Analysis
-
max time kernel
134s -
max time network
135s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 06:26
Static task
static1
Behavioral task
behavioral1
Sample
a4321443bb970d6a92e5dd7887d2a1d9_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a4321443bb970d6a92e5dd7887d2a1d9_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a4321443bb970d6a92e5dd7887d2a1d9_JaffaCakes118.html
-
Size
220KB
-
MD5
a4321443bb970d6a92e5dd7887d2a1d9
-
SHA1
c4959cfdd44e9e86db67dda6372d1ba2ffeab2fd
-
SHA256
a34b547458b2f448b7f9c50bb49d3b3279599ca03e6715e2a6e73459d59489ee
-
SHA512
0013163566a1f607c8db33cf2cb1d6bcfaeb3c3dbfc5cdb7965ef407bc66773cf1d1e61797edecf684165d5e0c1fa90af3dfe31c581f5518ed062f8ade064b91
-
SSDEEP
3072:Syp3+r+zdDkzHyfkMY+BES09JXAnyrZalI+YQ:Sy0uSOsMYod+X3oI+YQ
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EFC18341-294D-11EF-9267-5267BFD3BAD1} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424421886" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2940 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2940 iexplore.exe 2940 iexplore.exe 1032 IEXPLORE.EXE 1032 IEXPLORE.EXE 1032 IEXPLORE.EXE 1032 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2940 wrote to memory of 1032 2940 iexplore.exe 28 PID 2940 wrote to memory of 1032 2940 iexplore.exe 28 PID 2940 wrote to memory of 1032 2940 iexplore.exe 28 PID 2940 wrote to memory of 1032 2940 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4321443bb970d6a92e5dd7887d2a1d9_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2940 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2940 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1032
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD537007c99124a5b40ceabffdb0c648a99
SHA1a296a502b9573bf6a7b47b2fda57559b228ae79f
SHA256738ecf84c6fbe47c20841e712257575a20190a1b79a27effcdf4bd4abf0d2d0e
SHA5121f17b2fd958a2a917205b164201fe39feed9b01c22cdf23e5874b749e3baf0aaac2fc04a94d9ed4c7cb930f2f612067d690d682a93db032876c5587e80d0bb2e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b7b5d1638dd9b886981e3ac15bfb48db
SHA1df4cfc2d3a5729781216b49e24cfe093076ce006
SHA2560ed1e7875952b6911b31d3e187a3365960dc0044da7bf8526cbb62026ec1d201
SHA5121ce8043734b777edbb634737740a30170bc7c02b0becc2718e209a60e04d19e6d67b3674abe7218f224ba1d231287210398daef3e556ec1412469a78b863b210
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52dda733fb96560c0eff3a2baadb3133b
SHA10b4aeecf369a8bfe0f6d7d636fe800895229f0ee
SHA25643dcbd3386ee56b3430e5f62dcfb875d16f66523a5870f0dc82e6823eded80cf
SHA512a6246e1c8d358528aba9320827fffa3df60b445851f54d236a1a59f3464e96654a4b285a90c09ef27ff290bb778c5155bc2dc03c6f637368244c66c62dfe0ca6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5983f7de5fab1bef0659c473a586996a0
SHA14552fac8f344e0512ffe8ca0a3b8954e13939b5c
SHA256885faad7feef76f768617033a9650c21bfa9330ff141008fbc4b9075ea0307ce
SHA512fa1a1e9b5c400d1bbac5a200e970c2fd3b2f71011db6c61a285abfe512a35edf149238eeba61709d0dd3e6c1df57bae9c29b21af85798fec162c948a77e38a94
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD506935ee61faab436f11a800d1fafcb89
SHA14eb0e2630a9cd06fd079ebdc845d1ed7c696fc74
SHA256ad15bcbb40fc0aaaa4670e41e37696a2f7cb7cdf8fc1dec64a289ef2cc7e5347
SHA5122c8c9e2535a0548fd70b15817ba431bcb9e69fa313a4e3c8daf0a11df09ada93a1fec9c8db92f7c091e5cb9c2bba3592129c1eaa268ef483dc4438a0c9736e34
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59acb2d59c0d665f80825e7674b1d2e8e
SHA147358272813c37ae57690e56800bf0842291b7ae
SHA256f31ab3ae70dab489a7d5be5e690ea9094c942fba18c955fca5a802221680f762
SHA51290d7264c6417db0b308a0e7c383b603c5c3b4bfed0587cc4794340fd396853c7e32d0b7e73de714e5692a6f5c36b55538834376f7e60d922994ca4304801aa98
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55de8fed60a8516c7331a33bcfd34aebc
SHA1021727e3a8d1e390d71c68aeb7a85be910cc69e8
SHA256ca7f1fbc4db7e94e9d8f0918d67020b372ca4ce7973a8a421edb28a23a67f8b0
SHA51273055b463aa0defa4d05fb41011b021cefecb6a0527264e582a8775e906abf4dd161f94c66b975c87b3824695abcc4b7d896575c9de4e6a00f4b15e35206e01d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD540d1a6591b0163d9942f03f959e0ad80
SHA115a82206305b10000469e036063839c700a16914
SHA2565d6e861d8b64a5bbe33953b3ea3554c82bf6658064875a942f2dcbbcda1e5d97
SHA51269e61f06c5e57879b9e5ca48ac7712ae3bd3f9b4052025d97fac86e573e76b4d08cfd6efc60f29eae9c9ed9e97fe3958598853d6f78e227593794faee0543dfc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52daf493bc0f31be1bf06585db665d22d
SHA12036b027ac51f5956af405c8579c598867c3e4f3
SHA2567e05b82a4685c586e062abfc74bd2f726818a292dba714393f43bf84c44b6de9
SHA512e8ede0143625fd254508f3c3829414fc3c0dceaace994cc4943228ce0a600d6d87762a848c49132b64ca46f6fb0ab7d145d6890566463adf5407e7216f1918bb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD500a28db35d12d33d6feddc4991bf025f
SHA19ab5a75bb78ccdf86c891bdbfb8b961857772690
SHA256fe5ac973993f3ed729f7eede4d6e9684a0ae7a78adf7cfeda0118ae669ad4ae8
SHA512725af0e28918fe8c1c6613d8b55d2af86992d107a1589ca6ab11c37a390742986e89ab63496323536f225b6381e3eb88c9078ad88c96fad5c089406fad5a6832
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57f69015f630ca525f4b3c0646abdf8c8
SHA13460dbb672f0037f66007ac2bc77c32c1e08350c
SHA25677d16957bfd32357418103b784b8e7423b9c76ffe0e0afa458886d89c9e1e76b
SHA5127ca76d0d4e90e10f203ebf8b0a21c95b54b3cc1be308d5e2f5b3aec809b8420287c47ab4eb3a87a91e79b56682a6bd82a72eb25d5a21b637bd103b6be0fcdc5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57b895546e62a0bfb159daa93178b1421
SHA17e88a593fbf6d2fbe51216b923957930f6450e43
SHA2566140cfc85671be853ab7d0605795ab03abdb3ea2aa9e69049c8873519492fbb3
SHA512b84b03a380b4ab7377a0fe99e9395361a0115a68299f17332ca00c8900eceff757e107f5dd135f664ac115d9cdb1ada1a60c52f5afc6c75fbffba6022aec6055
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d56d876162d8bf4bf9f3f38043993e43
SHA1618d79fe746902f127a9d21aa9874082751808a2
SHA256007063e6ba4ebe3c0540231cc7bd170b7ba21276de7d2db6e088f75ec6bde5a4
SHA5126552e5ef3b5aa5085faa298158b4ebb4e1e88a0713df749651613004be1d78add3a94336278c42aa8a993280c17fef339a1c4736a09db63bd8654d3bc7e96cfd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50d6a26ff42c970fd0b4f2c657e5f2ede
SHA138d733eb121c67cee13b005139ad44ab7964a3b9
SHA2561d17d1f2017715a3154c71edadea77594eb9c2417f263fb018f481d99983385d
SHA512cfe77e2047df16753544588266db319c650396d515b9b83d1ad169d1b1a2614a4be066e34ee65f9e83c28cacbaf4f7217f032654fd7294038a81af4df70bdbac
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a517a2ade744723251a99919ce3be77d
SHA19f8ed529f4047f3bf1e0937ae39b20ccc96e746e
SHA256723849fc612f3953617a61d5eee0f3d554c1fb7f333e471f29337d15eed926cd
SHA5125e601a343ab03b33ef66d4cbfc8d9363b8eb333b1771849fe5391acd2a67ba4eebd687a13bde988f6140c62ea52a3484b4178422d796bef777955d2a6ee00551
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c9fea8edee41ff751270281ca5977168
SHA1612fd31761fc0a2d181af654c6af581733e91a22
SHA2561e35f72599953500ff12328a7fc0e4e744ec65a4e96923493b25403ddd9f06d3
SHA51266d33c56469059ac46ee0d99f43a87f2ffd68831cc3b0aa2928000e00afd9736f51a49793b17b16d4f4a2564e8cf6ef1df4184b4759badf97983655977b73990
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD563b895cbe17bd948418295c1f76abe86
SHA1a1662bdabe09e17d79f65c3b5510e6c458f204f8
SHA256356aeb60a5cd71027420d900c6dc871d31b359f912e824642bd2a8ea84902a1a
SHA512a3cac602dcfec74524c4fb37d88582e0148864c5d5eb61a0cdb7a9463f59d08c97ce1cca8965805c9949ed7ff17c0a262d7fe99f2a949ec8512ae85c60586584
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58e4c087c167ce0b3d923a73389452093
SHA126f72efc08b28babe6dbc983737077e21dcf8d07
SHA2562197821cc30488d21d44c332700791688a24f22d305e423a8dcf1dc8a179c39d
SHA512884ba7519555c092b56d00643852ac31c91a0c6d9d5e2b0c390d6ae553dd3cca1a690323877fd233cceb40a5b9a2b962da8921c48a6a7292ff5414a70ada0212
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fe444b2ec7608754630a7238f172e832
SHA1d5e087d3f68923ab16333e89f7628e03e1350cbe
SHA256d0d234211534cf0e680218b7054c75ae91e7b1e717f3b63f18b79aaf27c8319f
SHA5120955f9c37be3de2c212def2a30e78f125f85cdffecfee9e9fa1733b7b86e163bbd964ae6ea964c303c388768688fbefafcadff716b7ee01d21eafd1b01b7c5b9
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b