Analysis
-
max time kernel
141s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 07:37
Static task
static1
Behavioral task
behavioral1
Sample
a475a4dd02bf4557d4a3c90a23974c02_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a475a4dd02bf4557d4a3c90a23974c02_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a475a4dd02bf4557d4a3c90a23974c02_JaffaCakes118.html
-
Size
21KB
-
MD5
a475a4dd02bf4557d4a3c90a23974c02
-
SHA1
5dc1cb5939d2e2dfa8bd5693d9895dd416b2ec5f
-
SHA256
162d4eb2830a3b570febb4ebedcbe43c5a3a77b7997b6b14ad87a655b0271695
-
SHA512
c713a59803dab438b46826c31ae014ce0ca008e7cd5c0d3448090ac7fbd61f4f9f9571d3c72f0b6381f180a9dd3c1d1eab9f080fee21c2445928df39015bbacc
-
SSDEEP
384:zifKhgefdVBD8cuR3RrCDC5bzfImEfP4ycbp5NOzVcj8DJZTO6udTB:ziGfdgck3VCDWbjImGP4yogtJZTO62
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b092e7a464bdda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CF9F2E01-2957-11EF-A3C1-4A2B752F9250} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424426128" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000300de6c792976f9f39356bd0a2177a5ebdeb0fda125a4419d5a977c85277e991000000000e800000000200002000000031532304989f870e54ef08b5dba791dc3b5753be5a8aa4945022474ff1d6cae820000000383899c5818b247f21f0f79f278646f6d74765051254219c14f44221711a7f2a40000000f996a61ecf14013fd511649db756104c106f8442650d2fd5ef487074c14426d034b5288d273195c373a7b97d6e7d11d37fa89ee225c1480d17d129a027b5b8cc iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000c658fed157d5adb104c6ac3b2d91eb4e0a1086fbad856ae99c4cb780fb72351e000000000e800000000200002000000028818d0a2c3cf0c94b955ae3b8b5f299fafbe55adbc3dfa9c1f5765a4583f1f89000000003c3a4259a85570ac3ffbd061da59064b8aebb2137be6a9b58baf9ccf24a9b3589363ea14a9bb07ca53661c6503de00637145721ebe0506f8652e2c3688667c601cabf631a86eacd2408b90efef9412d41d9592196d21d51f058c4edfa2e65c326a9869d50aa9bd0a5ee254542359824dc0ea4311c5d7dd05722b4d9c238c851e828edcf171a022ebe80b81f0ab9a60440000000f8f97384a3c0a4486ae2c782c5bbd6e891103e05a6f781faa87facda69052deef9c7c0b5984ea388d857567de66bca7eea1eee5ff7af29520b659c971e3f96b0 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2084 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2084 iexplore.exe 2084 iexplore.exe 2680 IEXPLORE.EXE 2680 IEXPLORE.EXE 2680 IEXPLORE.EXE 2680 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2084 wrote to memory of 2680 2084 iexplore.exe 28 PID 2084 wrote to memory of 2680 2084 iexplore.exe 28 PID 2084 wrote to memory of 2680 2084 iexplore.exe 28 PID 2084 wrote to memory of 2680 2084 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a475a4dd02bf4557d4a3c90a23974c02_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2084 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2084 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2680
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a9f6a89dd0293b92368db0f0bcf35491
SHA1eba109ef436a72526e5815045de63b8dddcdc102
SHA25618a59cefa96bc2f61534ea7ec20c6d55e2ec46f70aed6a5ee38b92a4e38c236b
SHA512817dc6aca12945cc9758965a7433ae04de58fd349497d3a98a1a84af1cb592fd6925beeac574d0dba9be4d78a6a1d34252670fbd615b046e8bf28b0231465dec
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53169a9905dcbef867ff58a71465e5636
SHA1eda4528a7c75a06b3749afa37cbadf0d5aa5e136
SHA256bae7b1fc5bf73bcb48b5ac8ca9b4a3a2ae2c6701a36e845990305e6baab18975
SHA51299cb137d2fdc2dadb0f4d21d3e7ad45d23f4794b4c5c3181c794088a6d2bfb34f56429bdfeb657715fa61b9143bb8030785a977feaafcc1a75ff179ca7ba0102
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50c4e0ae9f8a22cb8ba86d8965eb07473
SHA1c948f1bb881414a84213004b4963e60f3d92cb51
SHA25666c6c082c4807e8ecae24f7c560ad280c2ef92d2584d871282f0fc7879f9f18e
SHA5121e1d827b716398f81d5983d35c875bffb6e4dd94103e386aa1be48987507cb9b8120a0d28228b0e7330a6c8fa371a3ce2c3cd284741ac53e15a9848c08615296
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58d3bbcd9361f578289dbb320a606dc60
SHA1ce9f1ee6d301605da7f27fd660c628b1791e4448
SHA2562ebb42ce7d3a6c9750433e6a5f0ffead8d1e52fe9100c3249f431511e0f1e545
SHA512233301596fd4ada99904b11320a725477374771d9e2308770a2298bcdb12c38490606abe63bfb262b48ab344844740f7ff7caf951478e9ab9aa10cbfcf9486da
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50488fe61e3399d8f096869523f0a7f4f
SHA149da15d45e650cd6ff4f8f742e6804dab1650527
SHA256c1c808a5d65988b8489ce0943473eaff807418ba3b4a34d5fcd0b6b4ff3d6949
SHA512565f4235423744da51d2fd12eacb4aab81333dc5bb2c53dd3b9f516389fcf6af3645e19610d7521a8c970995c8b167ca7e584670d29acf25d757071ecda4b99c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD552f9619ed777cebd2ee2aa694874b9a1
SHA13ac75ad98e26c3fc34a0ff0cd9449494cdaaa3cb
SHA256662240c6d9e2d5a734f78f41fc5e1d7aadeb9d0799f6a9319d8ffeaf237f7022
SHA512a47537c1d8fccd052626b7694700bb2e23d2cd6794ce7b9a85d29f8e6e7f9ebd93616fc23868bbb970572fb84cea4fd68be19cd6be211947129b1f840fef621a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD547c33bce23a62dcb900238a21d985e8e
SHA111b4b371935f8c00ae464161631b54166b629f54
SHA25660d1a6a38d0bbf0376ab5b826725ba3e052eb90742fea07951260970fe21fc24
SHA512b14266c56d41c3ee9522703fd2b8c48e02e5d7b37c559517de3927fb0078f00e90f2a288d58a284d066a2adff70707bf883940a5d21d625e34ac875d1b79cf46
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58ed89d06fc57ea5164a737010e275990
SHA1e8836f1796a945b4bc15392701c4e9df454cd63a
SHA256b1e5aa28817935e1a74b3726a6d3497c42599b5b8c62005490a6ca4559c336f4
SHA51239b3559b7bb61961f87c35fe46be0d53670ddcc1514a525b39e8cea804de711a14b9c760419252bc34c1b0cbb9eaeeac2898c3ae7224904805f1d1dc12bf68e4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fbb6f9813896cdd4c6b749f5394a1675
SHA17ff0bf7448740232cafc690b781b4d794bff7d62
SHA25678bfb20ac8948fd7065e18e4c7334d93d1f5c5e8c4ef33668c11886c6b698074
SHA5126f3b385d31a7f2a33af2448abc82da319659cc9023dea9a4e731d60637b434678c36e06ca41f53c864ec4f80b5cb87607c557ef9e5e202c6c7a5b12247299702
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58a6fc03b7d0fedb3f473003a1fd5b970
SHA1fa105283e7a5f95078fc799d88d238cc37ff0091
SHA256fcc186f70d7e5425b93584ff8837b5263db1033f5981fd450c5e7968f76f4ec0
SHA512a461e9cc9a3525a55e4929145ff89bd89dc46b74030c6adbefec2bb33e378ebc266e6b909b954d78ddb9327557b8e16166a0f15877c1c9c35a0c0f4d54319444
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5658a576432616890b8e2fa2b45c658d9
SHA1e0e1458d897f5d0089f4e21ecf64e183d3d24736
SHA25690db08aaff3e4b318116159231922ed48bf62e34590a84e3ae67cee7c5493f48
SHA512fb548fe142c26e157215acf94b304af8b5687170decc5ec697384ba6a36955e89bef119b4949228a86b88779c4471c71b0f67ed78d18c95544ab09d9a249c78a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD580995d8164d388fa739b938cc6eb5e42
SHA1d37aa47c33e31b4b60a74fe03d4570770c2984a7
SHA2567c7420dd39d580d6ab8ee8d4978264b7c5c03ab8acbeaed75acfcea0ea23bcdc
SHA5128810bca63b935029a9255dec738e3dc1fc65c75e6992a2bd64589a5b304ad84e140d970cbc61ac3bcca901587c7fdf3f0662a732fe832f3a255898de0992eaed
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51e389d495321c29a6a18889f3cd6aade
SHA14d0f4f295e80ab2a4b2a9d4c7f4ce0693a99fa63
SHA2564920cc38105e6dc894154d79bce562bf4a36d8e5dec9475eeb148c6aad0d2db0
SHA512dbecf5a65daee1484d203d0244cd6c8d77f97fc387d8cad9b9903789905d5fad9f2627f07608e499243f8227ad758ed19764d6694291847942341e6bb97f0cf3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50cbb22bebaa32a5fd6ce9debadb59b9d
SHA1a27f9a0a7e7ccf344c015449f1461cffb8a69300
SHA256b197183291be950eadd08803f89057db132161e908a2e25d32a0e8b3dcbc450b
SHA512a81855cf2e3eb2dad63de26426cbdc3d9a2a1be5d9955f96d41d61fda2dd48dfbdeb0e8124b9ea866fd29f0c4019f82fc1f4c923edd7639e8226e8bcef9d23a3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c60ad689b73ddcb7bcc1e07686f22868
SHA13f4709a8bb4065023fd613be84e32affa07a7a98
SHA25652f4a9b9a0a7f76db07c281594117526933f71009db8c004413c4a0d8f27c9c3
SHA512591a160fcb028b3093d3eb9a836e3eac8d6aab6d2f7429ff003e2978d553b98c75211a1cf2ee5cd1b5584da0e8f125eb69c628dedbe7d7c11fa619d78e0246f5
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b