Analysis
-
max time kernel
119s -
max time network
135s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13/06/2024, 02:56
Static task
static1
Behavioral task
behavioral1
Sample
a39a5394c59205d69d91ffebb6e771e4_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a39a5394c59205d69d91ffebb6e771e4_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a39a5394c59205d69d91ffebb6e771e4_JaffaCakes118.html
-
Size
32KB
-
MD5
a39a5394c59205d69d91ffebb6e771e4
-
SHA1
12a16469a49d91d8c9b8f56c287bc25c31edd942
-
SHA256
63b6121c20e20054f70cf240edeb22790f5e2d7854ff1d2e349c8ad99e3f76dd
-
SHA512
c52d5e73afc0c7b1eafbd3a698fe75c2ed3b2d7941907cb1bd50475d72842dbff43a6d5908337a4b87cfa0b26fdafe47ee1407275fcf4cab9fc8c3aec2f7edd4
-
SSDEEP
768:6z5FwqFPDIWMksP2TBxBzs16NtcHwmui/b:6znwqRIvks+TBzs16NOQLGb
Malware Config
Signatures
-
description ioc Process Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f06127553dbdda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000005e5ae6e8c38678ea3b594098e03bd9e1d47ab28eeb7a72488fd001690e492231000000000e80000000020000200000008b7d77effb4ee981c961cdee40e82acd6452ecd30334bc7bb5e69cd46a7f32e3900000001ca9141b0d0fdef14e593c7784d267c2b40c321e44a6c4e5568e97490c28b466ff7e584f6f7a8fd1ace5cd909f92f992924e6731f47d4220f01475ad9ce71e0b7d033020cb14a028f7e51769f62fab680d22ff69f29be438095268b6c283f66fab10fe2d52cc7c3ab2cece450ab7b1aec77689731ab293614ca1f660970cb399eff47e1986582b9282fff29d1101e668400000000ad76550bbc2cba0e94e6c1383c1c2fe3e6036ecfe42b77f3c8d917483ef603525b716777a84c3fab6a5f54239612e5131b057abc8ccdf2158cf3cd7d7c8817e iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000ec201fa4c97cd5bfad75c2da179fc988e69397ea1d6400c0b81195001d8c18ce000000000e8000000002000020000000822cbc03509090a9fec5c56bdce4e94e6a034073f3a5680570f26e7fc569bcac20000000b1569408ee0b157e9b89a3627a19576766c91758183e10d8307d946b445deeec400000008bec2389037739101ef419320157481b87ffa76f3cbe328f2d535db534a3aaa3c2d20b2b0c5326e5aeb95ddb13f7ba89ab20542167bf608aa3cb882f720d1c95 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8001E6C1-2930-11EF-8156-CE03E2754020} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424409244" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2188 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2188 iexplore.exe 2188 iexplore.exe 2384 IEXPLORE.EXE 2384 IEXPLORE.EXE 2384 IEXPLORE.EXE 2384 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2188 wrote to memory of 2384 2188 iexplore.exe 28 PID 2188 wrote to memory of 2384 2188 iexplore.exe 28 PID 2188 wrote to memory of 2384 2188 iexplore.exe 28 PID 2188 wrote to memory of 2384 2188 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a39a5394c59205d69d91ffebb6e771e4_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2188 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2188 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2384
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57ceccb03b851a637fe78ced2feebdc85
SHA12480ba009879d4dc93f367f73bd35250f080e11a
SHA25646f021f86d376cb96c1cf919a51b37cbe030b598ba889f22485a36fa90a0b344
SHA512ecea854a91e2ec56c4f97cd6748e1903ab75dfa69e51e3f5a4eadedccbcd7f73d1a9281d44e69e8a912cfdaffe9160e3d92f93c4ec66c4fd35d33ee2ae29bfa7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51a32fd8a5ddbf54894a9fee0b9d6df77
SHA12734a7a8638d15313c69ebdd70ba4079877e72b7
SHA25635821bf9cfbf4007e877d88e32c6c04d2c986bd6396555f16b78f63532f37a08
SHA51288be1c5dcb4402ad5b102d7602ce58c7a3d472e42df9cbd3fd7e88b9d06bd742ab0f10e0472e8db810c14a75490c26d08b3c9d381fba580d319c96a8c083947f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f9c0c88f1b3fef95a05f30a3cf05eb16
SHA15d621de950cc0b177a10255ef30c2548cdb5c637
SHA2568c6ab5f0bc09006e07d037e73ff0f063319fe0bcea0d48c08a2891edb1ac1344
SHA51237c0ae4f24245226cb8056dda7abf2af5b0826fbd3e1bb4f1db0af7a363152508b74fcb64f44b1a037f345227ba0842dfb0426751016b1ae4ba4951ea0745fce
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f4981235fde61ee2e49bef0a6bdc3b6b
SHA1944e88482521bc46d77814484c50dc45e2824fa4
SHA256c5c8877c434f1f99cf6e5a3b422f19ce496a6616362a19c24ff052befbb99948
SHA512dff69207c521ae5c3de8056c3b45e4a21bfca50d638123446f9abdee6418d26b0667e7c8bf3d002b0313af16e75a0be8a8bc60d4d236d0e7bf9aa872bd47d6b7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b09a330bf86767a244dd15fb31c68338
SHA10dafc566306441d4eb019030a9d5477a60f36215
SHA2569f44afee316c8d7c1924b6666c6b967c838db60a3641accf00f271e88f2c7f98
SHA5127d383be3173b030e30f1d750c9812baec032f232d399f4bad093eee218cc68dff66f749da8a2ff88b73c754d60e864f10eb2d67b081ec1ee7b260bd8faa7effe
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55858c768bf62e3d2566d27e36250e2a7
SHA1b2b29f8cf5173f0df2bb0285d670e2084fb33f3d
SHA256917bbc4d53a47aa7815722a4d85ebbb9cef3ac1a3c263085774a5f4dfad7a916
SHA51289a7f01066a885c4a046586d2bec9a932ae04878992dff31e90a142720a756d7a3e8815600bc9c26d791f0353a41442e6e19d756980aa4d878abc6dc51c7058f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e157a637380fd8dc6039434471bf3003
SHA1e25115c3396776c050f81fac45a61a0938c15653
SHA2568f81a67e5d7923cb15234ea8abc108c0a9a8edd7b17a1211b59b151c449b213d
SHA5122b052413f055b7c9316384dec4a8fc8f452b65355b1ce8f63f66712e37bed4b1e0e0fa35239d24afb4096abc7b6ad963ab223255649ed305a0c7c6a5e1913f13
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55036317db346855ad2a82e431774d50c
SHA1fdb46a273238f822a9ef7e13630b169f04a3759e
SHA256a70b49e1be7b12c733199001e46bf3ba1334e2daf32c3aa668f296bc4c93ef9f
SHA5129647638c219a466060871a2d4976a233b0532250a569bf7704e09a4e320dcffcb7dd13346a0358c281f39bff594f33df4a8588c96ce8b7cb75ac0f7cfb5f4bef
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD537c6327885188ac304874dbde10c0062
SHA1ae794ec8d8444c2cdda4252dfa2ff2f8acbe2c82
SHA2565ece2d108c515457904a9608e48186da3947233136821de0759a8036f95ffc99
SHA51287c71a5276eb6068d70b65cac5d79d1b988ab1981a0b51b2cce3c6e30e3ece9012ef01ae3ee3f15a6cebcd7e214c03d36cee30e134c2c61dd5a169703afa0e23
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53fdfff0ee5f5afc9c8010c29e8b226e4
SHA127bea8f2fb33334df15f8f3054ac69e3c31aa052
SHA256bdc4755f72e44daff8da38525cef8d7f3e95817f402744359be732be292e4856
SHA5124c0725a7c231b0771df526b91c47590e0e730b1a5a33efa02c51f5c8e27b9e5d2a6450473b42376ad68b483700afe1a632eaced6b3c641b92a4a54e2a4af6a95
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD599331031b55de1326cd650846d4f2b2f
SHA1df9a2453b288aedbf3371e9996baa1c81e495f0f
SHA2560a1ab0fc4db9bf4411bc6dfe21db578a28054f00312313f098bcf9d3b9715004
SHA512a9a85b71a7b36809e0f149f0cf79ed81f3faf4611b0ce3e2f8b89405419b720f92e4bd82c16adae4a826f483907b3816df7abafb38bebf92a5f4e4bf267e98e4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55620edad24a7f182a472585a03f30e5e
SHA179c021a91e28b3bcdba33a95e28895b0821f6cfc
SHA2562e8cbed977d132b064b1a19923cdaf47f4580fa6025f5db0b5fa5261342baedd
SHA512a23a78b7ca873fd38fdee8f50690c520270e64605638fee18b5039a375d7736db0249be2c599ad600b8ebda39984a99682c528e3a6d9892019386203d97ad1cf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5066eae2e297a8b0706b6e082d6349751
SHA13574d31df09a0d93c63a7c5909809f96eb44b862
SHA256f48be79e86c2dc46080f4e837411cf4c13a55637aaf9323058e9ae0f322a7031
SHA512df65d8610fad4927ab86260f0e7943d22330d775b08318224b5e5e4e042778dba63045d8857c5c42f545618698775b6e10e91c467993a6aec7a7438515913ab4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53f30097eb19b70485a87cb75919e5e65
SHA1d66b632561cc3bdd02286fdfc56453e68a01c506
SHA2564c00c4e37bc8d4af4cc83403f22bd0225e26b6668ac772e7f40f3bff200e8fd0
SHA5127d7703a749142c6f496f32c2ae8cb5cd73298759b10ab183db2923cf8714b483f6b75d2f63679772ddb7a9322653a3b26637a89f9302d7a22724a929591ffde9
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b