Analysis
-
max time kernel
117s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 07:38
Static task
static1
Behavioral task
behavioral1
Sample
a4765f43710568f51d46792e02a5a1e3_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a4765f43710568f51d46792e02a5a1e3_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a4765f43710568f51d46792e02a5a1e3_JaffaCakes118.html
-
Size
3KB
-
MD5
a4765f43710568f51d46792e02a5a1e3
-
SHA1
010fd52825df24d9a2c98cce21ebbab978f25860
-
SHA256
2e78eb0ed7be7cf068d132bfb4e5805fc7143a98da7b1c1575351dc986e529d1
-
SHA512
cddb1f13f10b1921181d395dfad8e1a19b3190a7b9c12dc8e0142e75a5dfc11f6f6fa6234cf7c67d1712c815fb7e0c6bd117bb0b700697e686969f45cd52eccf
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b06f83c764bdda01 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a6cf6a4a4dc6f04fbfe3ca608528a67600000000020000000000106600000001000020000000163c263386d46edfcc9282d2b891095c5042942f6e9fac688d33c8599b69cd4e000000000e8000000002000020000000eb4319fd188b64ad7dee22f0587afe15b7cc7b22ab9026bd960f183532712dc390000000cab436e9200adc6ecb2146978132f67ece04c3ebb34a0fb79e6fe9c4d7ef3c3dc207c49e6b53b01e9cf88836c639cbab99e81f12019a074438958af758fea5d8409d3dca9aed6b702187d7d646513635d48353354d604bf131e0a54af9f9af98022fb1acc1e3504bbde7d3a9b7bf22e83a8cc8e9a0e26544c0c27723b7cc498afb3f8782ee5a6474af7acd4a53f4bb51400000008120fe21d22b4a170662cae5f538236615075585deb37046114bdbd97bc21c4a163b4ad84cc96efeb6263e793a86d43626360470c2d3cf1a08d673e80da66ca7 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424426186" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a6cf6a4a4dc6f04fbfe3ca608528a676000000000200000000001066000000010000200000008660306de385e264423c00efb771cf0757d4a0c97a36586519ff6a099812c255000000000e8000000002000020000000db12ba3953f95b05e8a28f8a15fb2639796da84504c955be4d17706ed12ef52f200000007bf61295d7cf3797e9d655c2bb06e54c029ebb90c26f6bd0e386cd0f60e3de9b40000000a601f0e836ab4532707a2f157c0ee8712c05cd65832afc2cfac307b390758b05848432901e1ce0ae53b557201fcf8b79a2b57b09147843f6a305e1f38b98dd42 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F2C9F4F1-2957-11EF-873B-52ADCDCA366E} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3048 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 3048 iexplore.exe 3048 iexplore.exe 2392 IEXPLORE.EXE 2392 IEXPLORE.EXE 2392 IEXPLORE.EXE 2392 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3048 wrote to memory of 2392 3048 iexplore.exe 28 PID 3048 wrote to memory of 2392 3048 iexplore.exe 28 PID 3048 wrote to memory of 2392 3048 iexplore.exe 28 PID 3048 wrote to memory of 2392 3048 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4765f43710568f51d46792e02a5a1e3_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3048 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3048 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2392
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59cb7988caada599b753b2e944b95f37c
SHA18f6aa913b46c01e76ffffa8970f1924363af0066
SHA25679fca1fff625160e45bff8ac3c266f0a41b6300135f22afa56ae8cfa2657eccf
SHA5124b1742ca05c1f3648bd70777cd878a6240a6c67150e5ac59e4c8eafc5a6516d74265fabd38a01934ba8a1ea4e9a02133c9f745f691d1fc46b287dd1d5b12155e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ab6b6dc83f8e0a2842c78bc331b72e3f
SHA12309c734955f897c809a388f3af4351086acb210
SHA256971a67d16b142ff2e6b959a4f7c4622d51d0d80a0d47723380a99f74bc47a8bf
SHA5125eedf2df95427b462ae49d80edd153800f2e3879bdf9adafb7fdfe9781b3bbb9d967e51bca153559f8ba03a7cd4a2fbb3e3db254dc01ed18cdd0d57bebc54cab
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD545196db6da53f129ab8925bbb7c29594
SHA1f0fae056f8b0d70b925b9f144977587499903ea0
SHA25683359975d157b633f6f39de3483b1a69c4c78b7b2582483e0bab8d43b3b1cca8
SHA512d84ec44116cb65eba1b6b3c8ec686e4da3416c567d6f3cf08148f65bd67a52e8f95049a50e559b9e769883b80d9b5885fa1a562b3ac7efca68cd4af4ff3a2392
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bf38f1d0e466d42285fcead1d9b92738
SHA173dbe553f8a2734084a13d68d6cbd29233629894
SHA25608ebdd5cc81ccd75fb6664756406caff896393768b2fea4bd844152c35c27763
SHA5124238350d4bc24c04c93932f7f85873363797fee2168497fd324db0f8b3ae713bea3e40f2cd52b62d8a0a44efc54d9695e6135667152367b3ca4e53a4ddec0ea1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e307af99d66f141c51c5c921d2007c42
SHA14cf0b2323774adba4e89ffe0f2e685ac2bc922cb
SHA256f0f17fdd55c785c5f1f5e6ad99720a8524be65570f2387f1e47299b02fc2d95e
SHA5126ec4753f975a52d7d86bf82e852918ae37c409a733df400bf6236d39e74c0dc4193b32c526e6c4d0c6bb165f4ecfae2adf02b94e3e4d9a6caf8ab1897ba0cad3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f8d3a3d15adf6c98f690dceb8d19dc1f
SHA11f2523c684ec000465f64099ff8e01f8c01ef9ee
SHA256c2899d8394636389ea724834de8dbf77ee8bb62bd6e6acf805ef02973f767b4e
SHA512d8985d093a7a18b8cb7755eec963427687d871f985441810997f26770f7e88356244e4212e41762d6959d243a77c9f7be550f89d50028451335bdb8d940fbe0e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54c789c634d68963529c00693b532a463
SHA1bc16f7637b1bea05f7254fb1602469a4330b9c01
SHA25631146780002d5de911941af91eb13af78215b114cbd87bf6aa2e51675aafe5d6
SHA51299688a6e0bf04f73406ce63421de30984ed48a052395a8dd66c672f1ab4154053dcb6ecdb5c88a9994d81bdb1fee0172ee74f74435dfeee28a891031410838ca
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a43fe9e94f5c4880d1c766f4ad9815b4
SHA1b6c3afc1891f74946f1d6455fb4ebabda1d667ee
SHA2562c3eaf43cfb12eab644974e360bbc86a7aafe5c49ad7610df72a3f4805a412c3
SHA512a45ddd57c0bbfab52607ba4bbb8ff164ca5a5efdc627ae18183cde445e4b999099d1afc11aa82550b964abde25e1b3ddf8c64bce4b7333eb5973a941ed574288
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b6435b6b49cabb21c7cce07db4d76d7e
SHA1ad165fb582fed8563a92a568fb0b065e86b1acf2
SHA256bcd60de560e781c8ee814c3c32c657d61725eb4509185052f3dc76e7c5951e3c
SHA5126e8910da4c62c45e1537fa9f107d9773f017c0dcc9f33b70cae6ea2ebd9cf8bbe7674c0a9c67e346353d5bdf22dcd52847bf1f2bba0cc9973d748f77c743aed8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD526e2fb693259d50502f7fc3e679e6231
SHA173fae5335da757d190ee13573ed12fd90c76a1d1
SHA2562ed15a4ee46beee73d3963713a52d0bf5fc6ee08c5a7d2bd9576e67b5f5b2e55
SHA512177afe0115c70a4cfa2e6a6d5b27aae22660f8706cd92201d554342a8ad5ae1dd2b91ffa7b91ebfa463ec3a97a72470fb64d8273325be115fdd039c8b6ad1d60
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b7ee23586d70fc2db27f48e1740e1913
SHA125f1ff8df5e8f8743e6082c2803db860c46abffd
SHA256e26ae644319dd4c005ac4ea7b75f2f88d966e43b22a3a0102e2004289d98ab88
SHA512bd960e44cca3e908b55f46d0ad7c2eefb0f86dcbac50fe29e973da9dd2d6b175bbb358bb94b8f830c472f1cf3a146a29d256b7bd53e57a97fdcbf3f1c2f4b954
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58ae36da7e9fca2660581f2b5caee2251
SHA1b29c0a2267f7cda55ab991be994317fc36d0ce71
SHA25679273dd62e56e5df6abd49799335610b08ef93e12388e3c84dd5409eb6cc67ad
SHA512d60e17d03cfcdfa51b77105e46775f42e08be5d61ecf8ddf5524d570a87b73502776ad47d95fd958c1be7c1398f11ce8438a8db14f5892cc59e34e4fda7f5b59
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53935b76fda13fc708bdd273d78700622
SHA1851296458f745332b63f1c901efc2914d6919a2a
SHA2563d65d1f9118e763199fe478ec14ed8abdb079d5bd4ed7b5dd188a7f54f552172
SHA5128105c88a3008da60f020b5b91f8e8249b4c6c28f35994be866be105eb84e47cd570ae7b6147de5731090ad34cd306290fc61d33d614f1abcc863cdd5adbac8ae
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d5178101d0391063996619b003886beb
SHA1bda210300e647ca45114e71085ce24910fe8f5ea
SHA256ea70ee5682685728ea4bc6ff17aaeeff8544e97b49ddfe4f56dafe030be4a9dc
SHA512e38508d08b7c6320c1e41f86ec0c790d57a5566055678bb2024f9d2c791d22bc8e797c58b87328a630e366d1cefa026be0451baf0fd34d035b8b2a05c8cd3ee3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5aa0d3947bac2b9c3d63a7640b103153f
SHA1af8e8c0cc4931d234f9a943580257ab1add943c8
SHA256f1e6622129717c1595737a87308044edba9c40348606fdcd7a13505c7c80e660
SHA5121c8c253bb0ea1dd4a1bdf19823a6fd69e57c67802ab866e073a0da95534a3134a8424783fca7f5d94ad1d3ba888ba6cf0d193f134459121e41cdc41192d4141f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e350dc4cda03df8a65d893f07b3b6332
SHA16192b1f1166a60b5fa44a8d99e25324c9ab17d2e
SHA256fd906de7dfb5184961bd06d6775cb039a3417e6f978c6cd85baabbebea2573e4
SHA51251eb9af8bc6705317c4c5d8c9211a61d978c769e5db4c30a257f4ddfef5d884de09bbf59a2c6e6e11ea4f5df291633814f8bd248f9b38bcea2771e17b0939615
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5abc3458f7d05093f7dfcedf2728eb112
SHA173232615ca33836356b4c531abe238c39974bc1e
SHA256cce299cb2985d229aebcacc41496777e05051519ccc351b3281583efcdb12330
SHA512574940f2fcf070f7c8258e64268f3871392fcf20813ff49f258ed3a0b3b2fcc57e270088a3aea1aa1f83bd9201f0257bd1c0f62d64900fd7c09692cc36f06040
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b