Analysis
-
max time kernel
122s -
max time network
134s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13/06/2024, 04:36
Static task
static1
Behavioral task
behavioral1
Sample
a3d695962ef099b15f071af704de211d_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a3d695962ef099b15f071af704de211d_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a3d695962ef099b15f071af704de211d_JaffaCakes118.html
-
Size
2KB
-
MD5
a3d695962ef099b15f071af704de211d
-
SHA1
689ed4a7709f402c3418d9ef00426ba42b571a9d
-
SHA256
0447f4c50989827c78b3654bab193f94f7cb902f82dc7493cf10714355aec1ac
-
SHA512
78d86d0a3197927730042c74617301450b66a4e752852feefa3e1efc6175ed2eef3c8a36e87e376e9424a150a7880bb7d156fce1ee68d88a27a5fcf217651830
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7D419581-293E-11EF-8A4F-62EADBC3072C} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000263dd3a318765a1b75e6b10f8c11425df228543e953354a2453061e2816d78b0000000000e8000000002000020000000a793a5fe09b551efbd9bfa0477431b6fccdf3c4071814e93ded6b3551b98862020000000b06c2d86b29c3035a6d0d9866ed5ee3e68e4e412f50d5d1d9ea377960011d69040000000e8eab4a7235f4c6f1306590d3a41b91c8d49ba069a65c0b693716c085c905a5d89f3112fd769d5344bec1d077853aa5c59b7095d7eb0b37ce804243a4b26b8b8 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000c5dd4e3c2d84ca267e0a275337785f6f0ad254f2a2620bf0692b54dd9e5f5b0c000000000e8000000002000020000000ba5d2b1f7291ee24a09bded1e471ef65a343c8a27f1495de48e32bb668a213e190000000906d9295314c682bad636c547180b39ae08dfa55b3913a53a16c4f46e30a8fe96410878f5281915a61a1a1a18cfa026bd0a09b50b302eed4d752fac8515dbcbd820191fa298c14c5e40f6176a3e52f5c470552c56a416bb9fd71b4ee562a9fcfc1bab46c8f8cc97ea8c0e691550806218422f32a3c5d097a2a020909e4eb714b04c38cfbcfff0e033e62fd6a9070b4c44000000003a8a3c92eb81a8de4c221552cf4e14620a1667a350e4e451d09d5271d5d61ed27a24a4d61a1eabecf826d6dc3c32e54d1f410ac885e0d6260de4c50894ea644 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 607160524bbdda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424415252" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2196 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2196 iexplore.exe 2196 iexplore.exe 1716 IEXPLORE.EXE 1716 IEXPLORE.EXE 1716 IEXPLORE.EXE 1716 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2196 wrote to memory of 1716 2196 iexplore.exe 28 PID 2196 wrote to memory of 1716 2196 iexplore.exe 28 PID 2196 wrote to memory of 1716 2196 iexplore.exe 28 PID 2196 wrote to memory of 1716 2196 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3d695962ef099b15f071af704de211d_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2196 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2196 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1716
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52aea390177455d251e5db85578204a78
SHA14e6783b3737ad419919ab3ae9d472d420801e255
SHA256597f417947efc33be0d7a807f6732734f8dbfe2e4407e4c7f8d9ce36e29896e8
SHA512dca6fcf8d4fcd5929f4dc6cad9c26b2659189b140728ad3f3e5f3fbf5e55f5fdf7c9792e72443ec5a35ca00325d5103637f75007da86f093af14aef923e0e18c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56828b83a41404160a41320a12c363896
SHA13ea57929a2462834914dfe3e2ff3997cc43ab0ec
SHA2565acefe077a9f0ca34abed56b570f322ed81772ea8d28c9292dc9e89ca1056d5e
SHA512a2807c11e2372162230aabab851ab3219a32c6e6b5639ef6f09cdcc28144590120bf71e5033d3c461f573ef02376981b50d1fef262f2b2ecce1514adecef480a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ec6bf47378c9688aa4875146310bf54e
SHA11f734638743116b0d88803a5431e1427569c1770
SHA256222b1cbbe2678db9b0d168031815eba62cd13e4335dd53feaeca26ddaf9edb1f
SHA5120746d70be5cd5dd13ed6d687867250a54bfe8dd74d15bba8b2a587e74435831b0a55d099d08dd735e60ff88d96ca66c909e76d40e0645b2f546f456fc8b71dce
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD580933670a839f316cffaa65c3a155d13
SHA1689cab07ed01ef583a27667ebe2c22eb84bdd2f4
SHA256047248b56fec020216195887d577e2334f0779f6ffbe74ef7e6dd30b5b4c29b2
SHA51236887194e51fa505d00e3e2a772a65b011a0bab62c35bc2db8fbbe34bbf032c9cdfe287815b370c48a824c03ddd9800d5356254c9b7fc61883f8379bda863b87
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f12502843cbe0b3099e3f88de5abfc89
SHA15568784027a14ec5b6cd969fb813a531db4eba04
SHA256a6f4b661813105ddd30b0da2ce7dd77d08a47f5120e3634ebb3f91b0db915b33
SHA5124615d620c964ef77c977c5775972f40eb0f3a86d07bd36a86b0de4f2a206d25d40fa83aa17bfa8b960996f0f1718bc454ce537c278d202e668e234869af8a0c3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5973f11ddc9e50a82df5717c7bcfdd606
SHA178aee8d68531b76f0fd1141cd9f43b8810b32617
SHA2565750390b201b2c21a1c64b20f8b21107b357295b1d232c21dd51b07acd17be6d
SHA5123774df3d3266ca9e5cd818ba605ba0a45ab3cfbf5024cd0339946fb5ece0816d008d9c0250fbdd3613ac5dc7a362769fc7286caef496a41d80edf4e7110eb3be
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52d0f792a1a24114764fc456096f475dc
SHA18824e416be156dadf86cf8fdd69fdb9103b1d0e9
SHA25607c31fa6b1887199a813b6e1fb45342cd614b96b01dd088c870fef853a773da6
SHA5129d4806e1c412c3342df7a5750d1db5d7653cc1f6410c3d1f11b599d18c9f26d82706dd717b884c228410c96a48c27473a117a716eb6fa58d0dfcedeafc001839
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD581aaf4f7ab5612ec5b003931ea89d645
SHA16e37ca7a6a130964cdf8e6b66ce268dbfcbf4a38
SHA256c2dda45a4a0cf019e4e414185bb343af7da560b2dab04066168d3fbb96358d25
SHA512a6b6167d1d235f9f3407d26bd85be1aecf90b62a20b9362b9503d61e04f40d653f0a544527ef4a48e3844c61e90890b7eb199b5b6b65da6dd4798cbf5976e84e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53dd960ed00690c280c1eb1bf8715ea9e
SHA1686e5cc63a26ff75520edf026af9cafab459583c
SHA256c54c2868a48aca18f6899912739f95e7a84bfaf55f8397542743a2a87a787739
SHA512fb7c0699c5ea96e92b6403e807e5f5f4d25f319ccb86be214a5298ea20a0aae2261d3b1ad49314524f85e6de51147c13f247d74e8debb43433cfea23210a8abe
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5df6a98087d9adac74389a441c6a6bab1
SHA1c026ebf62edd2d3289b13a5d02c5c06acbe7134d
SHA2566819864469e27da63a8ce9011f8ee8de7c2a461c64bd6b2d141c88d76c12ea8c
SHA5122db5309dcce2aac14f3db33981f52f0e1984511fa89beb6fdb721b76d37d440e7585cc83d0561b600361f1a17906ccf093b86f9bbad0102367aa41854861bafa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55145ebb41c8eb19e56cb852fa8e4a829
SHA1e2177b946c375c43e8ffe4b05c40f9430586f381
SHA256978a26dbd8da75eb36b562643ed6f93a38f7b28a491cb7ae85478d51d13b60be
SHA512c260c600bf19c83ce49af325705b816eeab7e1824f7b4ca81395330a5b70d4d3e6f455e956fcf798ca42c6554dd3f7050ebc672af88df1229a3d80c7a9b432c8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b6bdcc1023ae5ea83a622429e885fa0a
SHA150c827f95a56609b3f9ac16b47b475ebe7f61851
SHA256edc703e4afba7a7df7510228e7ac70c4d225d5a0a26e0863540059656991addd
SHA51232ac8c31ae3b8a229bf1b6fe5b0373718704e95201b01d702409ce224f093ddca3bb33ca8ff93cdc9634260239aa59d34c1bbba509d0387a27f064f7fd0985b9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56fd66fbd1ba07cb1841235e835932d8a
SHA10096d8300aaef5f781cd6404266868398f0d7d27
SHA2565f61aa37b0acae75755d81a812383472057a41d4d307435c37628f783b44afd2
SHA512d6c1f7ac1e325317dbe278d957aa7156c7dfbcb20fe1eeb1a45344caea71c90db8895eeac87a567243f6c9aa0f5c35a728f0d7beb5af2a2d886eb422eb5f9b5f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fde70156e80c7335dac41f9a746606f6
SHA1a56e7c4d17710493099b07a8499839233f94b390
SHA2565b5b37bf0d58a4c02bdce6ed13f44529b151833b48d765683438c6ff7b27949b
SHA512baea9d2f553452a77876cb307caa094aff636dab61319784d75cdbd212da713a68d35b5a898b49c61226cd8b1f12f7f2374c6ef6630921842b8003bc7db25198
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53c66ac2aa71c545ead27683e5129ee2d
SHA1d0f246eedc78ffb558be7e82af0a8647c2b15f33
SHA256d5ba8b124959eb536d01266a4fbe60fede3fb45eae4250f541f3e39b03a74414
SHA51257fcdf013bd05f081f0582f13abc1adaf811a2d4cdb4782c82bfb386f1bbd429d969f78b04d3feaaf9b4ed297c434b2920fd55c2fb35371987c4b8854567170f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD524bd60b1fdef1d86f063674342db7404
SHA14f29ad4429048597739ba392718eec44f2fadf64
SHA2563d22cb099370f544ffbf67dd7d5882ed4ac16e24bf0c3f1f617ef8d3c534a836
SHA51275c357eb72496699891e3cf770cb43ce8791e6b56323474294cc7a87ba0345bdad52e734f5aa797c728a2c0ad26765f66161b4f42b3dcf85998ff20998476342
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c0b7eac669883565d1a18802d935b9cf
SHA11b96aa4c457ec404a5915dbcff307173fe8968f4
SHA25663ba793f88acf5feb3c26091cdbf92d58a121528067558a54c148efa7541db3c
SHA512dceaf9be7c10963445f8c346557cdbffc2cd40df98a3342aadfc493ebb4e57de3179cc5d3ec97606f43dd741a8aabd308a6f4418a9e213402366da2687b7e6b2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5244fef2f96f3dc9bf5197684dd027c6d
SHA1f6ced9b5aae6f018d0c100b918b18fff11e2a31a
SHA256911584f3d92aeb30d025c16a221a474bfccb917028c565b748fd99746b3c683a
SHA512306d428a8f938c730d583fb7b92f0ed7ede310de4f07411a309387a9573bb634248c794d1ecc638e3e606aa9359f22fd641d03302950cc4f707b89f08719f8e7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e230b72cd864b5ec4db9289d64df77d5
SHA1db1cf87d4907e120f983a3a38ddfc49868a33cfa
SHA256fb445be1485764612ab5c3096b5af7fb07dcf42cf6017595d36d7f8da15b9c14
SHA5122457486a2dece6800fb10a130ebd743c10e1b2f08ce279410cd82e033786f2a1e12974b1f5b01c20288c027a3a2ab66829e1a932cd6a509ef26c09f62607091a
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b