Analysis
-
max time kernel
141s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13/06/2024, 05:06
Static task
static1
Behavioral task
behavioral1
Sample
a3ea6fd06ecb7c0304a749a8280c01bc_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a3ea6fd06ecb7c0304a749a8280c01bc_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a3ea6fd06ecb7c0304a749a8280c01bc_JaffaCakes118.html
-
Size
47KB
-
MD5
a3ea6fd06ecb7c0304a749a8280c01bc
-
SHA1
a50df735e76f2af50aff9c9f167d9d6a1e4292c3
-
SHA256
7c0d38f717c3381594c98fe48c91ec919b880faa4ae16adf457f926a5639e537
-
SHA512
ea98ad2656e51a9a2b59ee4051f9d5aa0000d95229dd4a8d61992271c6a75c0f4dceb673ec7629e85aea744da93e943d2b28f1e85942dcb63096b3ba2756ae00
-
SSDEEP
768:KyavgwSbp2kXnL1tPk7RsHB7p1nvzWpVxCjW2hfvCWNM2zyK:Kyav9SbpNZZk7RsHDh2CVpCWNM2OK
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 708ae27f4fbdda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424417047" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AAEA8011-2942-11EF-8875-5E4DB530A215} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a039050000000002000000000010660000000100002000000035e3f80cb5f9b0aac911075702c744c0b08cda58f843116a0fa96a4d7d939469000000000e8000000002000020000000c47fc208020200d9601da08ca138dd6a54d18d4374f1acc8e89737c8d76c600f20000000ab76d8615f6d6fb6633699a4ea1cb2403bbab3505d90f482f19c3afa114644de40000000150ddb95648bb876dad7b9a9491febcbef878e738e3cc9b9db9c38b8da93a9e8e03dd9ba9354b531880aade77bf8dea15c56035fa1c5c18795f7c541c0b37a73 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a03905000000000200000000001066000000010000200000002b3c239ef00034422be8606e9b380cf5a67d00e9ecb77778669b74c53dea4bca000000000e8000000002000020000000f5e87f56c8727c76f458ad67a5151c09530b31188ad402788a53b99433e32c8b900000005f4de43c873524e09793efd87dcef2fe77591f90b0aba19e7749251292185b77b87795a2686feb7cf105d40250f2c4cd6a29fbb6196e31fe5cc2262d9f3867b113d18a261595bf88d63ac091c628ab832718ba73ebff3b79eb3790ff4a0bbc5a39068fd7a6c7c14e46e88a194c9f6f1e6a928ace008f2ef165ae6193782b98b3ed2846f5212afc08109743852542a03b400000007fc38d6d3e1800610e66d709170adfd7d90f70b73576c6b94aafcf25f11d33ea7d9a5e6d14df756a8e762d246e3f01e6951d34862f6786d0a27102d95c276172 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2056 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2056 iexplore.exe 2056 iexplore.exe 2940 IEXPLORE.EXE 2940 IEXPLORE.EXE 2940 IEXPLORE.EXE 2940 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2056 wrote to memory of 2940 2056 iexplore.exe 28 PID 2056 wrote to memory of 2940 2056 iexplore.exe 28 PID 2056 wrote to memory of 2940 2056 iexplore.exe 28 PID 2056 wrote to memory of 2940 2056 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3ea6fd06ecb7c0304a749a8280c01bc_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2056 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2056 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2940
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a74287164e676b9b8229e9433c40e7a7
SHA10a47c564e4f98a372e9e03ed5b68483cfec6a9e5
SHA256766b4266185eca10955b04182a9979552fea0276ac896f0c310cadd3d702ade1
SHA5122228b4904bbcd98d4cc513ca72dc73112f8d86acdcc44223234a96d1c3a5a1ab4ae6d876f466344cdb726296eddcea442d890ed09d6dea63a8eac335420f1f48
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5aa8c58303942e04838ee8b85ebe00944
SHA1f2c7a3bebf92acfa40e91e117f648e56ffed60df
SHA2566ab166d6cb9d467955c6da56b87e114976b82bd40fa7ad928797e6a18ea26832
SHA5124dedae0ccad8ddb5a668b206d37819f6094c8eabb94bd704ba2c4ae122c40744496f79ba662c9f69d1ffcaafc5669cfb2d7ba16394d9f23ac928ef1b165ed5c4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a92bd66072568a19c5da018b1772073c
SHA1696f12821f1eabc1802e68fa1c60a00c559b868e
SHA2561853a1f0a5472237605e663f70fd1977bfbe98849ae00bb6c384c9ff36757197
SHA512fecb98056a3603d741c00c56179531dd0a85471c8c230cdc8d60a37c8c012c944579ed61ed929f52722eca5c5493268013567291f6c8c09d959d9625fdd47411
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bd9db620a7e7f9cc240957ac72a9cfac
SHA1183aadc372202be8e9d8038308c79f6329c28182
SHA25677447e48347768fe7fdca4232ccccb95a3134d33b88aee4d6366d83753e65ee8
SHA512cf1910faec617375a1af970a1fe24f569c34fdcfc6e5fe7485a9dfc8b6aad9a0dd4c0d54f7a0ade20fc6e5da9614bbdc276e93b27bedf127902299d096df5207
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d0b5bd050a7fad42c869841b1922863d
SHA101d4bd53d20d5b5c3986f790dc25527ecbf971ea
SHA25645e828556b28c887ff87caf5efb8f9581f24109145ae303992699dbf5fe97d23
SHA512c0ea44ed0f5c937c4cf04cc5a44c1057e44c04d25c2cd4c9cda2c0945ee01b6e6377c5d22b16a03d2f3cca3ea85ac69cba6c9f7157fda462fe2943e9e3d12357
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f0c2f7bc982fbbc1e66370e8fd0b0f1f
SHA1f4621a85ec8d1e745d1117dba0ffe2296a94dc3a
SHA256f570705ffd6c582b4739d012d53c05c4d95ea869acc6beb37f1e01dec1bfa630
SHA512bcc5d950b44f36b798f8399cf65663d4f2a4ed98addc8eb3f343cbade06d87bfe4e8d13dce5e2774b00c8f94646bfb81b09dbeffbbaf40add3f6f90aa279c7db
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50aea5b9605f2b65911902a9a58d7ca03
SHA15b681d9dc2d2c6b7a078ab7a8dab0fc21898bb1b
SHA2566a7d27b73d48c94efef5edd3803d445dab4ed9af0e167ef29436d0e1fe822b98
SHA5126ab96338d8ee54f88af2e2bc5e56fad2d0f8a3fb5c8d1c378847550e1c8cf22d5fc54eba223fafa6e447314f157eaa4a5d1adb0181c97135ebd7208b4774a0df
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e1a3122032fe1bb54885a3c9e3c912cc
SHA1b8f162a73e4ee160d156ce965552ca885bbb59d1
SHA256b8ee4cab8fb8bb26fc4efd13a4b65d04156effbf879cce054611767cdd8bddd1
SHA5122f90944891b27f3def34517c7da577e7113ddd098914f31677ab74a3c8cb7fff587d9b450e3ee1391b3fdcf6d01cda5e5fb7944dc3613ecd6ad7e5f2b26bb8a7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5aa31fd5cd8bb3cbd4c5f0099bc72fffa
SHA17c67c87b77925f297301a099427ed486c03af9fe
SHA2569bf153f2b4642fbddf3e5467a01a8a1918dcf2629da26acec988b2edc0c4c78a
SHA5127934acb389a320ea719079658da93c851e416d069a1a18c6b67be17bde7f1c67be8ab28dcf6305619c23bfabb00bf79cb18c82e3eb449b784b4d9673d8db5acc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ed50cb8552df23dfa80f0411c46104bc
SHA10f065a7d557f530153ef94753674866f7118ed11
SHA2560e22fe4429a87b529b6aba119df1c8a5e69133a60c8aca6074f541805df238ef
SHA512772f6b979e768e76b0bd65ce242783ed96bb03417eab2a87f7faac66d182b4a63498bf9d807f7114be6b18c1651004c873f0014918637aae4610e2d5ed9d369f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f6bafaaaada13b72e29f4781b998e0a8
SHA1e3a1551727f80c19a4eacb4c45a283b38171c438
SHA256f2f2aca6a7276d0e5ae30ff032830a5f3fe999f021adacee53847ba8f0ed7a4e
SHA5121a81b67cca64282ba44d60ac454d8df5030aaa476240a38161071b87487724c6fac255a47c9edf5c8807eaf099e7c872c573469c6346c5b56c310582d5514fa2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cd8def3f1a92f0279769a3f74befca38
SHA1f487b5fc760f12cdc3d562ab5355c7e5f5e9eba0
SHA2565e6c5bc7bd48a876c88d6c494768df4a0911b52daffff476ab305503ff364d87
SHA512618c578d6d6e532773f43abc5b635466d1de6355c778e2c2716269dd1e41467c487fea81806e59c449de23d1f7739318ace8b5501e553c9a9adb80433c58e517
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bc59ce3109097fa56707b77ce9bc85e6
SHA1522372aed80980adb2ec976e17a56c03c470c2cb
SHA25618e7949ed17cbe6d1cd414ecf51aaf955f593af58c903b516a22d8a150dda513
SHA5127eaa15369485ec90012abda1a8fcb76dd97e0c069097cbc63ad74e76330e977574a5a026b7f2d2c61d8b494d590dc1c43ef35eac164fd4d0b871a59f631af8e1
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b