Analysis
-
max time kernel
133s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 07:33
Static task
static1
Behavioral task
behavioral1
Sample
a47161fe0257e8722f275261e63a24b7_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a47161fe0257e8722f275261e63a24b7_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a47161fe0257e8722f275261e63a24b7_JaffaCakes118.html
-
Size
779KB
-
MD5
a47161fe0257e8722f275261e63a24b7
-
SHA1
9a09517a64ab414019f6e6597cc341bd892ba29c
-
SHA256
7c5f147ffc96ad99f78b519432d5d6bcd24aeaf143fb09289ba16aed7404d8e4
-
SHA512
181ef966171eee73ad5a9bdc6747f83b89ea4c4f9771284de66c5ecf0f01fa27a703e9a4d426fcb32fb5f0f7de39952b28adbcf97d7be13eea2aade5ea0c5522
-
SSDEEP
12288:z5d+X3d5d+X3B55d+X315d+X3H5d+X3s5d+X375d+X3r:r+B+hV+5+X+u+T+L
Malware Config
Signatures
-
description ioc Process Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6080f20164bdda01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2D72C2E1-2957-11EF-A72C-767D26DA5D32} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a03905000000000200000000001066000000010000200000007f3e81cd156187d4820029833f205bdceb48c8dd31217b9e85ce856ed6df5b8b000000000e8000000002000020000000e12941874458097dbfc55b9c1b4486d98725d70c152f6603d24c3c086f2f009720000000617991d2671d5339267ae457c6bee4484462cbc140c48aec2bbb023883e1600c4000000036768594ab3e8db6faf5064916d4432b09ca91b9de3fee0d928c48e86dd1cf25ba8ca3a287f75373e6066ac26d3db5806799c91b3e43aee940ed9638ef5d1fad iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000e8805ec274b3f518fde6be9fba61b760d099f780aac257c7de54009476da905c000000000e8000000002000020000000513106ab80726f5e78e1df95303b8f3910c78ea4fdb006ec14475fd8d8396a7590000000bc47f445d121253e4acbd502fc785e7729adc39d1c4706497b451fe6af50f726893ea0499c8331329db6fed5dba813fa3fa279af9aff44bbf1c254d2ef6d51bc33df9e538b7f571e8de308e400a74e08251eb63b3606f5cbb89c819c90f16303bf7f925ab10eb499a2b5b8e5d434d0a9573e1f32bf6011ff65d09492b00bb80d039e8ca8732ef5a05824a4b898b362fb40000000de1f93ae51e580eea2a802dba6ec0561acbb3fdab2f1f7a729e8ee05f1aebb8edef0c9daf6ac2d7879e27be72d26452b48f6fa38104df6921ca8ae0f9c2fa877 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424425854" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1844 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1844 iexplore.exe 1844 iexplore.exe 3004 IEXPLORE.EXE 3004 IEXPLORE.EXE 3004 IEXPLORE.EXE 3004 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1844 wrote to memory of 3004 1844 iexplore.exe 28 PID 1844 wrote to memory of 3004 1844 iexplore.exe 28 PID 1844 wrote to memory of 3004 1844 iexplore.exe 28 PID 1844 wrote to memory of 3004 1844 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a47161fe0257e8722f275261e63a24b7_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1844 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1844 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3004
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD513ced6ada259ba92b80e60fff59b186d
SHA11e1d7ff6a0282db6e6b489b85808b48080af2b14
SHA25635f38cc36bf6adebcb1cd0924c9a83d556e03d93848cf956f2b664c03c94fff2
SHA512f3812a2e77891ad9ffbf3d790bdfd888c8841f95337dc8a0eeee94ab3c114d79109359da12d92fa315fb3117fbe09cf0ee7d42a925e8c12510abe078d48eaa44
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53b0db749a2c7b1cc219270a00ef60ade
SHA1ed3567b41472bb00b027862f36ed52de5bceb559
SHA25655ff9c709e9087026c8625a09691d7b440847d0a6672af9d744a4a846ce84ff8
SHA51267af86141be0b616ad56f439b33b2ecda6ecdb14036995cbc892b4cbae841363dd43e9558a918cb7c8d021c785cde3bfd3ab90122404f9aac582c8020c423ea6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51ffef913b0b906e9d268f531cf8e0c2f
SHA17065897e30690b25a063aab083a5ea2877066de4
SHA25648d394fd389db9197e86bde9bbc387100f03860cbc1870f9dd36ee3a33c71700
SHA51218f578c2354deab2474e3a36381b489567b2d22c22f173f8a113fc2ad6620b1819fcb3379abd41906b3fff7324fed336a3ea18936d0ed055f41e167f78523845
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57731052b77fa1e2800fa1bdfdc557bce
SHA1d40ce22f12d7416e696f0d09dabb625666fe08c6
SHA25696e4206fde4c657ae1fcf6c99e3dd65caa7c64636d20d69571d0730d72526358
SHA512ff68840a30d1f2695b0e44d5a7d881a96f9605321fc662d537c1eea0bd35e7d4f9650866c28b439d00d0d9a6ce5039e6a3cc48aa347c4f828d93a9145dce010d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD540c82fcf20dc41a3907316d8b368c608
SHA18e861c9b6310ba626fd756826cfd4b569b463d0d
SHA2567625a4c374fc2ec55f4d2f0ae278ddc60d4daafae24f1b2bc81c72dad691489f
SHA5125f76c576a9dc0f79c290eb633fb54cd0b931074d7d7aa509540b0a698127351aa07e8a02f8f1360e92de892a6dfe83b1df24a257d33784a162956382f3b13d0a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5feed7793b6c85e258987c99fecc2f3ea
SHA16ee9787f8b0fd841e429a0c7a7d29471c0ed46fb
SHA25663deed0a288ae998e1cc3fff74671a883a189224074473db39a2d07bf9609f31
SHA5124416a831c3753358b53672153ff8bc759583661bbc61c8855a05d3b9d2d977b3c9757d94395f6596dddd13bb77ae5f42eebc7eaad05df8e0cf79a6d5424bde77
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD515ff64d89bd6d023f44a874027d50389
SHA105d3dfedb1999af2d8b2d2ce500b4ebb8ac2a64d
SHA2560a20f4557fe8c6c509ac526de1ae54f3004947a943f9776bb02cc68bfed2a07b
SHA512486b9850e42de63c4c2d7d8abdf761af1a101a3b0675d28ff9bbb71a1acacdfa19347261691633b5e52c6b301c0e595edb0edc839ae92bc1931df3cba45cf9b1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54ca8e216ef59449d52c7c531c18c0234
SHA1118e244be7def2464c42b3e9fe81c27e47222a90
SHA2568a9d5e243cde1da162a3ec172bc8338ba53c53492049302babced5fcadb4fac0
SHA5123fb51fa5d4102491e1fc9633eef1fb3675fe5cae02c9ad408abd665c3c7eb892763b045ba548551067b5de8974c15bcf08711df3e70da7faa91173fdca5f3096
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5115505daa2ec6585d839bd4679f90032
SHA1aae53615cc804301c32921b30289b8a2454b5007
SHA25646b4b54ca4bedff04f83e99a5d02c24591ef858896bcd5e46a8be0294b9e6c26
SHA5120dd112932bc3442450eb253268fce89ec8ccca616c52d1add8cf5a22d6786fd1eda6b58574772bf486e6700ec056f45b0f235b9e6f5df2bb7aeaf7234317a5c0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ea4e026c3dfa232e3d89c1c56731f456
SHA191e2fbe8767a18cc95f1a809a39e03cb3376db76
SHA256eaeeaf2288e92e14f0941d7e8518c620dd2426832eb81125cdad2036ceab8b53
SHA5123cc5e79676261c6de168caa9c43736542be2cd0796ee41ecf307f960efcd0fa79644092340f8e6734910a93bb2d95b3e85e4f72821180711e792c98b1279341b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD536ace5505d5cf9cd89929d3463555e2c
SHA1755161bb10dd67b6a36745a785033f653a27e07e
SHA2568628d7e5c226039281594a938af7e0e47ba753eef1a27163e0660322ca7d7b1b
SHA512ed3278dbfb22dab6f53fb1bc7b41759cf96c16be010eb92e932d8063e2f92404f499899d504a95d3e6adae17714773a22d8aa2ee8bf99594095668fe8aa64ba9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53a3fd90f8e3357c83b66f58f1000f384
SHA128b1f7f457d38ae5f7184f90fb07eeffa8627a90
SHA2561d16b4be1a06e0a1f2355a7170870e8ab5d381fd352c809622ae3c6fec60e172
SHA512693b907f47addeb49be94025c71ef0360a2e108b8b8b305659e9fb0eb0baa5e7e9028db7e7d642f1d99656c9130e78111c9c6be07bfbfd245f4f9144bf583687
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58cdd5d487170510fdab129d48c985f62
SHA15db7d72d4f53d708172267125576a8329702ac37
SHA256111344c23bc6125b63a9ddf2897f4f31b2a01debd370ad4ce10da9da14782b96
SHA5123d88636ca92086c2fb684d7d76df9d7bf63bd6026e77d04dcc0e6a28f4f6cffacc4630ed15de2d569d1de35df41965e37c88f37ede8f8d618c3e916ec558545e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD563059e2cff5997705224bcdc0ea62a4d
SHA18f871ec38e2e07074908eeb17f144b6f66c93b6e
SHA2562533935996223abc67fd52a12ccd7d62b42ab9a8ffd88d466d47c60aa5871790
SHA512a9a207a1b61de752d3ab3e5d46f6d5edba3ee85090ce2ef888247a7887b370ac7b3b8e404be90d836fa8fdc7547b59a06dec2ecc0c6a41b0b1af20155e7e774b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a7cc4b3512a63ce1fa341c358568986c
SHA1c51bcd0b5a116de3b7e8e1139722106847de478b
SHA2568560fe725bbff4ecc63ed60016b2054ef3939adfc8070011ea72679c609c1628
SHA5125a320a08ee00d3ddde8ff919e26771ada0b94b4af53edc75f78bb8d9a2fc8475ba2aaac1df73c1630ef43f70a00ccedbfb241f08b7598ecfac3710ea3bef41d7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d714e33f5c137fea0fd9d74e6c4eb788
SHA1918fabdc57161990500c22bdc046c13b94b42c7b
SHA2564e599783ea645d43d27e2d1937605237094bedde513b1cb91655d5b77bc89b9c
SHA512b2ea2eddba864e10c2f4752928ee4603e7de20d2b5d1b4b3d593ead426881da9a4955615519ed911738e7323e6bca8ca49239e4f113fc80cbf7e28bb072ee713
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b49335b5a3b85ca57b6e74fa12fe1cb2
SHA19d2cf716442dcb474adf668ae5fab60da6969093
SHA2562ff82f234de390def1b3325030bea47579693c705e86178767bfeb5963bd5f74
SHA512026136d2e8c74740153e7528c3360dcd346ce7b33a7444644db92d3089d8c03b791ad7b3e1000aadbf80c227a2ec4c23c1d610e8cfac78cf07c0da85fbf78f7c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53858eda6e2824b9e0e90e58ca0a36967
SHA1bb107949b4217f686cb3c6ced05303789d861081
SHA256ff166368b7c5d06526aeddc9c1a42b24d3555f64cf79b445a6486c316a4780a9
SHA5126c8d003863bb2d98b0d5cd84cf89f81c3522fdead809a17c3b79c607932e2d87c3a8a1a0faee27b653cfd9f3139abdfea3629912d1683824d5b36d5c565e68ad
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b