Analysis
-
max time kernel
120s -
max time network
134s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13/06/2024, 05:00
Static task
static1
Behavioral task
behavioral1
Sample
a3e6367390886e653730920763385e3e_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a3e6367390886e653730920763385e3e_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a3e6367390886e653730920763385e3e_JaffaCakes118.html
-
Size
67KB
-
MD5
a3e6367390886e653730920763385e3e
-
SHA1
ea32347c610c9b06b8aecd81976185db6614fe26
-
SHA256
609e0e439ce5ef05b2d2532f9b118520438bdda921483f8073cc33890f72dc26
-
SHA512
cdf88edebdd534da6bbbc0a8afbe1a54b079eb03355a063b3b88d6e7a218006d3a95b5d9ed552e9f2ce1f0d36e257f3bcb637bdc0b3187fd2df011cd77a8ecbb
-
SSDEEP
768:JilgcMsSZ8tN99OIs1JqXUmtoTySqQCZkoTnMdtbBnfBgN8/oygcR/QFVG8c//IK:J9WOTYPec0tbrga6cuNnzIjv
Malware Config
Signatures
-
description ioc Process Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000d72602df08961183cbd86b9fd200d4b7d97ef202888887a3b90c348f9ca317bd000000000e8000000002000020000000574ab4cc942fd4563f3d1d7c535db7aac40a88be9b2b72b18633089d682e4b57200000007fd6ce9f4e8f87ac7860d5cd78834a64fd8bdf9f1120864ff698cb55c14dc63a40000000c03260a89b2aa47dcf0c16db23c9a6f598c7d14cdf6a05cc9e10b4d5262583656bde77d09dbfce8ef8d5afcc81d58a520ba71e05b751c0bcd98b7c39213be398 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424416720" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E73A7DF1-2941-11EF-B848-DEDD52EED8E0} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d05354bd4ebdda01 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000007c76814996474307b0fceff18d2938db1a825a7481db5825e3b4970151e4550c000000000e8000000002000020000000f79f0d6b4bae77b10cd53ddf6164fd50ab4c6e877d70bbc3efadd7d1af75ef42900000006255347335917e18a526e132f7788b85a9f8811eadb6b8a7030983ea136b578e98ec8e394ab7cd5e6a3c56e5d71f1f937ffa4ccec63590999048df3c3bb814ca40cc11f3153d071abc455ee410638702a51cb26c5d97a70d94e28fc210287c1c7621e42f82b603f5c09d6a385cc8d62082a863229462d667c773e0b116bcd6a76cff78c90dcebb77d6fe88e713f912bb400000006ebb62ac1eb563746c429386bac70a84efe81d7012aa020dd159cf00997eb56c57649b9ee93cdde181ffb1168cfcb531730d4ac99dba96986450fba0dfa695c1 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1200 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1200 iexplore.exe 1200 iexplore.exe 3032 IEXPLORE.EXE 3032 IEXPLORE.EXE 3032 IEXPLORE.EXE 3032 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1200 wrote to memory of 3032 1200 iexplore.exe 28 PID 1200 wrote to memory of 3032 1200 iexplore.exe 28 PID 1200 wrote to memory of 3032 1200 iexplore.exe 28 PID 1200 wrote to memory of 3032 1200 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3e6367390886e653730920763385e3e_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1200 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1200 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3032
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize1KB
MD5d3049f1a4b143f13261e38abab901109
SHA11810917619ef7b98f40697c12f35a75575665f8f
SHA25669df6863aa24aedecf107a7e2e0353d592c52a5905cc2833d824c2298733e9d6
SHA5126af844057e960d6f4165f297891b676492281fc4abdd7346a220b1972124fabe2a9e0f7b3825c9f67c1ed885262cf6fb994c4dcd607c1981005291a240b6e958
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fdaf2681db1eec1a684c257189177cb4
SHA1dd659cc57cee7c2c4c7638fd9e05bfc490ee2f27
SHA256b6f689fa4dacf2706675e62d1bf7b41d4b10794a20b5489bf2f7e83bda844efb
SHA5125be50b38ef38b13b6f30659daedf3ab8e6ceaffd730ee77616f8d416d07b9a2291d231646133751a72d5932c06e26f31f15154abd7236f79692ae7f726ed544b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD557bec6504d8aebe81f1aef9826a33cfa
SHA1dab5848edf552dbb66e987a37543681c89d49457
SHA2562c10d5af14b3b1541eb54170cc6016045bac4539e56f10dd86072dba0805a315
SHA512e3e9d8b71dd865f933da371515eef8ac7df99536f51a1ea56da06b8f6e31ce83e2ada6612d4d99e2b99047eaf262b3892d57e47d9b183d3e62cbba56372d7a36
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f59819a70da79ea69492f6c31aa71b0e
SHA10017bb4327e2ceaf1cf023342c524a4884fa4f62
SHA256dae6b67391d55cca966b431f3cf5515583fb4105bcd608a5dd437a1ee9bb0846
SHA51219cc2fba9f5eabb38aba81675744b22022b78b7561bcb0643eb78740c19e2cd2733c6b6ffbabab4be376085961fcd46e38360a2c4d2c5c925b0e5bab0d09b8b1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bfbc271f88664c12bc2c546feca103c5
SHA17aa5b42da37c1be376c51bbed59307ce157bffa3
SHA256a1a0d2ed3e0994d68b18d19555e31d03541b57744d4ca548df1efdbeb2dacaef
SHA5125881fccbdddda585fb4ebd91b8736bee8695e14307175e87881fdfc80dc9c0105320559c19066fb98e609f399896efa63cbbe8a4449e9d5ef3d99e5f823425c8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ae2a26018b0234d8dc2311e7b67a45fa
SHA13faef9df646888de2c2cabae5eda4c4a3240b0a1
SHA2569a68ee045e20b6beb03bb064e612da9f081e5dfa4a66d6e47ed262e301dea96d
SHA512541b5899797ad46fd9cba1f3879b9e8cafd93934a067b706801bd2419985845db36d4c26cb58171786b9666dddf432509e7037d9b47dbc51347130cd5d7eb2d7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5742393592011d617dcb25c0a06b6f210
SHA1d00299ed46ef0a52fbca21695f9d0111b3f5b194
SHA2565a3f29fa8dabe3f5d6fdf7273a4800a3bdb89c4999441e196aaa8c50a5852daa
SHA5123c68c417f52a59900ea21370fcd461b14fd1559e8d0cd50358ec55c8d0201d5325b4ceceb58b856c2a9636e42e7106be918bb1bfba4699a776d25558f9473b50
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f0c7e99e4de5990ee8af4c60c7eb88da
SHA1e577cf128b9f315c0066ee9b9075f78c1a8dbaf5
SHA2560970860a60d1e5763bca53134d9b3bf790567aca5f77e16f3f8374a76f5f6c08
SHA5121bd5d632145539839e46eb206105bfbf14d2e5178a1d7b076d6c0332948db96a0ebea74308e40a989286df8fdcf93c0d04f3d480dd3f2ddf8fd56dbd21fbe416
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57623985873ce3b088da8ef83fee9b5ed
SHA1a9ae73865d247f20690719860c854a6adc74d6be
SHA25685ed46f972a79cd18c241f07b769802da5d0cee56665feabd42f9aaaec0ce3f0
SHA51250e387316a669099e21bf4d1887b80923fc74098f48fae2fb3e558fe4bc740b341f7a8196fbd003542fcccf6715e325ca9793516c9647998f13a3c50aa54ca84
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50175839464dcfd29b4cefc89123c9600
SHA1f6e767755bbd3e1821aecb4c1f6ea9717cb9cac7
SHA25638e5e8d39fe93d3eb1d706bc84a770af6f17370e9fe00012910db5bb9b79b96f
SHA5125adf5dfdbaf8538df778d88a9642f209b0a858b45a82d1a1c4017c286d8be9e3138c0952ad12aed45fe0918f3a716670c5e8c3e62fc4e9632993fa3831819503
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ec62ee648cdbd5fc1d14a7a9e40c943a
SHA107721514435e5f54f68c8c200567ee794a5ec205
SHA25641a454714211c2f0977f7755050dd6e1760a382d3f3167b70b110084d9a8cf60
SHA5127abc9782f3a0f8ef705fc600668191d6a8b5dec82153a9f7343d39c4182e420b6b8fdbc40ed4ab383fb7c796135dfd59b516f0e85b52c2a823ebf0df7fa3e7cb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD557839da43f3edb600684710f14a70638
SHA13f4e894ca0f937403fbd8a06cff190840e4f815c
SHA25646788877f5ef22acaa0ff608a84607b66f7426b4feb5bb4618e6b49b0fafe66b
SHA512b3c1d2c0cb24e9fe81af39cc5c203469f02afa025507bb7748efc86fe5c07cf7c27025de5018613ee4b05954418f95cb0bb477d58190fb9493e00d84a418da84
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD534bf342691daa5e09e03de1be633dd20
SHA126b4921afdcb1a0278d5de6e113e362a583b54f6
SHA2566dcb0dafe2f6b8ae59813eece3dc3cea7ef96b8adef90dabd305a8904248336b
SHA512ea0186dbd83512b4a4dc5ad14f104a15b6b01bb7ae6eaefcbdf9c260891e0f093fd7d583108ad7208cf53a9b084ced54711c37b17edfd1d6d9cad16f3e019e53
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58326b6b950796366a69415107cae9cd2
SHA1a86e4407a497bc80a730aab94b39023b0462f552
SHA256e6eec481fd83a33e3807d3a9d29755e00fbcd292dcbb06d82277fe4242f373c7
SHA512f839c004266a7727041c743b2c6b2b246c0fd48e46ac52d75cc62d558c3e360f5f33b1d370c5bbb4643795b41623203b7ad46b4133f291d609c06eee7a66d6c3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e99cdbf437ccdcca750bfbdd2a92e447
SHA155f1170ded9763dd5f45998b47958e911a1498c7
SHA2564d031db58bfa24c5faabaa050077709d40d09893e241565478d937e50c4e4495
SHA5128c48b985c4af4164037ca71fc290323ca264ba0a8685835a9bc42d9e46d20dc0e509b0b983435983e79fcca9bab06437c006edceaa73682be4a54cd26b1f4146
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55b11f84a6e2417ce6f74417c3c7cc03c
SHA10223b314aeecda16bd8f8a04767c508cd3bac867
SHA256d413b367407c5fe5f2d83a152899f2d4f84e70aa7082f7a857b09d1f1fe920f1
SHA5121996337a09e9cc2e6d4a8d78b9e3d6d5c1a2b1bea6827ffa91f1e3c332b19d8b1bc023a6eb139a6858e8b597a0c3ae3601ca8784ef671af1440fa7a7286c826b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ac264540a859c444e0ecff2c7b86976f
SHA155ba3e1b997e96210f49b8f1302d213bf229e65d
SHA25624b0873b2cfab6040d2bc6073beb31b6d7627939dccbd6c54ae3aa2b563bd98b
SHA512bc1a86c0a2d1734a77e316096d19a59d1ea36a5118f8d04304262f4fa2e44931ab2f8b22a25cab5fddd5b869bea2de0aef38786950cb4eb54ffe204877f10498
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a8562e22154f278ecfed119531f46eb8
SHA16bddc048de36f433233ec05db5f763942b2d74c8
SHA256d4ff2970a4bf4d9d7e4e5bd0503ed61f6e1cf6cdd772346bd3d1dcf1a449b1b5
SHA512a8ff61205b02b69e2aecbc0485dbe3384c680bec8940fdcf57bf0aba66c5f603b6d9894bc16f8b843cfd341d231622dd2d63801c32dec27e3cc87ce68ef8338d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a7bc7c580f250d3ff1dbc1558f21d188
SHA18db5e6ff01d927dd56caea27cdb1498d00062709
SHA2569a1ce2dfe19b818a6e111242df7dcb41ae4960c994fc0481cd98637a07d264b9
SHA51250dfad59d3bedb931fd338fed3c205d75d29fd2b2550e9b411174fa193ac94e0e559d207dae2d12bf5652ff36976ed374b01eae79d002bdd276fec05059cf720
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b