Analysis
-
max time kernel
120s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
13/06/2024, 05:07
Static task
static1
Behavioral task
behavioral1
Sample
a3eaf6238957be4410b65e7fc789337f_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a3eaf6238957be4410b65e7fc789337f_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a3eaf6238957be4410b65e7fc789337f_JaffaCakes118.html
-
Size
461KB
-
MD5
a3eaf6238957be4410b65e7fc789337f
-
SHA1
76667924b223dab9587eb872f506eb560894182c
-
SHA256
b9a550a4eb22f548caf096d630efb4db0c9a8c61e5397cc927ad68193d694c4e
-
SHA512
d2c820cf8e4e4c6b52248581d215c0b71de3636940a430aa3fb35fe264e035f251b31609aac03ad10ababb6f62a863394a81be039fe56df5a8c96e35045b11be
-
SSDEEP
6144:SnsMYod+X3oI+Y9SsMYod+X3oI+YmsMYod+X3oI+YLsMYod+X3oI+YQ:E5d+X345d+X365d+X315d+X3+
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C6EE19C1-2942-11EF-825B-FA5112F1BCBF} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b3073580ac76d4785d0dbb295c2c6fa00000000020000000000106600000001000020000000ab73cf45df853137d7675984fc06a274fca49b66da88dfc7bbfe34150a660bcf000000000e8000000002000020000000c5488ab5f1898035c7e26b6d23be019b1af88851300e2e1e25c51ccf9a8bc53d90000000e6121be294d1b7efd9ddb0bc7f74739c9fb180202957f47fad99632608f9d60b5b3a022d7d19ba113d5405dc99fe15fbb32f6bb05f714fa3250ec712178cf7d69d7c179d2d49e7e71d101ad45679de5f7d66658513ef6050c64628368c5746108dd1526480493128d09ece6ea9dc7791040e564c26109de64411ecb047cfdf331c07dead3eb50e2950f9abf02259c10f40000000142ea17f38622c0894813054176ebf612c633cbb5b83e11ae6d387b635dd9ee021489a7de667cbb87c98277fc97cd0ac572a9da13b40a034bd9ef642fdc24c1f iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b3073580ac76d4785d0dbb295c2c6fa000000000200000000001066000000010000200000001291cd8789fb14adc5471892c1f50edb0068daeb803ac752ae4abbf92d376fa3000000000e80000000020000200000001a46155655d3c3fce1d309692da300d43f018c2f339145a76ff2694a21588210200000007cba51161780c285fbe24a0d57e6182fbdb5fc0d910c4e820f1f683961ba6fd64000000026dcf49b8ce684bc5ff6e2b53bf4d6402e162b2bc45469d3d5d404e6e1f5d5d14ec3deddc6ee0856ac405e581c7578c875af26f889c42e3420de1f28833c1afe iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424417093" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0da829f4fbdda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1928 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1928 iexplore.exe 1928 iexplore.exe 2984 IEXPLORE.EXE 2984 IEXPLORE.EXE 2984 IEXPLORE.EXE 2984 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1928 wrote to memory of 2984 1928 iexplore.exe 28 PID 1928 wrote to memory of 2984 1928 iexplore.exe 28 PID 1928 wrote to memory of 2984 1928 iexplore.exe 28 PID 1928 wrote to memory of 2984 1928 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3eaf6238957be4410b65e7fc789337f_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1928 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1928 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2984
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58f3aba41f7e4cf6ca8a035c9fb12ebd4
SHA1a89bfc3b57a75ffb8eaebde5e861b6cbc24de17b
SHA256616d4b31afb9882046c7875be713f5e5a1d30f806d3cd5f7a4ac0fbcd7fb5d03
SHA51246bb84594b6927b49ff6c0bef3b77a0bcf72812d2bf37596654b768d5975c7b59ffbcb5998e7d86aa95965986d1bb8b64558532e3d6db040531de03a1e1bdd7a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56fb591a55587d5a37e978cd88510c527
SHA1e0d4481ca8088b09527fc8b2c37c79d50142117c
SHA25673b5a3f38499d4e8d3090802468609c4432908b4b315a4825f55616b81aafedb
SHA51286e7d327961554f73a3cb76d0046ef3b582b09bf50a7aeb1f9c3ea711f62c5ce5c4393b42320cdfe91c3e54dac58fc8cc7cb477997eff5b989a7f710be02c16e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c8e980ca005c82e046354f1f46aff50f
SHA1ce8edb4e4e7fb77a838bf89ea7dd2da52ab7f6e6
SHA25674645826809f1fa9b274e4fc781da9864bf577a17f9fff1048323877238cf607
SHA512d8a1201a1786b79598833c0f07ab4dfa6f6339a16e34a425930c5c48a5035036ce3f14d7fd49ecedea12c3077fcabc1176613d2639ea55b3ec3928ed6780e26c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52d48f920fbe502b821b1633079c16bed
SHA1546c2f2ed0daf292cd6e3d22c09b23bd42d721a8
SHA256adc625ccd7acf7fef71575be6ce799a0b93eb09d40df808e319e4b1d55cbb16f
SHA51204fd115f74eeb990ad95ae072de75cb43bfc9a2e1eee5b5ae9db27ca740f859398ff53ce7b6f9965eaa09c34a9a4178d0c6a5975c2d8f589ef475556decb3429
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ef0aca1266a032962124902d3fc266be
SHA123971d6b8aaef9a0d54844f1a2101e505bde14fd
SHA256f59eef985b607a805e11fe1567a8dca4533afc319b90b4d1f70b12ca88297fb4
SHA512c131955e7e02d73c677683cdbf0459b26e8e55bee32d962de596a76255f126e0a7a82f908e98759bfeb5a21bf2cf3265b14541524e18c55bc953a725385faf3e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57c5b0c7fb878677bea8cd70becc39102
SHA179ca7bd42e2be5ed5aea17ad36b36c6afca98231
SHA2569f6b289cca4cb9a152cbb63b023a3a2a3b0f689c0193cd7953de13b659fdaa71
SHA512d4c1a1cd5062675c99125f982623e0fb8d89b17a3be4be340a3c7448c459e48166306981e779c456f0eafd6f67214dca1ef91b5b5b1057b091dfdb91e691941b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dce320233ee3d840ef683e3496a29c6d
SHA157073b70bf4249e8c78ba624dcf9497c29687aff
SHA256ebc9b2cb51096fc7f7ecceddc7edfd44882cf113ca733fc7c91d6924bfb9e5f4
SHA5122a849d4c0729ff8d0ea4774757efb4c0dbe4dc7d07ce231927df5b5ec3e38cefd3d3d68e00211ece6a0e3548c9cfa34b24431e65ad44adc93c153f807c27ee5f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50341d20aecdfe3cc45f08386e119cefe
SHA1e24477a36747f52df46eb9479543d692a1d0259f
SHA256cd0e3e4ef0d7913542118d29f4d159868a2e3d88d74343301ede2a39097de083
SHA51267bd133958665664203db835be3ed0be2192be57586a54be24ecfad5e09d7820ca7dd5b3422903b839304730e16c76e392c387f1b043786d1af84145c98f91bf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5379b2218d42fab02129a00106f5c7290
SHA167783ccde8859e1f09339f231386279a9da6871a
SHA256801993a3345055716bfef1cf8478bd131e54b7e79b6761a6ad779992cbb30959
SHA5127544af7c60b2411ed6c6d26c1437939e3a898d66e5d7b37f5236e734b0b17da206cb8464d049aba0e84a4199d0273914523af7d3c898a78428c35942d88543d3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ebf46c0ca7a4dfcb1fdc322aabb72faa
SHA14d180273a74c3f0d14cd453e1618a156924ca6fa
SHA256b0956701502b47fa966e541d07419896e6e6c5658f57e99de3cc09a91ddb0948
SHA512fb998ebbf1efb7c9ae9baca36fcbafa9d6059d27ed8958e024e80f368238d04b76c2801abdf20a27e0e080e37a16616a111e36b56b1a5951cc386bfe968cf635
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f55b3381d2111f2c7d69b44382cd3002
SHA140553b49a92b369846a23547ffff22aa8277aa5d
SHA25600ac5edf613600aec93d6ad42224ce4ccbc1b1314928ef9deb20fbffbbcfeb11
SHA512ed62047912402e8531532fd1162bbb1b03191df2752ba5bb3cfe2d24972e436988f40c73f26f012e39469825c3420f03080a92525d867aa9c49a6dd2344e25bf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58cf196f7d1be98386d8dd3f08260cbbf
SHA191c42d6db0a4d03a5051479cfde26ce372b9e379
SHA256ee0a81a53bd4e0bfb86d16b22848c5918f873dcd9e2dba2e7c7fbc400f977e1c
SHA51292869bf1e200c17b243018032397bdc77a3e40bdee8924e37b8af989f6b10d8371703d8476f2b8392e4153a2592905f4abd512436a93b7121232b2ea0d152117
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD596c7770d5470c07dfaf280c041f25ec1
SHA1926799ae32cadf2fb254be978e0d2d3ffc015d0d
SHA256822684a977d0e647b269c600e9403653eb3e2a2a5da1703bf38f673f5fd298be
SHA512af652768364d85495225136660edbb3642332d5d8a734f660f7a6434549d86ca8c9b981894dffcabc4902bc399ca2d990e8367ccf15e234d9159fc5afc37a984
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55988f2186114f23a4d42a16e6452b3d5
SHA1ea07f256462c427f214a5f7228e117b593a62bef
SHA256eb404bab2f84b4ef4d3c67babab5cd38f32b9013d16048dde2b38fc649df07a9
SHA51271cbda21ab2086df86658232da042568a3621f0b55b73f38a0fd7f92834f2219e7f5575e088b68f4a6c4170bace5abf7db8434fe6ede9990597d2d123963e939
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD521e40b5d05df6503ae33eb2a04d7e45f
SHA16f201ffd0f4b8b85af57e145bd0d50e74caa3cff
SHA25629ea14348d13042a67138d20f896761a76280a28d5612ae7df2f9c5b6bca732a
SHA51211c59b8dac0ba0b9d2ac907e16ac72466253710b1975ce1ab798967d349c2754cae33c646793f997b65ec09278d462927873306930d19b929a01308aecde34d7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5483b772d3ab1a2621bc76d366ecafca1
SHA118bfedaebdf1f5a342aa46366d88a55b246130df
SHA2569b8c372eb3a93c76c062960df7a323d6422f35d3f17e2577898ceff6c80218ff
SHA512bc3d8e43f7dfbd4558ccb7459ef7d9cc3389d2a4514b2fefec06f7a9eb8831423bcb611c1b9b33c8dbe8d7594474d2fd354ca34a328547ac3b7b503eb3b352c7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59014e52bb29518a01d56552db4603a42
SHA16eae57a0ca8135902aca88168115a1374a4c16c0
SHA2565273e77d9ef195f7cbc8357f15c19679a8792e72403a366c69d19c2a6c3740a4
SHA51256ac32fe03845af880ff39a75628c34f80a80b4056505c3d8c9730724a370bf4381dc9a4880fa7dd255bf117e728d378d42fa860a5368db1233b253c2a2df05f
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b