Analysis
-
max time kernel
136s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 13:15
Static task
static1
Behavioral task
behavioral1
Sample
a5ba528f8bc0fefc2c129e122a75e9e7_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
a5ba528f8bc0fefc2c129e122a75e9e7_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a5ba528f8bc0fefc2c129e122a75e9e7_JaffaCakes118.html
-
Size
214KB
-
MD5
a5ba528f8bc0fefc2c129e122a75e9e7
-
SHA1
90cc20d3a6817e4036498f98aac6b1389c0a256a
-
SHA256
5b09c17b86c5f8bd367444527676caf6af8acdd0524ca328b5d9a56f2c63dc40
-
SHA512
4d9a54e9cd910bfb4565cb775c5b68577f871916d0fe1b5c1d5da5f4b35102ec73fb7e66b28c74c87f826ad578d4880936a9f25cbdcd25166bbfb6985862418b
-
SSDEEP
3072:FrhB9CyHxX7Be7iAvtLPbAwuBNKifXTJ2:Zz9VxLY7iAVLTBQJl2
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0B93B501-2987-11EF-970D-EE42DE2196AB} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424446414" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f2c020acff5cce4f8e784a20a06111d300000000020000000000106600000001000020000000d41e999cad5abfa797c75a29e3442697d251f5098a4b8d7437bd0273e3018834000000000e8000000002000020000000271808cb3d8f429ca9858760279ae26d681620b24e30c1361087d6ed1e0c67b8900000007d6127074ae9cec9a88b5402db67eab644ad1322ff9fa146cfdde6f62067a4196ae20a42d2216ce72bdc4b965ed7825d46af501c91c91935a5504c6d10c40469f9d338fe314b96c122b827537cbc3d78b48e7d6454b4be5db094355baa1e8016c7e9187e686b09f2fe9d073bd197ffee219c2a1cff18b918b023d60bd04f7dcd0e949cc3828f267d6155e637c539923640000000091d02ace12498fa962414052b1514335e090dc2d3c38e38dfb278e0df980c31d9de4cd82465bf254bb68931b0c012f78a8768a0bcd56174ed6f07f66d9ecf1e iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f2c020acff5cce4f8e784a20a06111d300000000020000000000106600000001000020000000d73b1e1c76768fe30de3c6fab03ded5de12debba2d47da71d0d668a5f17572ae000000000e8000000002000020000000bf813ba5f054d1355eeca1760f0e81460d3ddef5897d4c38688c466a142e5bdc200000006c363951da3ce3fc83e309fa13cf01f4d5e3e939616c060c68a18658f6d3d2384000000048dfa6c3e8c05eadc0c42b689e23be630465556a815a67d1708290ee537d563b72ff8af0b27d650f0536468bbee205a8ddbc6d087f894601cd021688afe11555 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0734d1f94bdda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1992 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1992 iexplore.exe 1992 iexplore.exe 3044 IEXPLORE.EXE 3044 IEXPLORE.EXE 3044 IEXPLORE.EXE 3044 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1992 wrote to memory of 3044 1992 iexplore.exe 28 PID 1992 wrote to memory of 3044 1992 iexplore.exe 28 PID 1992 wrote to memory of 3044 1992 iexplore.exe 28 PID 1992 wrote to memory of 3044 1992 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5ba528f8bc0fefc2c129e122a75e9e7_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1992 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1992 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3044
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bbd031dab726b26f880de99ad84d1e24
SHA1182d3fdca8c1c96dc186a4dd6fe02d9d8ee63813
SHA256168e007602a35c284bea6af8ed21973ab04dc563d616d8c410bb478398c1481d
SHA5129db8a3ccd090b3b8a390d8f8c3b13241082fdc464c9efd882471fe5069cbd3a7457e7ce41341272e8580e91070ea59dac94a971f7ca016561529fac04639be14
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cbd18bc12f710ea05eb38363a2b2630d
SHA1f5a8f956b6528bbe5e4feb8791d23295cef086fc
SHA25608d33615f7b33db07908ef61e8f6a2f4d5657146d6ea28ef71b3ce8288d840ab
SHA51273c6d0c2724f9789b3cf9dc683192dcb5432c1e59bc3c430053436984eeda2f01577421e4eb9e6904dbafdda091a9d31c488eed3b2794dea6e3d290e4387c8e0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5759eca619bf56e988bf4300da8f738a2
SHA1d5faa678dd9978fc5f7dddb187a7e1e154d34226
SHA256eba785298138c72afeb535cf12224c429cc6eed8eec7c2a26082cdc1517943ca
SHA5120d189eedb2e5852477897bb79ada2f5731924abb7d8444bdf384b3506a88313e9c9b89682fddd7f5e09d54f647f398f596143857114e242c9c62cddc5ce2d4e0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD517e0d8a6ec02c8d536ac3468dd7ad107
SHA15c11654fa80f80e838e0943be310c30375b74869
SHA25672132e6fc4fd95b416a1238591c7a9de5e4c058da41631bb734450551bd9e56f
SHA512185e954bcbf2a2dceb96b09fd42411c41d964d6957f0796441094ba9aadd044c1f2d7bb45d44acc914376eeed4575cd473a3feb51b3dcce1a3e3cc7365d49573
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b618d6ae2807e0715026fc41f31aba93
SHA177f7c8c9e3a274f709a0ed0e68f96a2b15ec9ba3
SHA256e611c7aae710335613a9aab712926fe17ab6593b32d3760076d2d90f7cbf5450
SHA5121614c5fbd2ae0ba874b32306fe310965451083569baed65a3d133d319bdaad014b906f611d7f8b1bf3ed60318fb7f1827f123dcc0db9bcd4c081901bc1b2df2f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57821690c63010b2b55295a053f4da498
SHA18d1651527e291417418c50044e85ec5104e9990c
SHA2561ed5a7779bb2429d04ae7622a393fdb67b066eae5b49f6ec8c4ff029ad33c7c8
SHA5120e13e86a83e47532b61e3619a6231eb91b2b17f316f5d1ea270e5db38abc2a89e392d65171ea1965cc33cbe2c8cf23f0d792293662533ac6f9f696b3cd24bb81
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b05f53f72882e5d6633a41a04df09234
SHA108c6f9332808bb360ac3a5eea3cd4f8494c3d7c8
SHA256c65585cf4f2b6551b8f71560025990e372ccbbcad004811caf3d0c8bc943b396
SHA512a4db5d7d2496983ab8ceffb370e02e31074879879271b6c936194d669b95634dc9d47c2150da9f2a49d550a30ba7ba25db0560a821c1abf4291a2d6081181dd9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50ac6bd8feeeea4ca2c6fb38dded54026
SHA186644d00e6fe0710af53717fc0b2d9ddf35d58cb
SHA2569abad0e847a9b2b2d3c93f940eadab0040a8bedb0a317aa2a26b5c46ff7bb991
SHA5120efd61da106fa7d2136382fbe0bd3b1b461c2b46366fdfefc2c8d2631b6aa5ab61df7a74bb485f463f514b0d450026a4b90662ef4431a56b2dfa1d00c83b5d1e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d18e0be46e4b7cc909bca45e204ca226
SHA137c0da787283b4a55a464bc2c1f05f15bb2cb0c4
SHA25635b14da3da8784e7bde58a1308a3235fdcfce594030b83a9185a19340cb519be
SHA51291c2399b2b5b7cdf79b7d5a96e2cf373899a4ad9c7da211f98666263e0b7493dafef6f6ad460a02cd1fded8a8fc74c58af065ed0a2524c1cb0cb051ef8096e30
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD582cbfdf16df1a5b0e8ee42cc2ba26a98
SHA1bd64f76407f0f8fc85464c72c3f945ec354c8078
SHA256de4a3fdfaf48f99608d4eb73c93cd57f568fe0b787639089cbf95f10630c36e2
SHA512d947a0a556c9854314036300e016d4511f1b7e78786f12d79f90127350546166a2901068b6d32732e42c79061428e1017d56027b6049a9bbb99bf82b4e8a8037
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55f80f99eb02aee5c5b698b8e647e3e78
SHA110d87364b4186cb7b46aad00362bf083e9bafbd0
SHA2561cfe774bb00162f518bf5992f63ad8f92eac647e8b881480dd9f4d85c4299aa4
SHA512bd0c6add5bd13268c1db01ff36d5107c1cb3edd7ffa2032a7d73950687443e1b133bb94fe88e7806358762afc793ab5409561898b65148bc74811f310be00e83
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD594612492c6a52dfdc6515fead3b3fcef
SHA199b82668829592d2220c38762c81fa8042a2ce01
SHA256b04132b43d57ace5e720f7dbfbcfbba0260786d2ac654c06194a91ce65a74895
SHA51249704c08f9770199c02b259412de71b28fce8f7ffd788d8374d137388b3dc083f80ecba57e1fe59ee291ab09a80a485bfddd1d69bd92f65405bcc822918b96b0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD570ac6a900891f223b0c8f06dc1c62fc9
SHA14c4e57b37904357a0e571721df02ffc0c5731abf
SHA25641f29a3307c9fb89bd0b74d5cc1d590fa53f634f879965f48f905e08bb0de484
SHA5124f7a12bf07f6734c7ce55605d6a3c2daedaf5c9a680c6ea33fdd13cfce183a86dd197ce52afa4ce248f783ac43083dd42256c183b6f4d1ec690550b45ab05591
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD546bf1a98de46059e250bd99553c28d82
SHA1cac9d2f9b6d10c03e995fae3d5b3f709b925d5ef
SHA2560711d03e447041a11664cc8d35547e758b423dedfee642ecf9dff5789e83846f
SHA512af040e4dc017b47095efcdec81e7a658bddc972372e10de59cec0edd5bed76ac6c947f1d52ee5ed1279bc14ad8655e4df2e54cb8781a930a5ca4d310aee00ed5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5eddf053fd9417fb30fa9d43abb9a5462
SHA1bd4af5fc271a662c4f3649ef69976a2e14852033
SHA256856ff40db4f9de10831052297264ffd10fcd45f7325b12bddd86ffbb4e620bce
SHA512b4cbc826590ddc224f2bee58507357b8a49d1589ac6f1fe7c9f9fecc71a40fc56c3931883892225ca5f0d0fc6ca3038374fad118ebafd10e216a132c281cb5ec
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a9b386ffe66759b17c98708c30862067
SHA1486e26c647f5aa6764513e12e037558ed338a1d7
SHA256b81439755840a121d014d2e1cb6f2519e01f3df557aff2d4ef35090e800a20cc
SHA512b911cc22e40c171aa3156c2c42812ea705d2e7cecd75e69075a53c91f59c88acc4e193da7b510efbf8a681bd5f56a50a2457676f2bd99794cfe3e519924e263c
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b