Analysis
-
max time kernel
120s -
max time network
136s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 07:35
Static task
static1
Behavioral task
behavioral1
Sample
a47398ae7f85b35dee2d46b12f9b3612_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a47398ae7f85b35dee2d46b12f9b3612_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a47398ae7f85b35dee2d46b12f9b3612_JaffaCakes118.html
-
Size
460KB
-
MD5
a47398ae7f85b35dee2d46b12f9b3612
-
SHA1
dbdcee6734688a0836199cd5ee7b853a178aca6e
-
SHA256
dfe90504702933a551362c211a5a147cf35d0754fa2760962bcd748ae5687df9
-
SHA512
4d8f9c0415dc03ff29f4014e20c514a528f3b21064f87dca817bf6ee4e242ff1b7fa3d5c3b8b08fe0480eaef770df0b2681ddd18f27b1d76e68a68b624a56d57
-
SSDEEP
6144:SbsMYod+X3oI+YusMYod+X3oI+Y/sMYod+X3oI+YLsMYod+X3oI+YQ:Q5d+X365d+X395d+X315d+X3+
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3077b25c64bdda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{83D2E9D1-2957-11EF-AF9B-7E1039193522} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424426003" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000a81610231e4b3bf4862d83dbf612cfc6c0daf9cab402eda5609f8bda83c58da3000000000e80000000020000200000003ae1c048c6a3d1ba369fe0b845d7d9f12fcc27645fd981eed046ad6ab07fce2020000000b699661dfe313498cb0de37552af88791f6bf26abcaad67ac9ace9637e2d6cb0400000003a8f738fd410dc3484dabe281bb7d12f5bf477c15dd39eed00bb68edc3aec7a40e45ffed86392d24be35116dea1cba6181a4943c991a98587b067ea1f35644e7 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000080219bb48a14e33b62964fd9bf38e17af8c977073d3354f4360eb7b234be59d5000000000e8000000002000020000000ef8753380bb63aa781f46c280ced5f4cdb30d72c4699dca518b625f0cdb2ad78900000003268c45616090c3b27a4227b1320703e54d8cc749bec25b5628a7283e6e752d0caa4900f20b2abfe37ed262bb83b9c99ee7f560418d2d0ab3ab7349df15fd7cd273100fdd4476e019ef4468de4c50cced2bc975c7af743b472808704610c4795523be4efe1d4c1b13650c0490b4ff70a8ad7459046b14b9280dd4379a8bc0772bc0f0fa07ad8c56063e1d60c0dfdb75540000000b4b2acea48c360f9aed7b956d6c359cbc090547614d33c160e5500e3655f848f279e54774386f9269f09a9cc408ff1b78e2eb0c746caf15294d9f249c43b5d86 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2152 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2152 iexplore.exe 2152 iexplore.exe 1904 IEXPLORE.EXE 1904 IEXPLORE.EXE 1904 IEXPLORE.EXE 1904 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2152 wrote to memory of 1904 2152 iexplore.exe 28 PID 2152 wrote to memory of 1904 2152 iexplore.exe 28 PID 2152 wrote to memory of 1904 2152 iexplore.exe 28 PID 2152 wrote to memory of 1904 2152 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a47398ae7f85b35dee2d46b12f9b3612_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2152 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2152 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1904
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d17432236fc9994c800a4e9fa961bfe5
SHA17f7dfb7721f7043a8154f7e2f7fe613e23f04635
SHA2567f011ad224ea770632ad26b799df36d20861bc2dd15eab99802982b74936d99e
SHA512050bbfb11ae8d4ffc7e0fd8cfc4b541bba506bb3279e8922b8b0d9857785ee941894b6a1d2fe42d574c77bf69b20206e5f726dc9ec6d482141104acee04cc97b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ab931ff80ecee3b3361ced0f464a7841
SHA1d8987ba516d06f4b3b30c3eb4e43dc75649c8d9e
SHA2563547521c04a6e15a2c9ae514f2a6ea59534e6415fa0c6dd23a677e5abec9de65
SHA512b805b52e66534d32304f0ed5ecd85119779f72235a23de4d122499145c2858fc46e68e8df339fb71adff9cc211ae34835e2103bd4cac16e1735f6e4c2933b970
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5312cc50c6e89468dfae02f0eb53f80be
SHA11c2f4baffd6752c9a382219124e9d2d46bc3fe76
SHA256b6b0c9f192922577f8d23dd10d4200072eede3eab2280f835e61a337dfca8739
SHA51296f06f97db5df074754bbcc7b31199cd4a2ecfe83752c7c68c287caacf0aa269ecf6eb3e8c9bad42654df01e1b14fa1899e1212f16b10d57f8ace5adfc08ed6b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59692cb8ea7fb71f9771430bb9030b976
SHA1426f6b21bba8b39be2b84558e359436d61d41e80
SHA256541e56e768dd596038c25bebaa0ff913804ae28641f7e2fc816a4f80bdfbc9da
SHA5123f541e39c8a6faf0424590c12de9eade445cd7e5d87f5eb81e0cb98c3b677aad93176e394222457f5b6b6c557d247692053af87ba0b487faf52cc11c63fe0873
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b6cff788e610c39de311c705fc29a27b
SHA17daa47f126f6ce43c79ad59becc578a801866226
SHA256439151a6c6e9c744111913010d3857eace927c7f471dc79eed64ea3decdb43d3
SHA5123696bf6c839d3cde4cc92c502d6279bd9309d670db38b507b3d8c98f92b79961bd703404c19c7dd8bcd9fc8c3bf36ccdb95e88c5c0e6a2ac0ddcfa7e69ba590a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56b0ce8542fffec5626e19958f68c740f
SHA16f086109cd30529900f1e6151a88c712b523ab58
SHA256bdac601e5fd479fa19d49e48ee10fcfcb646074d157dc093bb8ea06cd012f424
SHA5122c433b826c46d6d196adca52d749aa1cbef00aa389f4e4f74aa6e5cd534407b47ea571853bf40c941a450d7bb62f95d660c72d5ce579a5cec6d02b1ac5a345d8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bed7f88befdad84251efa47ebde72786
SHA1014c121b156fb05bfcf61e763bdb9982e9245ece
SHA256535e698bc2f84ef034d467e6adbb41439456d37b43dbdadc75a2f624215805e6
SHA512922677ce815d1f5fae3b51984641c4579a80393e0641b4a65143b9d2209a6d15660b950f47adc69d6b56f1a9b4c4220c114ec88874a535b317eead0263840f5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d77928fad897b555355e35c176605476
SHA124681d67e56d4812a8c0c933bf3b9d83d740e734
SHA25675f23e4a5deee52d4f363f039651798ccc520f32b8131ad63aa384b98076b1bd
SHA51227addfa863eeaf5395ca96ade691813e81dce41cb309216cd782c8f86449178b1dfb19b823ec65c764197b1ef38015dc4f92ac1e64e9c75435b5792349fd72d2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a89add837bdd7ca5527abe99783f0018
SHA1077255d686ae85a788f560f9421f95115167c0ab
SHA25674c2882708e1959ad094a07c1ca9fbe7a7d13d912af7e3169091e43e7fe86174
SHA5121c53b8fff9c64eb293bff0b4f72ef54e523d7479f690183c994630c3d729c98de7d3edffa1cdcaa63c141c5dd07973ace3ec1122287a4c20f9b8eea1d6311ea0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d58eef8315dc3670d9e383ef12adc8e8
SHA1aee2472e87987d7cf8dd7b3c6493d38ab09da220
SHA25624094a2e9e87a4cf74f0544f908fab6e0a1f47cf1be2d2d1caf92f564292d9a5
SHA512ab5782efecfb57e336a6651cd6e486b9a7870092420f6887f9e583c92618b0da27b84b2965b1dcb9731380cb34c873c6ea1b5fa4f09d2f995359d4534d6d4ec6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD534ae3fececdc82399687421de7d91364
SHA14e4356f30d5100fff82b56ede9bfd358fe90f8e4
SHA25654627e9a99a9e611d93fe2ecfd955287dcf65eaf8276cb434a412fa8290045ad
SHA51231f0e7f0a2170b060bbaf4f0a1abc195c6fa613e65ccfd4577da3585024f02009dc7f02df08b7cb28bd0c17ec16b086eea89f52741fab9a9a2af6810bc21e985
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5395fd666b069e46dd314014f0e168530
SHA1270a461fc34e6c3cebbcedee28e34859353661e2
SHA256c6b880b3a034306543621b83eac52016c5826c48c3fe74ae8392b8760c6985c0
SHA5125b09aec5038d7bdc69b3a4c4801ff0fcd5bf84afda75100bd40133ba4e1281a272452d7212a424e186d4dcc08ed376a286a41d2117a961407b5f441e2d9ada9d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d15f13c0fe2c89a43b9a29917706ec8d
SHA142d1eaef63eaebd18a84baccb1437516f8899c86
SHA256b3b93af635dfde9100f91074f05fc776baa29b9841d2953f0f3c71a0aeedf320
SHA5127b4bf15552f33538d12d40a0ee17c179ca535d3b98aac1c8fc5e9b68ad1a1409b072a1370a5e999ddb27878777159867a2975aaa3e5d418a497e1acb5a7cddc8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD578d85ff9701e222d4bbb723e2833ae52
SHA14d976a0138bbc768e19dedd1c1e8c34dae846771
SHA256c8fcbcded4fc8f1bd18aeea6f743ffcf61f8941347535ad01da2df93ed47001a
SHA5126c51d812c39a9e43fe8fcb5b7eff2923704256fe2f0585771a3f1b34de6c61bc8685d38ff8b95304502280ac687bc5ad05eabb55c05b8297aba5d7e5bff15e1b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55dffca0a937c7017712ab7ee06381707
SHA1e5739c8eacdd96196a9cf34732a8a5e3fac9a2dc
SHA25654f2cd734ba46fc3740771766542eca0daf514c29d1a82e222eae83a14d83f28
SHA512380d43d4695a51347336bbae08cb111c146051cb2795ddba0849aaf61680763c27bfa74c3ae3f8fcfb86392da1df6021bec5871088ebf14636a1bcb62571c3fb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55b5324d32cffad82d19c4790ffdc36ba
SHA1610c984861905d8dac2a3af861415241f6a5600c
SHA256a24ddc3c50f952e25965db791a8992011beab9194db7275000d27e7eb6150c36
SHA512fb7740bdb3f53eceaeaaa2aae0c535174b839b82a5c46f91a0533b2c50f13c9aa25837e487e71d82f0c97d6d30f5cacf41989d2b03bfe168b111355c3de28549
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f6241a4917021b1430405be3afdf660b
SHA1b1ee2eab8d39d8c6d123bcb4ca3185a15fdd3bc1
SHA256b116ddef5242783ab5c6158eb881ecff4319e48463d071f8d789f8a3fe6cc0d5
SHA512d881f06f6bfae30c93480bc40bda1d4919c72cbbf09bca9fa6e17d927c19c0372d36417a66399d49014093961224a0b70a2d93f235a23fe0ad38cd1adf2fe65d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51e3b5dcd166d1d34477f87c6e6a957f7
SHA1dc7f0d11437f73b4117f8939033e811a83d576d2
SHA256b7a4189416c6aff23071cdfab9e2df987ff0ae87ac583e381c1d60ba6e66c360
SHA5125f7c7f4df68dea7771d18493066e324382adbbae2d3aa815b7a98a4b605ef9877ed7574de098b2e9fb95d6b5b139050158e6ca32dcdc862a73ba6069f2d3eb0f
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b