Analysis
-
max time kernel
119s -
max time network
130s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 06:17
Static task
static1
Behavioral task
behavioral1
Sample
a429f6e259eaa447634cdac8ae9d1bc0_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a429f6e259eaa447634cdac8ae9d1bc0_JaffaCakes118.html
Resource
win10v2004-20240226-en
General
-
Target
a429f6e259eaa447634cdac8ae9d1bc0_JaffaCakes118.html
-
Size
17KB
-
MD5
a429f6e259eaa447634cdac8ae9d1bc0
-
SHA1
3656bbae381d2acad808b1bc1aa2abbb6d8f07df
-
SHA256
38dd83dbc0829eb5a5b387f7cba7a676da73bdf44371d0340237c115b029dcb0
-
SHA512
3cae25f72ab2beffe4b9a68904c901daa988f05d3d11aedfbbf577d46929a8697530a9f911890dd5be44075b5992f8eafa5db6c5a0ab6daaf239d56034a0caef
-
SSDEEP
192:PNiUAOFkIdfWN0o40ysDJJuzEw2G5ZcX66FNwXhBabCXPzpM2gqIEPl9aoc:PHnMKeANWFFyrpXP6JqIEPl9aoc
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000d9b3d9e2800e85418cd5b701034d59d26bf4286a4313635f006babebd597e45c000000000e8000000002000020000000367eb42ffe5b75ade2e38ec48b80afa20d44903a0af910c73d081d5840276bc2900000003f105b2f544cb4c848951ad37432f7b218a8c783cc7eb1f3de3a595c6347467dbfaba3e7e085a5f8c157ced12670c523830d7e30fcbc413ab2459ec64cb51a3de99cec742eca05d43a5cf9b1833271cca1c4b3541c85ee987481b0d079a8140f17e8f2595b0512f504e05917c7c53a331d275b83dc1bb6733e8aeb8615dd8c71aa641ba4b0c64950cd641d9517e5d80440000000f1a8d9fb91432b0428b2f734bbda8a21d146a15e213048c9f1b6559b3234c36c932ad6550c874b889d4eab458c5167d405fd0c565ba514e979509e22c1baaf79 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb810000000002000000000010660000000100002000000093ed2e9d08c31a2d6a2fe9b94ce0746f123420f7cf3b738130b37561cf7fc4e3000000000e8000000002000020000000ed0395926ae8de57e4818887ba2fdef69063f2f63cc5537be82499e611aa202620000000ae115382bf5162e9582b526cc66ef692d814d91c3307cb754fad05b151b4726b400000004a3a2c5f02a2358b2e3ebf7cc1e4f9f42fd8ada19cb6d5c14f1255ee7554d656988bc3c8e3d55668b0eb926e3de2b9a129c018b615c1fa9d25773645c881e42f iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{ADECCF71-294C-11EF-BA09-6ACBDECABE1A} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40c5988259bdda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424421346" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2160 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2160 iexplore.exe 2160 iexplore.exe 2236 IEXPLORE.EXE 2236 IEXPLORE.EXE 2236 IEXPLORE.EXE 2236 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2160 wrote to memory of 2236 2160 iexplore.exe 28 PID 2160 wrote to memory of 2236 2160 iexplore.exe 28 PID 2160 wrote to memory of 2236 2160 iexplore.exe 28 PID 2160 wrote to memory of 2236 2160 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a429f6e259eaa447634cdac8ae9d1bc0_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2160 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2160 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2236
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f992041ed7b3f4ccdf1f2b1279ea6077
SHA14b8bfaae0ec6fe561af00499e4f7fc2515035404
SHA256a801e5283420d453288311c24c55f4da736a491fce2ce6937331d082b8b2ce0f
SHA512b443c555410c261b384ac3f06666a5dd534eecee90c1b411f8b17bff3145b9e208493c6401dc4a645c91473d152ec32a1fc408e475171594cc941c66dce6b05c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50bfd2c95ba42b34f7b96c0e1ca8e122c
SHA1b10dcb71f799d6019046ce9bc7226061b2fb9ca8
SHA256202351ff991498b74e5736636b8b7e0a24c1dbc11d4c8c81c0ed5e7d99a3c58b
SHA51284a489dd7147afd33b808c5cf1ba9e83665abd2ffd6182f039984f8abe9fd51391775d51025c85a1bf0ad01a24436f2510b78a2f5111d5b320831548f3cf4418
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5204be03311a233691f6f78f9ad1c5450
SHA1d244a5b4cf9258713d59e75efd328f21a8bdf5fb
SHA2561f95585e88c6287d84ac6f02990cd5e477a62f36bfeea9db259bb7a499125206
SHA512aa8cd7d2c10262ff8c171e7bff42fb6bfce95c7578e98b56d5927de4ab75afb339e19e01400b7e10e1064011068d65af156db483b16ee20c23d39a6759cb51f9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e4f96b1810c14dad731898f0ec199a06
SHA1f7a019e2d1547804bd8e600bb817166e92c47953
SHA2565197ab1727eefa362cc2d3ad8d13edb854b582fd0beb7e48aa884a5c551a5df9
SHA51259148250cdd3c7c003ad7b4ca9202f9624e6d8c1f3621226ad87bdda21afe98e56036c207a2deffba829940a5bfca2966b4adacadae98ac5678e163b77f93b6d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD581b35bcd95cbcd9d2d6ef8fd7961ee61
SHA13b7851e9240920d19d15e09ab93de1da4c0e463e
SHA2566898a136f92b5930160f44aa5f83cf412cb15148d5659c822f089d605a87e6be
SHA51281ea281adde489daf3bbc5da65b4dbbb6d6c4c61882dd21f78c9acc48d487b2ff3b07dfa9f3ec1c3b23906689cfd67f019e56d09beea6bbe63634b0506b099f8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD538154364b65afeddc39d1e1ab00158c0
SHA10de3f6014d2545d5b021ee5a85d0dbeae19b5c2a
SHA256524b399bf44a02ef247262a96f09a4fb2e356c8a3e0935e7428f1c4498b2bab4
SHA512099e4c220ea5397262f129e798826b7009cf60b8cbaddf158e467c0ad6a55fbe4541549e58a5d6d7256cbb9f0dcab94c9bf019eaac1394b9390da4ce8d0963dd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52e704fd00b4d8234005257ee163d8a67
SHA1e307e2691d86ba3bf7bb7723d896ac7afcc39ae6
SHA256aab65620ad02a1081dc30c827f9569df12b25f1d53f86706d81b326cbe9361a8
SHA51284d1018fdfcbdb457e46c88b7349aa9d1279095f1b95e0ea4641204acd802993b35f09b8ac0dad18de0da410a2ba6be5fa9c7db362c7c501b073d12b77764767
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52937e8c1694484fa06372bf7570c76fd
SHA1752dff3b7e425588db6caf1d262e718c9ba502ee
SHA256a7d1ae984aceb3286d0e29c794a1fe6e078bfabf811abbaae387804aaf2fd0a3
SHA512caa20c9880e5e09181ad22e75bc785f9a525ed26c2adef06486b939220ad2dc8b37cbc16bc59479def302c3ab1dcab6118b1bc11b2c6a089b9ee02839099a979
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5022dc8f3068ed1db49e470e30ab250c2
SHA1ddd1f19b585ecb9583416cb2d33b61665a21315e
SHA256723ee2a8151b64c970611b3a7da1f05c5112e4f54573bf30f8508076111e28ff
SHA51256ca051c6d6546318c47780303d75b21b03c8cafb63ddcddd0ba277349f4ff07599008c4a7d10d43c0f45e3f55a2b352db35a1642b83f179f34c7b4e0ff99e59
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5da4b51c821b9b64e87affc78585f1ee3
SHA12e14f36b2b37473f2d36a29563cf81c79556ea88
SHA2563ff1b218b4770aa1fbf4370c6b539eeac2b8dc17130ff50f15a2cf16069cdfe1
SHA512119a5f82fe09e9155d9ce92b981f655a8b689823109113772ab32efbeadd790d5df9ecdd27e83f038fbe3443661c7ac659c80cb484d24c5799390f85068da691
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51b22935c13b30dcdb3338d5be8a13484
SHA18deccff6fd1fa9386ae8c43f6f9f6b80bc57f5c6
SHA256e60587f60f73256cdeefb860b3d84a2592c8ed29b2151f8ce95ec6e79541a4cc
SHA512ec104c1bac830e4200ab712fc3414945d196bfe94808e0aa4dc7dca1cd6ab6af053c21fa051a76cd554c859271dcf4a0e6d9d2b1279b742b0fcdc6d91828b0bb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fe076be0271937cac8780a63e819ef19
SHA1c9c4331f364d88a78f4a7a005bedca127a6075f7
SHA256dea473e66015ae96976fa6805f67fcbb03c8120b588372634158e2b77e137c7d
SHA5129307519fda43cf81040bf6a1ff673907e86665724fd5d885f68da4607e86e0c39ecfd1ef71dc8d0e6e5a2841b967530cea00305e41b0b4a36dae4bdc91df097b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD548a201521871680c66884b0b181f974a
SHA159f151cd6b97c6c8bbae57928b68f91b4afd6145
SHA25676396a1f9cd128c33222289135fc4ff8292691a4a61f9358fc510f2769641608
SHA512ed1d10b1ff3c5af00ee38a141599919dd6b7af8b969af6b2aafeba8dc711b5102c8553a89e86561da1e76f75b81519b70b9d0a181f843f3a891edf50bdd0109c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5716fcf1194f92019da9f8b3de8e1d2e0
SHA1cdb291cc012e1f51d1e7f54dccd59f9351adccca
SHA2568a1bfdce9af1e0a1e77b0551e958db2aa0215280434f61729bcf093e604fcc2e
SHA512617078f6533004b553c48057903d4d0bdd77c5693cd7b6c01a643c22bbd61af4ca06f38bedc812ef4336c3b9b5ee8ad24b81c696ed27a55265bc39f6c12b15f8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50fc316c2ddc16b8082a81d828bb74377
SHA1e27bacfb1d01d1cbbbd568b4835cc10d0afe36a6
SHA256f517b299daaa7c9cdb899773e33e58e07c4d0af03e8123d14bd2f8847d7289c2
SHA512fefbd67fc317417a906ccbe6e92707cb4cc0fb84a12feb144064d1961d6c6b34527575b46e6ae057af1b023c140f164c2262e1b4ec172ca81ddac9237789ff93
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5abda0a5e14abae3cb82a38ea550373a9
SHA1bc2078701337f73397a6fa6746df7710569653f0
SHA25619f865bb4ab5932c352105c1f1c4896ce5def117a48b9bfa7c9e5ea24268f883
SHA512ef0d43e15f3cbc1844cece3690608d7f416e92ad36c256e99e8febd64d467c3574aaaa945edad1db7166bc6de21045b1aec6bb1601203b759aa5018ebdc03400
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c77ca244366baa5d54e0701c0e88c7de
SHA1238643d4b7e43d70267cbc13699b59e79438a517
SHA256314c72b367b83b1fde78fe4cae6ba48dce9a9fb7e3305c5598c408270a615c28
SHA512c9441e85d4596c46d8d0082a2f25d061e825f27a0a23c19ebfc658bb6d06fc8f6002d44cd4d6d6cf41840b322567c5681e8c82d115c9ccb3463258fcfefe81cd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD558a47efebcd83bfceed7602e7508e826
SHA1cd5776126711f847fb62818f3e46f9cb0d5b1524
SHA25699c00b58122e67f513e40fac7b46cc8661c60763701881ceebdf3a8fc05150f1
SHA512fb9cd4fdfb5fabad6c7ed8ded628d2d0f11fd6675ec1ee18c107ad6d2414715fb15de952bd23a8284528c2b252e42499415368428984d1a8d9c962f0a9b2f429
-
Filesize
67KB
MD52d3dcf90f6c99f47e7593ea250c9e749
SHA151be82be4a272669983313565b4940d4b1385237
SHA2568714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4
SHA5129c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5
-
Filesize
160KB
MD57186ad693b8ad9444401bd9bcd2217c2
SHA15c28ca10a650f6026b0df4737078fa4197f3bac1
SHA2569a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed
SHA512135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b