Analysis
-
max time kernel
119s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 07:37
Static task
static1
Behavioral task
behavioral1
Sample
a474d79a360060953b43d801faacfc29_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a474d79a360060953b43d801faacfc29_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a474d79a360060953b43d801faacfc29_JaffaCakes118.html
-
Size
19KB
-
MD5
a474d79a360060953b43d801faacfc29
-
SHA1
8524fdc42127c9260cf04048729d116d2cc20401
-
SHA256
ce487e1528e8b426814f0bfb9c3f3996c790fad6cbf14c825b55d4b07ac577d9
-
SHA512
9f354e7134fb26124c41f2e719f6d5263bddc2dbe5461526c794c61a96f31766d4b5f66df0efab52e6977d75c00cf85eed4e84d20e14d4ea47fce579d02b0960
-
SSDEEP
384:34RRXXVcPwEpwlS05LLqlLhPFNmqQOawFW2AVpbHwh2fXSm9l0PT8OqcFbYXnIjB:I7k1pwln5LLqlVNNmqQujAVpbwh2T0P1
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BC843FE1-2957-11EF-A550-7E1039193522} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424426094" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000fc54b82cebad9befac583b74209dee7c203f75a3f43bf1e280c755326d4b65ea000000000e800000000200002000000092aebe1505995555d440c8192bc56c64f4ab6ee9cd4e99e2176b3c3ac9153e9520000000d9c169c24587b00ad2f8d5bababd175f8a730fa3f47fbd3d7b25e63f297fdbc740000000ab4ff4adc8e396c3fcb6b4eab391ef5f1e57a358f28e0bde0a82809c16c2c955a6b8f7add9b0b8ca5c784bb1aa7f637d9def687bb571c7265dd8b0692a753855 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a062229164bdda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000000fee7619de7f5fbe1215ca4a6c126331937b7810ea0e2c2e80d69d3bdc5bba93000000000e80000000020000200000000827bf4a842c41dbdc0ece67a4b8710055926f4fac0cf8a9981aef7785fa4d2090000000fb90d88ba2bcf85c037ba106d1f9c790fa70e31772d747415df0310506887b8425decd42893bf3a3104412a3b5397db93d0c67f63c31d573fc70269988f0ccb7c59d1526fb74db77b0bc358877d5972a8d8627b9fe3322f70f2e10c4f1ca9dc437b63455417924c5d618471e1b2de605803bf296f166ab6ecca459561ca079971ce6dc4593852228204a46f8f8bfa685400000007bf224d089b921971467590a94d93336aa1145d298780b1b729d98d17bf25608f7616feae1eb04f63b4e34ca1d998d233c213c8197d46f607a01b29bc90e025a iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2204 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2204 iexplore.exe 2204 iexplore.exe 2276 IEXPLORE.EXE 2276 IEXPLORE.EXE 2276 IEXPLORE.EXE 2276 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2204 wrote to memory of 2276 2204 iexplore.exe 28 PID 2204 wrote to memory of 2276 2204 iexplore.exe 28 PID 2204 wrote to memory of 2276 2204 iexplore.exe 28 PID 2204 wrote to memory of 2276 2204 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a474d79a360060953b43d801faacfc29_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2204 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2204 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2276
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59b47ed5cf700d82c0b751e9bbc8fcc02
SHA1028adde7105b16259c64ecc329f3c1264bd59d32
SHA256e065779c4c86f2e852bc1a90eba62df388fe7ea006815d5eb2e1ab5710ed16a2
SHA512329cb7e5b463b3cb899940965e54638ca03d23b85da7847e5b3aa3b25a1ac90d9028a9ef2c9da24076a26461eb04071b49efeb1b09b750b0f544e9ac22b0a6da
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5948eb6ee4a3d013db12a3f26627be869
SHA15d2772419a66b56e92a0eb0321ed7a1bc42c91b6
SHA256e7e73011919895e5320b86c8540924a0203a3ab66c8786430e2bec4ee83bc726
SHA5120d883f3056ce339a083a78cee5ae16518803dcf0143dfadda42545dc038b6292a95aa413db2be71328be0dbde4c51adf0f02d1cc9e70ef35a349c0ed953d8190
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD527b10cfdcde9fb14177dd11259b935e4
SHA169f3440405123d0f87b5e67cd76a6064ca2475bd
SHA2560ef7bf161ebcf869be1d63cf7c06ab66738151398c0d3cf5055a1fa1519e4f50
SHA5120d85e810e256fe24d515223e14cd32036d27d4bc2fb637db46667638c8949a996addd4012d7276829551dc30a90b97497574da716a63385d59e98e9229d6bdbc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c90e147be6a88d779bad243ddfa81b18
SHA1a7daded9a08a75a521bd5256946f16c39e01166f
SHA256bbdb0f4c66f6db776d2fb4d7e97f33ed0b23b17aba5b63fafbaf75b81ab6a180
SHA512316055bad887f5027a658ff7478fbd9dcdce9dab4e949f73e4b5d33e914c32e6e3e9e986ab59e1d9ab38b9686109137d983c913ab48d0fe20600a8b8f88daa36
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5eca383b1d6dea97eb6624cb2a656ea4c
SHA112f7a16599d738dec96c11b14e14d3cbb9747b50
SHA256dedad95ebccd22ec6b7c45c69b3ae9099b3e73227f507bf84fbde94ed83c4e15
SHA512af34ae4d3876ef5d4a9198658df976b7c6490456c48f7cd43b0e430b77a5c666bf4b0ca74ec7c711800239754f02c914a7a2017de989c0deb724f7ec0de14fb7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD515fa3ea0f89800a110efc65e7489fb72
SHA19f7f732159d3be5d4be1c1b65e1953ad0174bad4
SHA2563fe0da03f91e25ce65ae73f109b10d622612efd3a8a21d11c5748496fb180498
SHA51259fefb6d0399b0af48d1d4571a73c73d9740c7122074deac16a6331630404ac481f33d0542a883909ce5ce1006c3a77ed1345400249c1663e4196eaed5f770c3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57077355832fb350496fdbb4571946864
SHA1e5301e636fc49215c47b2b7a28e26c441714259d
SHA2566b2f21ab457345758df93b05008fd6503c2ba718820413adf0dacff1ed2796b2
SHA512571720ae2602a1a46fee3de4a42d56b0f88b6ebb09147762737745cfdb8ccf1e34e0e07d05a1c2d6a66377acf0c843723c900f895ef5e0585f538568ca9a2c01
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50d1acde8daa5f6c1cea837e9afd936ea
SHA12651ee1b31ec6778524596dfa1f57a9fdc1082a1
SHA2568949ab6dbe5b8f56394a2faad515dc4c908f76c24aaf125e41dc64cee2ddfb10
SHA5126ddbaac8b8c5d75cba06b75bc9796dd7f56a0ef020e9aaacb044abc9d6ad0d61d740e7d7ab91945a5d01e7295a95f37862a9d28efa93b86f86ecc7b71a6cec6a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD503e504ad287c14de183f480e26922e7c
SHA1585a73864897c475d6061daf3b20e43c07ce3dff
SHA256d2adffbfcfe65d18fd6786f09cd50d5a3c0e70e7fc8f7faf62bb38c7d4bafd2f
SHA5128981f968b374857110eddf3c25e578b0f1c6f4b9ca0fd9de3344d7c43d04ec7edf35406d680f93ec9b1415746d07fd95cb20154e890a6416096236c475cb34b1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5387a0fded61b307ace48571bd9fd6c90
SHA13ed3489d1839b1e10f6942537412e863664d8100
SHA256628146222ba026d06b76fa2cb08d157b717ef1b8a9ee7137e13125a3d662229a
SHA512f6dab9844d6a35b2c95512643e7395df08fbced193d432e0767c848487fa69e7358b04a692e4a1ee9183af945e98ba382101b7db763f2d19ed2294452d52440a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD573395112083d39269a72567256130319
SHA1a1f25052ed7d458c19dfa9f4bf1738294567d4a1
SHA256afec2c5716268104e11582b3e93087cf691e2325361288c41969621ae07b848e
SHA51227e3fd8b54fae12f212efc566667d1b6995e86f2eccc3318c4e54680774c07af63798db48d4d4ac841d7bddf855adcd10d606d02344d47a4a10b406171e03e5c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52deb1217b1e69b0e2ac2ce3cc4da5d3f
SHA1e27a9e2333ce08ed0245d66afe70e713625d8629
SHA2566ad658b7d23e1339ce23575536e3be0ac7178fd0f0e63b1e6cb21eb3135e3b52
SHA5127bf9ff08b3357e85468a6f7b9dcd48120ba1ed4656e2c029e9d58ce73efaf0c87bcba1edcc4aa214ad3a6d4bde1f937162659d36c8c7a237df8cab56803281d2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ea698e34246b5f1ea25f2b4576f419a2
SHA1402f446a276e119570ee809080fb6d098d150e07
SHA2561e34ba42a1b55da0723551f3ca4740936f8c10fa24d55d94ef40309b7f49ca7d
SHA512a10abaab0ef3367436ff6dfdf0e5aab406659fc8bc94d2e96b80f9f15781ad5da7508593d4e54ca38b251544db95004b7dd15f430f1dda11d4d52c36940f3565
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD595b8f48881be08e3b250f8adea9b7edd
SHA11dfdf987ed2fc50699c81d674c68afcb78133bf5
SHA256f7ebff333e77d46b856df201e8e7b1dcffeea578ec6bf8f09bc6257c32fa8831
SHA512c3dee6bacce56c1350142d196f59fdc6f961dd582533ae6f1322791ce8f30ff2c6afdd6759dc61c4a115b3a9229aea326405c2dec95262d17e92c352f1cc81d7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5735668a43f450082c54202c1d6c2ce1c
SHA19f9e0a595fd0c881a7a8360f04048f10cf2256d0
SHA256f4d69ca510b66b9951572be2ae6bbdad3b7be7d602d3d7bd50b610505265ac7e
SHA512ad2a350e0e7d2ea343815c6ac927c886e04ca07b941f92edc54adfde53931958697c65074a5d41fc0b398d5db03181d63b05df3d2397fda337b114a4a9797700
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56d11f1e43169dbca51eb9885050f0b90
SHA1af69c3e577b6725d358c7dc362ecfa6a3d28137f
SHA25685f832c8d3fe9c31a96f550aa0fa0b92c371a9b35fc999633eedb451bba7c59f
SHA51299b0afdcef306eda261eb72c62abcbd04d184e5bd9d888d940e97198fea805679fea19814f0047a56226db897f92e12dd7fa17822811c0e9d1feb2cc1e27efe8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD574707ba87bc5e90294056e7f10ef9419
SHA1fc1c35d87efa7ab975785de233c96302e5d5de80
SHA25631f2564bc30981e4e4462571a31816e7f5584504791b180ddab4f512b628bacc
SHA512d240d37d7c56cda067a636c1d1ccdcec60d21366c0b89f8e87f1f4eeeaaa3e45ffe21c8f2bebb9c0dd21fa764caff95dcb4490bd9769ef836d9a3cfae0a7584d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD561d2c01253c5a521103a99ef8a70829e
SHA1fb410c3f271050b3e7bfe6f0368c883f10971dc3
SHA25673bd7350257456749e474436e931bcc9ddd923a42ff6ef9f18a410f6c72f612a
SHA51258025c632bbb3181b996eeef79aeac9ae2b13b008f496a8cde5f4afe540b1db38f11bc803782ee6689a8bab1797d81b3dcd1e0b044886d672344097044860021
-
Filesize
67KB
MD52d3dcf90f6c99f47e7593ea250c9e749
SHA151be82be4a272669983313565b4940d4b1385237
SHA2568714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4
SHA5129c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5
-
Filesize
160KB
MD57186ad693b8ad9444401bd9bcd2217c2
SHA15c28ca10a650f6026b0df4737078fa4197f3bac1
SHA2569a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed
SHA512135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b