Analysis
-
max time kernel
121s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 13:16
Static task
static1
Behavioral task
behavioral1
Sample
a5bc0d2373b83cce15901c0eccdb8e18_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a5bc0d2373b83cce15901c0eccdb8e18_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a5bc0d2373b83cce15901c0eccdb8e18_JaffaCakes118.html
-
Size
116KB
-
MD5
a5bc0d2373b83cce15901c0eccdb8e18
-
SHA1
a981be1c7591a1b26b152907f13a652c60dbc7ec
-
SHA256
7c858818283adb703aaf14b12690192c66e00a5a7f5c85de9abf416c276cf87d
-
SHA512
0657ebd248c522cd00d3b9a3aa0154e84f8d0a664d133843ec7840b4fcf4df4dce3f07131e09fd72ee2da324975516ddae022371516960cc9fe220f5869dfa25
-
SSDEEP
1536:CSWLyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dGCW:dCyfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a03905000000000200000000001066000000010000200000007772f78b01049894bb6acd20d623896b515ffe11fca11fa60929d10fbd386fd0000000000e800000000200002000000020355a04eff6a2b84df24c086ca22cc94b69b1d6e203e6b5ea2d95be2c445acf90000000dcae33e8a82895bd1493173c08f023428488b96a398b39c06872ed441af1c5bd3b6b5bf2f00ad770675181d12aa8bac24eee0ad493403ef4b5798d838179823c4fd0aa0e9b292131d09f31d62c3d43042e6904f4c0e1e48bb98e6c1d445138b3d4211d41f9fd7a364bfd336c4960982176895dd072f716b05820cf4e5a90b4681e64584b367660c110da3bc6861aae2e4000000014b55faf90609742b215a8e0ff50befcd80672e5ff104a7172e486420b71e0dcfbe832ae6f8e2e4c22ced87e223baadf1e9b71579bf46a34ba6c97b93701f825 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424446473" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c004f51c94bdda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2EC73E21-2987-11EF-9302-CE03E2754020} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000a941609ff6270329f1a3d3c584bce7eb6b97aff334df332128be9990edbc2fe9000000000e80000000020000200000005b43e3e5cca9630ce457fb001957e31068a216d6dea81ffb2874e0853840125f200000005778d031fdbf78fd304d4bca3c6f81382f50655c3e745040ab95f1067f4641054000000096cbdc13dc07501467c1f2f344dcb00560c18bf2e982e17847fe38911c9a02d85b4963fbd6d27fa67b3b163644df2298719a2e4be14a28a8cdb53f1f5dd718a9 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2468 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2468 iexplore.exe 2468 iexplore.exe 1724 IEXPLORE.EXE 1724 IEXPLORE.EXE 1724 IEXPLORE.EXE 1724 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2468 wrote to memory of 1724 2468 iexplore.exe 28 PID 2468 wrote to memory of 1724 2468 iexplore.exe 28 PID 2468 wrote to memory of 1724 2468 iexplore.exe 28 PID 2468 wrote to memory of 1724 2468 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5bc0d2373b83cce15901c0eccdb8e18_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2468 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2468 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1724
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD571af28d16f3d17afa708060474caa45d
SHA13463105ff8e34953059590220a8bd18a754101d0
SHA256625a4345e632f78e9c62a6590f1f98e5ea2e5e3709d87fdccdcb366fcc1f1d2e
SHA512c0eee19f06256ef6921eacd492c9914c3acb1a285b5643f12953859cc34d9ab832d67540a78374defd5b7f6c47e6cad9fdb8dc99d5657455a5748c6d6d38c294
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53a0abf561f4c31152674a0b196d0613a
SHA19461b0077e697d46656e33bcbee90e43eec17780
SHA256f8f1f6c10561e7b89dc10f295897eff6743781896eedc1e176d651c6139c82e3
SHA512cbd80b7b584ee7b9bd33b746ce423b8aa208c32b0431e9c82cce796ff5d97814d64d385487cc26166601f320621410e60402964d0e82cc3914b7e322d62ad012
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56334fa17faddd462a46c55edbedc1526
SHA19029de897f5d9edc1cd12016ec9077892f5b2e9f
SHA256d290f03156606e061246db4d93dd166e9473cb105078861de2c25397f4eed632
SHA5129b37b085439f842685b0cfd1b63048d9acef829d95691e923bc073901fddfd27c835d0815aedb6c8fa864b03d6ddebd7357658f005aa77831a9bd2a017eac26e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52364ebba853025ee4d8c7643ac69cd6f
SHA1281d32455e7bc85b51d20f4ba321ef1f51ff47e1
SHA2563e1be6a6e4369aa7593d4172147aacc8cecdbfd549267a99d76e7710c214b661
SHA5124870dbecab5357d24bc9ea09408acc49a7fadb9cfb91bb242af10d6300a3ffee8556fd268a8c15dda59e235641a073b8b60cfeb8619ea2acf3675e41ac05cd29
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bf0456f806d516230302d7d4550439a3
SHA17e4c6655a5a209afc012d33a220c8a9555a83dff
SHA256d61102e86d72aad3c30bd790288a0c699ff913c6adaa5d4cca02bd444346539c
SHA51230034a30620580c04f2adbb496a00f804501e81cdf7122653c4204ac8cdce3e9e407eefac8de222005d7d59c6b960d221fbc75b6e443383e4542a93a61fc56ba
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53730f3567f35d181401d82d35103ec80
SHA191065fdb436183cfa552584f01211f4baffbac54
SHA256059282f0cd58d129ece877c43f1a93d526986c62c3ffa8ec7cbc3950c075107a
SHA5123df12ff7a631bc4f349d53c3e65856f4b7b6715966bf19b29e9284d636097bcfceadb83a81abc3784003794c005c788ed890c1826498a5e6a33ce99bc3647deb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b5c0cca398ffe0682f63f7a0a29fe4f1
SHA15b869ef0bcf89e02ffabd726a265bfdd43739880
SHA256aac75bf91b8d5bac82e292786c6809b899b9091f593ee6d8396f41c5c32ca182
SHA51285330c297c0bc1fb42051b597a664969728b9a0e508f74aa638e61eb1426a554ed039b8e737560730e2700784c92c7ed04620b74e683d10283ba56e209c1e51b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d23ba01bac5e10133496f8533e86ba98
SHA154e00df73e7b51f52b44db6d8789a58801b3b602
SHA256201cc36df9954e9bffb8d8ff00a594d50728c76d8997bc646a6efee37a58d4fb
SHA5120891ceff59500a0cc5e8f9a6ad9e308f5e8af9f933fa3ff4c385dff8b84963607f04de1c7536646c905759d3a417724aaa69f744f68ffe0a267b803946380afc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57e27c867ea009ab3a0458afa3698d38e
SHA1e775c789c3305472c16a3c68f9016b221b4a3872
SHA25681811c485a64a5d6ec0d7ec6db2c56920cbac5e6e4ab416c6477760bede7450e
SHA5122786c1fdc2e0e39261a917136e8e73770a318d627d2682fb54d3a1af6cd555d066c7bc4794027911e0d03774ddcf0c0e480ceec8a24dad7fa78b44eb8c54003b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f0c5bf4b6752705e174664e3e638f002
SHA1eba642953619cf898ccb475c5501db9be03a7488
SHA2562cb0fc294c6fbe8f9eccad9fd08874ad40347bc15d797ce96500da16253d3343
SHA512e822f704bc5733482ffb16b40a923d0ab43684cdc392a45ff78f41f68873349d1cd4e89b4744df4496dd6e53e3fef35e473e0a92082ea3f5a94c2d3b3e9a09c1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54b5fa28281b18835094b9e821da2ebe4
SHA1e78ebf1e598d436ef22c1ac0fde9d63d483594d9
SHA256137fb141cec70c06110f802cfd9c1842ad3496f36549a182c19ab66ed1aba224
SHA512f4b1203c0e4b91ce382149704ccb8b3c2f349214487080045472c167aee37a62170dcb4cc9823313848f9ba97439bcf16ce79e263a72c413461775ec8d6048e6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53beb9b9dca4fa6b1fdd4e0b397d9cfec
SHA12392c20ad4567bc5117c26598dcee3036d15c15e
SHA25638167231c346e924c3bc20474a1c8907c031a3e68181a315b27101a99a28c86e
SHA512f8d0fc1491b78b7a9047e8b293a8b908c2a15eb7947a49dafa696aa7cf981c00ffb260a9f1f3d092006676e2d88db8af5361dd45a9dc4474e98711bb5a30a45b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59bb2732b7f3bca48c4c170b7d54f574c
SHA1566d831beee0affd51ab78265bf180bcb349af7c
SHA2568b27433a2798077df5a0fc884481dc9346acdd131811f6d11d4e641d6d2f188b
SHA5129b513f8025c3c352b5e33a78e6d6fabeb8b95d327210ea7d14d123dc12de1604fe576f1b6b08763918bfafdefe4bf77fce3395158984b5cc82e6dfe0d1de3022
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5995ce8e63d3a844d61cf068dde333c0c
SHA18586b3bee2a55baae3f5691ee5e1bc4b09d41577
SHA256a4d7abda785e3cf6cc3069e27335f63dca4e038553e9fbcc71723d93cf4f025b
SHA5127886d34b2935142295a8c8c043388b25046a0889193f014884a8ebdfb4abda1e1ab4692d3641fbccccf8655fc247e0b1661619f1ce588ae6332ec8ab8746f95d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f7e556f59f1de2f3cfd7755e0cba1951
SHA1bca540749ddbeddb63058d4586ced38d6bab7b42
SHA256372bc9418c74989a04948db34addc6ae21e4c44717fba29a1d79e456cf82e271
SHA5124c5680df24c112d462b4b4407544ab0bc5bb2f233e9084526a22a54db79583d8aabdadc388b53646eb7cd33e772e2b2d39aaee05ea24a9bec08e95f05129fff5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56efdbe267a5ca3b086dee21e94c8e7f7
SHA185b55e1b69c47ab50112dfdffd29de0c65be7167
SHA2563a9c1a97ba5696d5fd9cb167cbfd06262c6ab613e4ec343c3c1c4485908ab6ae
SHA5121da142760927c19cfee92d7afafa707c3a628c11dad7aa2b61459bfb3e5bd448efcd2834af413ff51b8430571203fe9f3dc446dd05e52820c31996980bab5463
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD509776c945cad9d2cb5faad07b31b6db9
SHA1760d4f9362c1f523938426fa7bd3813c85e86250
SHA256a903713b10a5daa31251e4e56e7e3bcf19f34fa72247837bfdce857a29411fb7
SHA5124702676843377abf9e5fcf3ddd5e8bb58235f46483d4b02299875feaed210bf3d451e45e1680f2d539d8df2cdf226409700b9f68e62d084eb2a2e2f7e5f64198
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a47dc2493e9638d1afde015ef5963625
SHA17473394dd762684bd07f791a1ae81a2930b7ac95
SHA256276b4992154b5e252b0203ceb2d967b3f367ce31ef5ba1997c6b8205b3725d1e
SHA5127d7771445723741283f078b8aa828ef9d11a49200599e433ea3cccc0909d4ebf8a9e499450f15127c5a64766979adfceb5241ed40b0cd38b96ffc4488dd43167
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD525863e24d8306c6fb259dc80dfc03f36
SHA1169aae2650156066a03916102378367f275193c5
SHA25645766887d5fbaa4975e5aaf3360a3e2fa1718c9feb020a4c7fcb4781a088106e
SHA512d8c4364736d5d49e9dc2668669e1de2ba0b3123bf8cb9aa7431bbb79b4994266dfffc47711589c28c7974016db0a48fa5d9c74099ec45155cf04b4bda6bf5d45
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b