Analysis
-
max time kernel
120s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 06:25
Static task
static1
Behavioral task
behavioral1
Sample
a430819d8bd9c6df5b91448b896af5e1_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
a430819d8bd9c6df5b91448b896af5e1_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a430819d8bd9c6df5b91448b896af5e1_JaffaCakes118.html
-
Size
3KB
-
MD5
a430819d8bd9c6df5b91448b896af5e1
-
SHA1
c22431fffb9f7aa84dd12584e95451164c1d9350
-
SHA256
ed379745f86affba18e6c94bf9bf2f068475457c3681dbcb0ebec90114223354
-
SHA512
dbdc22d730ae0e9aae486349bb589d33dd966a96c8ac1a95aad181795c78776519b33a99b7201be2e1aaf9bd1ccbcdd265626df390e979c6e375bca8f90e4972
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000015e87fc80eaa0a4b9cfd4616b4efe15f000000000200000000001066000000010000200000002b2000ac0d01b4da5e99068e9a1bc9a6289f44021e0b5791186292cedf0d80ab000000000e80000000020000200000000fcbbabf934c54339d012e3f2957cb9d5cb770ca1a789ead3b30a9621f6765912000000016b2078e46fef609ff2901f8a746316d7108b4194f6419ed36d05a5ad43ac5d940000000b1180472e0dbff108b3148ced78ae2939a7f732d9e0869d4dc6ee537d8f44e66f35c2725daf731248957706eaafb8bb0c3dd049f0577c618132ca8a2d352625a iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000015e87fc80eaa0a4b9cfd4616b4efe15f000000000200000000001066000000010000200000000aa0c3250b168e5f375bf993e440586d5659a5b02ccd68565ea8834eb8815983000000000e800000000200002000000008c65d7fbb80a73b90391e951e3b740f76b8bf68e59b447358c6511936e299759000000083e6425add7ac95001b26d31721097accc82403dcc2286814a310d8e7745571578f6f0cd859cf86134f4d03b8a0b3ffcfa1648f67070a88b6d0f0e012f9197126a2bef59dd4dc1324cd6ce4706e7b7c18ae5c12518629a55f5c76dc74451fb4803c1707a8bdbedf54f8d709da658cad65874467a51fdffea2f7726397b7f9fca6c290cf506b8f014112ac1f96c19807640000000dffef1bbe2de4ead6f7960c453c9f2d8323d0b8d8f80006e638c10bbe1023124454d733b6837c021501435fe51a352fe0d1e7e1393824c4887227ab572af7fc4 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0062f815abdda01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424421773" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AC6E3111-294D-11EF-9A4D-7A846B3196C4} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2916 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2916 iexplore.exe 2916 iexplore.exe 2444 IEXPLORE.EXE 2444 IEXPLORE.EXE 2444 IEXPLORE.EXE 2444 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2916 wrote to memory of 2444 2916 iexplore.exe 28 PID 2916 wrote to memory of 2444 2916 iexplore.exe 28 PID 2916 wrote to memory of 2444 2916 iexplore.exe 28 PID 2916 wrote to memory of 2444 2916 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a430819d8bd9c6df5b91448b896af5e1_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2916 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2916 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2444
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fb286578a7b8eaf165ae5c6d54f62eac
SHA190c35e5a5250d5a1924b47c840d5c70037a6ee7e
SHA256013cbf413326ff0c0a5b79761224275a3d5e2ed157879389a223a4439e458748
SHA512faacb17e2bf346f7ce93199d66558f1d0374e51f27969f3b641ba8f45eba2b1ecedc44f5a072185b91a18a58d233ef15a1cdf34926284876d0ada290547ca1e8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ceca9477733eb3f3a6b47dd140d70bcb
SHA143e873dac0ed9b00f5fce214375160d959850897
SHA2568f01074c87455a4394f16286d5a90634f2e4ce3f112c55970cd4daa056cc709f
SHA512032045e3f9555a186c6f8e65bef6fe0ab5cb5b27b8d24aeb02099d9a54628e25ac645c9fef459eb73f389ca9695695f9c8cd2d8b67b522de2fcad1754d95a30b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53c4da5d55195ef63b2a77cb80a6956fc
SHA1db4e941a15c6ba9cf12dc04eb0e490a5ad397bcf
SHA256f2fb6c742091ae03c36a8e1ed81bab220f530322a21ee8de299e752de058d150
SHA512302c97a4f2c1cffd5eb82a91b69f99a792d6ee0a48818595bc5442b4c11effec07ca2f02ea52287c0171562414939dec3b2dfb5b5bf8a6f16d68c6d6fa7eb41e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cddd92044c05056e0b0942261edde6fe
SHA1672f8679366f686b85e8487ec3c7db51bd177d87
SHA256c18953c4b44c044584feadbe81bf3a761206c1cb379d2c01ac8f807e3335b7aa
SHA5123761a49f7d0932e6b552276b222ed9589a68d82605fff591a88ea7f4bb1694ba1a1704aa25c533e1234be0700edb7e054e967d6d683c7ede257eb6c5cf2b91df
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53c7cffe73cf386ae50aad6dd60db529d
SHA1ff1a54bc2ba5adea309d112fff96cfb51d2a3f76
SHA256aabbdc09dcff8b4289d0f971e8794a286cc4c61067a00c623a481f73617a345d
SHA512ae34d38ecdb0398270c0567bd187a577a436dcf01b1915000f82dec42b2608509d4db1e2dd4f27da371b64295f927c94f65b4e51dd8a7f90b63dd73dfd1f7850
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD542295f680ea085663d89485b87fa50ad
SHA11c5c6e0a9c080aa6c8b55267ce45927d10081035
SHA25654d96752d4996478d13f76a0f468810f7baa1f8f80762f0656e127d283cedb87
SHA5126edb4d337ca5f5687fcf894c02ce3632383717f56cb976afadad7bad5a38021545cb11f6ad5679f61c706441e2531bad32cf1ec84a0a0c465e6401d860d42872
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5538a222862270c52f139c4aa692df83c
SHA1e01ca000c2fb553f9e28c588bfcbcc66f310633e
SHA2560f8c93bc12ab0204731414cf0202d0ca8d3376bd2fee99ca83a5cec48a53b66f
SHA51217d11315dc4f95c0f0e0fa61f93eda27c1f1098f91c4f321f09f81454b5ba2c6e27220998d95cd2439ff95ff57f34537c4b4f5013196c0295feb154618d9b786
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ae9f1228cfba9a63a9d52d46ec44ea0f
SHA1f24a6a7a91160d3886280f376b0052173a9a4a2e
SHA2566da63a1518490242d379bd9294abcc324d4a8cd0e1d558bdea2ae835ae64bc1c
SHA51225bb8790d3decd418ffc05c7eac41f59ac0f6206a8f36065b72e9e9d1ffaa298978a4a10dc7605cc1bec7f335ca1ad3b37dbd457090a5699c96a16ce8b4732d8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a8bdfd38c42f82760da6e67210e15cbe
SHA101148701be01a75583dd14c061de646fac489967
SHA25670edfcbc0f43af16f76dc1407d39c3abfa7c38b54e6cf1f3b3ec101af8414f3a
SHA512de53c0422bbe01218282391c5fd778cfb202de2c1946c2518452ac72af0908d7977e6496ea5ee88faa355726eb6d4076ec83ff69fc707c49657f867e9be3b5fc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55597f3aaf70c19d3e6f3e379da9fcb68
SHA1195c736f772378a8e7ba63f7a0931d05813dd592
SHA2566ce0d18272530e5e481c54be76129df50ddcf4529ccfc1c71500514700dd9352
SHA51225528e28558f5331d8209976dcb1e3478e9b35f1e093f3701fb41028c84a6f8e59eb94c54019a520cbb6e563c236ab80306af4f7ef29f5f98a70f9e6f7dc839a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD579051a0ef9e46f2ea7db99d64a77f106
SHA15b9821e4620f24cbf0a438c395bfaaa98f8b05e3
SHA256bf5637dbc434215a82a2cb3b39c7df5636586ad8f050688221dcfc5e781a867c
SHA512eac813f88ac9b84505254ee8842f31f9bc920ced992335018936c77f316d15a83d0cb2b164eb26624a97d66db289710ae0ad9cbdf1ae7b9fd1306eff587c55c8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b292dd5a1fd12442d5f4468c620313de
SHA1df698601b6213ecb6ba9b7a79cda382c8e62bcbd
SHA25622b1eb096e843797ad3ed96ab6af4b089e6ac810318a9e898514bc0dd17c4a0f
SHA51287a712fda9588833eacfae90357f5bbd85ea479ba760c247436a426a8f83adcaa6ba30a8861f25e54ae5864a1d87b0c8edbbe526e9916b111a9ef4790d5cddb1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55c82d85e2714ef13b315a4c4d608ed12
SHA1861149f1450dc7f7a12bff9db75d6fd5bf8c9353
SHA256f84e371714d4f0dea7b125344d0b584c153c05e038db665b930c945b55fa9a54
SHA51258ea4b47fa8b782eb31526e995c558ea2455f0e773cd3cf4f57a0a0e579df7f469ac31829baf89bb995406e09ead898fa08c30fe10f92eb4bcc1bf3754642543
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57edaf3cf5ef6165513a7a1c61dc0d706
SHA1883c91b8cca6fec7cc8bb9687f0cd0053068051d
SHA2560f71151cc0a12e2d7897c780494c6ac23e99d4317ad12d98c0d04f98999b5895
SHA51260ee58150e0fda81d3684cd11c30eafbbe9d1d01da87c1aa37d9501cf3a3b0037d21264c7b947687f11e5d6dcef1c8926ada3bc5dc7194ecd0631bdd15e9a521
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ccd3e6b0638dee71e293575dad3d984a
SHA1a23fa4d55afc6c2d5c79839b2c3209291c32610d
SHA25648f445408b456dbb3eb35ab95bdb83f24fdc4460217bb3637fcbd4ad782d116b
SHA512f6e1557402f9664c18dfe1010a13e6e3672de268e79d9bfd2ecd91aea20a6c55dda3050593a689593d44d5bdce8d3aa837f77a68989b05def4c742749e6567a5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51d59823ecc18fdad21f5eeb751269285
SHA1873a8665c8b5bb26d07fefb4e8925310a1aafe1c
SHA2561475eb9eda78607bd8c2fe4ba335bbde6c85915bbee1b61ecde647457a57e899
SHA5121c1b5c5a815f21ec027d5c418f530ea5b37de5243f37c95f44b7c3705f8a72fd572717d0acda58d9c59aadaa571e4693b7c9b5f17574b1820c94fcbc451ef909
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a906f9d3e35646affa219a9024d2cf7e
SHA19ac43ea269b9591316e39e1ff69a4401ae6cac57
SHA25614e4e80c8d9e4a4b062c54ff2b28223f1dfd17a403855bfc32c5968fe9f8e9e4
SHA512ca8aa39517d07e681b58a83dd3a569e539318034ef39409c1b7b610baa35818d6ae66c8af8aff47f665236d321c514c7e82bfe70d4bf21fb61eee04e33c3ee64
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD511e0a78a2b89fb4e0a481a4bb186592b
SHA1906cab76464f95bd5bcae2f3f76515dbe434bb34
SHA256858e05501d2c9442954dcb745c7b0b0059bb768de073e25b9ebc1cfd8b982973
SHA512c85de1124b4db25c28261dc1f89a13570b0a610fd633e059367021cacc2bf32992d1a099470ddea5de0ce5a1ec9f8556b58a088409a24fb430b208f792c6c057
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b