Analysis
-
max time kernel
137s -
max time network
143s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 06:27
Static task
static1
Behavioral task
behavioral1
Sample
a4327bafc04d45ac17599e97c62065dd_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a4327bafc04d45ac17599e97c62065dd_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a4327bafc04d45ac17599e97c62065dd_JaffaCakes118.html
-
Size
23KB
-
MD5
a4327bafc04d45ac17599e97c62065dd
-
SHA1
dfb77bd430cc48dec7497ee509d5a9f5e7f5704e
-
SHA256
7ea7d268333d82bc089b1e884fc6c3d0f6e08f0a420081fb5305f9a85c4c3be0
-
SHA512
babac821b5937d4f80af19e1d866d19a10e3a2623f0a134e289b8843f48c35fb08d382d7e663516e42d9fa3ea6fc9890267d2b2658d13eec8a7c22f8afd8aa7d
-
SSDEEP
192:WiTt2oCTZBTa1T9b5nfHnQjLn5G1mf6nQie7ngnQOkrnFlWnQTbnxnQJkgPMNnFR:3Z2oCzm1LsG18f0C
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0456cd55abdda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000075ee8f1363bc63099f496ee9cb1ce7b49efd50e15f3b470eeae733af2e8ad2a8000000000e8000000002000020000000c0588c07e016be58f29f201101a68aa4a6bfd6e6621f99604259e1c38b69eaa09000000079d7963b298afc95cfc2683f5c0152d5c0c18ea88e9cd10a137281138d3572780b25ed5d7e1ee9af8460516c818e0f37338a7a58b06d433a0f69af058ae7c8184a98d44f327c3eab42be558ae7ce19712deb63176904bd5b3005f1ff208a13f553e7e7cc240c1cb31bcd429f11d32a0c48e68b2f09d949938c75b0661bbe57ac8f9e494475362a3cc2332cdec5a4d6f540000000ffa9aaf9b13da3dadf6e6b7e99af3dd80ac4817052185c70a69995b1d657945f65b0b181b996aae4867ad295559300fbfb9910070e927918073ac016e69692f7 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000d2b46420599c6bed62726b0689b7a1fcf857c1a9d4d051cd7b401c2918c0c7fe000000000e800000000200002000000007f670bd676661249ccb1319bd115aaa87615cb0c42304d7e5f97f437685c44520000000e18ae1a4cf5a4f45078c2f71a5f6b8e88973527fd6039123764b05ba1f36d1f34000000078f5c103424384ca70d8aaf5df6ccecd28598e841c35724da3e95626f6d431dc4ff3da0d5b584f98e06b6de0e9220c9b183515983025e1e535c9fd51a485f023 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FD4AA961-294D-11EF-B3FC-D2ACEE0A983D} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424421910" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2860 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2860 iexplore.exe 2860 iexplore.exe 2548 IEXPLORE.EXE 2548 IEXPLORE.EXE 2548 IEXPLORE.EXE 2548 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2860 wrote to memory of 2548 2860 iexplore.exe 28 PID 2860 wrote to memory of 2548 2860 iexplore.exe 28 PID 2860 wrote to memory of 2548 2860 iexplore.exe 28 PID 2860 wrote to memory of 2548 2860 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4327bafc04d45ac17599e97c62065dd_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2860 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2860 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2548
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53fcf2213045daa29205960d9da2e314c
SHA1925efa76742843cd02e7c2247dde83d40713daab
SHA256f949ea292356e64f276b0b6f271f376b5a0009309e352506a59f6cb529f91c12
SHA5128de90ac01a5cd4da21e88ca72c56fb5c1af80828596b1e0cd37aaa03adc00f6648ed2f610094f02e150f1e267c73ffb54737fcd4deccc61c616c64dc1b848414
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5360889497d4e7f49c6441de3b1d3a887
SHA150772a0971d81ef97698fe93fc81e4ca9f6d6fde
SHA256b71ad0932328e30fc73211a1c3a0c3c476f33441eb292455b0b49410d50ae092
SHA51232c1e918b9cb9fcf1fe7a99e51dee392e4400eab539a9223fe6c014b526f9d9e5e1e867788e9bbb9be358d1d1d7e447a47441c593a2c69519c4d503ffe33fd23
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD591c718e27b32fd77afc08515ede333be
SHA1ff97c64738af00fb039810265a44de6eb45ac5a7
SHA256cddd403d5b82525082bb7f3fbc2a7ad8b54707bc8477c5490a94c2e6977d9ff6
SHA512e0b636da7d1f7a5537ecae56852e29f7486656020c7f760113d27deb2ecb122c0c5b551013fe897f87401f4315276ea48b6e8468547100b92a3a6976185bec59
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD544c7650124dbaa42548a2f62f73a12c6
SHA118f0bc09cc48d0f8958a03deb584d414adeb4f08
SHA2560d29008822baa1a20a068697ddb05851aa268d43476d57f4d9ceaedeeb599bc0
SHA512c4028f895abfda0c47f0aa8de448380b7acd69a60e409b99e5065a024579859a1b744473196e5f1163b796ea3ccc42d27e1a2efda0502a8a21ff13f626bcb9a5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d916f312204dedba1c5a469bc5b8b864
SHA178ae17aa0ae5a699fdfab2699ae3ebc12d0dc18e
SHA2565507013f71f9fe1bfebb548d9f4b46b833a7d778d45e9cda0e30159d7dd4532f
SHA512ee9ef61793b4cffc9f12c78f6c603ebf35106bdd124c782fd8545be60beac66abe7b7156c13b5480ef796b70349ca6670de07b78fdbda97838293909ba87e241
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cfc1c2633ac0e5557a521d8d892ceb86
SHA18fef9a47a3d19f5b59239857bbd84cdd598f4ada
SHA2565d6a5977a347e90081f67a3b89061778268daf0a2a9129fe7eda1da08e17b42c
SHA51208770eb21cc29b6c21c83d2e41f2b932415fc00cee775e377ca00a5709b9ec3946d034c825606a5ad8febed845c26cf8515e381c15129b60c5b62e4cf8cf0bee
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD506df0c1d13b298ef9c825ccec3c03782
SHA12787b4c8a78b51533f9433b88c06de0d79c72e20
SHA2564a91b987f7b5c38721002ceadc34490c5b01622da3fbb9b90549d8135941923a
SHA51297154ca2829efc0bd85596739a48e6f7b09fd53faf172e34f9b962e128025103857bfcd42eeb675b799b0fe1142859d8c9286a3cfcefe76e7c00fbfb8688fdd2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cca67bd911164d8f05374dbe65ca954c
SHA122e8e37c4e6aa72c8c11cc406f8ca01c67677b8b
SHA256798bda35ff1821f63619020eeb51f19a181c1118d398765b3b277fbf5cf71c86
SHA51266b17cafde0883cbef1c096a0202c37d60fbfb6f528025b4150993ddf259d6f339ea6f9b3d42937a43be1739be3a6d94a55ce3dc37cfbb76ec097ef7b7537cfb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57376bd1775be5acb23a6c5d280701372
SHA1f0244f0dcfa0ff1d7095c6395a59af747eba7a7e
SHA25641b522a0e7d130248656ed1ea051399cc69a182b3dc81c78f22465c0c2885db2
SHA512d13136ac619769d1fec91ad5afd0ef6e9590bd3a3d76d3f5a06098472cd42ed923bf74f24f386774ec4dd45529a2dd35d8f37e624e29d39dbf20147c5be51046
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD533b649354716bb45ce62f00e057f172e
SHA1ab267dc9fa215638375541dc527b18d0b4dec0a0
SHA256a5dfcdc7935826a964b03f589b1f2395a11bfda5f9636310c086f9d9bdc4171f
SHA512e3029dee4391c506b59a4375a44c470ae5760746ce74292f2045189700961610588e6328f21c2199096ddfd310455896c2c9da8a6394cdd7f81642b66375c21d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51ff1bd831b689311dc8ff37c01d8b3c8
SHA1a0a3afeb03e141da5263f6c9373bbf849894f478
SHA2563198f2e7b8394bbd7ec6d1180d84083111557ef84915b4fc40545f2e2f4d985c
SHA51253de3a5adbad92478a8953c4bc15bc0998696ef6c0f489983b827f067a3d5a9a9fec3aee9a69a38e46b6c4bfee27ba6de4ec3669fc7a669ccfbef8e67540ae36
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD564a6c7678f0d17a68cce68602c5efd22
SHA1aaf1c06cb6229b564a25b7b3d52f17f92fd3efa6
SHA256286e0b66a52349a5225dd6e591cd4d8aa032dbc31b86adb9574c47386da449c2
SHA5125f1d5978e4d42f4602edada2bd8676a7deedf82350742f4740aab3fc666ca849aaf68b9985c2f2af6395757263c3df83b50f5404e134450d53c06c44a018882d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD553dce1914385732d5b6af59629152715
SHA16ed0202c3f71adae11ab9e2b65bab91ab0b1f8b4
SHA256d4be66689dff8cf0bb9bfa7fe8d26a3c078ef711e289cd95a68e980de1d73d7b
SHA512f823db7246551caf42af67fecf56d7712249d4c4b9d83e449c3665a7d2b5da3287fd2c7196e3c124d6c119a50e8277629f72f95937cbd8ed811b384874875fad
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b75af150b3fe07d005d378305148108c
SHA1437fe9d1f93ea66998ab6ef3a41b660509b1e2f6
SHA256103d56823551507e6397e30ab148cf091b22b329610480b2dd1f5ddb0748227e
SHA51224be366dae0b0024c13a0c7e9f2d635bcafd2fa9fcb78d1e0cfc880ce2f402a119ee3057578a7716cbae1a14ded0c038e257e859d5550f70cb8a8a9c6eae5651
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55e7bab3405008a9514318d73cab6e8ac
SHA13b07f18b7a70e1c46a520c2f69034722f07606dc
SHA25694601d946e8ff2a6fd76d7ba56ba8ec462f31ebe2f613f78413de84f58746c69
SHA5123a133dfb732477ae66783ffd2b9b31a96eaa68a42f2d5c47972d4e9a4b24b114e595e79df2dbafcf1ea369818d8551afd47f0e4679984a389c4ce4bfa94bc901
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d82bcda5fb09ee97d6c427ce05c14b00
SHA117addbc5d774b6b4f888f3e935112ab274283858
SHA2569310999447eb473da60fa0a555cd1411129cbf472fbcf6587c788303c4766874
SHA512a49dc93772db9fd32adca4b29703ce697146d6f17b013f09d5f4071353aa81c84248722fc89733b8698eef1d35acdd48c6b82e042cc0f803ecd731b1c1ded5fd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51b11b25a9c3fcdba2a6dd0644a8d464c
SHA1d0ae62befae1d012c31219f7572eb654d1be24b4
SHA256668eb108f7dacd3d35c599c22cf08c3e8f3e9b6a48649a5dc0f810fd673d9c5d
SHA512e040fb2b76b25fcb05a238496a1fc5add432b977aa3edff1b18d2ba362cef1498cb1e3bd537fe5427ca490599358b0853d81b8b92f3aa8a7491134eaf833f0d0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ae18e3026a1e0b93563f807184c5cf94
SHA1179a015bd6819ecc59866c6833e2d5c5548bbd90
SHA2565565702b895b1b91fec7c83a871ca09c1e0c6810f8ce390d1dfe654a0d9aa07b
SHA5122b1331d870514162e5eea75714a843038e977619d321f57272e178d39c1931589317daf444e6e200e123c41f6322a025cb51102f6ed8cf994a5f395268b3a157
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b