Analysis
-
max time kernel
134s -
max time network
135s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 09:23
Static task
static1
Behavioral task
behavioral1
Sample
a4d4ebe003057938c30ed3345127bacb_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
a4d4ebe003057938c30ed3345127bacb_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a4d4ebe003057938c30ed3345127bacb_JaffaCakes118.html
-
Size
26KB
-
MD5
a4d4ebe003057938c30ed3345127bacb
-
SHA1
3ad858fb87e2a6addc8c9a328b2eb428db492944
-
SHA256
e20210b7c404661f14969e4fb4f342a6de565e5c4ac62065bcbec273f280d07a
-
SHA512
60f905166e0918cfccf19783b36ae93d0c3e5a214caaf416b015dd4f0bca5f38307c3ab2edcd43d7122ea4f4dabd9c0bc5367174167233c3678dbc32e4d13bb8
-
SSDEEP
192:1ueAoACZb5nGnQjLntQ/ZnQie5nvnQOkrntrgnQTbnunQkkRo7Steo+EwrNvMHnj:1xAoFpQ//K6mi
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9B786381-2966-11EF-BB01-66D147C423DC} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424432482" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1800 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1800 iexplore.exe 1800 iexplore.exe 2192 IEXPLORE.EXE 2192 IEXPLORE.EXE 2192 IEXPLORE.EXE 2192 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1800 wrote to memory of 2192 1800 iexplore.exe 28 PID 1800 wrote to memory of 2192 1800 iexplore.exe 28 PID 1800 wrote to memory of 2192 1800 iexplore.exe 28 PID 1800 wrote to memory of 2192 1800 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4d4ebe003057938c30ed3345127bacb_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1800 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1800 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2192
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52e9e63636c9d683151098bbc89faa1c3
SHA1fe87dc29343f2eb5d5729b0068526b6e2f121b7a
SHA256e6a197517b10a33fc5c16f4062020eba5cffef4f17579ae9d5b7bfc1c7a66186
SHA512776475c8f4bd72ca89ce989c8400ad1a6a0068403393dbc70c135e8ddda0b24aa94d1431768f01703c8ee418f2fd8c33a828029f402e2ede272d5fbf65dfde2d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD560e8222a104fc81494dd903922ef5b44
SHA1bd7ee37a219bb8af9c7f7d42a7e3ad53c36f2c36
SHA2562f5bccca651d803032ea203da4afceb166d23f09bcaaf2a3343a7ae13b94a844
SHA51296a65fb3dc3a6034d6831dcc6eaf718f4ddf1ac54c19af4f8d5634a78f185c8e783fb7cac78567f3824a18b317e3c4751fe2cbb86de3a91a408a264a15033277
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5381ceb6ea97fb08c3c12c7a747938b03
SHA13d86a110b21e44eadd14a69e8bc1b2b37ac94c33
SHA256a3c206b72fba053a801530d48260d79ab6a9a5a58138fcc603577e99a63c3b43
SHA5127cb4000b5d677e85abdbcf3efa74c5489d4b4ae2c8e87e96939eec21419d44b8bc94e2a5d944025d3a5e5f5b089a6e6b86610ff95edf183c53e293269b412ddb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5892f800d246a861a6287ea6997119d25
SHA1401282bcf3c8ba190ae1bbc5e8e7b4dc5c041625
SHA256cf7c579b2ed6dfa2a3e2382c6882d6bee7b7c66f2eccccb82bdb1efe0c5be4c2
SHA51256ca27de02e46e538933e728cdd4ca39204354761aa1e78f864249b6b01b33789e54defdce0a51c49ef43e29bf965ae29df70d356fbfba60879db48311ae01ec
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5de1e93fbab1eb50e85b8c57d12486c0d
SHA110993a6fb44e86b3ff84a0decb8cf65da5b0e3b9
SHA256d1b88fa24290e2a7cabff3c54b4e04baf41a29734032815d94108343590015d5
SHA5126bfbb3cbc03aaaa950370906180e40e0e7f440f787ea956431a0ad18378f41a6dd2f3f1e1e9e363efe3b4c49eb08b9253166b4a20f14982b1e2ec0a9724b2d7b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5af58cf17a44e4c6893e6a12eb66ad00c
SHA13ed67a354884b4e67ca15c0476e255faeea94681
SHA2564927a58d47912ce013fb74e93dbf4c7f86b5b7f14fc05f8a18015c45345f3789
SHA5125c5012f7b7881c204ac4bbe4f746a40a8b11d3c0c69e924aa069598acd852905d60febdda0ddcb2ce625b2a9a0d2095ed3ddfc5bb6d119003af131db3478f878
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54f4dfc86de4bb7209ec952072a14c0e3
SHA1789bc8d6569bbaf71b02434f5a32fb2af614944a
SHA2561e4c67c557990bbd8f1a0a09b683c23f8a75d7c6af4ae3392e6c1c31096a4cd5
SHA512e8d6a0e953f689a5d51b4933c593da146f7d81ec21f0d54afac203dd3b88c4ba38e5a28e8a85ac3f3a8bc3b949d79ce7d015ed066eb29cd0a117a49f464102eb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5604f41603414d5ba70ee2d0631a386dc
SHA1ee92224cce77ee3a29806aafcc4965eda2eed309
SHA2564411a3da3a230546c8348371bf81a5c5c2df86e797487a588bc1ffdd148cf1c8
SHA51289b0915dd466916d00ce56e171c201eb2ddaec879c6e94ef3dd652a5fa8e187f4307a5c9779851827ea5bb1426030cb336540205031df74a87e3bc27c3b6e67b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58e5e9bd4ec7c4288b6ad3f7095e8f710
SHA11b5341a26de94c5070ed396e2244328c7c73da60
SHA256abb2f4641bb4ba52abb761b9013c5ca4b7facedc60f3cbacb389bd8d247c838b
SHA5126728e9ac6976e8a508cbe9e13ae9051c547209539b397d29f20ff91993e6c50ae63d8dc4e31131950aba5dcc6806b62b474cf04897d8acfde448cfdd6276e8db
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58f657bbec0b4a093786804ab12792de1
SHA1d1c6de3c3a6cde8337091eb9209f4a1fd33030e7
SHA256e2ab27b28de1a69146e43da18b0ff6313bd17fc5eff77bd60fd0724a12a35605
SHA512dca6a7e022b8980f19b18b4494adf42b046b26e00efc553e5fb2c18f3aaab1aef8ca3cf53f7e855c7fd1caf741fd38d065b55a74d43868ccc13efc5e45fe2223
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c434a01e8ed2532192a290961c5a7392
SHA14b36356e7d500ea16b65051e1026bdfd1ac28ace
SHA256246c6836dc11551e4d53c34a56f062122f6211ff939bbb1ae662cfa7b5cec49d
SHA51288425364099a3102c2720bd58924419505c0815d49df3fbdfd2d331afe0f12c777d1ea5ceac8f458ce08873273e11132df2e0cebe3c13271fb41f57e0f791345
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54da8184ddb9901537a0c77847df7eec7
SHA1ee1bf740382e081e265717539ebc9d61206580bf
SHA25623bcc84bc6b2d3d02f333160793e50fc56f04e0d5c9913c9c1f02c8edf30a970
SHA5124e6544983f85e5b08b9c8108db7249747f7256f0229ac4dcda262d0c5c88025023b3755ed8eb4d372fd9ad475e0f529b57323846882ba024c4e951d2b9c0a193
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54424bbd949b1b0b92145adb75a929f73
SHA11d248793329d7fbb791c7f012fa4853c2f9cb1bf
SHA256b023395eed92c482e1562085940a779abe901e43a7425dea91b7bee2357e12d2
SHA512e5f9874b6a2993a73057cdf334448263704c1c389f8c12acd7b3313abc10c7b0d09f55b528d3882b6cdb9a3f99d54a20cbea16d4b3038cfc92901fd730dd2fd8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5df2bfbcfbc3f98b206a7953cf711313b
SHA161afd9068e351f2cc3a8bbf5f7037ca58def1215
SHA256bcf5d9019a4c9c551cdda995f2870b29e82890178b1059cd4818d333425ffe44
SHA51283f95a811f598a6b8bf832794694a83ec2f562e38118252ad6657e94dd7a92c19efc7896fa853cb6b757822b28de8c1ca67a9b6f37cb89f7f6d56207f0f03d9a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58dd1c88f1a14427007f7f23334d5450b
SHA1969f55a1323fec3cd70a2816b8958971111a1a3d
SHA2567e3fd8056ccd2fde46778e2924cae5532629d9ac7d69e110f257370e31c02196
SHA512ae2cd19741eb20c63b32cba85bcdbdc5ddebbac6c652edca8f09e9cb526d7abbb027afee0ef4656e4575798f7723de4d22309d8763297765b721a55c94eece03
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD509114906247756e88677980f246958db
SHA1b418c4679b773954f0fbe0290bc24ac06897f12d
SHA256faa58ff157964cee8fbebd483c7e7cfc04520e3afabe53b632647c1912d3a093
SHA51273992e78894c6cbb8d51da827a1889a543838b60176f425ee39a8a229766e8cc41a88a7406c38bac2336547e087e2a2a6d189334ebb40b0ddc4716ef01b043bb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD579fe78ecc3f203fd64bdaba988f57cf1
SHA1425663d4420a638d2954b68db2322f690a273898
SHA256e56713062587aa4ceb889f5cc4bfc4ff20acbd531d5f7257d19fdf8fdcd23f7f
SHA5126eeb652b97a6d4990ea9dde723e1e33307c89add5708fa9759d871b35a98a113478b61e47534300ad94de4d030dda4c9d1ef82bba22018dc56bdad38e41a63e1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50173a5fec2f9189256a1cfb6eca3e3a8
SHA19de557db169ead16daae3d71ca0cda4e9ac9dc7c
SHA256635ab14bded434aeaf3ada5b22451866064ebd0545be61486a35f4bb6f89d222
SHA512ff10ab84bb68647c12ec385e378e94114f1436866daca9bfdd542fadf9e28517197880cddaf97309d2b4ba42304cec625abd728faff397152d5a75a581c404a8
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b