Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 07:33
Static task
static1
Behavioral task
behavioral1
Sample
a471bf288aeb378db8b27850ebfd1c94_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
a471bf288aeb378db8b27850ebfd1c94_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a471bf288aeb378db8b27850ebfd1c94_JaffaCakes118.html
-
Size
31KB
-
MD5
a471bf288aeb378db8b27850ebfd1c94
-
SHA1
55461e3ab19901bba529d6986369fd2c6c1cd141
-
SHA256
deb42f9483cd71430609ef425deefa3830783d842e885e30148ee81a041ab810
-
SHA512
1af17c6250a70a71a5537be3b333953bc5192577cec2de672b795558de5bd4eee9784360bc34d0739fb75ef4a2b8810417903992bedf60f772c63beb197b9c69
-
SSDEEP
192:uWHaYFrprUd1zPb5nmNuClOgAjM6O1g0c3nQjxn5Q/MznQieo2NnL1gnQOkEntqL:rQ/Tv4R6RivUMNTBb4
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3CF20BE1-2957-11EF-9066-F6F8CE09FCD4} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424425881" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1684 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1684 iexplore.exe 1684 iexplore.exe 2156 IEXPLORE.EXE 2156 IEXPLORE.EXE 2156 IEXPLORE.EXE 2156 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1684 wrote to memory of 2156 1684 iexplore.exe 28 PID 1684 wrote to memory of 2156 1684 iexplore.exe 28 PID 1684 wrote to memory of 2156 1684 iexplore.exe 28 PID 1684 wrote to memory of 2156 1684 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a471bf288aeb378db8b27850ebfd1c94_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1684 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1684 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2156
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD5cafa92cc59eb6da8b0abcf251c6eb4a7
SHA1f3b38fbf2f29b19362908ee11cd932236373ca13
SHA25648a340d55843bdbcc94bfd6d2ce3046cb0acbd97a710ea842206190b3a286589
SHA512cc6419dbef947b018a2d0c748c8701f925f0d46f3fbce12f8b1ccbe7738667883cc7eec064f642a8f590e95aa9ccddba0b698f3c89a5fa686d4c3f37009c693f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD560c546edcc152ffab9ca63572fe1f0e2
SHA172e91e959e67a220f18a580855d5712a8cb6e5f0
SHA256798a2124156e9fe03a2af39f971a9ce968f059359e5f97d7b49a0c5072c7c679
SHA512734aa1b63c06b21cb6b97c6a0b91ee87acc7b24a70f4fec948d6eb8e1a7593cd1720b249dd935cf110435da4f6ec40a307db2dc2548c1456ad5d26e112fb430a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f8ae2c1d640c6e5c914807cdb24213f3
SHA1eefb4aff0505b68295cf07f8db86467a56575a6d
SHA2562f5cf773aeae6e2a19b887b02682808276474d5a4a31cac8659963a62bea36aa
SHA5126ad05930c25c9e6a92a6816a9e45d63b529196062edd28418d395a0eea3b18dfce488b39a6046757779da341f8ba6eff23d28ea92088a7cb03b0a4d9b959b24c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5588ad2f779076f9c64c9cbbe115f4784
SHA113a71e1576e4993d9e8113c48e6ec3cf04242f53
SHA256b256c8d46d0089844aea7d24ca909bbfc5608bc035581b29cbcc3a6902bc8836
SHA512fcf0524cb6bddd55ffe3df6124f76e6175d19415f4cdaf49e55cda79603136b8cabc2a6ab98a65e56ff9cd1b3569daaf963f2bf5431018c13a15c112ae54addb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50670fd8bd75f495a3638934161d5ffe0
SHA14e0b0095eb9b84e24f18afe10583bb42176c9d49
SHA256b3f115e164e9f2116bcc84c8200edb55ef2d4d252b9a70774df17cc04b643531
SHA5120790c77a87e8fa1f712c6463e42d16618591f1b6e02f56df2029eb0f881b3fbf59061b5534189228c8a97ec5bbd575dc3adfd75eccbfe22acc4221979bde778e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f82939c9c637869348e6a929b5262b64
SHA1fbc61009ed2b3b546aba09f69515ee1510cb146d
SHA2560acd9e4d7aa5077636e7f1d9574a12f6c2a6d09e8e3eb5ddaa46f29fda2d9abc
SHA512571d53642177740357c07e1c859a20b50322841672f8727a3e1e22281ffc159513321ea6f0fc8088026b7e087837c8e2ccffaad97b468a7c1d3b95c88ec77e82
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52852fd695967231bdff4282fc088e7a2
SHA131fa603ef0f8d0e4d97c3aa5b093d92c844d1768
SHA256c7fe9a60d964899e2ce02ae7b48b35fa9d56cf6f5b15a8f02c034d3c73fb805a
SHA512ab3d7efbfe992eb9bed814e863be2ec5f434b2ff4fb122a43cebd9dc7969084c3f3415ce1ecad2e7b098523d491e0f47bed834b1935861cd95d658a51fe16798
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56e1abdbdc133c12d804230a3a84d64cc
SHA1fb2e48281bbbe644a5909901981279d82ad44b0d
SHA256d1bf599145c32fb9b0df39b24a13747b2dabe46ff7cf8b54d5d45a60ffaa4d91
SHA512b0f554a2e347ab05498b1dab906b2ab5649f2bb4dbd73ccdb8c84c8df555c8ee111216c95d5e8b88b6bbbdb4d08a346daeefd2c07c48a2527d91434dc1fdb470
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5133fb4cb4a5d330950a132ce84d7d4cd
SHA189ec988c0d482f9ea530426d8055df76190eb361
SHA256b37a71382a1c376c993edca304e83bd5e6b75faa6ec16639c96a08b727496ab7
SHA512ba30cbde49eb149ea72f251661a0fa2ec0c57ef67c957ffc2fa33b14760f6cdfbba17f7ff5ddd7d5159836c7d744f10458000c93f2e5fb00606ba267e345a7ce
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5383ef8dbdd8e057e520becbc781f9b24
SHA13d64591bad8f06571ea65d0c3fa0c434bac4df9e
SHA256b3c6c64d850a08e422ba262e91023d1fc9c5129eeb3ddd06bf5a7c4ccadd87d1
SHA512ec95565a929a98ec05c1064508c0c193701bbc9a5d2c40ee5a4625bcb4c8a6c645ea70186aaeee8f2f5bf123554432e4c37856d4c7ecd6a84d6c8550da5e4979
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD51d0f5182d0689dbef49d7483c6bb0d4c
SHA1e6cc3098e03f7619fc9658754fd8f5892eed6f14
SHA25680460a1312a3e6ed7b07812124f4be9db4022911c8149b18005a0356630f12a3
SHA512ec77109d4864dec650ec1e040a437a24f60f1cb03feeb5e774713b65d350b4724b03d98048ab093c526297838e1850377b4c2822be12096f0cb6eda04164f63b
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b