Analysis
-
max time kernel
119s -
max time network
132s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 13:15
Static task
static1
Behavioral task
behavioral1
Sample
a5ba50cab18cc2fec3a11b6a6b7bad48_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a5ba50cab18cc2fec3a11b6a6b7bad48_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a5ba50cab18cc2fec3a11b6a6b7bad48_JaffaCakes118.html
-
Size
8KB
-
MD5
a5ba50cab18cc2fec3a11b6a6b7bad48
-
SHA1
7b637746801983bd45d9d0df5aa759a7499a45d5
-
SHA256
670aabb34cf42d89a360dda5411190fe73eff2b8a982977dd87574b5e9df8215
-
SHA512
e1d976edac462af42a3be0935ffe24d7662de5680dad6d1f49a7f10bea75bfd1dd354d62a55e8f1b28ffc5a1f94d8bcaee69387c52c8e227e585a675008c98e5
-
SSDEEP
192:+8JJ2mnFa3jakzAzryH/PDGrJoJnMXCC9XcGF:+8n2mnQvzAz2fO48T9zF
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424446415" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b05d24e193bdda01 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0C303B51-2987-11EF-B3FC-D2ACEE0A983D} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000023b011a5c50213a577e5200cc8f3c78d791a747dd71e77a1494145657d591a66000000000e800000000200002000000092900009aa8d4a3b156e8bc2fc0a7bf7fc15499d5adcc9ebdcfe65aec783ed5e900000002177ee4a9f2b699d0f80358d955dae7bc9e603d0e8651b4fdd71fe733bd0c368aec1e35a7e741521f22bce8bbc53dc8e44fd4b6b9349651b394049e1a8f125d20acaf9ea72a20b0f2c13e6aafe793a15f93084d9c0b631a3328da791407d3f62a07afbeafa4c331c8c3e505eec99f685cb641d732b27c2dcdbc6a985852f003a6e26662b274fa0e5757694d7146480dd400000009030ead0b28c07fdf842a30df12f6be4ce4c9d5bcdb185bfb301410620c25d61caf6158e7a370e62215b8061bd56a53c5bfd4b41a8aa8ef5c7bdf23c6ab596be iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000009d3c63f076b8515eb5db3ec94e43f16a38a611e82c66d2d100c09601d165429c000000000e800000000200002000000044b5b753923f1b1591d7074f3d5187bdbd4cc3925625912f5297915a2a8a96b920000000d16f0069d7d0fb16cc0ae412e70d02dd1240631606d8cf516a299d1cdc0792e7400000009dabd91e76895e44602f106b1c2010b2320737f5298dac54a02858a999d4805c80da715e36eb1c1001ff822e893cd9acfb67c5f4a2ce94606089a7ce36983a10 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2860 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2860 iexplore.exe 2860 iexplore.exe 2552 IEXPLORE.EXE 2552 IEXPLORE.EXE 2552 IEXPLORE.EXE 2552 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2860 wrote to memory of 2552 2860 iexplore.exe 28 PID 2860 wrote to memory of 2552 2860 iexplore.exe 28 PID 2860 wrote to memory of 2552 2860 iexplore.exe 28 PID 2860 wrote to memory of 2552 2860 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5ba50cab18cc2fec3a11b6a6b7bad48_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2860 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2860 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2552
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD515eb2feeedc2f940980e1cdb78d6f174
SHA17ba3741da004dccd2ce9e2b5fe64f09916688faf
SHA256aa238c9a5d33ab70001e9cb943ff1bbb05437147dce672f108a9fe851860cfb6
SHA51281978f8e84d9a5459536ab87629d65f47ccc26d9b6d1e3bb9c16b2d7940145275386422b386ccbf3130d6c504e82c5897b17fd9981e080f1d9eb6ebf8fe3577b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5978a5050eed0e117dac3d48f52b3c754
SHA12e76390b4fc20d295b691df53c9829f6967d53b8
SHA256d4ede8c3aeaa5dfaa04acba79faf62f717cc839b9c99e342b20d9e336a1e175a
SHA512bf96d2f1415906e3e08809b181d5cc79499831db5ce44b4d96f2f8e401e5d2460d74c9cc0f197b0e07df7b051c3cc4ec5bc17cf69c836a2e533bd611f92e4f36
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58ba11fa4122d796a4c9a469d36b181eb
SHA161079e77ad1e7e9b568d722325c9022414b4fbce
SHA256720f786f0efe111ef2a3751a012c3fb68751fdef1950f2720a1b9548525ddac6
SHA512e338efacfa0cea372e988d60e6bc94b6d67cd3810ed2fe3e775571b1829acb9c8593039ff00ba6007f4cba700cae16112ec1bac0ad82c3b61b5cd92e9c51c057
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD566053536233e1811942e1dd375fed059
SHA130f08de02a6467026e94e8ad3df0699d2c83bad6
SHA2568b265027d6fec936f5da466cd444f891fcc75f6b6cf7f3f5a3007168f8367c09
SHA5121ccbda39bb5e7fc97583d2c63343bc2de8c495a3f9d8dcfa8e12e560cdb3bfac75e12ca8ff11e2e46c34cdecddc85f02a50ae168327eb5674846e88706216c2c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53d9cbc48eb397981db4f785f9d39f67c
SHA1210a7fe405f654a93e5462e7a59d47d6595f37a7
SHA256118ed9a7466024bb0ddea19b2ab517362b63caa76d0730f86987cd5d9dd6dcc9
SHA512fc4be0905a700ce5a9ac5ac2539d71035eb324b8fdf6da14e6adaf803aae3486d2c3cc137ccf804afd9bde4f0fccf67a3a001e2f62b3cea58cce5399e171034a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b54340720e9625fdcb55366b15fc266a
SHA1619b95bf59c2d7c6d9d673721b733059a04ec149
SHA25639eb7cff9ebddb5a342d737cc8091f28f05da2f030bf764689352049a3ec22f8
SHA51234e6035336be608bc4d763e4e75f0f623d9f3282525493848c5f7a7e223e992936e01ef34c76446f3b2e142b7fa41f322ebe316e8c6aeadf681645f374eb6256
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5258bf11134417e25afc0c9fbe0936a7c
SHA1d4fdf0b71741dc2e916e96b861914bb3eeb11e49
SHA2569c554ec5ca6425b9c6b9ccf4fc42ef62bc9aa39eb06b5b07b5542b5175b4c0bf
SHA512ff678ecd6d9057d2a5d75160129871f33953694ca858c02ec4ca78423fef8abd834142dda22814b71d91e91961a6023bd7f48a49e12ef70cf5f2cd323f3c5083
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5020812ad3bc3b9f2440ceb566e4f0109
SHA1e71a0cea92c4b239cb2cc2263670a020c504460f
SHA2561bbe9d3502e91983f42d29fe2d8b8442ff2d6d97c5df2d0e35d9c3c2ec6e5aa5
SHA512ff396520783088ddcba2c8892e9274fce0704f98e88269a972c933897469f99b2cf4b313133539ed4cd4534030c661c2afec5d27ea4946b8c3b739217300e296
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53ba14bf1502f18dcde9927c190785087
SHA1f593c76cdfa04ab819c2337a0679a54e736bc32f
SHA2562588cf9c6d71c720219b242690349616eca29410a7e174190212a141fb6d8c9a
SHA5127c23c46829f40b1e36d3cebb0cc5bd465a42fd80aa8a20a33bc9e60cea61d1002edbf807f45cab4a4bb1482e59bbb8482810baafb48a2887aafe22d4262154a8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52b56c374e4103148b70eb903eba6e583
SHA1f2a73cdc3b39e1014c7865fd8c8a0e32c2841cec
SHA2563c778551ddbb1a23bc06745c212b21d15daf1e91e594d3287a8e07bdf07936a4
SHA5122b002e632bba57117702f1ff53081265ffef6ab2a0858ecdb558380b4ed099fa4f0de6225a98f87a471f487b3b5cda84a9dfd62040ff53b3de6700c21b881bd7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59a67cdddced199aef00aee7b590ae834
SHA1ca0ebab6e5a4a12ea991e711933ff9f0e1dad79f
SHA2564a63a11520a4776d2e97955067d03b1ced0817546a3ecb7029faae553131107b
SHA512549842e37c54c40d14beb05b37709e34d4e3e019568242750b78fc0689349f6c28a9358ce6e4f49ca3a2c82a6f4eb0d9a4b85cc2ee12a1120566108af1a74907
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bc693463fd108eca53a668532b8db4bb
SHA1cd9bf6cc17367687e42a6d551ed9101bb599047b
SHA256984a1ded132eec200de0eaea4eaf45a20c78f8deedb54261f634b4c06261d962
SHA5125887f5c2fdb10be3012e71a08a8e04633229b6b62f593f088548162d44c5ee080e4477ecb73eab8b60e9b7fdf7cac0cc612646677266592c89d6e55593a52526
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b3f89f77dd979f77a17b398a35b62d6c
SHA1806ee509daab05bf8eca2e798d8643f3a3390a62
SHA256b02b0775c5ff9d93a10e69da21784bc2ed472057a2b54f4a245aa0572064402b
SHA512d665059cb7231ee3772d3995465915e42acf697cc508f334257ccec3354c304f6c04d08cb19bf1ad63390a4b0f3140f9b8e70c5fb7eb1ff5a76c222369158459
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53712261833f5b8b99d070c86abd280ba
SHA1850635921b8bbe061c15078402b05c4b25648215
SHA256403a40c85f8f0a231f10701171e55297ca4cf25c03fc8282786bac189b8ea6ab
SHA51271ec4c57f90aed2d3de8cb9b2de9e3fe529aa1dd154ca2e7797f6b89e4ecf24567df4bb0202da05645cf7e6253bbc7eb039a286ad91253c08012d05fd5e29e64
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a7d1daf080ac642685cae2c2c69ec10f
SHA15925b4ea1083f5eb3d6952a799255e82b4f36abc
SHA256e0269fa14d1245ecc097f5f0b20b29f464fabcf46166830e5359d942d32488b4
SHA512e4ec76fb6718474f367325d220c788e0a43e12fa9c0edeffa917e7acb7c5840053925ed45246ca3e3afe99e2d585993b7a04773cb026b4f340e1de332d36a9f9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cc9902cd5244779dc33d7428481fa3d0
SHA16adb63a17108c76485fc2007b81cac7cf12ac63b
SHA2562f9b99aa5926fc8f1f4ecd09a0d319d215c423cbd1877694d998951a3b090ec0
SHA512b2f98d181dd7a5d41a0a0d26209959e87d34c6a2d288d67c278e2ace67fafb8d2971e123cc5c680c42a549a51a7f7e06b6713500dc1e83f4d65dd279a3481037
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e620d1fb226624497fb494d764a50284
SHA18569b822775628eae8ae1212daffdc2780bf4094
SHA2567f3319b8afa991a75a524403a3b6131c324c51188ce7801907ca52509644ad9c
SHA51247e9475c63eda5260972f6f6aa27b77bef52589729a5ccd1567d9dd300769fd27f9b508917656edffcdcab26229dbf0b3e8afe869811b864879ba9e136e86a7e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54274bdf83a2347b1ef0521a97d0ebcad
SHA1253b45887fdcafb47583f7c67ec05e79e56e5541
SHA25658c27cf9c5cda25069d3d61199476d2a5e28de565db0827ac41a53001ef3e373
SHA512054250151110d0d7d69fa16dd37fbe9723336b3cac1fb23e2822c449476be9a9545013bf07bb08c90269a2856751b070cf1f96c5597b0e92f90474fbec4bad8b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f643fd12b490288beca15e2896b3fc35
SHA10c191b3347fe71996783ac6f6c9b47d57d25f77f
SHA2562658b396d1573353509d356c8a52c7d8555d489534d05ddf1011a77d1afd168c
SHA5126e9fce4d7b67359a6b128a06deccd8d2f0b71242552924345b2eabd86d112f17cf836872ee006baca301ec833e9745a2b3ab2d5b930f3bb1df4a45efe4be6fbd
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b