Analysis
-
max time kernel
136s -
max time network
133s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 08:24
Static task
static1
Behavioral task
behavioral1
Sample
a49da02e29a9c12d9214ef66f65af307_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a49da02e29a9c12d9214ef66f65af307_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a49da02e29a9c12d9214ef66f65af307_JaffaCakes118.html
-
Size
4KB
-
MD5
a49da02e29a9c12d9214ef66f65af307
-
SHA1
620ce639a7f40d4bd4ef1c034162b28bccc580ae
-
SHA256
f3915b9928d7666d076ab560d5daf81f782eaf31afd9fd4f0f3230a3939b2cb3
-
SHA512
b4026392d8577c7c5b2c5c27704459e2376eeadcf9e73fc8860ae6583707d0bf29e8faa490c8549e0aad4dabeba1f1ea6f7a4e118c5743205e03ea8ee01b2b5b
-
SSDEEP
96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8o/fGd:Pk7yY1aEFHVKtF37sNjtXATIQFM93pDZ
Malware Config
Signatures
-
description ioc Process Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000005f4d11c63aacc6aa6e80a1980963320c005cc402851bc744013575805dfb464f000000000e800000000200002000000015073f50c093b53a8f62606682138d8b342767c425afe64a5770631c70626ed690000000220592d981065e7e72024d6e90d1154fe800f0e66dd15e8db2b0cc85c842578695998ba544af05a209832cbef553352db44b17dc600b3b88146ec8c27079b225cc301c7565961f16377f5adb5c23180cbc8c0c404a524d9d55857a575c91ff2f249bffba1d875bc1c40c156e2644c0f7242e9efed387f2fa6229184e1c5432032349acfe77033c32ecfda120d4104b184000000037d07a44164ada14214e92ac6fd0479702f417e49691428df3a087fc736c7979baba3c3027ac42dcb456414eb2815d225a9938019673b716d5c54307d1a9b87e iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90c09a376bbdda01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424428952" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{621EB921-295E-11EF-AAC6-46C1B5BE3FA8} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000051d4c46a82abec14548a8122af64efb4b190b7338552623b7157e5969caab8bb000000000e8000000002000020000000bd9a34231056b78ddbdf775abd218051eb21999833ee3b263ed5fa8f6f52727620000000a52e14f35a2b4f2be14ebe162d5193f1c92ba0352b8752d1b163940b901b031b40000000d8dc959ee00f95c63593252d1c9313b91b95090504cdb51d53053832226f7ebd39c7aa965925c14a33cb9760487d94139c6643e8c28da0476bc4db0f3222314f iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3020 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 3020 iexplore.exe 3020 iexplore.exe 1460 IEXPLORE.EXE 1460 IEXPLORE.EXE 1460 IEXPLORE.EXE 1460 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3020 wrote to memory of 1460 3020 iexplore.exe 28 PID 3020 wrote to memory of 1460 3020 iexplore.exe 28 PID 3020 wrote to memory of 1460 3020 iexplore.exe 28 PID 3020 wrote to memory of 1460 3020 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a49da02e29a9c12d9214ef66f65af307_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3020 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3020 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1460
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f49da720f9899a320352fd33fdb04596
SHA14c99a14cea8af237cbe3060bf21e4d0c3aec3459
SHA25601900c66220f5b2870487f13231e6acfb1005aad2bcce16b2c9084ef8b003e48
SHA512a46021f1c022d3ed9cf98dd2a0ff369c07e35ef0db31cdc3d7c30622c045f917dbceced718b684abc0cb6943b64a3da2d2a5f3149c367978c1b57a05d8b01dec
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b63a4936fd4e9bc893f26e13c5a02f34
SHA17c231c628262cd2086f742127272941716e62da8
SHA25666511b9e26adfd8969df56e96e58b4330bedbc1cf0ca2632a9a76711159f2352
SHA512070c57de6321c451c16a7ba5d8129651ba3aef14488cc630c61502917eebaef08578fa22b96c7070127d40aa94d958d3a930f6df54701f65f9d08bc62a39c1b0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5736ca187fafb1faf5ddf90658c8799f2
SHA1529ae5eee3b89881273593a1a42eaeadcddd8482
SHA256b4bc032e75703927e5d6b4fb0cb6d0fa0505de703c8b870e7ef884bfba3ddc95
SHA5120f5c39798754595120bc9ece5cd07eb5475b9e9e3db0031477db7fe7f91701f7ca546f9550300a4ddf812046d49510fa141d9e23a1e25e8d9ba9f640d22b67c8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59d6a91b111df1b9da07d11ffbc7bb6e0
SHA18b40c6ced07dca44050a166459b66187ed363c36
SHA2566a303dcb2ea404365d083c63ab4045fff28d7a07fad1c6d3e82c3592b8eee0f8
SHA512780d8fa1ff73a308790cfa61663ab42b40251d606b99380b56893f9cfba196e1b162fec6719dc728a4279b55ebfb925841da75d594518240bccaff2196cd54b8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d0e144c658528f54abee953b7f1f8de1
SHA11c206c175773fff933ab6702bc5266efc74235c4
SHA2565e5e3dcd1facfb5bf20e9189e1745a21e62dd762b17338ab6a2d093a5aad006d
SHA512f7ac4b149cad6dd121d86b9afcb53eaed6bcdd852065b7e2ef35360e52129ad1f100aba759580204bd5a1165becbf15db901d6a102623475f05646790f77fc11
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5532067682f7e61c7604825d7780739d7
SHA102bdcba29cb95d8aae528ad7d5e730e14ef08158
SHA2560e406cf042cebbb2fbb4f24a825498501222f3be47c97e9e76ea57d15664b642
SHA512c5ca585f5440d8a2077ac856acfb657900498432bd8ac7bc94ed20d521ff408e898499114f7be9063cb266b7d119c604b51243d73f37b567c584c116eec14c89
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD549a329f3e5762e9bf42c9538d10f4a3b
SHA1dcfc7effe737c461e22b993f1a1fdba272b81ac4
SHA25613f6007be5defd1cd57b6d29acbb49f0467c7d1d068f1149742fd8e94225719a
SHA512ab096114be174f4abb8030601e38a1daead30bbedc697609d78e8188ddd7ed96a11a893ef25d47b30930767fead044335e0b5927f70f34827d3451da26179ff5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fcba3a398a98651c0bde07f0556aff9b
SHA1d5208676b5a9dbe547d50000212dd4319434af05
SHA256fc685a8c820bbb436a65880ab406134a1b79836f26e6aebcc3138498f52aede9
SHA5124b2ce48e1c8941afa0c17f1eac0132d983a6d871ab985c35d067d787598cdc0352cb62755314425b295abbb39b23d3a588ac4b4af0be1d8e6c2dd15a45547244
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5444e9fc13cb85d77a6ce784070045d64
SHA105d12fc7faa257f31223127b3936ab486ff23e29
SHA256d29b849f325f2d2667cfc6edad79d9fa673e544a66c0265bec552a14dfe3948a
SHA5129d21aa1ba3c3d188ca9d47f72c68461c60b02b474b7dab4efed0746d598f7410f520f99039a5d0cbbeeb508fbe59b105f25eaff3cc5c9146ab9d918b8d89c6d3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55926e0dc130c589a733dcbc1ff5cdb16
SHA161d4b314163f4fc8880ecb4198c396dd3e8bea66
SHA256c7005e5160fe3d72f68b1c3a0e28f2fa9c641fbc5ef9bf0d5f8f973790b13f0e
SHA512d2178042a82b9d66e6ec8bab4c6c528ecca0f2170cccfcb755dc662d8a39e876b0ba7c711e53c8d816d4e7fb1b8242176b193525ad93a53b302072d896e5f771
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52bed9161c66625b96dad7ce95c39eb74
SHA1bba3468885d44bfe71cc5cea85e8117d0ca1e98a
SHA2568ba43ef2708f7f848c7825e7ed9505055b5c0965ce956fde7688c6d8f78802b5
SHA5127ed138ef3047f2a867543dec92d735b17a5e3ddcfb2f77e4d8e056ec75e1969e06fd5c3bdade22fd964a3b05b8366faf568cd2fe79e972efb22324b67b53413b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51c0e0caa2967a5f53a8488cfef1e5949
SHA19c2d99c4fcc455a0b4e396c1fc307f088501589e
SHA25623706460640cc9fcb3c5c3073e11fccd9f4ecf05c710927a0aad590f3c3eb88d
SHA512f73408f802b9dc3a07ae2c8d9f4e6ec9e81150cf363d595fa270e336554715c1a64e76f7891396dc2d792a5063ec1d4c3160e3a83bf1703526e0f7c9b80471ce
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b97637b5e22d98bc6746752fde3a26c7
SHA128553ecc07b62ae24473b1b5a12baaeef58a3c9e
SHA2569789bb22148a25ec50ed690de2764505eef57bcdb97ed3184e981b70c7893513
SHA512921bd389df4fdd095000e5bca0c600ae60a9ddd36eb82c75896ac89028a4c437328321e3f64af45d62cf7fd2498eb13e0cb58500732852a12b3465baefc151dc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59c26a264d996b60f5127aa5dd83b4c28
SHA1d8e8b9573ef1cfadf27f1a3fe5f5a480b1790343
SHA2563c7286095922e1ab2db8726cb33c88bc9b33308c9cf7ab93d100f190d5e566c8
SHA51286d32843d29046b0cf09f7480a3c40c2878d33ad1c299ae33d5fc85962f83858f303652f297d29dfe42f0f191fdcea4f33ac6ef028d378eeea3c43ea99e3ada7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bbcd2c5bc6e6ba6f3bda36db41f41ebc
SHA181c65642a7ad9828a6fe022cb306110c41b397f3
SHA256525c42c5380c82820d912bae65a4fe00e2790f8c1c519d84914aaa89ff72fad6
SHA5127bd57a7336b48d9f34dabe49ab85579de6b378a4491ac31090c6416182802bd770e275c7c4ba7d8b6afc1691ced20abb0f307b418ad727ff1337369c3fff427b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD591238c363e42a67ae2ba0cf26bb3fe2d
SHA1d353fa303c92e8e8c3d9c7eac99d2a84c068034d
SHA256107e98cc083a77bbf84241a90d5ba9ea099e779ba340b29c17175b8c8bfce41a
SHA512f61d641f6c20d18710e796583208ff8f83b8cde908a70bc531a1c80edcb9f6211c184011cf1f02e69f36ff3a373bd5e8b9fbbd90082c57269c7ec7050fbad2b0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD524d5ac1c7aadb3e12bd943d7c6ba7cbf
SHA1ce5f6ff2f1bfd06bfdd969634d3727bf20a9d1ba
SHA256a7187700b02476d3e2d1a745617f11e810556ca0bde5a3faee2514b0c325341a
SHA5124051ad7e2d654ebcb6c67617d491758122dc24ae5850a965c4a29ae018cd1399eeba4102623c81f3802c96de7d0fd8da87a251c5445e2ead1a4349ec7e0e2f94
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52191b5299ec18391a8559d9472ca2972
SHA14b1441cdee69ccfa28e6ac80464c8034311e0952
SHA256a98ea364043ad15511b3b6c04908788d45094ee650371e354702df435317339c
SHA51248df4b13872e90a0dd968b4d82fdc4d53f169f92bdd7b9c125f3b0f00025a127efe3657757cd6271103305dec659d7b9a4ebf464724052b5aefcbc06ab454eb4
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b