Analysis
-
max time kernel
148s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 09:39
Static task
static1
Behavioral task
behavioral1
Sample
a4e4be0da7f0d670181d13d44cdc9c02_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a4e4be0da7f0d670181d13d44cdc9c02_JaffaCakes118.html
Resource
win10v2004-20240226-en
General
-
Target
a4e4be0da7f0d670181d13d44cdc9c02_JaffaCakes118.html
-
Size
18KB
-
MD5
a4e4be0da7f0d670181d13d44cdc9c02
-
SHA1
1cdc21b561c8cc0c3718544c2a555cbbea7d9441
-
SHA256
6ff4682bd3ee7db1e0e317bc93d5cb159afb412e10cc7ae6b37102372442607b
-
SHA512
1615e9b59afec092772909257e9d74ee6383c67d1985155d6e495dd058709c5966a9acc39bf4eb682d70ebb5ecb02b168a772a2fd94843c1875f2737e5fcf380
-
SSDEEP
192:4cts4fUeGJBdIH+ATR02R0z6ZH+IziV6IoSziqziKzii8sOA8VaJDQetOF353Yk:3enJIBTnph8TTJbtOF353Yk
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424433457" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E0949451-2968-11EF-A0E1-D2ACEE0A983D} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1560 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1560 iexplore.exe 1560 iexplore.exe 2428 IEXPLORE.EXE 2428 IEXPLORE.EXE 2428 IEXPLORE.EXE 2428 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1560 wrote to memory of 2428 1560 iexplore.exe 28 PID 1560 wrote to memory of 2428 1560 iexplore.exe 28 PID 1560 wrote to memory of 2428 1560 iexplore.exe 28 PID 1560 wrote to memory of 2428 1560 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4e4be0da7f0d670181d13d44cdc9c02_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1560 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1560 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2428
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bd2fd8d1cb71b1e0c0a34c1af4565c0e
SHA1c088b5d6e20a5bab8b39ce9060c169e7faa4bf28
SHA256ad4764f8e66a262a6e36734683e28925d9f16505da5fdf6517fd89da00d5b2ac
SHA512d9eac789bba0a312a2b2e8b79578d4be6a78378a11e730173396b4cd614a2f73fb45d565398a6fa561f1383698edf2f3546034136bb7dac9f271d04bc6980ba2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD506d8925b9d81bbc228c4a6073510852a
SHA1209ef18bd3726c8ceedaff64bae2dae33ac612ac
SHA256a5e2a7df77a8611cae32cbebc7a634ebb53effcf89bddf0e6422e8f351a9056a
SHA512b952852fa4b4e1bc2b742a78a1508706f9410e36d1606f7a727a757ce4ed08f11c513a862815ee52a4e5c81089690b4391873d43c72f0caccf669b985f243b2e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fa2bdef442085ff6014638535ca37be3
SHA1e41691be386c2b8bdd07817479c3f2231eab6a7b
SHA256f1ea10d57fd65d7fb7a62b938daef070325fcf225e62d5d1d40e0f831254c9cb
SHA51254d520ff36bc658b84dc2533fbabda3342aca5322236e1dd74940143667a6183add90e8b96570ecb729c2914f799c992de3fb2af4c3f520f8ca7775d781c421d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD565a121b0837e304a4136b343a1b8e9ef
SHA1baa23fcdd842ea7907a5005beb484c6b1f1fc330
SHA2565c550e96a12dcad71a45f9075e3ed6e6eeaf0b70d1ca2b30166020bf409eb9f5
SHA512e4ee3325211c4626c2206883c638a6f37870948a3bbb0def839722a037c1142b19349018e8373e0997c2a71abb8aae6b2db92db27ad54a829d8810691dc7d5d0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fc89c1f57ca92bb2741886ab39662b4d
SHA16a450e5b626b13db94d5cb78ab28e70cf2869068
SHA256654e2386a6fe5d86cdc655acd661684316a7dfdc2b5ecaceaf3fff6e4af7ac63
SHA51235ac79e08c300f42eefca23bf9d4ee01a297d5f6a49959853c77931d87687b8bd8242a42a3f1f5362482038835cb701fb3ddd648a6d085bb62bbef06ff587528
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e5122d3eb1ca2490354dc7f3d8db1b19
SHA180a744c92d07157e9ca64d2f0e347c2ff2c97ce9
SHA2562cddc1a07eef70beddfdf66787ac6961d1180b74b8597ec4a445b393f876ecf7
SHA5122c5f469d890696bd30f45903e1b6eff0c59b50a4b470562da71ca78b66589775c8040757a0078a6d7db84e0d517fb4cbb8138425663703c2a5e4dfbe95dc6270
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD544a49893c09528a4b591a4ed09edd08d
SHA16a4276d82854a60ecfbc318c6aa795ce2787c87f
SHA256d622f935b97544ab299bc14285303e9c91b0c087e3c5f73bf21295fb1f508531
SHA5120af74240c8d18948556a420784b456bdb2972784c2dccc38e8dd10cd7b0ae5290e08b5205fff0d17db4dc3cb185afbb1660bcfe57dfad3c52339f62e879bf05a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52434362a424021d4dca2116b3124345b
SHA18082b2e93153584e1beee3158e95a43c0f7b0c3d
SHA256a445a5f27e402fd795336efa2b3569b525c4cd131a6d477dcdb1f831ab51f97e
SHA5122e58b6e2044d7ad0514f792310432978d490357867b424fd15760c108e4d3908d8fb4287f6e5391f0a27f27c1f6e3cb2854c2a36f9c1593c64e970602f07b4c6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59f284e87379e63e845eb09e206fd1f3c
SHA18dcdcb2183349b714b72ff0c21f7753aef8bca23
SHA2567168e135fc0b07a446286b28faf11663044f74a0726408c95dc6a02b3af44e2b
SHA51221cadace40bf9824873d284fd0ad1438c54c4d6f9dc21058a6b59195f26f52462aa576d313861ccf2ffeca2e1ff4a58f2dab6bff2178ac1813e30583d100767e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5922cfb8d46f0f2561bc89c6025d61fee
SHA122232657f10239fce50103f24466edef16c8a062
SHA2563dcef85ae9631ad5d8e78ba7f48010792a3d5af40e6b6876295d9dc18ffbb307
SHA512208c73f94f0347bc8bfb18980fc4a63a78f21024b69f9f91ef67f34dd3a6b835e3ac9da7b2167f0a9fa52af70f823e97299007ddef465c2dd02ae265ac3f436d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54bd6378e172d67ab84e320808c6de490
SHA12b1bfc0e351ee8884f008267a14d23f549952427
SHA25696f9cb5ac2601a294e91e2be3c5e0d0ea8bc7c5177929299c24ed2a45a2b6f38
SHA5127f5b9fb36dbad2805758607872dbfcafa1786a5490daee65c0c5f8b5e64c21fb14ab7905dab03071372032aeb1616bcb42a689efc31bb03ce8964805f741e959
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b8f071d9e88c5cdd9a12b045e18b6f1d
SHA1bdad20266984500d655e7973ca8b04085eac3187
SHA256c9ca9b4eb45dbd4cc454a346b714c13de89f16b6d609a5aefeef4c4dd78a7cd5
SHA5128eea5ab71c00664660775705187e5bd2b29670dd5c5a707b54f40a6d33eb73f52443ae9409ad8844c6b286195fb51b06c2cb21ec47a0e46d151104103ef3bc69
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b