Analysis
-
max time kernel
118s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
13/06/2024, 05:06
Static task
static1
Behavioral task
behavioral1
Sample
a3ea5d51c701ef63b83894bbc599ee79_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
a3ea5d51c701ef63b83894bbc599ee79_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a3ea5d51c701ef63b83894bbc599ee79_JaffaCakes118.html
-
Size
17KB
-
MD5
a3ea5d51c701ef63b83894bbc599ee79
-
SHA1
b643ecfd091d9ace5772e0ca85ebb75f8a7e5008
-
SHA256
9f7c94ea7cb2f8e16ee408716f6a0c54d492297e2b76efd5f00fcb5883255106
-
SHA512
40f0efd5c28941b73e89dfd366c67e6c949a2a2e5d500890e6ca215a7a9eabcc72be0b134a6c8373b7c06f7f4e8af86086ac0db7a99e6363f652ba4eee55ca86
-
SSDEEP
384:EnnKnCIc9eL6C2/qzCAkpi8apjyaNoaqOF0:EnrcLk/qfLGaPp0
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009cd8379dd010964fb7c4d5529dc6324900000000020000000000106600000001000020000000e70cb5f5427944451dadbca29938c63808da3bd1e82d0bfed2e11a6ca81f339c000000000e80000000020000200000000e4be1d8dfb9f12bd9ea8f8e9643d9b3359d39cec7de85d248ae90385b04f2d490000000ae3ea55c15702bbfb62cd13d482bdf627664c4804415a108290e8b6c6fdf079c78f92d6c807cbb131206dd5430fb0e37c947ab549c24fe44e321c4547cd3749e260ee76feffaf729b7ef03f0e617fa63d7ef83f4a5f65b2ee30a177dd3a158a131ccd2b3741ad60d03d632d6910de2c8b414665d78b3588a0dfbc879ab714988f281194c6e70d4a9753f267852916a2040000000c927e8bef09d4cddccc1d0c1149022dbfc4589bfdc9f44019643374c934304a8e8652a0eadedd25f77c74d58b9ddbd6c6cb6936092c73ff63ba4677cafa93e87 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009cd8379dd010964fb7c4d5529dc6324900000000020000000000106600000001000020000000139a8a305d5cd3165c3fba411ffdab357af3d2b67f49b729a5ef8779eaed7482000000000e800000000200002000000049a03f607bd80a6da9440c92aefdaf581542ebe61789a57ea3c6fae4d5eaf03320000000aedd97222719c623567fedca4ccb6a2a4a86173af6473f6d6355f68092e4231440000000f486e22ede8f7ea2f9ecac51a695f9f6a1362e8aca39987613dbd9b9eef4046bcafefcac432a72da4d51dd681de2b7f8d9b97f0fc5ba1cf06e562cb4fd1a8f3d iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 802fe67b4fbdda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424417038" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A6B002E1-2942-11EF-BE0C-E2E647A5CFB6} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2932 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2932 iexplore.exe 2932 iexplore.exe 2548 IEXPLORE.EXE 2548 IEXPLORE.EXE 2548 IEXPLORE.EXE 2548 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2932 wrote to memory of 2548 2932 iexplore.exe 28 PID 2932 wrote to memory of 2548 2932 iexplore.exe 28 PID 2932 wrote to memory of 2548 2932 iexplore.exe 28 PID 2932 wrote to memory of 2548 2932 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3ea5d51c701ef63b83894bbc599ee79_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2932 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2932 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2548
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD533708e6eb06d4f7f649c267f72e675b1
SHA1767ea1c03f371905d5c6ba89cc7549ffe58b3d1c
SHA256f3c5b0078ad6d3213f54c131bf0b4d915259d76ed10e1b2fb02f7e1dc0c82a31
SHA512f2373651e6bbab2337e1c1c64d1609b2e715d0aa2cabf7d1cdc37d09c5e21b4756e72b0c4ea1e6dde20d58fdad335c7995dfa6593334ac7ac69022ac227db31a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dc2f4b0c3ea990764c70292818b9240d
SHA11308c1a981ffaaac8f2732f88299af1d8a9e8049
SHA256c68b835fe0734b0cf269b77bfc83781850e3c822798e0f520483726f7359e5b3
SHA5126bf7948dd8fa752b560885bfb9672ab7e108a8f39f62f5145d62a0536936de3ea9aa6bfea15bfa84a88f26312206db73187e2f76d559b70185b6500b21b90211
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e553898c58bd0b6babbd7f1fe3a38106
SHA12c287dbcfb54d7786327fa60a4e094f510ee8a90
SHA2566065da600e48fe7b57f8a41fa9c1920cb89269f3742bb5b20c7e32c660c7b6aa
SHA5125d8571940fa9024095283c3785a880171594321325362b10a23b99b77e0385ccc99f813ba19d9cd8a52340d79626b5747c5af0d36d0cc4ef98c49ac93c916a3a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5037ca038b4b7192548e512b488e6696f
SHA172fb3013672550213e2c4560be973b00c3172c90
SHA25610907782550296330f53e544fd52053ce47aa20ed64449639e0ab61205df38e2
SHA512fea2d151a0eaab2dc5f7818327c062c41814570d87be7040538db875ce68b6f1fafe68a0189450b92e6afc4472ac3e264075049d0fdb9dec78d1284bc48cfdc1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD542b5d014d5256663311498a211fa52ca
SHA1cd8f3d53d43f4e60a567469f6d5713cc363c86e6
SHA256a4e0327a4192335e6a7f12a5853724e6fd1d84ffada0e5df1dd98503c4d266f9
SHA512880dcce682bfed9e2b9eacb485b1dab722b136e38e87f889a31a3c807777bc4c0d70df23ff54706c5772ab8f79bff511b7547778cb30ba57289e9e9230c332e9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ae7621d7ee65bf9016c7d3e999b5e248
SHA1bc1f4de8caa899e2a426854baa72d9b2e9c5d54d
SHA256326ae43b2e0bcf9db47f7c407a46bef8038fe5c37ece2285cf8579a6e3a29e08
SHA512219441e94b333752edd274c5e21e0aec34bb3463dbb9e82dbacf9cbb0deefd3a788c90db1aefae49a637ee5b2f9c88e67f35ba23e188093130eba759378532f9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57a0393cee5fd92d580fab392893a13fa
SHA16f25167923ff43ba950b6f15a68af072a59b45c9
SHA256ad6ca70574967167c7c0c8fc4a60c304819336ac0a2abc41753761082b50c56d
SHA512118bcb6b8f076f39be0cbd289526a2dff47b91bdb7bb7812fa8ff46bfbbfffe69025992c793d700c2e60ba3417855de324d1d0174c6b768a57504d93a9f6ff0b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5da2c98f4d77ac53645f7788f553a5d41
SHA117c6518a6b33d355acf76f2cb93f3f3ac6c3a2d3
SHA256d7b43f549874f2237c83d5b618748818e939b11e3467f6b6a03f58cbae9992e9
SHA5125ac948f0f5bb15f593075d59a093d1cc67b2bfe0821f6314ad8ab8b1922cfd644af23cc8962d451b18fc21158d3e6cc9d25ce29bc143add01eebaefad1790aa3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5361495218460f99d50a690080b941378
SHA1baccf5bb81a972b114c2d701e4f4942627a32981
SHA256dc41a5c8d3f87e1566e562460337c163c34059ccaf1048654b1d5f3e47e5a92c
SHA512ca87a9a0c54acf9d56fc6c88437c667957e0dac23188f6605a0687e7a2aff6c0e8dc8a5884d36aee1bdcd35cd1bb86d59ec4e7683a8b575f072cf0c53ee4ba91
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD515635c0a7bfb4ecd298c31cf748f32d3
SHA1b86cd84ca6b82624633b8ff130a1017a7135e491
SHA256bbfa894ab91d0e04a4fcf0d885f4047fab261b5b0df93a269ccca7a3134864fa
SHA512fd63494b41f0fd272a627b39b74d839baafba072814dcffae855bc655eea3a77a5566ac88258f0353fe742e6e5782b1dd9ecf47403d4a97910163b9033281a36
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bc194bdbb4293c8afd7981b570c7227e
SHA1ecc1dd2e0f60d8b682f11eff1debe4aadf594181
SHA25674929be36df2681108e3d604638f09e25cc5e01910d498395a2c0df6eaa3e956
SHA5125e7fe610c53856c46a8aa378d966214703441aa1f9271044c69edaaebf5f313d4b7b6547f30f9fb25810c0ee9d2e8c6c1efc69b3d654f17a798970b7912ff894
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5136a105e71f09b4bf7111b2e705d7a64
SHA11f5d804d9ed53337d29997107924b08cce51457a
SHA2560d520ea005e47acaad39b295281adb5e3df077fb6dc2b5ece51dab5c065bb605
SHA512aacd88b2564cf70b6b0556b7868a035a8cf6e31ff78ece13f5593835ae0010bde845c0e77f7acab799519e53dbebc582cd2dde718761d0fd9c0fe64146e2af94
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51af4fcc60ec9730aae01033b6cc86d9c
SHA1e54fbcf538e527cfa1a32997f4cb239dda472672
SHA256e9b363cc8ab1883075ab1839469fefbca85e714795e58b936f05a8448d2179c8
SHA5124797200ac0aee607af64c959e5122cabf678a33051a3f12c53117bc4cc1606ee542836cafda2737c15d6912356697cfd697a2271b779858f953fdb29b79cfb67
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD501b0f2292f99b90e5486b71e4f6128a9
SHA11e4ab108b7b516b93c40a08f8e0d42ddf1748e9e
SHA256b829066cc8c9a26179ca22b8b75484e3aec929b015d8fe4f861af7e1363b1f4e
SHA51208ed7ea594b9e242a8ea17b9c0dc35d4da67f865323114a9c1ab897062bdbe7ce1de9790329fee9c2d0b3f924aa74ffcdeddbeece4aebfd07b87da1012c8073f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b64e6068ea0ed3a28baf22110e5db0ea
SHA18a27465d86f4cc280c9e4acce62e206265b5c0bd
SHA2569e850a67381dd69bfc05bd5fbe6184a11c97b2d0b5fd04a99ab16a455024ce5f
SHA512e68579736381f15c04745ee43f004d032e836cc73ec4f86315dc68d2d6e9ffa89d77031a7b7a95a3ac2878c55917ef6db3fdd6abcf6a21e8238202e44e789c93
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57a0151297126010076d8aaedec6d1b0e
SHA1eeebc18302d5b2f2a5bc2fae5b611d9c1dbca56c
SHA25616511ac6eb0013e632667c948bd15a571e0e4503b81c0f8ebfee6bf84a74275c
SHA5122ee3258a4e18419ef4c7a5d375b89e6d8684381d1056fa2cd5483ac30b4d1b6afcc92d7836e225bd54f4088fa059ffd422adda64b0b4039be6d46e0ebcefd048
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b