Analysis
-
max time kernel
121s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
13/06/2024, 02:18
Static task
static1
Behavioral task
behavioral1
Sample
a383448ec1a0471abd58198a42533e09_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
a383448ec1a0471abd58198a42533e09_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a383448ec1a0471abd58198a42533e09_JaffaCakes118.html
-
Size
16KB
-
MD5
a383448ec1a0471abd58198a42533e09
-
SHA1
6c691e4714493d9990b210837025a3296895d82c
-
SHA256
34ad00c657c3e195e6cb61daac5e2423e4de2df1a159c6c63b9255863ebf4dcc
-
SHA512
903b85c62014b52b42db829f1cc54599bac9a23355467eee5a6a6531c986e329ed4a410b6e54b1f8aa1418b18e8c6efdca835cb09a0615e897d7c19133b51df7
-
SSDEEP
384:gvw/TvJ3xXd3W7dy9GgMx5AiEvgiEBixSJwWe70gWLrgUq:Nxa1Ai3dIUq
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0d6b90338bdda01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424407004" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2E91AC31-292B-11EF-BDEB-D6E40795ECBF} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000080bc9d87820ee4a87f429e8ab6120b000000000020000000000106600000001000020000000e8813f562936b63a6a0bb0deedbfbc780ae3b3081993158440dc3428fc4e6534000000000e8000000002000020000000e99aea928205603107a6475f60a93fdd4e2c793cf2143578a82b7a9dc35e09dc90000000556721e873dfe066f72c17d7d764fb78e7a278d7763ce5c2d5a0b1a52df4d74542b444d782a2e651b477ce39317bfd055990090092ab355d924b8f37499290b48a60da7ceaa2e54ed714de8f294296a9bdc7ace05662addcd04cdf34093c27c316ef972b86c69a0366ada72887d45e64c93a9eeb3f1f890805597fd6c99fad4e5c5ce9c6277e1f92220ff0c32c5434f540000000fec91434e05c3b5e1c66444836b7c230b2c7f4a183d657efdf40c99dd514fac2d5a960afd9d09e9af50536362b891439f3dd8901af8062375e9b84edd696ae3f iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000080bc9d87820ee4a87f429e8ab6120b000000000020000000000106600000001000020000000d86e89290f0450ebcbc5038e2a15d7ec04b5d3c1e055e3ca5ff5e8607d56549b000000000e80000000020000200000004b6e02eeaa7d4db9c1551d9127bb7977da29a0ee38cc2db062e81adf4a1475b120000000875ded70d657cc0fafe5d8751ffd1fc0ee28902794058eea7ece58798b244b7740000000d6e83525032a46b23149e22a0b71fa9b04c9c43bf0dbc904ef62fea740104e4dc1f1c83502baae8ef9c704555d97848d13ccef27ef998ff75a4c8ee36c09b8a7 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2168 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2168 iexplore.exe 2168 iexplore.exe 1136 IEXPLORE.EXE 1136 IEXPLORE.EXE 1136 IEXPLORE.EXE 1136 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2168 wrote to memory of 1136 2168 iexplore.exe 28 PID 2168 wrote to memory of 1136 2168 iexplore.exe 28 PID 2168 wrote to memory of 1136 2168 iexplore.exe 28 PID 2168 wrote to memory of 1136 2168 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a383448ec1a0471abd58198a42533e09_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2168 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2168 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1136
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD5128a22ce0c1c4619d5db697ce5440710
SHA1a8b59dfcd0d32d490b9c0c27ac31022f516e8e59
SHA256fe25a855523dc0f670b45bd6555f759088520357f009ae0f036c12742ebd15f5
SHA512d5f57c4d685030821b1eba5001289e574e8e19967ba16a492b0d8ddeea45957f9bc0f793c890edb85667a308fb3a0e218254cdd3b695c82f20414a3f8e025b28
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57017e77741db59899391d0f2b9e57d7f
SHA1fe3086fcdbb5fbfe3df11312c19f9202840638be
SHA256d1a6ac4324a079d82b2a429fa3fe83389d256a544c37147c18219637c86adb9f
SHA5128a820b30a6fdc8fbd1e09bb3100cbf4bc885f30146772f4f5d0c14cb5ab0c4be06b70750ac7323fd368c7628dda66b6fbbe78fc7c87280421b20ab2c55f08241
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a5ecec05f166eed58991e3c19cbaf3f3
SHA1907ea10e76120f85e37b4764f47afbcdfa3ba82e
SHA256116ab4d8539f26c58977542e6b5820921305a6f70a60b4fd4e29c57579fa8301
SHA512dbea7ea5c52b3b3fdaccf1372ae67bdccaececcc52a98af45a5ecde11ec1cef3df0acf3f405eb37e3aa0d82f37237440456ecacfe068b1de3f8f52aefded73d6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5060342103543ab33e4912cee4955d62a
SHA1d8d1b5f4e24e39b513598e24a94fc03e433708f8
SHA25673bc802ee7d26fbd1e4e5f219d94a93389cc5227779c55ad0467a03aa604b980
SHA51214ba0189d64e66592ccfd2927ae117b8217d199311724c8d11f2291c2ff61b34151da6a3eb712138ab01b1f2230eda25c745df2058465e25d0dca91fb39352ae
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD524072d87e9d5287c16f0a5f4a263f715
SHA14277e3a6ee7937eb83809e4438b6e23e9f770529
SHA2568bdcf8167b9defa1285210b331eda585d60c7ded7eedbd7cf54bd1fdfea51e22
SHA512386e91f5fd6c2e9dd623f55113302723e5f25d2b14fa868ad636e060d62f9f5c928fc5cb03297fb96c14b271af1c9d33c29785d18d3f953f344f7e5c9ccf08f5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD590957a928228089e854dc45280844d84
SHA1d5f53a84a69907c29e4fadfafb554e88f206bf33
SHA2566ff3e1e8b414ef3e9d03a1d9b55a894e944d0d956125c8b85b498c6bd5eb5ea8
SHA5129c9d43998b8986e610abc728467ef3f067ca25b9b08f790a218669126ab4d9a766ffd1289e9caffae10f7658000c17a1329c0985e50416f84f5f819f5e6dd099
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59135344534d3c344fe909f7ba5587511
SHA1bb865110ec7679e20d1a7080e7f3b1bfc75d3afa
SHA256cc91dba8c40a6b3b71497d1da024d37dcc664ff2c547cda86b6d3fa2ff9d50b7
SHA512411a262ed344adf9e43a6596963361519e6afdf80e450adc78fabad29b1fbac22e7ab269c49f373c24f6b2acb5bbb71c52df226fcbb6ae360dc0097dd6365526
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57e153e2dfc43052007ed782dd1b7f943
SHA1d7f5256ba0b829d2f8c9d5965ae7a57c6a65c457
SHA2565bd7ff769f022980950ae5055f482307e0246c8fead47acba07ebb272f620670
SHA5128fbd765e560f80929f66571de992b2084ad8dbdb472cf3134c5b53dc8fb054fe0a32de02e0fa868cfb0ad889348de0365d7a8e6b3f81ea3a915f0dd9cff52424
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58942ea36e7ee4e694b17763ec35b12ae
SHA1ddd5f4f8f0cc20d0c96ce6a901ef5aff7b387a1d
SHA256351564ff2fc4d98d2e9fbe68c8f5ad3271989c16dbb5d123fd7fa98202d34fe9
SHA512727039bb9485e0a0c8e25a83d4b903f9f0c3c9640336574bd0e45775689c107f194820f9813ef867da58b956bce70159bf38458ad8095a7aa3c75c944b1b0b80
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54cfc53d4840af28c14f9543061d1bb63
SHA1289f8c4a164ba42b8cc49638326af9ed05c5ff8c
SHA256948bb8e5169e5cacda1ddf60c0790f8673c77335461d3c128fb123c0aa543c25
SHA512364277c40c82b643960cd53f2ec12f9126e0e8f883a5c4541afe15a3858be6b0b58b752173e8b7eee7659afddca72b813a0806114dca67a11700a3123e03cf33
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD562fac3adfc2f8d4d27e054859fef6421
SHA1afb182570f57ac9a27640499c319c3535374d12c
SHA2566a0439c207bd3cbb28517326f02543f3d5ec819ce9119362bac045125041fc77
SHA512f6c38df84df4d07364420cf5323df25de801009f09597030db237ed5c55cbf42967a2724d946ca493e5d7d936bb061a3f91ffa3b975b493cac8a93f6990f9d3c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
Filesize4KB
MD5da597791be3b6e732f0bc8b20e38ee62
SHA11125c45d285c360542027d7554a5c442288974de
SHA2565b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b