Analysis
-
max time kernel
141s -
max time network
142s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13/06/2024, 03:42
Static task
static1
Behavioral task
behavioral1
Sample
a3b5329067f24304d2f41736c7013d14_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a3b5329067f24304d2f41736c7013d14_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a3b5329067f24304d2f41736c7013d14_JaffaCakes118.html
-
Size
88KB
-
MD5
a3b5329067f24304d2f41736c7013d14
-
SHA1
62416ea326666040302720d343f685d6d5ac0677
-
SHA256
0bf9be80e2b83618f767043aa222862952eabb9cefdc4e4614ddefac68fe5858
-
SHA512
bd9636e2ba1b1afa9b24e0edfadcf5ca420b461f0687c35ebed3e5fdb5c804335d990fd13bc865aca29f0e61c1f416bbde288eaaf7fafdf92da7c448f60e660e
-
SSDEEP
1536:9MfI5VYXiKqkqCC11ffd/YK2xT4EaeaeEkVXtke3QO5moAmy6QpSYXoqdigX2l5L:9Mf5SKqkG11ffLkVXt5crWqdigX2fuRe
Malware Config
Signatures
-
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a03905000000000200000000001066000000010000200000008267b2ed153c63c907a8808001e49949f87b36cc985dcec11527ff93c47d31a9000000000e80000000020000200000009fd4139f077356db377caa208826f7c08554816132e4796ac14441aec4db71c8900000000e6e54f7385a8cf0701102d6afb521499622a637cba269af09892868d812cc76775ec4dd240abc42280a4537529e1b346242eafd8115bb1fdeb44f106d5f69dce6ffcd6a90c1eba7875cd896fc259e3f7d7a9728642e1408eef959763f5bb6401c517345c91e8ce90ee762837834bdc7ba4bbb70c9d58a7f8374ff31ec2c2b444b3eeaf18710cb3e8c2ae89cc0b727d64000000036c2ec6de1307308055d2f07778be87f58bdb5a6514610a24c49194c194c626b635365797f734c85b311ab250caa91f30e2a455aa1540c10f7f62085a29d6811 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60dc42c643bdda01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424412013" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000b30e4a63eb6f6ec629db2858105730198e531b9f729f5771f55e396f3b84a93c000000000e800000000200002000000088e9be4996d43eac25fc114e4279f4ffff3b34bff82da57a40934e3616d5a4f9200000000fa543f1cd938dd0d418d106e6cc1201660b78163e5e6e83e0d5279bb4d5b4f940000000b7dbbf4544b99feb42baef30b6e03b15f2846d0d243a17094d8fb26e5e29644cc5fa0677a4b104ebd7695b465f2b2c2100f6d478f6fa094c265905f36499061b iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F09C8101-2936-11EF-964E-D2952450F783} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2020 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2020 iexplore.exe 2020 iexplore.exe 2060 IEXPLORE.EXE 2060 IEXPLORE.EXE 2060 IEXPLORE.EXE 2060 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2020 wrote to memory of 2060 2020 iexplore.exe 28 PID 2020 wrote to memory of 2060 2020 iexplore.exe 28 PID 2020 wrote to memory of 2060 2020 iexplore.exe 28 PID 2020 wrote to memory of 2060 2020 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3b5329067f24304d2f41736c7013d14_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2020 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2020 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2060
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52c38c2068b1d83d9e8c76768b01dee0b
SHA1071ff545a2ac13ad943c25af0d080c5ad282bdf8
SHA25675fd9da257bd04b021799a125960f324524bbe88295ca0b397b6b443c86cacc8
SHA512df468b347b993ca5de3c2de292f8c72711c6811b8a92f081318c0729b97105cf62dfabf89ce20edac7a8db36224e3fa2da0143a285bb73c15e7abc635a245a55
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58db8dd36114a81501a9cdaeba1d00b78
SHA114e14be8ba5176a18025c831319bcc15a67a6dce
SHA256c3b15d50203cde4765d6494f05cb88c40b3a79d7fcf25594a40644bbeac18aaf
SHA512b455403bbffd81476ee89c6e825913cca61cdfc95a99ff14b63dd7950f2fb2831b72cf306eb79607c2efb9cdb7009142f3d52bda92aa1b70b36fea62bb2890c5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51450f8d3beeb9dc854e4e6ba32831a29
SHA12530f4c6cf0322720b6a370862546e0d437c3dc0
SHA2561fdbaad7e5da4d05f116d48bb45f226bbe3e8f6ddfefb2920d605964e920df24
SHA51276b1ccd9442b4d13eab2c4b764aead5c1f137ef0ade17623a61f1da3633131ebc0cc85bbfb005e43e754c6d4d945f9bb3b42479968b32abeed6e02b349157171
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD536dee332f6ec36a4a6cb720642915367
SHA1a6b98b4c5b2373b54c78beb70b7db61e5942e8af
SHA2560abcb2e4bc04a793c86e300b118d3ba2d80769aafb16214217e92f0eefce9966
SHA5129f584cb29c906686222fa85bc93bb323c999ea89fd5875e37eb9b4c561848c1cdcfd7a03b8ebd62ea3e19b3748a73d2dc2e9570ca721c70d05e5c7a5807fa748
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD503652004956235f1d89f1de37785fe70
SHA1ec7447b93615709d62e0740c53b37c341f5ee117
SHA256b4bbcf27e38dcf8568513f8292b579f008f8cc591b0eb6d80512114fe377b1b0
SHA512d4f7b36e21817616f6e363e1ec0a84a1c7212dae66f2ad6303413d111f707c9d613730ea16548b13fc91e8ac823a41fe6101c714381bb1c0ecb596b655e8674a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f986dfe6b99357768b03291def74d5da
SHA1b09e3cee3d2e9a7092e11581e8c3a2aabef2147b
SHA256979219c94ac3887e21cdcf05d071f192deb2c0e432ddf9f87570a9ee0c338f2f
SHA5123233cffc671955c388110e74f10600184da23662d53c616c450e4959ba9ae384801776e57a5a5a6238f5ee5474b3922bd4909d0832af92275bf8fd1a59f5e4d0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5505ecc9f8a22e982f17652068f03ce58
SHA16eadb37d53ad61434aa69d6390650c9472d71fbf
SHA2566a7c92c775f9349ee26dfaf66edcc062867f53d609ddbc3cd74a2fb9d6c60eca
SHA512384c524e9e2c05205b47c572c6c5490706068962fe8b8ffb3a980a73750d4dc4b52df26bf83c8580137d4ae3c26a1471c78d1a522142124e18adf30fb64a3f0e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5928647eb17a81ab6534f1afe6982bb64
SHA1232f63258965710903479f7c0fb86a0503e1c478
SHA2564cb7e1b5c22709d0154f23db9f6df65b20bfed8ae1aec56cf9f5c479438c2d98
SHA5125064be333569d5cf534e8e1965462db9f563f66a1c38ff5c94db95ea6b27ffd5b514b965ac10bcc09bd7384d1e2b9c71b43e29bafa9b6df5d9ce44ae24a6b9c4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b97bf7614534af275bf3f2202eca1423
SHA12d58c408d06010c615a18153b5dcde9b08880641
SHA256b60d6d1a7cc1d96f27c66fce741e08b538bbec7007715ac9bd867412acee6e6f
SHA5129aaa3857171438c4044f52566959f55eb4e7a658c4693778d8a75c114d19f3a0c5f2006bd484403455c57f8d779dadbf9e1fa1066bf3402fa3fe3b0193390f08
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52a7cfaf08b44b66c66f22e787002f005
SHA18be37d72cc01b02de4c20b50b4ae630a0a5476a8
SHA256940e1e6c21e6dd961723bc7974c25df87e2d2e8bb340fe31ddf5bfb699d8fefe
SHA5129e970b1f61ff1cf3804d6f48b79c5d37a5f8a03a242afc006a8aea6b53d8c809c63c85f631327c47bd5e88c689356d355bac86c49ad4b0d33c2da82d7d566f5f
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b