Analysis
-
max time kernel
134s -
max time network
133s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 06:17
Static task
static1
Behavioral task
behavioral1
Sample
a429ff2d83de29ee5802e62299dbaba0_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a429ff2d83de29ee5802e62299dbaba0_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a429ff2d83de29ee5802e62299dbaba0_JaffaCakes118.html
-
Size
3KB
-
MD5
a429ff2d83de29ee5802e62299dbaba0
-
SHA1
04e69d49bee9adc8f047e4fafd00cf969372cbc2
-
SHA256
a13855d1f14e68845eb1f73c91777a01d5ff1406715e412f23e912d4b56efbda
-
SHA512
194ddda784f74513d2eb988f21de3f37674331dfe8da763f8d84f4a620501c28162577a0ed75e867d961d264199b8cc65f7bcea2331e33d56dd79be88d0f66f9
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000012f01745fcc0af807f04f46d75b66027f51b33711f9b305f17f10672106f8013000000000e8000000002000020000000397f15a5a1a925de03f3bc02770c689000cd0cfc8b4324a041bcdb295689d42820000000bc8b62dedf5aac5f87c6c7cd7608b9cb52e2afa870e5843c4b026633dd5cd85540000000edcc21b454357d8036351caf542915d716dbee2319b706df297ca57aaf4efa0550dd87b87bc008d1d868e34ec590edfb8bf342dd083cdaaabea7550b67ea1074 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B1E3A451-294C-11EF-A155-FAD28091DCF5} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 8005378759bdda01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424421353" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000072aeb5d2a54a28136238a0510b43bd38f87fa462dae42adc1391419af2de1a93000000000e8000000002000020000000f865172f173581fd20e340040c16f891fc25d68542f7d667d1b1f39af33812389000000063e67fd28787a94479c88582c61661cb0c801da4a72ab932b21b1215169981005df29347509062b697e909171afc74c7ffe8961bdbc1709f1d5d1e3a1c2ba6d270b8156f95e292c0d7e26eb6c819e55b36f6d444d6ec4f439cc9b03d9fffa907c888ee2d038aa1fe70d7f8c4eb34596c339f78c6b59265ee0e84ea4c534f5f2199a4370f71bd1d25446344247a1dc94f4000000000bcb4d83a5c662a7f37685cea94d90c2eb7b020e6281e54270143f8dfad3d513fcd4693ae1b4ff4fee3c1669afcf6c35250fb974a6b4eb726637d02664a76d3 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2324 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2324 iexplore.exe 2324 iexplore.exe 2256 IEXPLORE.EXE 2256 IEXPLORE.EXE 2256 IEXPLORE.EXE 2256 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2324 wrote to memory of 2256 2324 iexplore.exe 28 PID 2324 wrote to memory of 2256 2324 iexplore.exe 28 PID 2324 wrote to memory of 2256 2324 iexplore.exe 28 PID 2324 wrote to memory of 2256 2324 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a429ff2d83de29ee5802e62299dbaba0_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2324 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2324 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2256
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5671f8b7bff03d6090da2b40adad04491
SHA1f18449e93717dd4c7409ac07a5596e6272a21ff6
SHA256ef2be444b4dfb6ec26fc5b44e09be2f32e35e2a5af7f972bf6ef2339b3fd8c5f
SHA512272c3221729dd2a3178dee3befe90f7701a8dd4abcce4363725bc26c89659366edc7763ad2cc1c7e43de5e98142a46337860bd3418b6a836049424c40948e39d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c15ced908fcd2b182c8a310bf6c4c182
SHA1023ee55f345148889dd683c8b56186f58ea0812f
SHA256f6484c83cfc56175d91f050cccd8da338997ddda63ed124575db46d26225f8cc
SHA512e14962434f89c3e7788853296ae23564d3226960219d2db572b593f307fc5b5ed01645dd28bd4f57f817ea5793da56127a700affc6594f004920e9048f0ba888
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cd664fd79ff1499772da00d31cf0f175
SHA13a29b17de537141d84dbed839d97d88295a68a7d
SHA2560099d4c8b9746b780c233e5ade857cdd222b9675ba7ea2520a49a24ecfeaf743
SHA512c18f77ef83827b952b7ea22933633b1c76f624f360a47fea37e6444e8c6eac7dff8f51159d543208e683fd20c42296d8b2c88b0b9a73fe48332d9f44333011cd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59cd9c95993955102083a7c5527eeb7ce
SHA149c04c3f2e6c0e83be3c9c1a983cae44d7569794
SHA256e5411ec186be3c9c35509d3b9b18a2a41009eccfa82bf8f0252f4c5896cb5bbc
SHA5129c3b64453b8c1993d35daf3a4995051e0d5ebadcb86705db620bb5574b3c4a0b3de9b485668a0becc7300beeed68ad08e41b08f46ea6a9c91164829df42ef69a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD578d4472a0605974100545db7de9e51bc
SHA1ed8cf953520fbc3809304655289d7399e6350e1c
SHA2569be15587a739fa3f318f938203f7b48545f303a1c60989415fd91a36746370a5
SHA5126427867c0b7160b37d2bb72e3a550ea396bb70634c1c7b02d3bfd88ebb49974bc37998463b7a7332542703046686715365c23c3a45b0d6d28baf3c53368c045a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b0582bb552fbdd26a1764c36a7036acc
SHA14abef6d8082979a1d91318397025aa68a6f026e8
SHA25649d16bc541a2b9bd1016d1944f0647bfaa544007494ec5081e73da664c92c97b
SHA512c882fa8eaf47b6bd2e99c279d3345be74c90982cebfa2c37fe9a512975312c7756ac50ce8d0e05b3eb30d4cc2602c9df679d30c50fc7c3e68d65d2165358ab5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52ecaea589ce8970461cbb738dc2fbd19
SHA10cde6aa39ce8aac2f0fbb6a88e107b5bdd0ce522
SHA256f743ac5385ee5c642bb71eaa78fb71db7dc3878ab7f93efea71496e36dfd5269
SHA512eb61f1e63350750d1ef15dcb47abb30cbd66272defc6257fe7a262807accf603489a76a2c9de283c92aa11f5c8cc3ef26fcf3f73ddfe0b359c10f74faadcb27f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD597463810d1a52420d09394b7cc6c80ac
SHA12507edfbf361eba98394519972d6d20d0d477094
SHA2568f1235ae24f4ee8bf586eed0be5f6e33ff3704eeb38aedd35636ad25f5039407
SHA51206ce816ef93ac12a268683a99deddc1bb4fab2acb64cc9455f15131249eca9669061ce0f42d3fc37654c9bfb23ddd57b5a73698f722ce0e88032dfd334a6cca4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD593237832614e6f20f0038dfe69f45f6d
SHA10389c35b8cff903e20266b01234fdb84f599c7e5
SHA25605b0e7fca08c3eca5a3ab670ef6568104c2f671a0a84f789392ddc90d250a9f1
SHA51225aa13226f4e73d987d465fa73355b44fbda47d7b4a03db8c212a634f26fadd2a96ae06d6f6efeb5477e0d575a36c36c5e841c492be1b1b0930232d6eaffa4d2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5823d5034b23231992c488c761894ef22
SHA1858a5e614487969f2e5937e920c43c3463478d4b
SHA25663d09f825defd98bb7e83fb96671a149ff88a646e97abd69b2efec9fe89fba99
SHA5123de82bf61e70ac4e955b5cf7e053467ed273ddbda218a62ec2dde3f2f96491384d109830268c48dcd42ca27e62a0b15c1d9ab743eaac675828b052ccd03f1c1b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56421faac9340beac93f763fad80cca30
SHA162574de98e4d29eecb994b102da9aabdf7f181a8
SHA25637286873b1abf0b75d46f0633510a3d2b49717d282ea238bb0f629c94f2994b5
SHA5125563803c38116f6b81f958b87d4a5f05eb833507cb0127d5301352fdcd28e97f24a9223f8e461ee1e50825311aa7aa0121c135e413a900bc5e8a8a3f3bd806e1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD567a460e0ec61414d31ea8d0bd8f10a4e
SHA161ce507209fb28b7a4e8fe74b603f94ad9ffff97
SHA2567ce9e539e0564196f42abf35fdeecb0c0ab5309489c7c23af530cab4335db396
SHA5120f4eb17084e662a4a91589715d01dac447056ff25b8f0e427cdc764087d3d95ab01a98a02a3e5807e0bd180c12c0753cc9d28769fe9b8b76988262ff9e85e157
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD504f2d14338db2b37023aff9921e4bc66
SHA12718df70029c53239c19abde140f3de8bb4791e0
SHA256ffa10c2becca7133d7faa145d27b527bdf21836d19cecb4fe65b8ffa1d953cf6
SHA512c0229ddd139047075c1f543aaac6f61d5d8db89402250e1728481d39eac05fc65c79b1ad593d24fef36d6fba857fba9d47c5f5343b31e4ef1a356e1a13adb630
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56ebb50a051c7ad6bfb5f5fd6ae5cf69f
SHA1eb06c5571f1fd32b2720ba4fecc3e3a4f12cee1e
SHA256ea8842ee14298d9b6146548ece9234dbcc80864375cd2e28fe8597f732a83f2d
SHA512bd1a2980db6359268df60e1e75ecf82c52834b517defb88063f9e74284ce8f26a3c2728a922264cff05b062999280380110c1c12619612aed9372e0a371d6574
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ea861b57fc407738fbaea497c127623a
SHA192df0d101e6842e2a30eaf19357e6f4c0e2d0c56
SHA25675c07f6c60efdd2ccc7b90c53fbc82c9b3573b9276ed1897b7420077046a9cf9
SHA512a9f92fb1917606b73b9ae65040dd424435bf7c435d8413ebc27c511cdc1eba904d3a3b3c98141ae5154943a0c0d45593f835fbea751042752ffb01488a4ac7bc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57a45a2fabea181ce3b76c0f8fc23fc24
SHA13928f74a25cd967d18e6f943c83a67b20d63efc8
SHA256fece8f667f112ba077ebab29f5bdf77075620572cf3d39276ebad22389d4bdc9
SHA5129182469fa32cad441619533d0f94995ddedfc6b6e73ca3b878e95188b9413dbab6c258dab988f488391deacabc4d89d13bc7df1407f0b31d76dbcc2e4ffe3506
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD531c7696d60d7b027adb1323337b652bd
SHA179737da22de4a92cf45dfe4486388f53fbe209ae
SHA25639fd8e96ef553189be8173f7aa8908b6c432d6f555f80c66d9b3ee124e083c3a
SHA512a2424d6b43cc92a94af89371c6e225fbbcb373ab83be9e195fd49d9bf338fc005854ac0c118984a8830cd19b4b8c43a95645c4bb0f5503679ce54717efd5e5ba
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53d300aa629425041f468f525e3e138c4
SHA106d97905e08d8df24aa8b479b712132481e0c1a3
SHA2568fe3c442302edb657d30993dfde6a54e7757fc1107d628fccef6a2c32fa2689d
SHA512de7aad7bfa3f4a948ca9760bf7342f69af9c79876b50816cfc76f21e434de390e9dfb83393d88b5cdf9824dcb2b5e71cbd8013b253647d26c367c930b9f5a072
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b