Analysis
-
max time kernel
119s -
max time network
134s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13/06/2024, 02:18
Static task
static1
Behavioral task
behavioral1
Sample
a3837acdfab845de4186571e77044d04_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a3837acdfab845de4186571e77044d04_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a3837acdfab845de4186571e77044d04_JaffaCakes118.html
-
Size
20KB
-
MD5
a3837acdfab845de4186571e77044d04
-
SHA1
7f21697cf82ae4e66817273f4f1b8b0355c8b53c
-
SHA256
39de382c09eb57486cfc082fee6562b5cfc212574e8bcdf8f42b4332617908a1
-
SHA512
a29ee123af4366234a8f9d7a8c6dede0feab3ceafab49597aef02633d5d2b584c3f4436a4fa0a518c56292845b543b0513a60e966ff2ac3aa43308ee1c2d604d
-
SSDEEP
384:NduQp2GFEenjx8xDxXoOnnhw+rk7W36tI:KGROnnhtrkK
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000ed0f645844a0623ff50c26a9ca40d285a1028d142ddd649f2ff1106e4488ae21000000000e8000000002000020000000d60689bf44014c256882e94bd278700aa551b1ad9be87f27d80bb3dd6125c771900000007161710d4efdd97a73b4efab7c50fe1391c588a1e7fcd631dd4b2c2cd883d43bb92dfed75f593bc14bfd737dd387ecf8d87ca4d089f598d230ab4277fa5fc83fdbaa29a274d966834e9b30b51fd4d2ff99a5fa45d26627fea284adf4126d11befb5013ee11e75ad1af81ee5c169622d3924982505ebf052999bdf1f93cf065949330a2816350251dedca7088afc04d0b400000005d61722757127782a648e71f5372f68f73ddd05c76d1d02286ac7ccc48ca390ab951b2e16459624588521011593b01a55fc9316799dfa803c6a7be8e24e2e48b iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3A558371-292B-11EF-B3FC-D2ACEE0A983D} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a005881e38bdda01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424406999" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000af2f0d401474835ace7f446cee7bbe0efa834365645b8b222ebc623c048f43e1000000000e800000000200002000000058c3f68c5a977ddd7d56ec9efd73d8ff384b90d077f7dcf3cdee67b592e852932000000095d795288f003011ba1bcdc678adb0e7989eab0d6124796dd342d0f100ac8d9340000000335171acf5efb87095d6423abb089470fb09d9280a71dc8f7cff4fad2565562329b52a06a75e689b42403c854d9d027f4f6186913cefbac3f0581611ae8031c8 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2548 IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1876 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1876 iexplore.exe 1876 iexplore.exe 2548 IEXPLORE.EXE 2548 IEXPLORE.EXE 2548 IEXPLORE.EXE 2548 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1876 wrote to memory of 2548 1876 iexplore.exe 28 PID 1876 wrote to memory of 2548 1876 iexplore.exe 28 PID 1876 wrote to memory of 2548 1876 iexplore.exe 28 PID 1876 wrote to memory of 2548 1876 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3837acdfab845de4186571e77044d04_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1876 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1876 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2548
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
503B
MD5f31f6fd0d0a88e39b78d65ea9679fbb9
SHA1f4d4075bb1b2aa2b446eb9c654de191cd768c7d0
SHA2562cb544dc0ef352fc2820cc9aa8a9870e15cfe5af144bf4fae4d0540948637706
SHA5124673d55c152835bfa37920c46e8d8ae6a4b0078661185c05ae96fcd5ea917356f19fa047961193e67797983cd2b0c090346d771840bd512cd3cb4e8de06f51ec
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ac85dbd0a60536c3092c0a60ce6d574e
SHA1d8ab93324d798cc9c54c4dba35c1cb208ad66b98
SHA256efd7d20acdd2788d0f383137dbe83c5b3ea8b5b3ab96c01a8fd3ead2781005bd
SHA512d91410e45f9740531bf9d39a0beee3cef204f2977ff902b8fd9898a895db66ba53e680b4a5ef6bbecb4648df15af3378c79c6314e40ddb06f8dd3ac55b6a6648
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cb31b1e80d91425b0ced51f2292209fc
SHA1d1f2d6c630e0cb53675592cc843b39bcc9832ed8
SHA25617c716739aff418932c27f5f7794a23821189c6a4324b0a8b70811ff29fe66b4
SHA5124e1603fb15ba77cf90a6c119ef6b84c7246e37c13504b06e1270b9e60790c820f8ee7a6329787c31f39caca94ba22583075cec162db72244dc3d544d27c307fa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d627f3ff23182e21c6ca92a1211b0da2
SHA1e237f5de4aafb4f29a33f9145e3d308874757b14
SHA256ec10cea1a408603e5cbe63af311860a4532dfae14e2c268e8f782b5db9c1cb28
SHA51265ebc7feadb13ca46ffa2159c32ee6abd824a8aa79a988dad13e6139e4a65f9d58fb3c5836690d58a5454f62f246e1d0dcea034b835ead0ac8e1b07bcc7cf1a6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59472a2f4ec9db9a0a6a8fdeee38b0557
SHA19bfa457ca21b89026a57a201c254684ef1f9f898
SHA2568ca1f136cf7a88c3986fe115660ddc4896ac1f843210e0420d2b42fae4916075
SHA512e5aa8d48c409b12059ae7e2180a6abc7f3899275fdef8e589d9bbe2912b218d9a698d87b84f77a71c79edf1546df138724a5ba386230e591b72b5e1e0ac68076
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e441d2f69cb491d452f3379b2430f4a4
SHA13f9f91c75a556aa483a885c880d6b24b84da60f8
SHA256ca05d7c5b33f0104c380cb60b713a6a585a7bcc4bf9d4b5e5554e33d9ba9e63c
SHA512c6865163306dd14ce07497d6cd50fbbb1dbc39d75a07440f067d4de7652e9e831241a8d24b291e3dc18b7c6eff5390457d5957a68e3f9064ef231343bd374702
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d094da23abfe78377a4fe1b533e9618c
SHA1090e5f18387ad4d7da8cc8c5e6dc4331ef34c926
SHA2568ed639605df5adc38e2aede643537bd758258f51a65a80ac9f6c9c69ad74d7bc
SHA5127932b85a8eb56e0aad98d30dd8f58a0e86dc47e4aa47c2eab4eacdde539d699d38b7304564d58a4b05f2a00c438e89afaf448845d909b5b2065ce06fdd5cf2d8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57953ed5bda3419d3f9f77bbae0e88220
SHA1e31724eee3acf74eacea2119a1407f93cb656212
SHA2567b6012cac6e72ab85874c0e90b55b0eb097d9f258ae0ed40ef2f1aa0932ab632
SHA512ba4f3739a830e19f1b10cd6b0823a8382ba34b816bd9dc172b96e6e41e039a3914f4247e6a10e477783b759e83e238fc9800af3be8c73af2936dee44877face1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5733267294356bec8470d5b9e50b7df78
SHA17974122bdd8b301afecdc92ae5780a77864e00d3
SHA256faf5480cd93bcaedb90cde71680b44e616c019a9f84de256e67f14d431e042a7
SHA5121d8eab8b3229230a1f9d56f0773c1f78f36c416b933435a426218de8058aaca9595af2c69e94361725c781a3e38ab958eb617a76c35cd798a66b5ff495bd1fe6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54539df2221cff27a17af7731f2d73c77
SHA177b8b007265bd107d7261fb99b43ff0355e46a27
SHA256e6e720a444f8f2647478c7ad3eca562b36745c891a69d6e5a2c1ec2738a4b376
SHA512d4799f331028893d57a355319e54cce4887857c550e0c5d67c9a746442e7bbcfa805ee8aaa4ea1c44e0cec402019fc331c906a146c20f6a760708f1acd834803
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD588d36ac9ecc50d38d186d0a421c62bcf
SHA1dfd2ffc743d4e17a5bbe813b49fbfe7d18113bd4
SHA2565f27f36377459afabee527cb7e6b45fdf9eecbd46acd8d560929ac5859283350
SHA512a6dcf8c3c25b0c55134e3a42470005ca06160ac2bb68fd24cb7aebd4b9769eb113651816137c7d1b49bf38b4bec323253dfbe27a0192075be67709654f826715
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a55ad7a3365729ca7203ab1c8157d6b4
SHA1edebcd15d0595b29a403d8bf9aa0ca14b36cf024
SHA2563d8ac76baa46c81ca9803e33131c1788f941c64952f2454c76d9be44135a42d1
SHA512056b1cbc6be05a1a729d41c2df8fadc4b9d03a0aafdb544503093aa90118dcc0aa34c9a6b7094f3963d497d05af4ec64ba42bc38517b5e8dc2b5678b75f894f7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fcd0079415d95796a6df3e7e2d1187da
SHA17041bfff1579ae6e3b139a8cee0ca5a941006519
SHA2562f48f857fde169cb60f98135f486631dd698a5a1473684923a55943c70427435
SHA5122cd6be72a481fd888326616fa2fd39542850a3ee1272d28cc9ea591831febc26e8296ab83a7ef843c76aba76a7d4ad9d4c037c99af77e99938dc2c0d5733b80f
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8DU897P\menu.min[1].htm
Filesize162B
MD54f8e702cc244ec5d4de32740c0ecbd97
SHA13adb1f02d5b6054de0046e367c1d687b6cdf7aff
SHA2569e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
SHA51221047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b