Analysis
-
max time kernel
142s -
max time network
146s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 10:08
Static task
static1
Behavioral task
behavioral1
Sample
a502b664ab74906318a3300242d69c11_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a502b664ab74906318a3300242d69c11_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a502b664ab74906318a3300242d69c11_JaffaCakes118.html
-
Size
21KB
-
MD5
a502b664ab74906318a3300242d69c11
-
SHA1
bf0e586b34b939252c02c2b1f2c9d827879607f4
-
SHA256
0b0de2e87d40d208bec8d6327b41ad61fecbd386c9e0fee7e3ba91f903be04eb
-
SHA512
5ada1370c766a5bf885a8e99f11230f2df2747559801c0f9457e71bf5dbf6ab2a0bfa684bd0035d6aa230f5f41db879a687388d7607dd13bcc485091cdb37496
-
SSDEEP
192:Hqvl596UDLvWudYsEEb9eo2UQB7z09Vea9bSdNVMjP0kuf:Kd59NuqEEb/2R9aJRP0kuf
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000007627614856cd9d1589456883ad40a7b6c448ea04296616191f2874bc4e497d90000000000e8000000002000020000000737949fbf9e4920784e2d1252a39244ef1483954ebbe94877d8e3ef4308e426d20000000ad12e35df5e513f38310d0b8e38beb0d8020e8c701a142d42432ffce5e39fa5540000000ea4450cd4468e4821bc02f855bd09c6a8cc0121adafb4765a4c664cd5dfddb4770a3263a7a4c1477a3fe0d35bb8b521545bfea7369cbbcd4eaff923da24a657a iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0c0a2c979bdda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F385AEB1-296C-11EF-AAC6-46C1B5BE3FA8} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000009afb6800488931c5b3bf43f5ba9518109a56c939ffa51ebfeecfa55643017fd5000000000e8000000002000020000000f3690110fa8bf47edca4cda3765915e81edcc47ebb905171685731af4f0a3bc6900000008065e477bd43f23961827c121cc840236268e6c15b559976b6b774a8aab5aa383cecdb891e047416da4c44e89d77519154eb4213d4a7e70759efeacf36949340df6e5ba8e5c9810dad16ba8d235c4cd3de071b4bf0d4fc53a5744f51b1920867c1fe23e387105328c06cb95bd15e27a8f0ad047d8171e5ad226152df1522408e999481c15d6877d156809a6a93a0c35440000000e1066e7d83528e11d8ed4ecfd35fc13071c258e40eb9a53702ac9d08678024afe2f0fa24a73d6a30fdd4417f7099d573d24f666d45880b9666de34eeab8287c4 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435209" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1932 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1932 iexplore.exe 1932 iexplore.exe 2888 IEXPLORE.EXE 2888 IEXPLORE.EXE 2888 IEXPLORE.EXE 2888 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1932 wrote to memory of 2888 1932 iexplore.exe 28 PID 1932 wrote to memory of 2888 1932 iexplore.exe 28 PID 1932 wrote to memory of 2888 1932 iexplore.exe 28 PID 1932 wrote to memory of 2888 1932 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a502b664ab74906318a3300242d69c11_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1932 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1932 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2888
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD501887e5054b8d0b424a7cd23e0d07393
SHA1681dd50e775f5c4f4c95f55579a930a43fd5b087
SHA256d7008172d9c6c4d179882b01e6a1751c605ee8b6ae2a15880f75452117a0ad4b
SHA512dba96d608eb5594683f30d5fb236c1d9fd03ce00633b175a87074d31a714076b9648d49381ecff4de1b27407ef2ec9aab887b06d616838b26c99018e4e378baa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52b3c20a48c1131fc575452fb849fda0a
SHA1d0837eb27cdac76f73d3bf72aa681fa9e63ce05e
SHA25668db9ce66a0f7a389830f79a32b2e579957e65c26c46e09751e9616567bacbfe
SHA512009360fd418472ba59699a45cf880029b79fb3a9af1789455c8357d08bd5e15aef5a771e6953734d827f87edbbc6a643e38687d1a00a6499c9d7b1577c82de80
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f13e92c06e722fb1c0660b08a8d743c6
SHA19c7f005bd001ae45af820ab79be284f30e6db2d4
SHA2569b205017e046230aac18acc33b49ff148447d201124553f672519d96f36d5cc3
SHA512659a7bd7a6a44ea55bcf4431c6bf6eeb6c52835b8d1a73c81a2f73eca1ea5d5d5307593baa8b3495aca4e7e04b07d04698fc80be932599166e8ff615ab471142
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53bc0e8eba89f9cdcfb7b400f17d44d51
SHA19432d9e6c96c9c474643aa2caec79dda3640137a
SHA256fd1fac51adc22529cf982d1cb353d7608c2306396106a9598cea745c0c5748a8
SHA512dd979c13555153fad8ced7b44a2a22f59b580306dc4b1f1ab784e0596b5f48f7b7c88635f9bf9bf0de10a23afa6118aa1012aaea2117f636bccb2f0cf8894c76
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f1f374ca264ffc6ac658e37ad39f8c63
SHA17dbf8958ab72dd6520bc717cc9a56975b74a00f0
SHA2560ddcb603822fde564fbb0215b69dbf7ea807d04e05a806bfaafb39745826bdc0
SHA51293ff9a25e0dc7717e3342f3213e9dcbe59cd2d71903ff9d7da4bd636b2dcfc6ae827918dcfc2923cf6eb9327a109c492ba3df94b2272d44d662157a084f980d6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD515dc26f1fbae144af368c8b338a401bd
SHA175159356e3856957c34e796f365193855145477e
SHA256808bcd393561af0fc9c709fbfcfc64e79c4103e43aeae3d97f72984bf8aae1b7
SHA512444e1faf300e4f2a3f816328ee60e2437e52815dce9905091b37cfe401dd246c499b8b1b5862f42559aa8823a73bf9066c08f40d12d040fcebdc0dea4551177a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD552f83e38a0ba308d3370fecfc7752fb8
SHA1e25d02723236d77f5ae1af081a5856342206faa3
SHA256acfa369aaf75cf766de9eb84ec6b4d07459b32f28b1cbdef0ceed1d64137f75b
SHA512d47f59446229d150ec6bc6b65a861e39a04b807db43b4a44cb0b4e4288b8f456aba468a8da8ac158fb541e3d1138d4a360c532522e50caf1aaf7014cfd33bdd1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD539091c3ed2fe1a8b3d21ed1c585d34b6
SHA19b5480cbcd7c0eed2438d8b4d317e52b499bbb78
SHA2562d9b50844f978fdc8cbc3100ace66dae03395ef6454f45185bae1960861b969f
SHA51210c86dcdf942669b8617af3f467b1533a550f59d2cf7a4bf920051907088808a2147dcbb0b570093c719c7eefce7e895674fad08d01b26d6ed11277f3dc9f2f9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57d7c070c011c27b1bfa076b568e4b1cb
SHA195a5beb496942eb1fadbe5f1068439f50caa054f
SHA256426623c14675255c89b4c25970baee99df07e17e8adeaddad1c6d30c9c23cca8
SHA512691056db2929072a25aa890c63acfdadc2031f565f1d38b8f7e5605e48bae8bde5e1cd90f18f4b4a62f4c8d97fd2e99f1a0940593128eedc7bda6e3b8c35a3a8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cad9fec17017b1d60c3803124262b562
SHA1df9e034b9dc533173343e65a13b17055f91ff80a
SHA25640fdc9b20b65fccedc2918b02e08dbf3cbc750cb856d8a40db8545c085ed80bf
SHA512d3a771c046ec81bd2da3379dd437118ce1012c1e48b63b223a67387b5ef7ad47036f189687a16da28a31ceef5c673c6e547a8547794d0cc60b4742c20388933d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5580b1e08bfdee3d1294cb664b07fb384
SHA10c979c2550486fa611b84c1d910b3217d30cf16d
SHA256901d50fe91f8be77801fed6f6676a528a5d6463f1afc24d91458b02ee51557e4
SHA512130490f64d4c921673b515e5e42c2cfe7a0cc730644b4d9d7c77d7add6c066a53c02d76e4d2475a6736d307e403599e37cb55c43649be787a4f7f31c1324e398
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD595d8dfbc3dd50fc6b77e9e36a85eec4e
SHA14413b47bbf15ba31e61b9b0fd018d670f46c6de8
SHA25666a4112194d9809f7a6d9f4c6c325aefc2bed1644685941946521686be381410
SHA51207cbc35470e21c5af6072d2ce624215f2c272e055a998472f401e9ff63901dbbd29b426289e0757f74b574c8cb68d9b5b38467516fae1314d8920db4d645ba7a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD583edbe132b7e6f0c6ecefb89656de21c
SHA1c7b3a3a29270ce94e0cbb156d3653bba886508fc
SHA25646329dae9bee814d4950f7059a5921b53cead526f1a3f55d69b3ddb7d7b8cfd8
SHA512e3dd935a371f91b3ae356499f17cd19425ce7721f0a70cd9cc8644aa20b73aa2cdff9e38db31f959e2612c252b3c6fb4729acbfe72d6f3dae13b85305a7a1da5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5de4dd82a02b922b5c5a7b59372d48a5f
SHA11fd5416c8499bbacf170a18c98997db13e723038
SHA256637e6b3c3d5844f7caa8ca79010c5f9090e72b024f4acc1ddd7991047a9175cb
SHA5123478aa7880dcc4c16316469f80ef668cbd2993dc0e0169174cd10c6e26b61d53a7c08db86ece23b901919b9d4bdf264b817a6fd521497ad57f9519e255c316b4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59762780ba3ef9641bc7e2c81f410243d
SHA19df45d90c5e0f11e40151c544f5d79c032c39035
SHA25607348081e3b8dd42e1100354220bdcec8cca0316cf345d7a29c33e8f554ea16c
SHA512ce740ecfc7cd0d6f559a5c45ddf3c9bcf1cf42ca5c07552ab5645db5b150d905d94e86af48c3dadc09593b95af457bdbacdecbf61a71887522899a1a407c8fe3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD585906b925b247c7881e1602792c2cd80
SHA1911b6506ce8447c334dc74c0dcc25e7cc8e737ee
SHA25613d08df29440a16c4062dc3e062b6d6d4792a4251af644757ade408e61198a14
SHA5125049c940d868ea58a8cedb3165387aa937611648dd314a2464da9b9431eae483f24f01d7209c324c4fe4882b0f54e4ed5c3b8733e8c8f08eecc13fc1a08909a7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a81df807196b41fc56b5cfff36b1848d
SHA1fdac33b1e82fac778d1c6c6258aad1d19968312c
SHA25683d42d933911deefbe8e691d02852d173c98cd886e7aaea4a13696575b83fbd3
SHA512aedea91200e220f9868c54ea63a4b938d89a36d4bc76977577dae46d81469059209fdfa7d3aa5b6cd170e141cb13aef3b50abd3c38e8c6ebb31d2a7dcaefc0bb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD526604331d26d7092fa4d5234673e9a40
SHA1d38328355b54af8532d9ecf4875b477a3d0c1979
SHA256199d5587992c0856f2ecb2952d69b8651d3dac6d23fe85de45a37abcc264ae74
SHA512eda5a9da68bb9eff21ef49dca4dd9adc72e4884d56a4e92caa40da1cbee54ac4db184232b0f3a5e8573c5b1ca2965b1ac07b50d83d9d1eb7dd72e67d0d64a0ae
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b