Analysis
-
max time kernel
119s -
max time network
133s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13/06/2024, 02:59
Static task
static1
Behavioral task
behavioral1
Sample
a39c6044b026d0eca799fa93e47cd313_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a39c6044b026d0eca799fa93e47cd313_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a39c6044b026d0eca799fa93e47cd313_JaffaCakes118.html
-
Size
22KB
-
MD5
a39c6044b026d0eca799fa93e47cd313
-
SHA1
dbfd958f16a722e72ddccaef43cc49bf7f8b9b7b
-
SHA256
7c8d8cca6f4f0f707b34ccc4be86c7c23e0a0378d882faa5dcf58f0de5a1d7e2
-
SHA512
4971d7fef5e3946effed208706a9d1e7ca4cca90278f806a676d515ca06ac64c8e673d7165ab88b6891085b3563f45e08fb799abd76309d2bda4acde27dd6058
-
SSDEEP
384:IGpU2MlAN+Z5FdXc1kGBfud6TRaJM9JBUlp7kbTWR6M:NpUXAY5WJA6dagIxKWF
Malware Config
Signatures
-
description ioc Process Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000003a4d4b60bcf0259c0c0ca3bc9b7c9a02c66b5ee07eee91dd32587134f98375f0000000000e8000000002000020000000f00f113be92aa481da38bb8dd90028b04c7799d353c472407a18ad46ef432ec32000000040a5d291b125871017139f6e20a21a7c4a912517b4f3bd3a8a6a48e816e7aef14000000058783977994d8ce716408abc43d5b28343cc6a974d99f25611871cf06afa512b1a77b1921f9727b58d1a34dec1be728453037af20da15ab4c9a08cbc2b85ad97 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0fe1fdc3dbdda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000004eb786096978dcba7d66f1749f767c119239e43665a74709656001341c025880000000000e80000000020000200000003d285e3a629c8f519c14fa116c22d394143e55ca7af592aad297bcc329cf42359000000066e5d51b6e87bc3c1a7855d36097bd7834d98d1034636ad9a86a061c2752e1c819f12dc67a302adb037a0e5c8e66017eed811fb7a042c69b61e901c0abb33b07fabb9770deef12e3fc81e4d09be78b08d96ab6172232cae0c5e6f273e13ea15dd203dc59627f0df0aac40238cf2136a3ea80aee1944971d7f6d2f739c379eda2ce0178b49e67992485ca52fdd46656d8400000008b952a68f9af84372127c5de5c580d921c9cb7ce8ed3f12886b92cabf1cd3e746a921530db576abe2ffa385e4ea3bb068963820485334e55a7abd84ef3d8da75 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{06CF0E81-2931-11EF-A1F0-7EE57A38E3C7} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424409470" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2988 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2988 iexplore.exe 2988 iexplore.exe 2692 IEXPLORE.EXE 2692 IEXPLORE.EXE 2692 IEXPLORE.EXE 2692 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2988 wrote to memory of 2692 2988 iexplore.exe 28 PID 2988 wrote to memory of 2692 2988 iexplore.exe 28 PID 2988 wrote to memory of 2692 2988 iexplore.exe 28 PID 2988 wrote to memory of 2692 2988 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a39c6044b026d0eca799fa93e47cd313_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2988 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2988 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2692
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57a1d48e1b615df7a2385aece2ac75884
SHA148cd67aac2f1ddab48f48f13fa27aed1e1d6854a
SHA256dcab47a213ea7d51543a0544babedf9040b72e542dd5ba359ce1d73a8db70794
SHA512411e318397066ae84491fc1251c27fce43a04d647d1a2b06fc1c4a3cc97991a5b8987fe433f535b966b9af82a92c6ba70afd9cdd52676124623d4d601ce7965e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b0b37d77246edf081e12613c229fe609
SHA147cfb8dec48febe210edbaaf72714089f1c9c71c
SHA256e339cf8a44b3bc8cb8c8d069070cc588e3075dfa07e449d4917aac649e4f4f41
SHA51256bef8b90ca42e0b0146d4dc938441f300c9143ddf67e5106378c10393db4bd541d20278a1c4faa21946d089f7e3cb164538e149102d389b4192e7d78263c4a5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50709b46a0e7b6dea77f7a3589cb2b76e
SHA18e926a14183eeca32a78e23adcbb57ec841a74c6
SHA25670029297708d919a7fa0c8fa440d06db97ad7bf3496e74c9f2d8c8b705feb389
SHA512a64a9c70fd8a72bad5489faf8df581226f0e5a1faa86a29d1396bc315dd4f7b7b692069bac676010b7bed8a04d688d48d1659b6b5f71dafb1e04fa7160baeb3d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5075691c5e598794f58b3b8e4c17566dd
SHA1194ae10d6fa60ec406d44584527519ae9b3620be
SHA2567a2e50246696d2ef33ccee1dc11e24e819fcddf70748a4cad0b735a4381a7096
SHA512d0359519e1ee830c6e20d2225ab9abd6a11c2bc5a562e07e33fd09db324191db5f4f15e1df49a031a2690959af06e3720f573b3496a177840269cd176a3aeed8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5db1e7dca4a8da6fa3ea86f2877603fc6
SHA14f73aface31a7ae5f14915e041f3b694cf32ef4b
SHA256b5816862a0718637ba56b2d0b8453bb42dd5e4550bb9ece5fd89292c6d5c1d33
SHA5121768db0473a8bd360402f55e1cb81aa953614aba6687309ba6f19871452fe0a7ba7ce63039f4c732e11dc8279de9b13701051d15b9298511e00cbfcea1841e72
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5881b06e49af86778901ffbb5a4554c4c
SHA146e885e4407a4e1a71be28c6ca5ea31bf8396151
SHA256da3ffe488b1b7b258482414b8e51137261506cec72beebe76837c65fe46eb825
SHA512cc694dab6b373cff9b90e6647c8a37dbc2e2c1a88cd61acde13daf87e58640a18a1d8602bd14e7c45462eba8cf2e0356c9cde9463e7eba6be285af922692f208
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51646bbce9fdb64add34a17d4474cfcd4
SHA180aa5ff6af1fdca8b12d4666b88cec8ad639f3a6
SHA2564504e0124b849c426fb706f39568548b1a4e4b71494d31c7aeea96f24f112e72
SHA512c0cc444f00eb6d4e6c00e1c0f9fd0f1a5611d8b6ee3b059d647e8f3b19e0cd4e5a3d7870a53bb03bae707666290ef6ffa5b198ef420166db1238cc87eb9f2870
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51c2feb3510db1a516927ea16e13b212b
SHA1ed98dbc6a2e68b51436e7a0e1f37a3742cfcdc8e
SHA256f86f929b57d6fa267d607c2f7520689e4c049973f1b293062c5335df7dbae256
SHA5120b85b8177f7b870d7eb364e50ed085b4670b68d241334c6a7f36529059974b71b091f110d74d22a6f5a236f33319e9b13aa166467d249e8da7b136f45d273cd5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50a9d77c457c3529fbd35452ea4b9be6f
SHA12e534410ce49bb485fea5b37abcc95bc62a9aa00
SHA256513908296b9f2413838efb2cebab539fb3b631bebb77e04781839a9c3d47c8b8
SHA512719c6b4eb64f2cc187986c42fd2a834f71521a205a2a6e0ce6ebc6f4d1c0fe0a7de459240e392e8494fb4e3198a5d8db3e72108e397f925f9c204748735b6878
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5735718288d80cc57a45f0804fdf551f5
SHA1dda5d15b2ceeca7a5902ddfc8a46863253b16af2
SHA2565d0f9df0abfa0433c33620fbf658351c2b4906b39b2f865c8fa8c5c9ce62fd1d
SHA512cdb7743f100aec9e65e697e67a1604af522a5f76691cf6b2aaf88aaaf4c0a9d7d285f8616ef6959e7f2c69c53a5c52033c4196d938556d45958b325b679a228d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5984f06a3c67b4f26a49e372484a9a517
SHA1bde60f11eecf23cf3dabaae5f627deb2f38c9e06
SHA2560a4965ae3e7c013cfbf50a501020690fd1e348bf5fb6b435571d6cadabbbd78f
SHA51249ed92cab1bcc4689c2fb7cbe59218ff3c30fb15a101d0da6668bd043f7659a671b8834dd0349566ef33c476ec20e751ed84447fefd2b5035e3fa0746a6dc7a4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fc16d0173a35fbcf6466c189e474f317
SHA14b9f114554f31fc274f8f0fc5b97da6b7cb10fe0
SHA256cf7cafce1fc1212ec5540af7ca052efb7540afa38c8a3a4426ff92b7dfc73889
SHA512f45e1f8f1dd8968c122470fd3a2331a2c7a1b172f61158f40fb0c7f89a2c2c864c2d93b9252811032c48d559144d12a33db5f1794fd0c53f82253397c20980a6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD523b82a6ae5fc4f2560b91714790a51fb
SHA14f0177a3349fd4774cb8a3be918fcab1d8ef6f62
SHA25664ebc4160f43f905d3239d57c2cca59a28bd2cac1072b0cd79b0491e4beca055
SHA5126868939f033f008fcf48e944d11a51e40bc74866f441bc81cd374585904ebbdc96865201e981aa21348bef989212255b39996b98b314e1ea745b8f540fb4866e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5042cd6cfb1dfbf9c1deace0cf5130ade
SHA128ca1bff323ce270c6c44f1559894666b98a7a5b
SHA25693c723a6ea7151313d1c50c84dadd59515b22ab677c46430456867176d667f6a
SHA512f53e1ff315bba4b45d9d2eb09bbe47f29e8d7db130b90c18f61f5d7dcb4030998a1096155dc2b8e777951ae220fb764a1a1cfc636890c64ffd4568f86ab014a5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c948ff9d53e90ca394f2ba9cfb429691
SHA11273a1913c54ebdc1e7bcacd914fd30552a13171
SHA25661cb68e2df53e20b3329bd43541e7d18e0ac417c04a8fff8cdbd99e2ca3373e3
SHA5126cf381bf6f345ee07552c74c86047200045781fee4d82d71628fb3f21336ce06a80ad19a827d995060b3b132e881fbae6ff75865e836f597c85602665670f39f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a1c8bf55c20fb8d48017e14a880d8935
SHA10af445eff1a6d571cd61a359451c9b24d5354735
SHA25612c39e502ecfba27e881bf4905871f60a3b646e53436ba02efc3b7c5b4926a80
SHA5128812b500cd67f632d7a0d364627b72550ac1bc2de93cb61d4c261ab0a0f2d44583e6f86670d6bef93249f06644181603898805e60b78feb3e9e413abc539c10e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5408293d578c0819709ad0a4a28f73617
SHA185cf5070d7442df39ed302c5f430991f5814c85c
SHA2561f8ae66f84a70f68fe4417c40f48e0becf9355efce973bd34a58705b3fbaac84
SHA51268e88243cfaa6e22b53e66ea8a0856762367e8cdf109ffccb4a1c17365556c35e6e391c484467a1e1d330d6b155d155473578f292c84059e4828bb43e15c2c8b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51239a31c5655f33571838d37c5c897ca
SHA1ee10e0ccbcf082ea2d2278f4d325e9950eb2426f
SHA2568348b9be927f406b1061837928c318cdf8b579ef53acd2d2a796f0483eb124d5
SHA512d0463fd81da2cc31e349f48f39037129ea02153a3774da0e41350eb6a0c2cb237eeca116824224e6e2b92e60280d43ec56dab57de892ad5e73fb3d78e70e6484
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b