Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13/06/2024, 05:05
Static task
static1
Behavioral task
behavioral1
Sample
a3ea2c3375eab736ab7e8bfa9b63fc31_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a3ea2c3375eab736ab7e8bfa9b63fc31_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a3ea2c3375eab736ab7e8bfa9b63fc31_JaffaCakes118.html
-
Size
69KB
-
MD5
a3ea2c3375eab736ab7e8bfa9b63fc31
-
SHA1
3b95674ab6aadfd60f45d5b9508b97cdb63bd62e
-
SHA256
d60f1a79b3f11847e15de4e2402463932a99543c93a970e829dfd03487298f72
-
SHA512
871007736f184521996b8d84b8e2ee35af0dfe08f5e449b8237e0c77f32094053787330abaeca9a64dbc5c4497dca0e246302f20701d361644ec655df44e09d7
-
SSDEEP
1536:eIRIOITIwIgIiKZgNDfIwIGI5IVJ7SqIRIOITIwIgIiKZgNDfIwIGI5IVJ7SZOzD:NOzF/OIEFEQbYmISPA
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 307bc8754fbdda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000004440f8fd7cb1e4e4fed6d1f17ce5683d17ede816fda7fd3160d4834fadc31fdc000000000e8000000002000020000000d2c3dc0c688dcce262b14b18e0b0481597c4b4d0fd12c09ad1584eeb4aa56d2290000000d0494c6fa4936a3eec931e3a0cd952523854f787fcc8be7a7ab67a5a088a908dc28a56e7e012f3ca33c8a39fcd07fcac4691c7b546bc1ecc955bcb16e0e6591586e752ac1f3f1847363b4e0d3397341a87c5a475cbe5c872fb1b5ae38c4cf41b96d0a50abfd299c4f1c3f031f6d0427ff42600e11c04f327a18f53a220364ce94541ef68c6d35db27908ac843108d53340000000131d6e134ff3975a14d338b56092f87a3ac169652681dd0f5a2a0d848de140d18fe8114effa7c6be494aa5f2fb21a07572a324c0d2e94be9ee75c8341d696380 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424417025" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000021711504962de88500522052d16b8962f280373651690c0cf97e04a46665200f000000000e80000000020000200000002bac3fb1cb540fa7e6bfc0b1bf4233f4158dce864c99ce0c956ea7a2800872b4200000003b3865e38b80147fc007789da01b737c64dce3b372e369314ff3802485d1c61240000000fd832afdde36b9a003d1e16a3ba0b2dc46035c30d326e17e4200d8ae85467d50cb8f0fa56463fcf6ba2d526be362fb77f6dfb00a8eca330590dc36ba1f37e854 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9D97EAB1-2942-11EF-8144-CE80800B5EC6} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2240 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2240 iexplore.exe 2240 iexplore.exe 2100 IEXPLORE.EXE 2100 IEXPLORE.EXE 2100 IEXPLORE.EXE 2100 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2240 wrote to memory of 2100 2240 iexplore.exe 28 PID 2240 wrote to memory of 2100 2240 iexplore.exe 28 PID 2240 wrote to memory of 2100 2240 iexplore.exe 28 PID 2240 wrote to memory of 2100 2240 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3ea2c3375eab736ab7e8bfa9b63fc31_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2240 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2240 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2100
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c7603ea3388da0fdfef6cb0dda2138e3
SHA120e1ab55d732f332533d7d0fe34c6b9e5473876d
SHA256b9de441d3318e1e5903ec79a2d1295b839491d37ab8afc994eed63ec052a094c
SHA51263c858cb22bd092639e81e8d29ebd6844905f7f452dbb53c29d80dc6b6dd6e15e2bb8726365bc2393bdf2941f404f4c25a63036840f02e5bc5c0991262b516c3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51deb7e457806aa2796e45c60bd4f7af7
SHA12b725aa617aa6ad4d3e89183b06e2ab187d14e86
SHA25682b273376ed02c643db26f342178452fbd57c531c3973a60dc4bbdca12172103
SHA512b16d9eb346f9284118aabca744403bdd9c138330cbd967f37345ef7a1ac6ca97da361c09c71d72f1452ebd5cd76067e7bb8d218d265dff14554f05c78173a08f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c7364959c3285751c7f72ab3e4004485
SHA17c6df523d073e204eb4783427ce3603b2a48e541
SHA256cfbecc6a8f42570a89f97e9038f7f5d810ee4a58db108fc5ff55eca069f3afcd
SHA512b9e10ef0afa7fb5211d7ee4b4f85fbeb94be2be121a84602fd53dd9150dd5657947f8affafbdb20ce169fea7735fb1000f506f3ef191565c716f77f2cb55d581
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a539a60e052c196e0970bce8abfdba6c
SHA12ac4f67ff1f1afa3f63ca36435b86f098efa71f8
SHA256ec26c0e118323f1825dbe436f8dfdda9ade4821202ff8168403bf93a9b2b2e81
SHA512ea5fde7c0687e8d7d07d294c5708027e8afe1135b5142a2eba780b196c6cccbfbe2b342f79113633dcd553093a4041ef29fa4afe4addc709f4b4ee072a89b8f0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5935c3017f2bbed73f551c2a2c1ac3922
SHA17e53f2f96b74ce6a1fb02f12a7b26f1aeb79ebc8
SHA256645b6d7d5bb96ea457e3811ed66508690bd9a0257957d0f9fa5bd6fb91637fe8
SHA512496d36a79702df0770de75c1edff977d24816b2eca2c48e9d8eb9bf02e06c4f74449b9e07fd680ee75dc78947598fb39c09269a86e34e7003f69272e29df751d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD581163d0bdd6e92f5b5c78589a0d1afee
SHA1e1351976556a932c0bfc2f1d4b086a2c571b55e1
SHA2565c9573b61bb2fdb1867543ede886301f3f47e0c2f41adc518eac9f2205d4aa94
SHA512cec8e8d5f0e6512697f5afacac4f04953baad303bf3c1fa8bb00745b3647de027cc994141925d4864520e913876b5a9103b1a7fb849af9fe2641e9d7cd707921
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5347b6b3b439cfede97568744613c597a
SHA158b6d460e827ee59f222f7c22efbf38550cdefa3
SHA256648b2e9e17ebac2a9341a02111124c1e906493bd81b465a34bf878ef20a26d02
SHA51291e9aaec51c871503643d98d7c399cefceadebe7d5e8c43c216a3572f4043f8dc02ecc07881b0d1ca72667d432fd4f82d6f5953d6f4d9ffc50d45517a412d792
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59dde0afd1d173fc875eb5dc848601804
SHA124230c917aed02fd6ffdfdb5b22860d9c48cf4b5
SHA2565e41174f98a6fc901a08c09c87d0f9283dee0a1391cc69d16a903e6a5b96a0f8
SHA512bbd6b84759c49a738db793d2c79477a27e7b7af52d71c6aa0075d176b31fe58e91034aa0af557d549b24294fedfeb4544c71d670b8bb7395fcbc91fbf8d2bbb8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c0ef7387d50f95d26441da32edbd842b
SHA1ad5b7a147caf73e4038dfcd2c737fb3ebdcef412
SHA2569e966bad5f51d04701d312b69b6b5ca5f1f29cdf27b694a781c2ad508b9ca6c2
SHA512b96de07949395a9baaa5b3b8394197b89d5098053fb10c78125272bec13dbbeb6404b6587f7c11c755bb12c97b2bee8638fe6a35d9d3b8e60eb1e4761e225636
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53fb416bbcce918261fcca7e60544938c
SHA171758c129cb1699ddd2a174a9f1de84c9e31fe2d
SHA256ad366bfe58a4508c95ca1351834addde0ef068a2e08b3b7a6971fdb3d307b1b5
SHA51296bed6ca5dd6086eb9d8134479d0d347a60d15a238a0967b01a6f7bae0f3b5ca4986e924045e15f5d79ad15dd796be608f9391a9a481a112e9e16bd506fb427a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD572063c385b009020fbf632718ce2e7a7
SHA150dfccd7b23806776ac614e24b82f96a3f2da540
SHA25671b66e2057f8c6a50f94413fc5fce53e63e411bd45bc63d3dc287bc99eb543f2
SHA51262801caa5b53a9004c1667763aa0a20d38b6ab0ca7b84a173436c5287039cf025231bcc6cfac54296a31816698a32ec0afc0276a0c26f3ac4133352cf1863943
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5eff9c8df8a2b9c507193eb0cc52d38cb
SHA10ba0161e47549e490d09e449031f39c05b4f272f
SHA256587923915c0bd850b995d33077af8d0f772898a99046295662683ac5da4fd6f7
SHA5128033380336d7873f9af51c7c02bd98bbdd7b6f69c7d6704ebcb238ee232dd848c742a69fa277793014ac1c7c733ddb24a4e71101ac41f8e34671f7d4c7e89c59
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ca585474e617b6831228cd04b0ca032c
SHA1a0d5d5622fb620c2fb40c5a668a653d08a32db7a
SHA256c4112d48b0e753a7922af8e3c298338828ae7cd6bae1c4ba210b5ac9b139ac88
SHA5123d67d0991d2aa8c715e98f17c07ec54576dabf78fffe1b4a725d6814f8e96b9663df788839d992706bad7247e86806ea4f55f3865a7adfb3387f31ebd1a4f5f6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dc25ae0abd4e10c58cb4e970b29c8a35
SHA1d5993436d446b5cf3800d86147d042b1e5cb7287
SHA256b36990931aa3724f38ead0abc61c2040917de176c579e677f86756eddea2396e
SHA5129fd7d797cbef9e27c82ca394544647794c72b3a132768cd416fedc6bcd628c7a5e2978c987623966397dba7e0fea3fcad3689b1937e063ec386debcd335af927
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ae567951e20c6d590666468634f5d448
SHA100d2f83f54c64ec0476b537898cebeecd78fdc31
SHA25634f59bec3d67ffcc9fd5dc0e83d2b20ff4136b4f6c96f4180e00c6cb981c776c
SHA51224cbdf21a2b21e472bdbd596281c5af45c49e7081f045b82aa288cda044b6407deb93f8678333bd9eb889031ea30a36879e2a8d081add4baa6d85a7511174780
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f19c45be4eb81a4d19730cf4a162ad45
SHA1f53ab190675cf46aa7605663a5feea0c4d7b5600
SHA256a11424e38542197e699a18efbe81b31e75bcd2ccb3d20cd9a82241752427dcad
SHA5121af58f3d0dfa702d3b25feb4061caa9d2cd2c5115e596d10b96bab61d54fc4d5cbd88be21bb045851fa74f8d1129cfa602dfb448258b0e2bc8ef7cb05957bc00
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56c9d6c2bcc1a09277a740716914f7adf
SHA13c30c3638ee20ad860dd305e02013af484b58da6
SHA256877844668840ec74b4d8bd8bc72f38834cf9f059ccd45cfe9acfc9b3f301e015
SHA51285ba3faf5fccea32b698bd158e0b2d694f0db878bf39f28b25a66caa7e8c469ce39cb4c1f9ae5786f1505e28ecaa2df254ed8f2010778cd079a01e227f6146d0
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b