Analysis
-
max time kernel
135s -
max time network
132s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 10:08
Static task
static1
Behavioral task
behavioral1
Sample
a501e46acc4e88eb0daa7eeac8bd0d17_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a501e46acc4e88eb0daa7eeac8bd0d17_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a501e46acc4e88eb0daa7eeac8bd0d17_JaffaCakes118.html
-
Size
122KB
-
MD5
a501e46acc4e88eb0daa7eeac8bd0d17
-
SHA1
d22504bf351b682554bdeec0494871b787c641cd
-
SHA256
1e01dd3d59a9d27398ea9755dde185bed058a708dfff7feb958e9d06bf2a0266
-
SHA512
7873df6fa9f01ff7588e6569f4304ea2ae4616d9759a4831bff8886a2ad026894fbbbf0e88b8670b72d1f7fa52f59b055c093f93c186a07007528ab8b2ec1790
-
SSDEEP
1536:DWxJBZyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dK:DWxJBZyfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435179" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000002d6324c27b123c3116e935afb89ccb4e7cb3449850ab7822ecd3fd65d60612bc000000000e8000000002000020000000ee2ef874c447f9176cec244fa01a6fb9a6a6052205ce5bf2e6695cf1e803698e90000000428d32d27e0b164774f79486d4ae349e651506e37a20b893ef68f6041c4e3d6378bd3b59c51e2762737a56fdc4a547d837ed93b86e538628729f4b03467fbb599f0b348b83e5eed4159f967a5071e822a51b5219c29fadb9fad74f6e1a0da029728a94a26fa51730f8feb874661decabbf52616734f623aa1c83016d4248da27ea891e2d76c0e22d41733d7e66959c24400000004fa0b142700c7b0bffe3d5b940e2ad025a7977e0b848280042889b0243a363b6a1e5449ef436609d2b5a27805df2a26fb5c9f0a70e969bd6b087775cf4143f04 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000091a7314b1f0ef9cf31b39d91a57b2d6f5d3e559150a6d32535bd6699cf411fdc000000000e8000000002000020000000264e6a42ac49a2a19a66cd0d5398011398f08a17449981f1beb51caaeb416fd720000000a16fdfe6c98b21acc3c75c476060fdbcdc6e4d73c29bd91b4685134f3423e64b4000000097f43004635b833fbf1a8dd5b3271c1c0c6249c087e484a7b1860f9796d5e2ad26a4119978dc423a378ac01987d85a96428cd8f52dee3ccb13fcd0c29c9d7f87 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E2DB33F1-296C-11EF-A1F0-7EE57A38E3C7} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30091ed179bdda01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3032 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 3032 iexplore.exe 3032 iexplore.exe 2996 IEXPLORE.EXE 2996 IEXPLORE.EXE 2996 IEXPLORE.EXE 2996 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3032 wrote to memory of 2996 3032 iexplore.exe 28 PID 3032 wrote to memory of 2996 3032 iexplore.exe 28 PID 3032 wrote to memory of 2996 3032 iexplore.exe 28 PID 3032 wrote to memory of 2996 3032 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a501e46acc4e88eb0daa7eeac8bd0d17_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3032 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3032 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2996
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56dd5ba54013342f27943d5f94de46bb6
SHA1e49f9209db417f64a52c6d79e1a51b919b6d4cdf
SHA256b051bf6be18f341276bd560ccbbc2cc2a482a7f359dcda6deebf4c62caa17849
SHA512f4044acc8eed2e94b4f86b678704cea10f3be2484a5fa285d4159891b1cb5eef1d4dde6c8b077e1c53cd9ad6e4b525c7d949a246cc53b24658aa47448b0b71e9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD545dc013de07e83018eeb2b0c6c3106a4
SHA18fd5dcf1d9ce2204df6977f0b55784e74b1b647c
SHA25646131ca8f4e71400dcf206180c7ac9b58cbc16be6af4f5ebe73d869b89b29a5c
SHA5125cf9c145754b6c614ebb3269c77bc46ea74e1ed029319ba4822a95ea8fc1b70f9c4cf96e8bd5db57021cac307b9ed89f787fb697adb7a41c79ea2472d7f28f5a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5140560a2059a72d90aefb8fe150010e2
SHA10b8fa6d539e83723dfa9595e9cc2482fb3eef19a
SHA2565716bf72206ae6f09bf79b8f3b5e493e407a9515fabba9afbbded8340a6605a3
SHA51266f2df1a6271327e95ea6768291e6dbb98e9f3ba490083df8bd1824d319caad92711fa36fe05b933a064d50fae648cfd2f9480cfcb85b0ed5ab955876bba7e25
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c54c679137afd066aab965e2d1fa170d
SHA11a108aba7bbb18ebf0df904bddf93b8a67b10cbc
SHA256ed7a655614b7a51d8b47a2da4e0d6078f898e47edbd973b310a03dde480ad696
SHA512531a52c453594c8670fc2ca34b559ec28291e1957d2510d67d3f573bfbdb75f5cae5f2163c1c78c09465a1341251ab8dca2d2844704471e0cd2eb728b283f5ef
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f2000363b295fa9eb7734c2c1f062352
SHA1c7b02c56b653880eb4e8dc2362dfe912e6d86257
SHA25682613a9d1e7e3a50ccb8f6c4ba9769b76c2933b9756ec1b886c3dca601066ac0
SHA51265a3648eef089c56c0c5eb1c44259aa253668931d3ecdaa07801c1e225056e38a96d41029a2241dc579d8181c56dfc8bcb89a318959ac54ce85096d0316b5b64
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD580aea4f3b9c811ea02d9337a170683f1
SHA14829541a0d3e91cb854bc7908db9ba9376860b24
SHA256c87f912f02f2f3631491f57f6fcd84908c208a6d63e58b29d823ab55def642ed
SHA51225e6fd62f695ff00b5b07d57aca6622c0dc879e07972181b3543b67e937b8a87a4dbd5ea3bb02f81f0ade379c00d7795d56e8a1670c548810373862f08dbd984
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5084edc64a2028320de9b195a9d24bf4a
SHA1c8e511ff82b4565cd82d3e2a031663c9a6e03881
SHA256eb5464dbc1d6595879379d7f2fa9a5779c1850959b2e05ddd7da9a7063b952c8
SHA512b67a17f2ab23b1c27057492af93632a4ee97829fe82f90156f94fa165bb89aac3ea8563303dff5ea473de2d8a447afff60b97c7050d82f4284d08e5f330b5dde
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5095ed65ca9f032a0014c3f7f6332c73e
SHA149b4d5fd1499028c1a253823124a8ccd1ebbbcb4
SHA256f190870191ac10c8f5c4abd82e0230344dc26b5a6522bcc32ed5799e65923143
SHA512abf24b25f263cfa4570f5a983e6be3d4bac743a61f2d7e221c8ae1552a4d5798920b48932ea4559eb191062f6ca5a459700297f0f6ba293f1e0368bfb7f00dcf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD531027db47294592744d80bd8bc7ef16c
SHA1c09fc29e1574147fe92efee916e6bf261115a3d9
SHA2565ba35af85c01277371c424b470e0bf6392e24ea74e30ef8c3f0024604d9d7e5f
SHA512e4ad055df9aa7ef984c50db66832f60c14bce4604a5394e07ad74a2c24bafb6dc025b7007751ae0d99eb55a20dc51c2bd5597dcb6005d84cb699aa2fbe0940a0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD515168f276a18aa3d8261a2b9e2598172
SHA1827a6f2f2336403ec48342f0006cbe5d1bfeef9b
SHA256ec4070e0dc52d432e4c4608ae72b237d95ea708da11adbae29fb70de1b4aea66
SHA512ec4a1ed1fee3910dea23370d0dedf7ba351da1321e8446559c117400d1591d4108616cdb693974f13728dfc342e2cb12c6e4a940c50a1ca7c1854e0a7a8cb632
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5427ed3a2e2adde61d30452efc16d0b97
SHA1b56688c5dd0ae1f46c9c74f5795332814642f138
SHA256119e2109008d2d21e33e590b2f3233d8579ccb2b9e33d23b914f55e304017fa9
SHA512d72415e14ed662abd062d6c7e32b88e03f7b2ab54822179e73a2d86f6be7d47fbb787ea1a8c629c68e1497f58e7d66023431a7e4526fdd7e7a7a68f03690c81b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD597a93a3eec134faf6a3802ede5297808
SHA1e78eb9dd71e2956779b7d9c22b7fea2828b89136
SHA256326967f9645f3ebcab664c325dc60be0d632c175808ab28d1c0e062dfe62a5b9
SHA512c68336b50c1bdacee5f7df5996e82d1157574adc6aa002d55c623985f9cef86435950f89b2678e95a6477675816bccc11cb5258ffc429995d5451d5e32015410
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5774679f084b6db1601b229183e39a786
SHA10a04cfa22a1bbaf9a113d30024dedd765580dcfd
SHA2562498eac536ed8e05c65376eb8f4efd8a8c09f4f609c5d87f6b04399ffea1354c
SHA512ea13d87967f2b91911b30f60b7f029e31492b48a30d3d354680f61aa7aa4de690d60beec04d2d765147c09f9e47ace84616262c72806c0594f638b29e8d7b8c6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b47cf58c9809548d9755e434dc77e96c
SHA1112e06ae70bfcfc56a769760b88684f908a72a00
SHA256e451999a5358eff6c6192b2f509a251616954549a845ed20136770c8549acdcd
SHA51298c0e7615caa3ff150dc524f6167187d54fc4c519e32e030b4934cc3d9f5dd0d6700ec89aba2c76ac4e0411a41f6ac3fafe3ded4072127ec6dc37679c16a0b00
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ada1670f73494ce7fc9240978cf0d668
SHA16f120ceeedc93df94c95f75e26f38d3a26ff15db
SHA256b6d666147dec4bc830974c200510f5d3e9ff1b16f15e168e97faabc55d16a400
SHA5123e25b59604fa5ae7258ac72521575944d391035e38b30e7cefde798d5639efe03a026ec0e1d2a135a21e76fb5614d991ac418cd8a8b9596b28ed4adda168225c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d8ecf362ce37c4c70c1ff7d34fcee3d1
SHA102699ff49999bbe804d468c4b00cde2726cee3e2
SHA25684ded4812129db1d4a427f3cb333925b04d396f6e62a241d1a30c7a89aa0d242
SHA512d341abfbf6e802f783de21fca4041f54f03eead9f58b3a9d88c6214d3135e82ce8dce2f5293583dd76035cba16fb5894cbcaa6d1423fa683d301f8a8d455fcb3
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b