Analysis
-
max time kernel
134s -
max time network
136s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13/06/2024, 05:06
Static task
static1
Behavioral task
behavioral1
Sample
a3ead53961cd27e15329f54de9e9578d_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a3ead53961cd27e15329f54de9e9578d_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a3ead53961cd27e15329f54de9e9578d_JaffaCakes118.html
-
Size
213KB
-
MD5
a3ead53961cd27e15329f54de9e9578d
-
SHA1
38b030ed68315cf6a30bc96f08a5b618f5c37c38
-
SHA256
b186d94acb8846394499c0b922c556e433616d26d12b3f9ec0ad480da632aa58
-
SHA512
242634f3a24ee9cd26513fde7a9c5f70d9a4a5835440d01d8bf8f1db49d9edc3c5da9fbeec19a8c9e1c2b4124ada095d82989a50d311019423b807f3b9c613fe
-
SSDEEP
3072:SmH90ZN13L3GyfkMY+BES09JXAnyrZalI+YQ:Sk+ZDsMYod+X3oI+YQ
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424417072" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BA670221-2942-11EF-A01D-D62A3499FE36} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1412 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1412 iexplore.exe 1412 iexplore.exe 2880 IEXPLORE.EXE 2880 IEXPLORE.EXE 2880 IEXPLORE.EXE 2880 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1412 wrote to memory of 2880 1412 iexplore.exe 28 PID 1412 wrote to memory of 2880 1412 iexplore.exe 28 PID 1412 wrote to memory of 2880 1412 iexplore.exe 28 PID 1412 wrote to memory of 2880 1412 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3ead53961cd27e15329f54de9e9578d_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1412 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1412 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2880
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54711dd154537ee7351e8b33936b77a6b
SHA1aa9565ec0dc703cb342b230daf74161ead9b12b5
SHA256bfdb4c04ad6233727679c8c7da77ee36da9cac6669513a078397bb7b0ab843ab
SHA512d3d7dfb84edb359235c23ff4893b02d697a2399725fb83a3fef559953534b9eb50f496ae9ca8f684db26fe4470bf57b01a603dc6384dac41a7de125a25e2ea4b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a28cff0319df170e46d1270f0f7b35b2
SHA1271948dce9383e0eb6cb31acb3aa21c941878dcc
SHA256759eabb8c7f0e8cbd83a3d5f7d78d18980d20f135110e41d2d1a32159ec5b4df
SHA512a6c45731ccd34e8f077060223c3e60a5d118bb8eade6a92d8def076be15a87ce8808d9124c68d23d54e92827365333808c822118911a1205166017cab99cde63
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50968242ef7b8ab4208e64cb9ab3aa45d
SHA120f98b254bbb5b0cd981f19309de848799876c67
SHA2561a90757cbcaa62e22aea85feac4fdc05d9d69f3bea794047cf71f7502b9eafd8
SHA5125c96a1405251f41b1c15fe2ad97ebdb923dfae34c2e50dc0b397a3927e41e16ce6f2fcb19435d67a4dbaf893df00f8b71885f28dc9b6f3a4209350dd6d2741b7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5139ea3cd4ec1c9e8000a69d972db9756
SHA129892be30cead37b6580b13b1e01726307c5996f
SHA256e3311f072221a001c8e36c7a5403837ef6a2735a5e09b0fe6641fd009f3460ab
SHA512a4f4e8cdba935a9722b6bd438c448c936e45868b21ae08142e74ccd5b6a84650eff8c9ec0b67d41b1ed9d7f9186f16222086a1edcf14dccd3aeca34f810a9b84
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e1dbb30d168c9a88be6b52eb90f80fb8
SHA11ce70c43a0eb673c03663cb981090ff5227b761b
SHA25607ed5a47a60022d9ad6c39f0cf48f2c62ac3a2b3774848c6b2daf0d413268143
SHA512dc35dcd009c8d0e6a063689fdbd6d8c95e71c1dbd420de8e6979857bdf50f8ca5963591a2066cdb9c620a1e043b27ffca06e6a7797a8cd22acb6ecfbb033cc53
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5981536e5182ca1615423f093b42a8964
SHA1f15a46c4d62d8e3364c8a29286863903f414c8dd
SHA256a4e1f73dad67ed60f67646b2fc18854a34b6a3849ec7cc24d86c36bc8ac38985
SHA512dd45d65b8e8d90c55429dc30e401ed4173061ccbca9c594806a220879ac5fa318195121dea151c94650e0a9a961ac2414f19c89c6501434af3eadf3518689feb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5933b6e9765cfcb6466bcb109b8cbdf10
SHA1442580438a5db7f34d1a618118dcdaddaa0be1b3
SHA2565d84ccbb0c5bc74d192ce3b3dcf09b0a21d384919e88abca406425208fcd4312
SHA51207ed902b690bb59a29a429d9817843c2a2bd909923b07cb0b8d6a338ee1dacb0c47cca913c2880c02903be4404c2124dd93f1417ba3718d174e7e57cc6482665
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e3d43e2739272020b7d16a8c83fbe902
SHA165d0940eed96ff76a67339bcf8d32911d90d62b4
SHA25683d229e004a61bd16d8f087d203b384cb502d0e4076221303ad7061d0b1d6089
SHA51274b28b39c8898c72cc5a291d4d24a00aa83ac8a04a6cd8fd7b3660995f14257069836cc10b94fcebb7f67eaa3d63bcf43cc78cf75954110e0aef4d190d2a9485
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e463eb1cddd13738cf872db89489de52
SHA1a1dffbbbb5490e4c4ad2fa0a9dd62ceabc887745
SHA256ae7e6c3a857d29cfb21fb83a8c97d46d04ac61cab110f121e0182c548f014291
SHA512bdeb0e24847cfcebea62583c68e10f11a38f88878f247fcb1fdf872a606ded40fe13b06fc0b0ada3d7af85593aeee015f2c32061ed1852799d86771c17938c76
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f04b353c37434177744b123acfb48654
SHA178442e53cdd2421c69e24fda2b99253ba1ad4ea7
SHA256f3fffcbd11368768b3580584fe320cc75e8ba57b8102f124b85f72b81a0b2e5b
SHA512dbf50fdc90c6efde828377e5cb3c0c296fcbd38ff85aed558c55ebf852d5c75d04652a37210b28865a44b74cad5bd248c85af0f710f2a5412442b79ee701a511
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b6cd841425ec1e828388e895ab765ee0
SHA1bb5a1b69630eba5691de2729cf37c8a7e3421e7c
SHA25667288717977024e8e561ffaba969143e8133d700c7968d3cd1795cd50b222fb9
SHA512c9931068ce259a1ce0cc3530cd9a94dae5bc37d6c67424c4dc390a3c8efe3436f7f2898756d80a05aa2cb8a5a82e8a3c0d4194d91785944b541a665dd7208721
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56b9a221c31c41cb881606fba9895b633
SHA1502928682fd377964c273d0eca5ad2f21d91c1c8
SHA256cda48ef89f2e8773d8451aabff40b33c6acc322100f335dd91ffbb2ac059682f
SHA512db9a9a706a0a76dd3a576481eae62ae0a940e84a2bb105dc07432226728298cf30595e270d93c866bc0dce755fb158a3fe1d33ae14404da38a5734d3fff7bfe3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD543ee756c88a421cf7fe62ca855f2eefb
SHA193f6491af28c1bb3aaceb0c7089d9ca6d523d21b
SHA25661c99c4f6e57daa9c49a0bac60dfe052de6d81cb2af2995b8f66f1589b5e8dc4
SHA512a4db873651423f2ce1ebe3131e230652adfe5f84894ba42ce5441862c6e75839c601f4db2e2f857dc083bf0cb00fce6b8bf50288fb50986341b802b8b21c3146
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD573423947d218b88ee24ad078c0acc392
SHA1922851bdb2ecbc09be75e8031e45d972870b3a5e
SHA256c49a7aab2bc76f68a18c23179ded8cb0b3f4abb3a7eb5b4271def444c22e81c2
SHA512e7a4d963858cce8c71610a3f54f2920099ff612b80bf501a12bd965e76a7e7f79fb6aa1a919474f64d38f3347518638cdf0c913ec4d98186f493bc431171dd08
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD506fe0ef3f322216377645b4432470721
SHA1dedb16202074021fe4205f529cc68e14bdaef430
SHA256eb1e601d3fe4e89f8b7f33a662bfd03826b3d126d0936ec9455e135fef160288
SHA51288e381fb0e1c11aa2c86c273c7aafe4f2eb8f70f962b3806c39b517324bbab6570450f523d77c1f58ef47f569a8077a8dcd251f951413ae19c0d0f02645f2267
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50e533e6a2c895466d0379cbd1039de33
SHA177eca6a03d3a4a94602058c705e6a224e2d6e8c4
SHA2568095b1b8551f1ee456512b851f09a39b693605a740ea64a004b9aa9ab5b834b8
SHA5122cd15f32a1b27a586818269c79aa0c166a0c8eeb4e277f865733d72e7a5a56d5e2ee8d9cebfb839efa371636b48b85558c8d03029782e24a10b92b3bffa7afe3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD513ed654ac107e3369e78f8297f111e7c
SHA185e78eaffe73cf5c84807f15aeaf08eacaee08e5
SHA25698362986f03a9f9622aca073115fdfc9e7091ffde8502689ac16dac0c0ec92f8
SHA5121f20651ea6266d4516792330e5970957c49a73e7a690196875fb56df9af888ffda88d3b64b4479d81373521d789bdd8301f8adfe10892d558b4c47dc83d09340
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a1c68e27b830f3e3174dff7ba798b671
SHA122551e3b021b1cdd17d0b6bd84cc8af027870c49
SHA256865e8be25c97543a64031e0729c022f1a9ed2d64e1032f126f3f0c4e33bb0ebd
SHA512e1264966be2705cd5550521c73dd8ec1b65b79a7853aa3783c1de486308dc4760a81e0732300239f930c0611950f574ec04e08c5e2518df16623e8f2e8d475e1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5aa2ac9b32435d804678397d1be408fa4
SHA12db950dbcc71e41922f7f6ea3338f0dbcffdcfe2
SHA2562ba0978808f4c3e0122b721ed4c14189ae97a3047ad8ca4eb8be2f8f801a4b8b
SHA5128cfec910927a5b95fe1f2c28e73c9c7510d3f98b8bbb52046fb5c0124962ea311290ea4699133eb916898dacac596d45b94fde0f700c6a62f5f30ba5d5adf6a3
-
Filesize
67KB
MD52d3dcf90f6c99f47e7593ea250c9e749
SHA151be82be4a272669983313565b4940d4b1385237
SHA2568714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4
SHA5129c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5
-
Filesize
160KB
MD57186ad693b8ad9444401bd9bcd2217c2
SHA15c28ca10a650f6026b0df4737078fa4197f3bac1
SHA2569a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed
SHA512135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b