Analysis
-
max time kernel
136s -
max time network
133s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 10:14
Static task
static1
Behavioral task
behavioral1
Sample
a50798f650ce4219205adebe02630ade_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a50798f650ce4219205adebe02630ade_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a50798f650ce4219205adebe02630ade_JaffaCakes118.html
-
Size
461KB
-
MD5
a50798f650ce4219205adebe02630ade
-
SHA1
1fb5559cc9b77a25b548845046b9829d56f4d067
-
SHA256
bdd98f8c5057afc668e3bd8e2f39196a23936b913889f5e181c7a8d3c1b75812
-
SHA512
b2dbd0347ff9b8e7655e6da55d7ed7e0e5ff2358dd33f7a12c27100e5e38fcc94f66f41fa214c86decb4c3a688642a2b3dab04432d049ce489ecffa7c86dcbe7
-
SSDEEP
6144:SAsMYod+X3oI+Y1JsMYod+X3oI+YwsMYod+X3oI+YLsMYod+X3oI+YQ:95d+X3d5d+X3g5d+X315d+X3+
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435555" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000003cf25ed65093687c90e6df72738000a8137e83536eec3f4ae7ff19824e09fd8000000000e80000000020000200000009f956b7f6a63c92f8af3098a8abfb78de56c1eed16b8c0d2a77bc44e637495a190000000558c257f4d83e0b67ea01efbae6237580cd6236ea6c497398dfb102fe0f352db3e21d96d3ca4a8b2b53c3a23bdb7f93bcf65c04471f8252458644bbb6de3e4adfe6b39ac4941d86b23e83dc3e6d1176e6c3116ec471c82c9ce117a4559d3068efe6782eacf1b9780ce0de050075b3eb3ebb51d69223eefbf79395ebc9af97918a0f288fcc9ff35bddd8995d921dd744840000000682a6a06e2b65014063ab6ba8af9f4e5a76990b70ec4e1cfe28910097ad7b5d0f3ff956d84d2bba846ec654bb2c3a1e4403df6c68c0fab9c7375fb57c426d0c9 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000273ffc3b76a8b0754b90ba6976027cd0ade7ab236beb74814284dd58a9b4a021000000000e800000000200002000000097a5dd7b8abff122840eb64ede1f39ac73c11f10afd49d949a259f6d7cfa8e5120000000f25fca600bc9b7a1b8b50457adc2f5687c0ad1556f409a376702b047a04b7d32400000000ccb7075ea1f961f48addd974e53f25f61625d889d18067c3820b87ced77c7a789695287be5158d6b0db37cf77f13e599f84c848e02325dc51d1564e2a1287a4 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C2634351-296D-11EF-A8D3-D2DB9F9EC2A6} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c056489b7abdda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2192 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2192 iexplore.exe 2192 iexplore.exe 1532 IEXPLORE.EXE 1532 IEXPLORE.EXE 1532 IEXPLORE.EXE 1532 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2192 wrote to memory of 1532 2192 iexplore.exe 28 PID 2192 wrote to memory of 1532 2192 iexplore.exe 28 PID 2192 wrote to memory of 1532 2192 iexplore.exe 28 PID 2192 wrote to memory of 1532 2192 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a50798f650ce4219205adebe02630ade_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2192 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2192 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1532
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58eb604a320cab73525a0dc0a0611c32e
SHA14365f12286624a5319841321199205f60fb74f7a
SHA25633f2e358d697766a58fee35d5b45b4403f4718fbcb24ca2da298be83550796a4
SHA512d1595ffe3327185b82c7fb317f3b1243c9865fbf300408be83ac736a036440eb061d6ba66d1809564896181f06f31c942b574ddc27138bcdeed38677ad155280
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5096416c5f39a6aac49acbcae11eac378
SHA1dd67ec40c5162e2bb03401ad8f710a45cf4a752f
SHA256c96075034f82e55d938cfdfc08a3e378c4d54b0773c4553e26d48d454dcd3e8d
SHA512463f390130183e938e71568223c9b64fc3b665c2c287a5f052c2d7c71f7f56178b8e9cc524ef75e73b382c78a045523515f13430c9d65b24a7beb4e69f84a65b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD510444bebde8c94269204742a63dd0d63
SHA1db84d563bf6b6306c6a9c3016454bd7b9ad63ff0
SHA2562ac91a0bf7b66265dc669a6b3fc07181694605807130006b3b6eebf99b90cc92
SHA512d5c1c95bc9d43e738f9dcb739db26dccac1706a789e11de19d954b28b7780f47635bd38de28238d73c1d609dda32cd8ed33c2d9ce2053bf90c1af3aab1488d29
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5915e7c0babdedfbe1315fd936a5c8cfc
SHA16f2eda0d54eea33ca072f90d13fd79d12999188a
SHA256d31d16eda0e46dc4dbdaae70e836dfd7050057d53b1a64ef6d323ca4e491bd94
SHA512f34e3ac0cb3b47fb6c272d81ecd8058ddc1a7184a74ac7918f181a2a433e50dd1a10aa75286d8cb6bd7a30adaaf941387be8d5f961bbafc0301c4071a1a10404
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56507539133f6cc78580201aa93386638
SHA1e21a1071943d70c0f3bc59d56b8f887c762a0608
SHA256993edce94e0448477934afe5f1edb9f236ef453cbc4413607d940e343b5a6cea
SHA512e7bf184765a0f44a42226769f002294842e243f6cf2eb9f3693b03def9f76823e1cdbfeb43f968f8beb34a72a9911464decd5a8219d093f33f4d33e3f29f2cc8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5024dab26e09fd31cd06a20cf50367bfa
SHA1b42920703fc1f748a7e5f3f2fde4b78793ee7834
SHA2567c5af9a1ea8cf2c763119e3bdddc1b15a0afc577eb0084d638f18fb008d2d1ae
SHA5124f99c66c24be619f36ba64b8a70fbe69b4c994091cb571fd39ec3c8397eb7898bbc98c788c71d973729a947ba512b2d3ba57e142faa7b66b3c2a277478f2b2b2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD538373672058ae4aa38f593970008fa4b
SHA167f17ddc3f314a77d4e7ec6b352f088055ac07c7
SHA256993d395259aa63f9af90ebdbceba860eaee8849a052c2264204652ed1fec874b
SHA512e9f754c1bd369868c13b3461bdd6659086803a80233b7dad5ac8c08a87d968eb27d996d34c353f6486e859f49d427ffbf81fef9a5794a614d8c9a93b83891fca
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b8cc98d4629889609d66ec0222c3a31f
SHA10d3b087e1d4bbb061ea70162b9e41d8b9e04d885
SHA256d700eee1571f743e2bac0cdbd1f4f9cc525b40bc80cf7ac56f17830e27129c34
SHA512ae94106e4645e6457a63e997861c14d25608253f924746a7fecae1a1d123e7cb2085ff486b7295b22b976907c25df782250f1a3609e68fdf7c8de1abef128fa8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51b0520894408562196905b0b6252d4ee
SHA18dea7987c456cdc3fe846081e4eda1ae327ed679
SHA2567d24c0a191292bf8054a799637e07275ce44366ff27d8abcdb742c06b32bd357
SHA51234bddb3b9e22c09475a28d9668e762c27b5e82fdc999ed021fd7d1e6ed2ac06eaa6102cf9804a27335f7e04eee9044a7d92846cff6fdc0583604a31a8aae07ae
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57144288f9aee95ac72b9c84b3f29fa13
SHA16fb5f27652f2e35afc339eb1590c1be95b90a9a1
SHA256f7e9c6fa5afb8970b5c0f945d3fa032e02a52518a96c2f6f5bbf4a3a13b5cf14
SHA512b360d687889fdf323c9dfba9ce42ac125309fc0ad4728b7fa4943faa828d3185f1bacc1883877518c056a06f978d2516abd4a3834169721b86c2b2800a2a92b6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fd1fbc78d00ca68858904b8d9445db84
SHA107c9b9e1c0244588d0d0258af653cdf2778b4868
SHA2561400ff0263a1f2e6a5ec94fc7881062813ebae1667e8c4f3cfb6f863c9594fa3
SHA5121f69f3c3d97b77508c1ae401f8be874fa3728f4e4f4286bcd369f683fab7be57393b6e8a5e1c7dab3d9f5a9088d0a7b1af1772f938cdc95762be0a74ae8b0fd9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57cfa9008b134529d8e6bc3561fa63c42
SHA1cc6ded9ef74e030529cb0d68de57b9f19ad2d1b7
SHA2562a3b32c3043267b396fa015cc84ab39938d217fbe2010382a625e8a91ef29bf8
SHA512f21bfba97ce95c58a8e60aa7917b19bf0dff9ea4494c941693f594224a52d114a41f1ddcb8bd65fae42613b862b68b1b0575c042d0fef47e91279ef514de1fa9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a3254527f8942f9d593f9385788aaa39
SHA1b8fe24a603c77d89587c6848c3e0d3f14d2dc14b
SHA256b9384f582d5661a2a561c3629455533d936d4948a169b59b614bef00cc8eec8f
SHA5124a2d454bf4b20f3256a1db9364aa7524236333777b442e3ad180dd694873ef74880480cfe6d027f2c1fa7886c5dcc9b2c93cf64a5e8d2a90c41ba4ef0b0603da
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c333d2c0a838d69c953ebbd4065ab587
SHA1f6f88a3a7557fbbcb41e978ac9350311d7331f32
SHA2568819629318ef0228d9394118f514d518255c70ca9ec586ef0fde8c3f4bed106f
SHA51247049a95ea04957e6b9ec74fade32194282e5d03fc3cf7b7a1250f788ca83a94eec1c9628db55558d843c84ca1bbd2b5ccc0b705bf5b7311761289b5f099a59e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5926f0e415fa692b630bcf4110eaeeb9c
SHA158fc96021d711d9ea0cb3820685d16db110aeefd
SHA256e6e66286173ed30f0336c28bee75d5254b34784d62e442c7caf4a81c315fac27
SHA51284996f8f5dd4a993606e8831efbc593b7953fd6e34a51da9d9f3e87d5d92932efb2edf541655e7a53e6d081873b0405ae3b1f8d8fd069c408efe1dfdabf5385a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54f8ef38bdd324f0e276cb0b210d85b4d
SHA1f7d80311a27a6195eeb73bb928e821964d26bf9f
SHA25662c79d2d995e58ab4b58a9981d6944919b4c5b13e1da8e3f5a4d40dfb063ed7b
SHA512eb238d122f429e3b799c1acccb8197b38bfd85ab5c282378407c490e2fe821650b2473e9429cb79864e3503f000d774c2a2b137d816613d66752c14ebdd66106
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58aa59aed9ca3a281b89fb7ef4bfe747b
SHA1a25aa24813d216acbca0a0b75d9f15329e0b9524
SHA256d184bb55f70351327954d815b5864d2210037117415d5d128eb337d95512bee1
SHA512560b3e884277ef3b2915e4d88be5cda43ed60e2ab0ed855693843f08ecf7e60cea0344c21f22ca399f3b6a9b2a47591a8a9a083f7296f2f482be790983e20dd4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f3fe54b1c763decfa8b49d9edbb06bc2
SHA19052d68c401e5307b60af31ffa1ed24c678ec35a
SHA2568f7b2cad847019d25776b8aafda7a114a6f613493b46edc9cff0dcb498e935e5
SHA512ede87258eba5894726cc87816d5bcdb0d3cf0c661a05dfd612939973344002c352f8a6a78652f774e7c552c75a608e04151263b83eda71806ff00935578727ed
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ec520d5bb60ba0e6c9a16b2666658dd7
SHA17ec86795dbeb20dabe07dead17e5ee0eeb8e92af
SHA25687a82fee2175ddfb3290bf6dc0c9d53a10c1865c963dbcb3f622fd9dd902e11c
SHA512fa285ba297ee919b0c6fdc59f244fdab8fd09d3f71033a9d1e182c71095947be084d782ce25c04f36bbe751f4ea7f0d6fc711a95f75179d3b298cf1fd3a2d49c
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b