Analysis
-
max time kernel
136s -
max time network
140s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
13/06/2024, 02:58
Static task
static1
Behavioral task
behavioral1
Sample
a39b8a7881282d37ef44983f73cfda44_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a39b8a7881282d37ef44983f73cfda44_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a39b8a7881282d37ef44983f73cfda44_JaffaCakes118.html
-
Size
69KB
-
MD5
a39b8a7881282d37ef44983f73cfda44
-
SHA1
7d1a03ba1d89f87ae15f760a3ec7818f19378977
-
SHA256
72d591ddf3ea0cb34de8ed6148fd6cacbf67282196fc81022c0b16485e481b40
-
SHA512
b3c2e22a2c1d7fc8f8a3f6a64bc343666a7bf77b9f1187fe8a7688b460201d94c23eb3817c02dbfe3d0bc6eb2bab7d8ee4b8fc7a877c62797694f136ca44bd4c
-
SSDEEP
768:Ji7gcMiR3sI2PDDnX0g6s66xyP6/YoTyS1wCZkoTyMdtbBnfBgN8/lboi2hcpQFf:J3QSdTzNen0tbrga94hcuNnQC
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 707bcda63dbdda01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424409380" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000095e41b8ed0eed04881eb80e0adb60abe000000000200000000001066000000010000200000003a412d87c3eb4227bf219f873fefccbb088c5434cecb5f3e80983624bd30a043000000000e8000000002000020000000b9a63e5fbac5e279188147fb34005ec64282af721779a5a39b7c5d54db2285ce20000000944dc3c67e59fd4108194e9ad92606f854ce788196eb7b0c60b2aae164216b9a400000005d7bf0af15e0f40a8a203c43d780d05a94fc2f8d5e9ccdb723429e68c55cb850235949e8a49baabcde8c0e6fe64862aff56adad9b764877156fec8257251ae20 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D227EE41-2930-11EF-8F9A-6A55B5C6A64E} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000095e41b8ed0eed04881eb80e0adb60abe0000000002000000000010660000000100002000000058d16267fdd484fcb3984d967726adc1860b8baddc31986e2a3a0729624fddce000000000e8000000002000020000000084d2676644b8042da109b7d8bf9d38a11a0a51f969e9232778417a2cdfcd0c090000000a089b03614cac0939f8b5fc7a0aa9e52c08a3b39c393f3a45e769cba395f29e398bc36ee36747c41381a10443041f6e0c7c6ed606a23d47a0c01b91b5c619b9a33fe5aec1b524b7d398baef6702e5a01d03c0b7b22838f73aaeb085455e4e0c4c26a910f3eca9758f7844108d104f946b2d3ed5477a1a8165b3be5715ec508fffb31718b9ced104de0a5ff55d296152c4000000069136c3479c846affe644467a64bd1dc86e951d34606a47c43492e6bc64dba2cd29f058e6441eed61cc525f0665aef3653ec8622d203773329a2c1ec27269ade iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1244 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1244 iexplore.exe 1244 iexplore.exe 2332 IEXPLORE.EXE 2332 IEXPLORE.EXE 2332 IEXPLORE.EXE 2332 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1244 wrote to memory of 2332 1244 iexplore.exe 28 PID 1244 wrote to memory of 2332 1244 iexplore.exe 28 PID 1244 wrote to memory of 2332 1244 iexplore.exe 28 PID 1244 wrote to memory of 2332 1244 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a39b8a7881282d37ef44983f73cfda44_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1244 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1244 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2332
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56e69b05f0e270af62cc1408c0acf1256
SHA12213d5142b784895a6956ee99b7f7f81eae07461
SHA256b63eea07644b505a813e48a8dd81d4fcbde0338036d31a8b2455c544fbd64c71
SHA51281e5afde8abfc97c891fd0a02606ace4dcb9701b295a1de37313d9cef9240aa589c302376e97d888a03f3226e91cef7e5eee3f63eaf927b3105b90e34b03e41e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD549829f00c378f390ffa8d8552fde5ece
SHA15186aaf0f2e6f7c56bce8e812f566eeb2d8f8fd4
SHA2566119eb9f6290e40bd8e2a6996ff2e60f19f113151ee5b7ab8d86e7418617fed5
SHA512e016dc2904b98217cc425fbc3e6dc8ec0871200e97cd4555f999b0ca90def1b5b7f99c57dfdea4876df39daacbb713ba2c8b6efcdf63acf1599aa0a9fecfe738
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fad025e3d7f449e0133d0288cb6a684f
SHA12c453ac8c549ddaafa96e1b35c07b0423b52f438
SHA256a0478963f56ab4dbcbc03668ae60241ba4b4c0898ca668d07b08df2ba58666ff
SHA51231eaf9caae58562279673ed9edcde2df0864906ddd82fa5ae314cc3d9e9cfcdec388601dcb6c9a8d75ae98f2fb64d1c5f0656e4a4b0782c5728586dbfa35a17d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD566cd813bde222497bca1002f7179c576
SHA111bcdb5cafb24262c2cf5d843f026f0a6d7705e8
SHA256c6586625d461505ed6cc0b631d7645820f39dea32ddb8bf2d8040c46e28eee5a
SHA5127b165ee5551fbc7c00227d2593b6cb4c2d9394b43199066f59b502df73e5431cbd3bb54d55e950c5e9b25e0cd20f455d1027dcca0f8c444d0911492e69636fde
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58367ff6a020ae984d7b619a47705f14c
SHA1e7a461b75d4a2ef6497f402deb6ded578dfa5eb7
SHA256c77a914f1ca2b589acd89a788826e7cbb9e0151378fb4f0874f4f93ed8fe0405
SHA512e765ce93f23628db5d26082393e41eebb1b4eea8c91adbeb7ab2edde60d8e8d43f7ee775a6d229a994bad0a5f28d8ee691283dbbd520087f113ab9fbf7c01f09
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a738bed2fb647a57fea9ac6268856be3
SHA1dbaf26b3eb50dc16c036dde585aa6286d235931f
SHA256e7fbc219d6964d4b5655de7acdee5c6b0b3e643986257d9005e35e4c5401af84
SHA5127152be2faed536bba7c557a87bb021a826cf6e68efcd39f00aabcbf7ebc5144ed8c815453f0b756b8e5a2319df03c78f86cc219b9f7935073e4b30a07a3e46bc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD553829d30300e071ef9ce99ca1ed36a36
SHA1196fa9f7227a774a4f8db0f198504524c41e0532
SHA25643d2b3d5e693e7d5c01f51b37f328ec53fedeb4143431b5eb380f72294dad050
SHA512b901e21fcce04176c9fce3c2bf2e3da7094e7d2f75516ed2f06aa83e4477a0666e87081a028a4770c679a51cdb76b230e94f47831328ba983705fe1e4292e37e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5035b60f4d3fd36898fcf8dbd0a8115b4
SHA148b53567dc29c2c100e7956897a3007b531e597b
SHA256b344092e1821699035b1e0dcebfb1623ef3f4d60e2eca616fce4c94a1acf3dee
SHA512602783b998b35d6cf5e3403a45a53f251897c414a03116c010c6911fae34602b26ea6e0765e05621e771c473a682b071938f8ff1211b15d1496504d3e0b10539
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD588c5aa7846b7d32db0fe912488347855
SHA1493aeca3125a4023eb5adb970eb3bcf1bd908728
SHA25661ce98e5c11a781730113887f5ce3f1caf74cfa3cbbf92ee79016b3cc8b7b7d3
SHA512fc17838119e316059c7850b42d0be261317208b0549ca16aafc25e85299b3d4c2aeaf1f63e7ef4bf7b90adfcce17cc65b61989b9c4b4c469e8c005bd96bae53d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55bdb28a7f53e8adade1d389e70d4d16f
SHA1e4a95b305a39a359ea4a8130bab16dabf2660e60
SHA256d53f9492baac35e4904932ea4bd50c0f6e540a52e4459c30a4167e5692c59880
SHA51218228c76e7bfc35131dc73eecdf6b38f6654cbffae8d1e5b086302f425487421387c57a2c403face1d619512b7db1f2595a576ec9bc9c838b674b7efe219a562
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59a0709c75a7ff4d72159c1444d2ea54d
SHA1a46cc84e611ae40744577b3d3b86699c616b9a27
SHA256763a6dd47eda0a84312e0d838e7d549daa46c6964e18b352378435b4bfbafdab
SHA512dadda77a6844c87938ac5185c9f20dbdba40aa9b68fb02629d34de972cb640013323b01ce40af77ab5fb45555873a48ac4bcd5c98bc257873f2710225a9dd201
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f27e0e777f66dbd7066c009fdfb953d6
SHA1fab2458825c668da5089549f7eb03357c71b0ac5
SHA256f85f287825f3c2199ed1934ba5fbee1f03d4c8c34669f0b73c47556d67b56c3a
SHA512c6b24c938cedf375573e91f71b4a0a6ced90853a16c92c09f062396f9322b8e9001ab5b61ecf53b9949b1c95cd9876bd8ec25cb020a2eef70bd093fbdf887852
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e174a7b3241ec084f84925705b7f511a
SHA14428feeabae4c5c597953d1fdad52cd1926e47de
SHA256c8b1877c0c0c4d01c25cc56e97a223f27dfb31d741a5c4593dcfd8b93694a867
SHA512fcba4131a8d3358416e1f8c4c9ebf41b22e5742fe4ed047dea592894d960ceb333076e12aa2f8fc11ed65784eb3d6c05454b0cb0276fd1aa4b15f0c6b2c2e4f0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ac035626822c0d93eaf11a7c223ebd8c
SHA1adfe4fb3674ef16001e5566ff927b8b5f5be862d
SHA2569e852750e12f855d534cd4a683ccb0f23843e7af332b79c5c3204b10928b1e11
SHA512d3623c80054773c4b7f405c482f43520ed12fc0c0900ed76ec32a38a4598398afa33bad35f4ee736e7534a2b619aafd704439ad08a0610948beedc374e786d0e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59ac4222112ef35bd4b6cd83bfb730c7b
SHA146b6487fcf2e8a8049e96bdc489e4c66fcf8ca65
SHA2561435b99ed87a3adc51f8f7642f5d5361dc2f2247944eaa0b1a5571451ed539c9
SHA512e47f389fc8d2af72025f36b91ca250138c9ad206b184a4b8398cd63a7240dae7e2e01d4846b2ffe05dacb1767e8cb0ea2870249322b9feff30eea65f219cea28
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD594def7400c51a37ceed311ffee4efe1b
SHA150aeafabba56f2f6ed3f662a6b3913eb25f15abb
SHA256c633719720210b440237bbeea7cfb633a93725f9060ecdf9282f9131808d8d01
SHA512d1b43aa589275376fb82470342d91050431a9d50bf5d5c6887ac447f29538b55a17e1774413836fd9af11e331a1445da0cb63d861e0e0eb970b3c13a4203c9d7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59965d2402263a3922513bb369228222f
SHA1d3b0d16fcf0674d92bdd61584d5fc383ad8d04ea
SHA25664db831395ba500c70ea50f9f9e5407cf034b3d839b873b90242c56cffcb041a
SHA51223f89b603e1d940688de0733a057da34f364a037762afea505fef7ac5b16caa6d3644c4dc7d74c120e58c95cf89ec7658ee4ac80dbccb15f3fa9966a1db8f681
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e5400676449d22f12ce67f89e3511757
SHA10318d181adf406e7dfa57f794e23f892bdd2397b
SHA256e01bb187a6529f152e7514fcb5130254a966b8f9b0e1a28fd0784dbc60b7860d
SHA5125153618dce3316594a9e13e1c1d73c8032b498871db010f1cf592661dad36b8c7625ed0b15874fb50d59b8e293f390663ca62f9972d9fa77e606e9fbebbf4cec
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b