Analysis
-
max time kernel
119s -
max time network
130s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
13/06/2024, 05:06
Static task
static1
Behavioral task
behavioral1
Sample
a3eacbfbda0442ff9c78bb78ec9e2df8_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
a3eacbfbda0442ff9c78bb78ec9e2df8_JaffaCakes118.html
Resource
win10v2004-20240226-en
General
-
Target
a3eacbfbda0442ff9c78bb78ec9e2df8_JaffaCakes118.html
-
Size
65KB
-
MD5
a3eacbfbda0442ff9c78bb78ec9e2df8
-
SHA1
ef563bf9bfccef439ccdb7c480231bc2da20ed22
-
SHA256
f0d0261a99a9710677ffc4fe4bc58d50099f0509a2a49d15cf1c2d343d75d823
-
SHA512
df65ca464e2e5acea5d252704f118d2d0cfe0810d61da925fe84ef5875dc75967f0b7fd2ab1361221677f038090e45008a027700099cbad88b19519a84ea212e
-
SSDEEP
1536:sNOZgxfnUh68O2S1pjCXQLP5S7gmOmQeJ0fJ+HK7eYL2Hea:sAKfnUh6C8pjMCBIpvP+YKaYL2Hea
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd8394cff025df40b43ff0314732ee4400000000020000000000106600000001000020000000640aa1eca49672d2f8bfe55a186997ac1b9af3c6f4f85c28de2f045338ea1985000000000e8000000002000020000000b7cf984a4eef8a6311830a6c9905357a1a50853628d76fbe59df356d8f9c007220000000f42f449c9627ad22bd18ed195381faf86f7f0cc56b0e538d138d05075b64bab0400000003f83d25e8e75830c1905d739a2667745c61e6485bfe5e8109896258620c044634dbe1f72476cda79c51ac97464844d0f302c10c6ec24e87e153e8165ea8619c2 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 109c708b4fbdda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd8394cff025df40b43ff0314732ee4400000000020000000000106600000001000020000000b09623e38930ad5f0072e3643075205c13cdc3f6c669980dfe47103556dae438000000000e8000000002000020000000764315820d702e2a9d1e753d66cb6d9f893cde63e620e30a7974973e22acd4b590000000b71414199695aafad85f158bbf866f5a986810456ffc19bfc488c7b3147eadf7af1c8e3debf8fe10390cc8fa4b5603265982bb105c4713680462f3f63008ea68b6eea24750bf8e3ecee60fcef4f81d6e325ef5db15cf4a38aa98a5ebea6433b30efaf47321cd64524ac37961d980fbf5652f5a5604047c4fa22ce0df122c9b7d7efbc25a1142db93114253cd9b3b8a50400000007ff4ec4c67f16dff57c923f25b302bac26c49b0d96530d0a35d45ca69fa30fa476cce090339d8a9b3ea51c4cea3a73876e6639cc71985d27fbbb7908a07972fe iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424417069" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B6CC2FF1-2942-11EF-B69B-6AA5205CD920} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1660 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1660 iexplore.exe 1660 iexplore.exe 2840 IEXPLORE.EXE 2840 IEXPLORE.EXE 2840 IEXPLORE.EXE 2840 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1660 wrote to memory of 2840 1660 iexplore.exe 28 PID 1660 wrote to memory of 2840 1660 iexplore.exe 28 PID 1660 wrote to memory of 2840 1660 iexplore.exe 28 PID 1660 wrote to memory of 2840 1660 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3eacbfbda0442ff9c78bb78ec9e2df8_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1660 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1660 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2840
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD550d69b290a378fc98276074c4b5d883d
SHA1fd9d2e333ebe2ad7effa97dabf97102878f77e7a
SHA256e4c45d5190cb0d0056aa384e851d8eb55d331317b396b0211f296b14f26309db
SHA512b032552f76249d7d0b3fc8676167bca4877c51d859ed64188f4f601704c8dfb5520039bcd6d297f6cd31f8884731ffd02417d4d1c5d8d5424d0e943df84af0ab
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55c17742fbc48c1403b033fe8d9e5f7ec
SHA16dfcf34f15790c04fc006e9e5db14f72ed8eeb7d
SHA256d49baf7f67b23f2bb1161f0eb4d28994d510c907e35b81595278700f54f42ba0
SHA5123b62e3d8480c9ad4f49009adfb68646480be52bc5e180e81cec552f4853ab0e96b20bd11234fc3adcb34884128f314a211a5fc74a5ffb530cf051041e2ffb54e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD518dc1c6e2592dbc68a25ad158622a99d
SHA175d46b18bd2f8142f502894845a08dab27466af7
SHA256fccc54a545887587994c2d79c1569001baf2187532ccac70368bc74c854f7298
SHA512f7a7852a2b626321664929edc7f213aa580d423a7027a0071387b9db4ee26ad4774cf34c62d50796b05cddd43e5050ac6bcfe87edb8eb53deb60d5d40bc1be14
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b6f7e8bbbee637f5f247a7585e797df1
SHA1306e134ba1ac98a9ae58cbe210440ab4a39d7bbf
SHA256d0dc3f02f12f2e5932c7601854a442d388dd4e83bc40f25d34d79f1c08e26bcb
SHA5120178f73ff067bfd7019522bbeffc79b0f98cd4e77f4d186032875c81a1735a9ef99850438fad3b8ba1889a9a60d35c97f2ada2c6867928c83e5b3d250ffbff88
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ff0aba963744a6cb47bf077cbf6d935f
SHA16b6a4d8fac8d44131163014f2e4f39e877eb9466
SHA256407e34a32ea53181588e339853e6ffcf9d559e6e10d58a2642b34643eb9aea82
SHA512e3ee98f0fc7dd155eab6bb1077a90d03c192cfb35db869ff50fde25dbcf0eb6bbb5bc67b851fb09766d6197c09fbbfd01bb214e68f9617547a07351f5f29cb73
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD560c76a51918fc99e147af80452951f32
SHA1d53fbdf1fbcf026c9daf3bbfa7fa2989b2be1bbe
SHA25665df167cc20a216db626aa7bf64ddfb2b9b2f5b156ac5e36de7a74770c747f69
SHA512bb97c77231c0425ed1ea0cf145b7f17d3c15fc8b19196214e3c4baee44859993fed0a3ac843dad3aa7f40a4d693f6e99c3d78cb1df99c2df84276caa8e25baa1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c571eaa2679c283a74fd39c0a079f6a7
SHA11596defefad44aa8afdcef57b3393d9da1e4358c
SHA2565c31594c245d030160d5e41e051ef9eadee458c0bab68f072591f561527d0ff2
SHA512d720c009456a1cc8e145e7eba3dbd285c6251c82634d57dc366c334de106b7678c81e5ebc52de241a96a90bdaec3e29ce5257f3b2fc25165b9277fd2d08fbb82
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53da668ef65b0a838f1b19d340cce7871
SHA170728b42ed61e9bb3cab4f034b581189720257fc
SHA256c3b140e44873605a348f6995231646d73125dfd77d056afd0b8b6f9cd09fe1f4
SHA512e69b88f8d794060e6121d3a4bb5819f55622dd509bcf83fd79ae40671c863ee04d5892e23000de1e4508229b1fbe4905e73d846a1a4411ba745233c268324957
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5906d9ad3f4e4ca43a14aa78ae41f568b
SHA1fe0a1668c5384f7c5ac5d85ec785415a1648643b
SHA2565eb8c4ce8025244f632bbfbcddc3df182d08d8fe829578b68a98c59b78a0f216
SHA5125fc9d18818d9df8e12504a61b01a7cdabf2e396c59c8c867fa02834d462d12270531689da8bfccfaf164582897160295cdf4122498e77da5e2c1e4cb4412f306
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59c19fa3ca37c8e428b5ac02b746268d5
SHA1cfe85bc2ca286bddfbb2115b4372801ada72b3e3
SHA256c1103bdba4b0d391c2d26fc7d7b45d2ec09e1fb61a13e3ebff020ca13ab28cd2
SHA51291c9a1c0c43d82637b047d23950c87526f684fd4bf2185e7767141d14115b47d1a0b1e44d0649a2d64910c5f17823c6f89756566c11e62c7ca81f381c672666c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD58d989fad5feb8703ecd72e7db9c06700
SHA1d3604c0276197596e6ce29d4d53b88043e461fad
SHA256f423f6113aa52a40598ed522f5ca7f4a08852d23f356f6066a9a25c937dc546b
SHA5123a19c5e67c9afd5a4cde5173844e0971ffa6e295ad80cbc7f23d55a03c210e742ecb5927b57ac83153c2240f9913a51d019f6b4cf3fbe1a9a7b0c5574ac9c1e8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
Filesize4KB
MD5da597791be3b6e732f0bc8b20e38ee62
SHA11125c45d285c360542027d7554a5c442288974de
SHA2565b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b