Analysis
-
max time kernel
134s -
max time network
135s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 06:28
Static task
static1
Behavioral task
behavioral1
Sample
a4340ae62b013dd767b9b0380dd6de3f_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a4340ae62b013dd767b9b0380dd6de3f_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a4340ae62b013dd767b9b0380dd6de3f_JaffaCakes118.html
-
Size
2KB
-
MD5
a4340ae62b013dd767b9b0380dd6de3f
-
SHA1
4df3bbddbe59ed5e0122311fe18eb7561fe1db67
-
SHA256
d5dfa89ec0be5a575a1468b8045fb20e41e8a5fc6e6de0be6cb4891cccb86afd
-
SHA512
e472c679d6afffca2b876140493358bb352df48d2b27433a26ed1466361a3bb63d87431006130a12b0e594dbd4addd9eca1bef18087870d09c8ba5b29a3a1620
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000007eda3383ff712fe84f61b1152a8f3e83b1f07ebdda133376fe546b3bf8b68506000000000e800000000200002000000054b8ad8eacf763b46d2655338b164ce25e376e4c082d755452c9a7e27e8dbfef20000000e5c8d4b409adce40d4f891ee1efec0f5899f5e4b593082a23805e534732472e440000000463c65e0ef8a0e202a61d54b2afb8ef14fecd84cb58b5286310208b8c9c066b06d31d2306b543492d7fffe2c992f4fde3c820293f233a4879e17dd09ec578472 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e051a40c5bbdda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000d66f6bc9c3251cb6165e48797cefd028d6d07d713d17cfe2c2a58f2188397eb0000000000e800000000200002000000096e2333572e7ff444f9b0f3df77f7c498e39a359cf19b710f59b8cc0bc2f14709000000067b725b600763cc552235de274fca4be15f048fddbecd301bf9451cf33f6846c9e112bb1dd66412074a60a2e7ca91b48febe5faab0a227ffb693a76e41addbc50c186fcb5d1e9d3271098dcaa20a949a22ea69db485068df824eadf516c1d3d73ae90705d0d9138921e8954cf1811b99010edd7c6555af43a71a6232dd9e6ecc57acbf4b38a28b9df5c9eab39928649a40000000e5a82f4373d01088d71b335268490cea972623bc3bee28752bae69688f58dbb2aa75aa692d7bdbe2b144cf758c1ec1924f50e73105435ead1c82aec6107d85db iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{354AB0D1-294E-11EF-B848-DEDD52EED8E0} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424422005" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2100 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2100 iexplore.exe 2100 iexplore.exe 1752 IEXPLORE.EXE 1752 IEXPLORE.EXE 1752 IEXPLORE.EXE 1752 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2100 wrote to memory of 1752 2100 iexplore.exe 28 PID 2100 wrote to memory of 1752 2100 iexplore.exe 28 PID 2100 wrote to memory of 1752 2100 iexplore.exe 28 PID 2100 wrote to memory of 1752 2100 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4340ae62b013dd767b9b0380dd6de3f_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2100 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2100 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1752
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e3076371ef4994d921e5ffe195fa8b3b
SHA1e8c11a23f58e938aac47203b54702f6fed13fe2a
SHA256a5887d6f5ff93dd682767269b2b7b39216ddff3809d81e9d1f39722d4738beb0
SHA512dae7cd6ff77418bdc52fba20232ed08543318022d81fd52c90ba32be85efe31e2276bf3c1a9cbe9b4855a232464625729bac14db4a6d9dc047060770e1a0050a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59becd412187a848cf642789d1839d2b4
SHA1ff2992aefb4e6a292f50b0b88b84be119029182c
SHA256a2b65a07a0c3c4c0556d3462a12013a5f958f6e73aabbb6307981fff4b1fa1a1
SHA512de08194e43f533888c86b7fc92d5384e9289200778543fe3a23a0a329be4cd6a56d4d6ad0b0ce57f6df6581c2d11e084796858c4499144bb7999e3a1c97f0fc7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD583f3a0c07a9186cdcab89535322da9da
SHA10a6d4050fc9922c42049eb1ed15f05a50cd3fdae
SHA2566af810b5ce0ac22a667515cfd4c75629051d5094ab21bb723fa49305179844da
SHA5120d45842aba7b6edff3c10c3579f91e22b3e0529173b2c1fd168fea0b8080d6b396737247ec31a7e114cb09607e8f9f04ce8a7499dbfcab174187fae7bf096887
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5610e834e2dc85f817aa3d863617c5df2
SHA1f8af065941ffcd6e1a1518f2359b631b592287c4
SHA25678ff29b5003f69e827b184d9c6f88539625aff831cd453f98b5cb26e5287bae8
SHA512e8b9a95f5be476e78c66c3fc72b23f18e246d3e973535b198a67dce14f4f39b98f0fde4e1248b6869844c4a15b4efccb78cfd68ff3cb256b63ac23127d1b5631
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d61b434be961b2565bfa7670e427898a
SHA11b7b7480e749424c472f7d384f0036298d38d6e0
SHA256055bf010c10ff93ff4a74f990c347d5a2a9131158e8d9ad40bd0ab770c624d41
SHA512941a8154808722dc2e6d835355cf7f9e5ee803ad83785e064cb773a705663ff283f077b2b11431ab8470fd96f65bc6545e1d19335425c5f596d58f94ae21b211
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50ab2c9172843be3fbd73ae5d1a130c85
SHA162ac6e9b3d1378aaf279795e6a127f91310d9dfc
SHA256ce99c5443818d8ce7387f790751475facb81120a8775279f0a9b492314a762ce
SHA512f9f5537759b40ff3b2ced6d47b957b651a0a0d1d1eca21c3c12918c45edd292dcbb27e98c176d0c95c4a3fd416962ddcd7bf854d77e19313ec65c36dba2092bf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5419f2a74426a4b7ad8699a7e82303eda
SHA1c7c87110ea74f21f8d802f4772e3aea398e40911
SHA256b4d2201dea18f5eca45c0f203148581b998d38aa47b0d1cbae5979845f6ae8cd
SHA51232ed5690ed3becc367021734b2a2706a8809c341c88a115e6c2af7f0db15d2465082f52a928c7e71e9bcdecf037584045d5810ad40afda6987329bc26f764dd6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56333257a8094efb22f5d694a4f4dbe82
SHA1211c649c69b5ef5c2d86791efcd448083527c82c
SHA256a8d24b61dc1c6a469c5f6cc5bc2902e0a0b71bb69703d549cb691ef4cf99e0be
SHA512dcb9e150760d49a4a61025dead9d418e05fe7baee7f5149f85ca022925bafc3238f8b671e779ae2125f5b2b0279b3f2a6e198e6f0cf692da865d51e1fb20af2e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD508d2d8162d7e141e8fc7ee51d905d25a
SHA14b147e3df078f10856dc8d53f6eacc8ba352a793
SHA25621c124f2f3881714c317c654719daa9ff0082ef5775353056604eca2f8de8e3e
SHA512568fca7214678d22aaa9c77e8fd948e5452bcb0ba8756dee6c13d0389bff7df383df478bdaf52173beda7c98e8466f1e5a3fe17a6477fe2d3d31104f0cca74be
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD503f6e3ea5a985a6636f6781358ca6f70
SHA1f5706268d4626fa97a532e723f18dbc046bd8c8b
SHA2567940e4438ce6b1103aeb7761273525d387dcde097f88e92c27190cb686a04f11
SHA512cfe9b2615c281da069c9017a787a6e5897d4ea4e9b1a837d88fcd66e851c2fa9c61598a267d71a70ca8285352f902aadf7ee293708689fb2818cf3c8f25b72be
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55c62172fa0fb77ba74a948bd1291690a
SHA1bd8204ff6d93959a047b14a919daa78c845b7f8e
SHA256282fd9dbc40513bca064d4584a827811592ffa9a5c0e0368c75611d169c9efbc
SHA512f8387c63028b8823c4d37eb52bc22375a238986151a457306ddc5316a8efc2077c0f8a939cf4fd7379a056e27c0ff6fc0f63b54a8173b0ae1e26c66235e62c7f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD543c2768e9b118ff49c6427cf5d892b35
SHA1378cfcf6704c954b63fa12876e986e7f0a2dfa98
SHA2563c9bb13dd75c5677a3155781a6a8630ffe38a9a256fbb1c3120cc8196e743ef6
SHA512edcf1e7d60fbef6948bbbd3a25f13031936168ce09bb4dc8fed66f03ec4fd5d21d1948e0e51b14bc0d52f518769067d11299a99a531b3a5f4b55ac92e2d5b4ad
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5803f0ec487715198319ab67b600bcfd0
SHA11cd82f940be73a3f177ad91e06acca167ac2530b
SHA256489d7aeddddd1206c05caadfb04106395f3522d9f0966c24ecc25df851c474d8
SHA5125bb471b8bd4c61b09e495b1cd07a9ba92ac362e4d98dbb3e877cfcc3b99744d1d44c21b819fbea5ae12534036dc4e3c63e9d29ea84bf5b7e6007f0c124804e50
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5491fec8cecb285ac6a2d225416a26536
SHA1df271074df446dfaf7a4bcc57a669655eba47a71
SHA256bd32946b463ec1e8dbfff4c81ff954c9865cc08169be27930573a4fba7e2d064
SHA5121d9ab38c01fa75e7b63a15e7cc6f26573c8f9e9769a6ae03fa462ccc1b4fd7fbe1f127eedae306a2c608503ba081cccdec086b5dc8d9c3fbe4de9deaf17261a6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f98f5788be61332fd60f5667af45e0b4
SHA135f3ca161dcccfcc4eb204850ef9130d5ac51ce0
SHA2565fd0d0750c52068566289656206330cd4d2a30de94edd8001a4b6a818788e5b1
SHA512edeb57f3a298e95abf6f8ef42342c7c0ce613fd87a109f99352eec7e50498abf1d6ed0ac5d2b7f24f3f890610b874ab338b90566ad31388391136e7b6262cb30
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e330e8f724695672fd96b2277a52524f
SHA160afdc5e18b0b82a6bb1ce83ef077a27bace3dfc
SHA256e73949b002bdc984e270e417adbfd30c5e82935a41f8b9226eb9aaba2495c619
SHA5128ea9345efc4b8c573f4dcdc1348a86d287b87b83aa843977c4633e83861da4b6255c11253f40aa74d32a2d5c64b9fcbb3170f86110b3b2983b6c8ea4d081bc4a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cb154eb83b05026e20fa829bad2b7eb2
SHA1ef32d79fd47cceaa556e41f7253f9e06d6808356
SHA256b21fcbc058640897d0066cce1b04d762671c665a8578e72b13e039c0d3d7ce9b
SHA51297c15ef3cf701e0d4dc75326acdf15820f03a7ec0b9e9fd5a1112b92f827d4a3b327cd02855545c3650c56681ea09013622d65194bb0fc2fd4bfb424955c7343
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b