Analysis
-
max time kernel
133s -
max time network
134s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 10:05
Static task
static1
Behavioral task
behavioral1
Sample
a4ff36a99660a53be0a468c6cc472d44_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a4ff36a99660a53be0a468c6cc472d44_JaffaCakes118.html
Resource
win10v2004-20240226-en
General
-
Target
a4ff36a99660a53be0a468c6cc472d44_JaffaCakes118.html
-
Size
4KB
-
MD5
a4ff36a99660a53be0a468c6cc472d44
-
SHA1
3d00d5f554d514b11e113379973c40e8e9fb9291
-
SHA256
2b4cd8780a55306929acf11ee1dfa2a7579cd9b513f5017c2e9b9463b7e7e843
-
SHA512
f0823579de12a1c57f51ae9d6b4473f3f1c4417734b476f4d0fa17530538c3749b4fd058188daa57cbda98bd9defcf70ee9ec3ee0028b0ab371488c6ca87e62a
-
SSDEEP
96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8oV+2s/Sx:Pk7yY1aEFHVKtF37sNjtXATIQFM93pD8
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435016" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000008187956a81750104c1a77441b4cada6f957e2a0570d2b8cedd658df2c0a446b0000000000e8000000002000020000000d0f0ea9a2aefe26363c2c42204b4017568bc61898ee55ac0fc6738d47e4d95bd90000000cc05c71fc7a83d63ab7232e4cc129e63ab41d4b3eda0924839dc4991e5b7ba804cc70f149d6e7a2a543e42006808ab0a8cff2577d38f5831b5bd69a529b1871a9e377bf6a6c506deb750a7be85a06a20b66a4c6238346921a1ed9be7fbda8a62c4ba403f20f67195c0c9f2735c0156d4661d9b18bf1c792d340f2363c9bfa9c20f6b54719240c822fe50cd68ce9a2fc740000000be4ba49fc3dcadd53ea399c8714cd53437334ad8e711fc54bee226c1873c317b02b6b16355334137174552cdc42280a2e693fab2b85920e8048698aeb60848cf iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{813297B1-296C-11EF-B848-DEDD52EED8E0} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 5048d65579bdda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000016348acd4a66da39125c1d9d7d8c52eb879f05a1f7c31c952b7daab6aeeb6a00000000000e8000000002000020000000edc9742d93adecf5a28a0a3559efd17adeab8dd0f9432956700bc870312739c02000000044bd9a4a82f64c2170c9efebecb20c5bbad153523c9aec38d545803256f3d685400000006b9331f40f0882b1fd8e1c64fe34138a826f25c81c6b5bcbd3da2803a2f791f8f054d7267dc5f5ab560849b97d30e31ec8c75fb0dce5b0af45d1bb2d59946827 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2072 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2072 iexplore.exe 2072 iexplore.exe 3032 IEXPLORE.EXE 3032 IEXPLORE.EXE 3032 IEXPLORE.EXE 3032 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2072 wrote to memory of 3032 2072 iexplore.exe 28 PID 2072 wrote to memory of 3032 2072 iexplore.exe 28 PID 2072 wrote to memory of 3032 2072 iexplore.exe 28 PID 2072 wrote to memory of 3032 2072 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4ff36a99660a53be0a468c6cc472d44_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2072 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2072 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3032
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD513a717d2a677f45bb62c975a21faf724
SHA1330d5a7faaad7712f5292caa45b22b3e4fd7856f
SHA256e231a73947ca80c01055a9bc676a99146ac46802c04214fe94e9f420a1036d0f
SHA512e45a97d06608c69d628a7af219654bc2a37b7db0e133a776823c2e27bf6c2065cca8fc1c1baf5e416afbba43f0a2ad832a239882060400dcfb8faa40df25cc98
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD557fecbd768ccb3f0f2dda2131ca5636d
SHA122d867b6726fa031d9afb93cec3dc02bef6bc2cc
SHA2566c5f96653514c27e004886788a5a8b1869cba6374660947cc7ae5092c97928d9
SHA51276d402f8d7abd39cfb7c01f894c5e9518f0fcb299f46146f12f899da65697877dc9b87961c1552181a4bfbeb4c4c118c34668d1c038e876f71f5dd98e2bd1b2f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52bc9ce05f9d4c52e9ef12c7c602abf85
SHA1707ca09169070f2bc5c8e662ddb5e37287794b27
SHA256e9f6e726a0a8295800aa472b0fcaff989d12433740cf91ffc95c573a2c2f71e8
SHA512fb064a41480854eb166764f7384602dfc2fc05f2eb4d46081cb1e755b3df8905839f27f659909ab811f2e4e8a9ab56160073af6c32be1da63390790f152188c2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD524c35567642526f0e4c9001eefced6c2
SHA1e79d5167c75945ab3182f4cb0fb43cf4f4b192e0
SHA256c82693bbcc77ae65cf8cfde375b7429bc8b0d09685c6c2984fd33c06c0367c9a
SHA5120704112c6e5c29fb3c257f997cdd1abfdf64e248a1353395a74435f6245e6a617d93ac2151e147127501062c1788c7204ed33de958ef634c6783c7d88ea9135a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c2f7d58e04a2a25983c96b4bd15c4901
SHA1ff8035bd269327511486e6c28390a3850c50142a
SHA256258e99122df65629cf51b00e7046850fed5e99784f592688f42c08c177c328e2
SHA512a33d040bab88e0f12c8ee60aec561db32bf30df0f7383774b08eba49a19750174df03c22a00fd67e2ab24f971578cd796c02e0f15570815526db4061c4b52f12
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD545d2b1aea4ba702fb2666701c26f87fb
SHA1ad196955c51902f4c8f50af377cb5fb110f80e77
SHA256c06df3e46fe995058036e64cb4dbd9535ad1e7ca9316e3b337d5d424c76bc148
SHA5124add31ba2e33ba3438918caa52ace49e3e837634ef20b77d3300877a6f5d057162413e2c7767a9d7887d917c20727281d29e8c4f1188d16a35b18e57ee7f0266
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5049e0fceef0fcf00dfd4429b2ab9fd97
SHA1a9762945fb8a5188bd5240a06839d9ce78470bad
SHA2563eb6780f730f3bc44f2aba49da73d43170704a037b67d89edb2e5cb0d18dce77
SHA51247a479b4793318d6ab94232ba54b7a308596beea036dde30d52cff66e6e8709e30f215cbf40b5831865358ee71a57b8a44810c0c21456c248aefc2d0c3127fbc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5661bbee6c26b7e41b24a6ccf2762ebae
SHA106ec713882f5dc15d156b137f02535efa0a271ea
SHA2564097bee7d47e684651c83b925fcd3ca8a4ff04541e2ea4760c10bb8bf1942a80
SHA512e26170b33982201f7b36d7b1e4f0ceb2f9f9e4e00c55b2103e411a64bd66e3c317728cc28fdf7a3afdc61c1e4318392571465b5dadf40cf70c83de17f16b520a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b314cbea80c74077b8f521b60cee5a3f
SHA153b15f472d5da074d309471ebe5b03e26be9557c
SHA2560e923e914a45e037a31017095eef8fc6b26bbc50ba19d7270474026fcf68fd66
SHA512f19f7a3870fdb0458c4dbfa1426356ba96f23ad7fbdd43f789442ce981717ca49ca2fbbfc88f8a5baa41256f37ead07cc60c04fe0312839265d769939fadad57
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5633b3fefd624ae075be99ebfc5af1468
SHA102c6ab9b5893658fbc474798efc9d3c03ecb8b66
SHA256f2187952422759c511b1f46eb082bf75c77cb858cdc926e9ae98123f702cb811
SHA512dce2a362a86cf5c2a21b522dc779b1a29765110228f000852c9197a4afeef531e62de77ab201f8636c90e9cd6e3f7c0fe103ea1ed201500e3ac42c2534639c8a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5503dbf11519dbf0a017e8e6a86d41fdf
SHA1744ddde7c3fbe0e5a74808238ba2be65af904ff6
SHA2562f79a7ff40745ba3d8bbb48b42eded5bfbb7e8f34a9e1e2034bbe1a099110836
SHA51212a39985b4fe7e74de14ed425c69cde918e1967be27e695cc5e1815dd7ea8cd4ba37b962512ae9871507260d09f06aa28bd64a85cf46a1c1b69db695b006dcaf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51353759f4914f6c00d05d78f25108d70
SHA19f9cdd38e1bf3ee6090ff1ddfb7696050ffff70d
SHA256bebdacf6dd5649d097adfafef747daa0887ea630f1051144905d55c0af32c7fc
SHA512ab6a04563a2be164e5963affe3f6a27d587caffb54874178c65193a6890fa367ff82a9418c72fd8d0372b1368272d5856db11455bf08991d312fb4cd88ef13cc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f1e36bdaf75046c55c2f09f782b9cc95
SHA1b4bfad1e6d9791b45431de564651e6e618639f19
SHA256a689d4e0ad3f3e08ea884ae2012a381f69e3d1123f4a287532f585a0bfd2821e
SHA5125dcfb9983e32947b65b0e837c7843a777d8dbef83d46194652cef8001ffe82b65619f93038ce94dd28b78d088bdea60233597071f180a6028200e3eceb7cbdfb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c794dd66b0abbc4e0419eb2bedb9b545
SHA19eb9cf1c97e3e0c70b2b8aa164ffeeffa1648ff8
SHA2568c88f7eb129424fdd0802ea33b9a22c21c341cae45101a4d37dbb33622d05417
SHA5120613f3f594f9d1915af89650596451876e605e416b6d2c5c58113639487d7731476ef2ec43579d6651bfaaf5e31a7fcb4478eff7d2820150c7e7821781761675
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50e66e288fe69e1a3233bfc9d7d397248
SHA12dc2a3fe93f225329ac300f370443926b9a3a982
SHA2562e76cde0e68dd28b9266634b661e9da759becc28ff8e9a3d93402767a1eedcdc
SHA512446ead26a798839ca1879abb8853b55cd0b959a1da775041cd79981cf330cb301f713648d00fb8c2089364c51fe3f4a041eaea8d8ff673e8870ec16d9366d9a4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ace43c1ee63aeee96b1539b10a4b17cc
SHA1522b26cd60e82a48c0fb83d140823fe496869a65
SHA2569ab14fae3ca7380f2c9169dd2f6a6ee52621d1279c9e045ccdd0674fee3edd26
SHA5126cf488ad13cb3e19c97e7da6ab35c2056f2e8b60cb5f99fd527dfb814501e660c604fa549b2687849358ecab2724501782178ee2cb3f11a771afff5b8c83b136
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bd6d9a4a62f7dc38ee806d005c2b3b52
SHA14ebd65a15d159491b1131010b98c5582f1cd9074
SHA2561fad02ce11e31daa87d44d9b412855622131e0bb8bd7502a3a9cb9c6e195140a
SHA5122fec784d9a5945bbd3fddb5507eb5895b06dcb178db7ac2f6005655470a51676181105503cefacbb8eb35e507762d071e402273681d70b66b179feeb0f1490d7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59cac3478f76a1a589a94b5688d3f2602
SHA17f0c21b0aba516a0d6fc43b39c7878adb909135b
SHA256e0a4de6fbb6be08db075fd6d2069f0fb68814b37527188b035e5f567dd413ace
SHA512c022dc7a9906cd59ed031d39ff6162fe6564389d0607ad4ea8d712584227f80ecbb23fd473efe948f3b86a548042db0a8274275a78e69661ea1ba07c801a7a9b
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b