276df641911c6_JaffaCakes118.html
-
Size
36KB
-
MD5
a391fc0ddd54d2a8a95276df641911c6
-
SHA1
9590856154fd8deaea29bf68ac33b71cb0e0d8fc
-
SHA256
f89510ccc746911b12b2f76b4faf5c6d9eb96e862cfa70a064b8d26ff176f9c4
-
SHA512
694730ffc73af8d9da74b9c5731399273dc93c5ca79d03d37ed573c2bc4966557b521c55b196981d334e4deb8f81ba2a47455c4c7657299e4ce4d083fa82698c
-
SSDEEP
768:js+rjIHCkCVCvCvCPCPCCCCCyCyCpCpC1C1C1C1C1C1C5yrvyOndV7BvI:js+rjIHBEwwaaFFPPwwmmmmmmIyrvyOy
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007ea0ca855840c042af44964c6d2dcb7400000000020000000000106600000001000020000000e30ae669aa7891b48216a4504be29e2447dbc0c8f2276a115a80cac6260626c1000000000e80000000020000200000004df9406f906daa2b0c27b9e2351aecee7afe735601f5a6efc3c36e52c307a39a2000000040e8f5738d1babf0bd49a1132a1487ded8eb1a0597d7d5301e5907af33c411d040000000653d96f7ba48156ea138f2c9763d967afd25ade354c3c0e2979c0b01b76530ec0469e51c1e25aa7510ca98f98814d2bf8c5eb3ff628fef3864540c7c80d8afe7 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{960299D1-292E-11EF-822E-56D57A935C49} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20d8d06b3bbdda01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424408426" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007ea0ca855840c042af44964c6d2dcb7400000000020000000000106600000001000020000000cee94c57b0fefc2bfb021f59f75f5342c4608c44c6141215d30f3042169690ad000000000e80000000020000200000009922f9ab81097e9c45573c81dedeb81ac7f96368e283f01924c905c539b9848490000000682b1aa9806ce38e6f76f5d235f350f89b90557e7091208cbcda4e49187f7f98edffd286c18955cfe9744572738ab0aa2532aacb6c4c1580ebd492f37a0f9b2a974c94e09f641811498cfdc056e9712a9be0c4cbecdc37ecb1cec93bef752ddf0ba8a8067e6639d4e0bcce36d07c23f3762465142732115d0de141c0019edc47979aa4e9cb181f77381e24be84877c76400000002629ba489edf771821a9bef2fbf54df34cbc00e55a417c182063e89618ca498c4f9113930fc50acfc9b284d8039b8f8e8f65ebc7de2bccbf269dd66a91459a2b iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1504 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1504 iexplore.exe 1504 iexplore.exe 1060 IEXPLORE.EXE 1060 IEXPLORE.EXE 1060 IEXPLORE.EXE 1060 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1504 wrote to memory of 1060 1504 iexplore.exe 28 PID 1504 wrote to memory of 1060 1504 iexplore.exe 28 PID 1504 wrote to memory of 1060 1504 iexplore.exe 28 PID 1504 wrote to memory of 1060 1504 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a391fc0ddd54d2a8a95276df641911c6_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1504 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1504 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1060
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD59a04b00ed0e82b185e94c0a901aa3e6a
SHA1e52826ebd7a203fcfb82920ff3c8a8e2896c5960
SHA25678a9f1280a9064c6cef6e29d0c543b076bc4a81a2a136ac5638240f0861058ee
SHA512a23e6f99d662db89c609de8ac595b8b80aad5efac193a76c376674cb6ff5f8c339ec6525085599bdffc0b04678590a8c1a7c097cbb6e17dd906f1c7e06c7411a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5528741639215e2d9c114070d89e046c3
SHA166db3ec39a45804d8e1a11fc0e807920c5640029
SHA25696887ae78655f80ab45e5027e5d4d4791d1b8de07a44c7f66e09e20e620cc742
SHA512f70eb641cf065e73b94e133f58431a21b7840b763c1b47e8b0caed4ecbb727747350ee496190ef083bdfef29d8e2f960f02992ff21d6423f1befc577083174af
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51ed95191ac46e50d0fcdf860456e7604
SHA113db2dbd4859633a68f2c3389524965017f91c50
SHA2560d3d44f5998d0358046511ee0422f1782a9412f2dfea9881cafb75d72b22a298
SHA512cb333fe242527e8f8dd11f4a25994efd5cf5ba8ba753caf6c9bfb773d751e644bc97ebe1d372310d3a69ae9e823247b77803d9fd8117b3ee6362822decc3dcd8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD522da1c1601eecccdb03445b125f8326e
SHA164bdd67ea5a8261c6e945fc46f44dc3f5fd21561
SHA2566927b407286dcc0a879595b8b5e0677447b98b2739454853ab3015d329732dff
SHA5124ef1281d8f1a52c4ff284f1fb58cc05e63ee9acead7e7915b4e040b7c3c6b0a18c634104fb8ea3621925c9d5dd710b4813192ad30e0eef98a9dbeb436ec94de1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ac9a548118c68c5320b22cefd37f4754
SHA1e7282501200bb323fe7c9392c6b50f37532f1f23
SHA256f13a6403e1085e1da50d3f159df535d9407c1f384f9a53f0fc740abfa9ede672
SHA5128b6ffbe54d73778271edaeb7e85abfd7f953d08606473b255bddce0612ce708a96bbe7e954cc01db4660fd22073e71682fd8ef6b471770f03a1eb62f49397d20
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52e7779bc77155b568269b147c467fe7a
SHA1b21e167be7f2560e696e7ffd6cf4d5026b1bff7c
SHA25640fc10c037d794c468a9648d757fc3dce33b812de6cedc00809baa4212370a97
SHA5120bc454bb8eef0fc0a534fd9fe38db6187eef7747b49cb2c09bf061799482a3f6940ddab70e798a5bd8e5ee13ad2daf60332aadf6c91dfbaae3dfdc743636cbbd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59f140917226de5ca0e79505395f526c6
SHA1c89919e5e7cc7b4603b389551830a97de81ecce7
SHA256ee1c9b01c41d289b729745d799eb88f4b4a3114782188f4cb5ac0b681122cde7
SHA5121c8eb5690085031af69e354ca6520898ac42427ee29d0c2faf2a7a9dfac43e3370cc7a25f4957759b606da260447d1bdc0b317aaec03e1ee30db7b6a04b5c0a9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bd2d6d76be8adbdc3806ec1ff132f3e7
SHA1569cfea383489aa6b486e8a4484bd15d1390147e
SHA25639d0eb5b617a7a5f51e9f6baed2644170ecd1b8481d5e533d7f372d00978d758
SHA5126e50f6755bb228d4d0bc56188a37b0f26ce0b4e9958e747bc76ddd287cd0ff59e788cdb568664111b718b2f5773d00882ef75f6502d4a99d72191368f0ecfc01
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5987b0855cfb2ac14e6539cabe4f38855
SHA19846e5fc6c4d81dd0da44d4da170d9b8f9b099b8
SHA256ec345e2714a355bc71ce37482775f4366d83b5fe7b63c06fe6a86e899cea0a33
SHA51200215bf466cf7f01e7a53a5f5cdbe656c7dfc548bd045a55fd8bd070331a59f1fe4d394b373befc582e04bd47da4ee0ff2e2bbc851279f15d1bb54305c65daf1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD533416f8c6263117486fce9f0e32a3b61
SHA155392def53f8877a557cc7cfa6a77bb8c36cd560
SHA256f2f4f37578592ae85e091dc2a3d79b8bf84f97410ba12bcfd28a65d8e7600262
SHA5122aae34ad0c1419b6cadf70dc989c21e760929517b4e3dc9b0d0d4165337b0b7590b06c46538a9ffb6f239ccc24f31e64f72c66be1f7dbc014559c235f0ce7db2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD56fe4a4cfcb9665b155ebb2e1a4cea755
SHA15a825b67ea4f260fc300b086740304de948071d2
SHA2561008a9174fbd32b65a18e1505c4f6d8252eba9e66261c08fc171da22759b4a32
SHA512006957b938e3d19841d194a8d250122d63379ca56e5bcfbb5ab563d997b459aa9011dded6bd2e3fb8693805069b67fa9ee281ea52b7ef768c4f4914bb2b5d509
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b