Analysis
-
max time kernel
142s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13/06/2024, 05:02
Static task
static1
Behavioral task
behavioral1
Sample
a3e7569fc65e69767fb14de5aa1d87de_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a3e7569fc65e69767fb14de5aa1d87de_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a3e7569fc65e69767fb14de5aa1d87de_JaffaCakes118.html
-
Size
67KB
-
MD5
a3e7569fc65e69767fb14de5aa1d87de
-
SHA1
260b754f399578156b6fa98cf033178342f2cbc4
-
SHA256
a02f64425c2d6544e099ce054a23a2f01a7c53ac3b642a03885f3207f318edf7
-
SHA512
b3a6bdfffd8559ef8d8e2522a7011ae1ebc63b7464b2b20f732e46239b633fd0cc60bb173a284ec5f0c3e8481ea55b96ba0158b8a48e81462a4d324ae4bdc448
-
SSDEEP
768:JiRgcMiR3sI2PDDnX0g67qxAo1oTyS1wCZkoTyMdtbBnfBgN8/lboi2hcpQFVG8X:JFkoyTzNen0tbrga94hcuNnQC
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424416814" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{200E6791-2942-11EF-A1F0-7EE57A38E3C7} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000007ba3929aa8da0a02302ef8ac9787a22bc1bf4d73b6e607f067dc5d9bfbc8aa28000000000e8000000002000020000000736eacfee4860ea62a6fbac60ac4e04b46fac8b8d4c884b2f9275d9462baf1b9900000003df4cd7985a67133cfa718ff8bf9ae647aa6177d97f4c1f76d8f201e00b464d9a2c0fd4db094cb064b4aee6fdb8fe21e9d387eee1720ba622ca037babdc81053d37dabdf439ac0c04fed934087522dfce534ccc55aa1f5f1b3d7dbad46075b9ae9a0f0508c1b70ba0c8f64fc2c2971d4b854c304b29c86fc414bc7a222fb56169f2715ff7cd16d24d602564ac032ee8540000000edf8fd6f36d4ed52b097c0ee575face9cb0f40edcb94a7691ef5bff647c8625bcd160531fc791fd6c782781c66e899daeeeb8b1a0f2ad1a909b789141c9855a3 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80fa92f54ebdda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000fac12d70b324d04f1802eaf7661d7ad87631c0b4f646efacbbc3d3207d1c104b000000000e8000000002000020000000357d611cd28da7111e40676510db49c0872c4a2479fa65f5eeeebb86a3e467a020000000459667bf805810b948ba7c4594aff1d0190a26ef466f0d08afaa4e2b84645fac400000007d1371513aaec10cec243f5c1e295548a7ef06178f9baf3ee0c97dc9569bd42c4f0106494877618e9ed2e97f1071bdda9dd4c50003f7e3dd2ccfeea8cbd04ec4 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3008 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 3008 iexplore.exe 3008 iexplore.exe 2780 IEXPLORE.EXE 2780 IEXPLORE.EXE 2780 IEXPLORE.EXE 2780 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3008 wrote to memory of 2780 3008 iexplore.exe 28 PID 3008 wrote to memory of 2780 3008 iexplore.exe 28 PID 3008 wrote to memory of 2780 3008 iexplore.exe 28 PID 3008 wrote to memory of 2780 3008 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3e7569fc65e69767fb14de5aa1d87de_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3008 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3008 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2780
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56d0d85cbc249f285b1f7b67ea36e1bff
SHA1fb137f4de9a79a490d29abf45213b16456f3203d
SHA256de443d31d8849e7233533afa7b55fbc3639f0684bf96800914cb955a4a122b17
SHA512ebf9ee73c672c9e12ad0c8b9c36117eea3ab290716477cbd1c8fe22f117943770b011ad2d1d2e7efbbb46fab347bdebe4baa83431b6399bf6a3fb5d14780db1b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59a207ff7d3a0837d1df215f07091bfd9
SHA19c71d1dcab4aa140a8f5ca702723fb99d9139794
SHA256f3128eba0486de49ce119130f5d76de81dc3170a823007fe6e64cc2544c334f1
SHA5123ae9bab9395daf23f7e4104e18958212ca86825cc3341bdd4e778d0bef2a711a024ea3f3918c945d294ab6b40127d60acb4f936d8c37104e5ce4186822fc4cb8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a30a48485193b6b3715ae7a070aab009
SHA1f564a4f63cd440bc9c987f3d708a6d66d55cf14b
SHA256b70c39fa80e952de879763401ffeea0dc41467c5a3b9ee33f5f83a7ed7f0acad
SHA512547f0dfd7ad2a0bd94403d156a55c4e628a74d9678a059c122e00afb9b3d2bad7e817532ae01f8a17c023121dfe25b4da41bb175f510ec1366c52abbcac6a61d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD554bd579c3c211ab9c83f8692757babba
SHA10db606b3be98f449bfea3da9c28649ad02cb61bd
SHA2562a7c92981c42edd28006ce27a4ea91798d089240d36502edcc2fad3a16187932
SHA512e86daccc3c24f23c3858b418f25f64b94938f83668cb29b635aa34fefc3283b2de22b4378088fd4b03a4a487e5241c0aa22b725765cc186a6f67098e5a1ad693
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50772ea3763386397d1c62471bf524e0a
SHA147a153283f3fe03fb9d04561fb146ed52efe8f7d
SHA25653cc6214ec04f562035d8d955961221e4462e95d71ff9ffba2a8b48170efbf94
SHA5122961204f6f6f5c342a8f8390d3f46fd68ca2584b3e432135356ec8c5bd25ab61c9b8ed819e32fea7949126b4f71cd7e6e93c17129f0dca6b58003b14acf7409f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57eb1b092aaab856e1527676139832760
SHA1101665f7bc07c1d84f4039286599cb000e731c0d
SHA25653cd53eb12c9363d6a78f3445d1ad546525b70a8414901b2d0a17c450650d010
SHA5122de35910b66517e4874a5cae94b3f8f278897e91e54764a74fe9c496877cf30db884f0cb368beaa96a7fec8c6677cdaec36c0b5757c4915c52fb0f3ab5d27326
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c0d3cae3453ae48b2d913696fd97f851
SHA1ec816eb49e00c1518e91bca170c1218547edecef
SHA256bcd11a159599073a2a82696ba8e1df8f5f7026e06745081b1cdf263755d157d5
SHA5120e9338d31da0404989983f32646e2ded3dc1eca191510b98e012ad1bc41e9efb6411b6085e7aac569aba27ff81214956f79739618466af89b611487b22713327
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f538b7d82a86048fc666ffb8ad9fd9fb
SHA1dda24510941ad9c11b75b13a2e6f6a4eae4dc367
SHA25621b69acc7e534630f481316838cb2c143decb236a021207ee431b1edcae45b9c
SHA512899d767016891fc902d6e5089ffc400473e450cd2d597931ae48fa5806c1dab4ff87882ac7c78a292021020e3811c377df625bff0868f5b80035a1bfc68c7cc4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5be1ab020f396b350d2b8c0940b932792
SHA1bdb7bdf5f64e58b552968386556b3704f41c2164
SHA256f41d8c67a2287bb024b435b3b688f3f09f0bab648d667440670fcc4ca0929cbe
SHA512bc0a43e671b136bd535274917563d485e0c07f22433e3021fd2645c46956c97f68f6220a1313ddd7763a8e36b69b481f7894c4b4114592f96fc84878bf303054
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d3577c8eee62415e3296df55e9a30b0e
SHA1cb8b27e2683a5e0b61f08dd26e714d20a58db024
SHA25650be1b7201f7a46208b24e2d2a0c64e751dba25641ef0c6a0ff943f8499e9e46
SHA51205eed972e530a85e08847f09d872939232f41ca07441f9e823b503cdfb7c924a8cffa6414e7d4c21f4cacb963e334f35219cf1b298c3c2281627e7840b70d4f1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51353ac128a00672dbf84025335aeafe3
SHA186e82fd79842f25fb7ec76435e5e8398a97763d9
SHA2560ab8a34f3b653a3dedc5b6596cdb2799424b17a0695e83df1317a72cfeccf040
SHA512703794ecd67631ab50d1fadb797fa10f9d63d7d63e2d176444b24a0fa200b2ffac6978868e868bcfcd6ae644e945b52c5d57de1faad4ba81395651382aacc1bc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5792611f1fa95c8566065cd0293c769c9
SHA1d5046c475737af6b316525b9ad167b7886d710a6
SHA256ec114125ab29f1684022b2f35c34ca7cb7c8c297405496c6ca6ae801ddf8d923
SHA5124f03525882c156a6ffdb9b9275bdbf84d262a32643b30ac2518a0579789837218ee9c98838826251505890b4fb92d2017a8a4a879236431f169a5efb324e13e6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5077f20cf3f4d6d8dc80b67f3455cd156
SHA1bbc43d33351314ebb3bbd99654d3bae32a3cc02b
SHA2560fea5e971818874dc823949a35a82e1e5a7c75813fcd4c94520192ff02ac42f6
SHA5129ca84caea54974b0fc9e2a78ba6e7b92ab180809bb2996021ede21b37891ed4b18bf3bf894cc2d3a43986c915fab36d9c26aab5e3efbd0a0386cc139d93e08ce
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD530557871e8a14e486ff62369a857191e
SHA169e069d4349f79cd2c4aa6bac65e8a34608d2508
SHA2561568879796852edaa65c364bc9e8529b2000c6ab510cd11ca036150e7302a97f
SHA5126dfa75093118a2d4f56c8e8edb4ea7d660f528e10dcb6c0b52b3389b38cacd1caaf61829249830f8d0a13c5a42bfff224fd31b314a43bf0eac22a2c9e3457559
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD572e4dec110ba91abaf083b9910ef82be
SHA1dfc1daad1f2b28ce336246c8c34ca249642862e8
SHA2569085d5d019aaee53fd8b9b37c9fcba7a641c39d2aef091ea615d26b2e8221285
SHA512067152a7d33ee0ae6f42a6c0a361f6630a69514e057e4db7a5828e085eb787c7e3460bbdcf7e70489d82345afc7f9dc1074d0bad839539c7254ca5eb3987e052
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5140aa4fd47dd0277e9971f6c8bdd8893
SHA113e0c3f1844b1b2fe8f3dbb3a8897d00d84c6271
SHA2568d11d43c2887e2bc9e2ff3d296306e2c9d7fc3d5810ca6f09ae916f6a2c7f2b5
SHA512dc676b9d53e1cba664840d0fc2371d9a3fa3c8eb79357927b1449618e70cdc2296955013bc2f29474c0ecdc65d4cbb9520e624452749fb84b8515eb88bfe8a88
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50301187eff163ab83bf4319ba54d80cf
SHA1c7028e8564b3bdc4ad937f2afeeda34fd27f5b17
SHA256daab1b681b8f993c559ced24aec2e817d13a908143f100ed991d29d678df39c0
SHA512c6c649298e67d13622c518c8abbbf5e9f62c9f69e406ae3607170771d8f002f410d48633e9fe621588fa595303eae85f29362132eabcaa5c0f263d4de26e7824
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e19d2db677afea3c6443a7ea3e9e3dfd
SHA114228c6f802915d95cf5e7c5187c6296e170e9c6
SHA2560ed1a82db28f0ae48b658995a25b145b07211aa28378b1b02f608bdaf1ad84ab
SHA5128ca979fdbf6048f2892e9d108851c6dd67b8fbd7279e23dbac0548affec20c2fc77811546c40ea79d2f70155adf955291cdf2234572d0612043d4e98a8bd0788
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD521d78109827e3e1d498918c813af3d1c
SHA111963fa4eb0b38a605a25ae5fe452459bbb68f34
SHA256bbec952b120990e4ee5978fff8fa23421d7a74d1265388876ca3b075bad4b73b
SHA5126ffcb5a4c6411ad850c619ad0dbabb6dc57ca3f25037a61c5a073e7750fe9fa0d144ee04e513310e8787396abe5b58fa0ffe6c73e0ee39f9ce11e89ae81ad77a
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b