Analysis
-
max time kernel
133s -
max time network
132s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 06:25
Static task
static1
Behavioral task
behavioral1
Sample
a4315e30285ad13c85e3b3cf9f48e9ed_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
a4315e30285ad13c85e3b3cf9f48e9ed_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a4315e30285ad13c85e3b3cf9f48e9ed_JaffaCakes118.html
-
Size
254B
-
MD5
a4315e30285ad13c85e3b3cf9f48e9ed
-
SHA1
c77271e7e349a4b96ba8b664ae773faa4e036320
-
SHA256
0697d57903bb4bc243d1cc922984f7e1b38454361683b14845dacb7fc7a42573
-
SHA512
c8a2d11596f6fbddebd8263a4be1c627577257c2576e2595056e895e61639907277e1de52dc74e6a5eb4d7df3a161bd41d7762b026795552aa8196d12ea57cf6
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0abd1a15abdda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CD38F791-294D-11EF-A5A7-5A32F786089A} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000059c4d56c18ca73429a7b7cd03c54d5b70000000002000000000010660000000100002000000058b17ef4631199629b1605e8d1a62716cf918597ddc551e196d961ee424443ff000000000e8000000002000020000000c1a4b7fc22469db390db014744fa9c7cc45b87409dae9f30826f2a0ec2eedfc220000000a6fb0cbaad2263a97261be549851cf87b65d2ca265a0d032aad32f55592e14eb400000008143ae7993646dc9bb5ec660887e6eafe9496bed23bc024c27442e20dd64d699cb5c183e018a968f33d76af1d80f7236d333f453b2ec819679329bd9aca72198 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000059c4d56c18ca73429a7b7cd03c54d5b700000000020000000000106600000001000020000000a0bffff036909bc220872ad1f35caac2690be45020c8032e545bcfa5b3bf9316000000000e8000000002000020000000499ac328cf6e4d888e9f1e397530aec67fdd79204f41a27ea0575c14ce5220e1900000004a48a7e63611471200241f7c8a293109f0f6394c21a2b184b07d55a3cdd42f872dcef6f11dc1bf654502106377a844b9e10b8bf5c16a90869e0f358dcd3085fcdb09a434aabb0392302adc9d645a6992bc8696a6bfc25ee1d9f663647c80d107fdcbd8fc42e3b873cce48fe7cd72ce2e113ba6d2edb1dd59ed783cd3555fb64ee7486209a24cc2acf0becc9d28d37cde400000008528cabc5bbc459fb86b26c734fe7b1270d4b52511b44c52be9732bae40bee1eea540a4ccafd52f3837c2dabff2a532d348a614c6014260f2387d0a3f1b14c14 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424421828" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2968 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2968 iexplore.exe 2968 iexplore.exe 2848 IEXPLORE.EXE 2848 IEXPLORE.EXE 2848 IEXPLORE.EXE 2848 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2968 wrote to memory of 2848 2968 iexplore.exe 28 PID 2968 wrote to memory of 2848 2968 iexplore.exe 28 PID 2968 wrote to memory of 2848 2968 iexplore.exe 28 PID 2968 wrote to memory of 2848 2968 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4315e30285ad13c85e3b3cf9f48e9ed_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2968 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2968 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2848
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58a746b399268ac09660d5dc5a9533772
SHA129b8f77a0bef7fd824ce4f96850bc06ed7bca555
SHA256a51efdf5eda8fa1d8b4d02bbf32aa828b69c1dbf1940fe53efd1a29274cb5716
SHA5125a9f4e000d156f3839072fb33d382a28e5fdb7c0825c494737867b6edabb4f0d5882fcdd9c2877b71e1df2235bc8e2ae2dd02b605188427bbe6df27485ecdc30
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b48d042919099f22604aab0b7399bc9f
SHA1be1954783a3ac0b404d05f5c49c8ca2da967f265
SHA2563837643a2251a98c956588ca9105fce1d03e9f90e3bd4be2616774e225e0bfb8
SHA512c638c935937564ed418c070b14f95b705588d916393fbc498beb5ca9db72936653d2076a704fb0d35e97549465c43831cb7de2a57fd4c0f6f6a55bd0db912157
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e96673a1deeb828492abb617dbeb1b79
SHA1ef07837ce3bf965ce14b9f029c3099c8dfa047c8
SHA2567dba5c80e29a069d29d692dc27b140246421fee411231da284882a63a7c850b4
SHA512d2e8cfe17b69a04a700eeb300f94c3acb619220192c363ae088e84123af271852f6d284a28d9686c099d1bca7ab39163f39d33ca5955b1690a183be3ad080bc4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58bd215432bb6eb7c64f7d326622a76b5
SHA1586e61d6ca1e45b6307d0d56e8f5d9fb64ccb1f5
SHA2564b99c826b626faeb70990a7f06ccb4a97e827a3260442371222033ae9aa79a67
SHA5121c6dc25e73481510ea9198831da1a1c6a8c34a0714d0c78e684a0825a8565cebd1b8d247414b99c8e838b752772625047d1f8a188d0f76fd2154fa2d394b0bdb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ac3ccee4079a9e9c5825ef25877bc951
SHA17b8b35c91c2ba9b199b2e3498d43f560497aa6f4
SHA256fe38fdaacc3765df10764775d03d9d4d3ae6d8e5a317d475247d4c97d7b3e874
SHA51216ceaea9ef490452a54f239ffa100c2664494905aeef49748702625b32a699376f0e15f2897b43e4d7de3a55ea1f674d0778d5445c1ec05469448ac986b782c1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fe4126ef8a35b241f1439aa74ede87be
SHA1680e101a4f38b6aac7920795c7bb0f73d4c919b9
SHA256f863457f3621fe6fa465e6642f4d1ec89157d1066793792880e79de9afd044e1
SHA5121a534f26df43c09558f24d08ef63e58fe0a885472fbfd9d450802c6403b9a9540bdab7466720ed48c3d209c35f0252f4d0066bea41870012bb3982a935ee8a7c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53b95537a5b10bad82ec07af4f8b3c3c3
SHA1c8a25b64d6d5f6712a8f378cd61b3558711183e5
SHA25664a2890d72e9d32978e5242eff2573d79653d82cdf4659a465a844f80266b3b6
SHA51279870ee9939cb3414f490aaf230d8d5ab7a6665acda4205035b0ae4cfd7522d1f4ebcb8682b050a7dc6979c4ade48540a8b16227f51fcc07e51c449d9e452e88
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD591f5eff6d582a53121ea2b00f6d6b055
SHA143d26b4d36c43230f2fdb9e2b2c2dea645c094e6
SHA2563a369fd0ae00585f652c31da464455df524584faab202f8e31bbea95a0afe4b6
SHA512f63ad5332d7125b1360770f6c8bd1a6942ea23136f8653f3b1162f67c7db2071cb00ccbc2997f405f9396e1b737423d38d2e0de1b0870adb4a8536c616604e60
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ffb9e2e1217dc7d6a6eb4a99c9942545
SHA1a2afb3beb356582869927e5d8464a999f42ff0ab
SHA2563805994003835ba04498ad9a7bbda94887cbc77a730bb6d42fe1db2fea4f5abb
SHA5124311d6771c44182b58ac6b39431531d2423d9e7fcbe8bbeaa247090a6f43776578e947cf81e2ab056bb8e33322b3e366fb0623a11dd3f2ffce04f5daa8f6a6ae
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55ee4a81abdf277f323a90dcdd74a501a
SHA14459d3fe9336f7f620f784c9cd9902e1bef11031
SHA25678fdd3571001bbbe5c2da1b2a9845d0b23346f2a757dc84213a620ab8bb36526
SHA512b0a3c7754c023be24d9ba4208c757fe3ecde8eccdd0367bc22c9c0255339d9c7c391aa29c81d332ab2228a65b7908c483cda9d9fea1fcabde1eaddb67a6fc416
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5274f1c7f0b8a6f07811f111fab9df5b9
SHA12e1ad4686ccd4a132dc3662d7168e3f6079779cc
SHA25691dea9833260cf5ade5d64d4d3f6652c063f464ddc85e25d988cef7ec1b18db8
SHA5125fb5d21c9bf6370168861a6144698f896352a6e57be26d5ec806dddbc7e9c6d84c0bc5bfee9ea723066d65a1959f5e5ef7cb4287d2e9103d77c0d89d04d8efbc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56d5c1b0ad1ee8e910efbd1076c94e487
SHA1fbe96b5a25d7dc78da38c7e6a688c57bcd71c333
SHA25686c00ec8e903f52dc697d532742d32a45e01eaa23059d7a395cf8278177bfac4
SHA512331608b385a1f3b0ef663c6fb4f23fe3dd370451d20e30416b47fbf4395853efbe0da9eab558c5c1228d65460aaf674cef811c46a299a36c1b9cd55a37e93e45
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD535c1a2f3909bf121dedff99b01a1b523
SHA1ce53aa5af86cda7a7750330de2e5a6cd907444b6
SHA2568546a45502ee2ae5e5b8bfca08fd5371cce5e8f724bb5d08a4782fffbd67908d
SHA51216e903f9b927ef5c1e90e638036c8bcd3839a89163507bdbd7be533fdb3d862439a196f890e4b4f9b8510d912868537ab01a774e4bb01097f8f57a7762d20de1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD554d0f936c218d8712b5264b00b1d193b
SHA16b1e039cc9c114de2f8193f9f1898b4bad4947ee
SHA256f54a05930a3ebdb0e298d5d60e0bf8593433314c551e55b1df9f83f24092f347
SHA51269f1aa38f69bc4159acc6fd96b157498b7d4f4655173740bd7a5b5366f2c2f679cf9f8dcd3fa88cdb7d8880db3c604f179f6fb8c3168d83db421dac7aa0b6cc1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD512c05386df9087eb0a28a13f7f514981
SHA1bd17308e6fdd402b9bd740deee3e63117a1cdb82
SHA256c99fae7461e820775e457a57cfe4de66e0b778645cc6e660958b3a5e76f973f3
SHA512cdc02b7c3614999d03f4b78b7453855d0af643758df5adaf8d796dd2d8ae73932b1700cd8ed0d7a7938e678ff7f11cfdd9e3d55f6d2ce61c706a319a021e9b1a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD513130b47825541435b588f66253dbdaa
SHA14d976130238d4c1d1a68886fa3a0b2a9ec4e2f01
SHA2564f0afae132224100d952eea7402b441def0a346ae12b2dfc392dc752389565e4
SHA512a9ff9f8c41e0b8faade267feb0a230ec80248581c1c658679131689d10ebf491acfd5ef7a5fab8a8ad94411504aa14d2d1510aea41a7845f3fb3b0341f297192
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51cd647bf66627be1f233aa0e6b0cbce6
SHA1882c2d7a1a9742202fafbe4886ec7747d8fedb94
SHA2568a3cb96da3e376bbfb67f4ff6b629d0b174bbc77a9093f8c4755d7a5f10b34ef
SHA512319fe233ddc463f3b4433953e701a54dc197d8d521128f8baad12ca3a4630ca4b45f1824aabbb8cd40ea1216cfee4a3c13aaf2a7e28a9e9a0c4e6c9697311906
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50aa4a5d16e950659b51700dce46126bb
SHA152b74b85530287b7abca0658d3bf4a4328c7c14b
SHA25613822e622a200e0e8507ba1340bf31d258521531130489fc7ccb7165fa3ec03e
SHA51241e76d38185fb5312eecfd8f50d6854694316708fa654370812d4b59d7843659599ef4170105228218177cf722c61876605bc211807dbead5b91b373f5ba1fd3
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b