Analysis
-
max time kernel
117s -
max time network
130s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 06:28
Static task
static1
Behavioral task
behavioral1
Sample
a43305292348b46860a6a3ee4ddfef69_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a43305292348b46860a6a3ee4ddfef69_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a43305292348b46860a6a3ee4ddfef69_JaffaCakes118.html
-
Size
461KB
-
MD5
a43305292348b46860a6a3ee4ddfef69
-
SHA1
18a20cbf4a130f92917b74c8a4aa9251be854594
-
SHA256
90af4e5037eb93aca2203c9b77d7b2105c35d8396896e94de89b8cf3ca75f72e
-
SHA512
b7737d4d43228160bac1e9c4d15e1bcdbf8b32a9e9b07ecd2ed3db0093c8a6c5726a7cdc03e6093976ad2208e3631bdc1d6ce1b5e6d93bfb92e3d2ac3eace23d
-
SSDEEP
6144:SvsMYod+X3oI+YVsMYod+X3oI+YNsMYod+X3oI+YLsMYod+X3oI+YQ:W5d+X3r5d+X3z5d+X315d+X3+
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1A1D5AB1-294E-11EF-A85D-46C1B5BE3FA8} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000efd4764b2e800c1f3314cf838c02f852578a5f68a075aebfc016617560a10ef8000000000e800000000200002000000035bcc6e864d84bda88afd1ed4e8e2d0703b55a1d924f658ba46fc1daa33e6f5520000000e2875a77ef2d2006a6ab8e8fac5d6440456c374aa08145fc3990137acb12027740000000a7f6ae6be68a2552d0f2852a3e68de9ef54c57d1c05c0fa9fbbc2fd3ec4543269d4ae075899f017069a74998aee1f42fd46ab10f151e6fd4a0557aa2b986e823 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 8074abf25abdda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000644566ddb80954c3268f7ab0683b2f88634b31cf6bb4fffaa1fea7691b74437d000000000e8000000002000020000000d5a854b3b01de6f7f424fc4188a1691cf82a9e60e1a4e023e382cbf733354f559000000030553631e3ff92ee4de464580f9b6072a4d77be69268831f74a964efee2e1a67138ca569d92418d9bbe3eaa0fc07f5815ee8fa82f6c4f517e05131072b24d977c624e2b42d6a9880d185c673b6f6f35b9e4bdee3a0a92394e84e4af27b744d9552a5b9600283c9bdd39d0c7f3bacdb0da5b272da0fa61fc73d2569e25f435f99f22c59782c0d0ef2bb5c84608d90e63d400000004542cc30a96f9240b5dde78d08bd24fc13fd195da87a0a9b164774a32a24be0e15b63075c9bce4a828b4a8ba067af3bfc34c4e7ab625dfaa16ba21c613a56a95 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424421956" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 948 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 948 iexplore.exe 948 iexplore.exe 1996 IEXPLORE.EXE 1996 IEXPLORE.EXE 1996 IEXPLORE.EXE 1996 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 948 wrote to memory of 1996 948 iexplore.exe 28 PID 948 wrote to memory of 1996 948 iexplore.exe 28 PID 948 wrote to memory of 1996 948 iexplore.exe 28 PID 948 wrote to memory of 1996 948 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a43305292348b46860a6a3ee4ddfef69_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:948 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:948 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1996
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59a738b93ffda1b8a0aae78ae5e07075b
SHA140348efdc821dacce82d951e2e4e623880bd87a1
SHA256574d292d04d2805d179977d59625e2b5d23363c1c28a4f45c499996484e0d57e
SHA5122cd7280574ba18fa3137a7cf44dbcb29f396d29cc72c6bfd9ef9208033ada923c0ac5b0efd886a9390ec1631f51d72c1a721b68dd9b8f2ea9c95d58d442feaf5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57afc669c09ac3dbbba466c7f9f92355f
SHA1b51e880ef05626dc890fc31193cd011ec3e08840
SHA256553fe257489a06a4a3237be6fb0b3326309d0810151d738116a289991869629b
SHA5127298bc9a50f39eedd3db97182c338fc2c8c6330fc6aae4cc3ec10527fc631fb116e6f68ee8612038ca779c3d43afc33cce47128f6c7048d0423ae9938dbbf522
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d249bee358ab93766dea7a5c528d47ce
SHA1b75375b8983a11703af7e0bbb307278646cd5d45
SHA256c804a88dbe315b605994b15b57c82e311c75ac787d2f2fb5e1362f11377574c0
SHA512ef079c844e8e4faa12f3b945ba7944033bffe08c0ce8e1d4a056eb8a86a88ba9f6bdd0281acefbd395933dd10b725628072cb7791c05c10b077f3f6cb44337ea
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52750ba1dd01cdac4b80161c4dfb3a15f
SHA17d0864bfb8d6e8405a28c6fee459dfa24128dc18
SHA2569ae50a34c6c2321ec833c577db557203909c44c599ec13530e21468f67b01f50
SHA5128211dc28c1dbeea53eccbb463604a31870aca6c72f5fefbf6d0c2f125c89fdc0d6a768a37fd9f2918ae7e178900cb37fac579cc82ff043bac841fd8270437248
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bef6776295134dcf93dd6e513387ab19
SHA11fc239fc9403884c49da347763d845c2b26edf2e
SHA2568221e3c013d600c8cfeca4c42f15e9cf01155f736d8022eebf8a06171ba29670
SHA512ee0e97dfa4d9495dfa2b9de42ab027d7186b3f779c3258865e91c285433323462fca8438176f4ee4214086fa96843c8a807c71cf26d47e0a4e850d7f915b09ba
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54daeb8b98c96c46b79e3fa3049af6497
SHA1cb338f5814aef37ae7a753ced3a9c8348a8d8288
SHA256c76e6ba2518a57ca9ddd09742ce1deab81dd88031f01eb2c1807a28e302b88cc
SHA512289a2dd4804776862f187bc5c5a403de0422b26fe1d4bd75840c189decc5a7330906165bcf7095d16c38b3674cca2de09383c47f413f3aa42f8ef40c55716b29
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b7e0be1fad89c5c7828d5899706a01d8
SHA1399ce27acea7ad9ed0c93dea189667559da12c39
SHA256c8dc362b55bdbd15e4e374194d974ed57d6d0900e77e8c2f34431844cbd9aded
SHA5120668373b75baea8f4e6d50ebec1619686f346efd39aac08e1df104eced56ca7eb54458b09a17a7e22232d70360b1c6c359f05d0a98b2ce066934058e001c6c56
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b907cdbf92f1cf7bb86356b58501285e
SHA15a213df8c61dfdf4729262ceab54eb12256ac767
SHA256dd3399016e2105ea52440d897b117f08499e37706abf94c387e7e4c9264e42a0
SHA5123bad7a34e82be9fed0af7857fffdc3ec4b7b1ebff39c7014270e381479e121692cc712b692f60972124e00f732cd297386ed0edc3afa5260251ebb6b2bed8dcd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54c474b263ecac9f30a9b969c628e3fff
SHA183a33561f4803dc9d8381f955bf66f45611e3727
SHA256620f1d36716780b45211d4b0f000e67f6fe9451c6b1630e0c1c3ef66fb1dc702
SHA512afc8a393ec240e021b148c82aec21da4efcf74df877db07e612867dc5c6acdd5c76ea282a775786680e8cf612293ca7a3c56baff8c6ba7da19b98174a4b4ac2a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ce25b270126f306e4ed49ff945fa4be3
SHA140f4101ac37760954ad3da534113625ca7171d05
SHA256d6bdc4821916ffcbcae0596e4d1c85b7414fd260c4962e9678fd13b56ee84814
SHA5129c489fafca9c96d715ba14e76362ec649b06881fe26ea88a1df27463d43d19c3b1e4f155aed124ef7da1661d5b41a027bab992d2c600f06b1cc4c1f3bdd70932
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b35e8f12fb5295134614c846a9c4b6c4
SHA108d821c6c72ec30c828207b4248f7ecae78c7efa
SHA2561dd5591795c4f59eb6e86d7c15503f5f8cbeb1b91301bea33322ebfe971ac178
SHA512e4213b0a3a652180f1a56b73c88ade263f87f5f2e832b54dd37a3217add695983db1dbb51c9eaeeeca5c18707f3a2abf4318ffa65ece5058354adf921a221935
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f16c8854c5bd4c46f86d3fd9f9eeb7e7
SHA1074fd38cb9f60ed380e25739f61f9c1103d74a41
SHA2566f20f3cfa963d73d01f78974b99cb8909323cab18c6ae5638afb8b4df8df320d
SHA5120bc2f39ba23ec47550ecf1811c3ecb1f64225cc45012c7806eac116eaaeff168dc274d5feb3f47029de2a7198ac6920e65af3e8db47fff256cdc621f61ab3cb8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD595d1ea2595b2caaf6e9e6edf2c0a7ac3
SHA178e9b2beebb9b1c588789340833cd102ecf8b4e4
SHA256676ebf2e3ae09d8f28cfa346ed557c7b7ee1f4e2366db8df6d8bbdb390c4166a
SHA51270474a2e20a64fe06ec9cb5ef9175788358c2c0191c020fc9cd10297120fc7ce256865fb7af25d022eb05715cd7324ef00ccb73e3eab8523decd7b54caa28915
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD566fabe40bcb844b72fc5d069dc46929e
SHA11e7553df6cef5b1d6d668e81be6f0c9f3274b0ab
SHA2567f2efabbe041a94d3d147c6c02a223263f76912f3b017e0e672e48e4119adf94
SHA512e84b2ed29ba47de704392062f78e33e9bceb126a41b6e9645a3fedffee0f83515b7be5454a28331fc1006d827a129a5c47995087cbab7f55645c8c48ed755f3d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD588445866c310ab5377abc98651610ed4
SHA1aa41a5c30b82216b32db11741a8c19cec88d5692
SHA256e555776725146e5c5b051d5ab50c75db87d3ab6e606b470c8d4195ad98767cfd
SHA5121171547997c42556a7c57c2718cba212de6db3aabe125d58022eb84bae022a7f51963daf53aeb8e4c784ace76ee7bab397c4a11bf608ee7b2feae1f483fa5b67
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55e115d59a6f197c0d36e49a80d6b74f8
SHA1da577dd451f309d12e9e6a949fe0e45c881884cd
SHA25614f33c8fb2a86d8640d520892cf012f3394a95e313e6e0d474a68d0ccdc7a37d
SHA5125e795ce15052b9d6b8cd16e8ea424db5b32afc47662c3e1f0682e75b17bba28c893a60440225359579a0c8c50c51d19c30ed5545785661ec50e46fb655ae63f1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5da56f5dfe43208bcfcc75af188035896
SHA1ea89bff90cba976c1f2de34ba278c5959bf41da2
SHA256d325e876534faae560d0bdb2df0e625d78be6c37b96356b551ecd7f06da9fe14
SHA512af38371bbd7ed313658a58cd3193ba5c16f0f015a0ed3eba411f14a9742ae5092ac82432325269b005821c614c495e22ebee8f82e8aa8da280aa935526487107
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5107ec8b8106e0e9932b5bc75b036ba1f
SHA18e637c2c2d99664e8a0ccd74f4696d73912d0145
SHA2560b654193b611e30e4f980d68a535d50a791fa7c95f5d5d5ae5aeb869efe2e0eb
SHA512db87254d1d1fc1ad143b8017a50ed65558ba2491c7a6b5dd20b6f595cb3d638c6c3dde34a994197e51101db0d6d95531ff1626e52f32439588f0dcf68cd9dd68
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a1162e24c65fdbedf97db69311bd768a
SHA178c3e9180c9e78c762aaa8dbabfe5019f5cdf588
SHA256ff803127aeb8c03ee54430b29b86994b52913e4088ea6e4ef3a7a26ab2626bdc
SHA512e47994a3949f4da816c41d4aa22a85c1a08c0f067bd533c72ede47ac3fb81029f430511cbc6e83695e56028aeff849d1fb9ec4580c97aa03071b6fb99145a172
-
Filesize
67KB
MD52d3dcf90f6c99f47e7593ea250c9e749
SHA151be82be4a272669983313565b4940d4b1385237
SHA2568714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4
SHA5129c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5
-
Filesize
160KB
MD57186ad693b8ad9444401bd9bcd2217c2
SHA15c28ca10a650f6026b0df4737078fa4197f3bac1
SHA2569a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed
SHA512135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b