Analysis
-
max time kernel
133s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 13:16
Static task
static1
Behavioral task
behavioral1
Sample
a5bc5ffb79e7a31e3ba3ecd1555657b2_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a5bc5ffb79e7a31e3ba3ecd1555657b2_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a5bc5ffb79e7a31e3ba3ecd1555657b2_JaffaCakes118.html
-
Size
53KB
-
MD5
a5bc5ffb79e7a31e3ba3ecd1555657b2
-
SHA1
1c92aba025cd5732b16798a4f7ebb51549d7a419
-
SHA256
cec53d1697f34b1185938f84705fedc2712b92047940bbce5a500487b68d0206
-
SHA512
0d5d464c7d4b12bd3ff5c22ea6d33b89156d2742752cb13adec992b01dd5a879ef8142bfcdfc9e5bfb7dcb044e95606a49aec76ea1007e61bc5f0ca2b88952d4
-
SSDEEP
1536:IvkQxp8aO0B7Qmh6RejhGPTGDxqreMAyftqbn+S1/N:JQxp8aOzkrbn+SD
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{368321B1-2987-11EF-A550-7E1039193522} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424446486" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb810000000002000000000010660000000100002000000074db313391db73ae8be39ce4886fe589e6fb69b760fbef88132d88cca18202b9000000000e800000000200002000000024617c6f59d15e51beed85a4a08ad4522643e710a9b1473903c1337b9623d8d620000000ead9347d78c72f6da3f7f9ae2cc6212c25e1eecb884cee877defd5b1ba7368e8400000008df11266cf8e15272c983dae6500e15f2da142bde67630536d87bed9e42249f8f085d05ea6020111a005ede67a630677802313f2495a40bd0eb96ac469c8ccd1 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 003ba11894bdda01 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000008ecd3999b31610a3da9cc1644917122d59957f642dfc4e62c03fc502bd4ec43c000000000e8000000002000020000000ca21f5eac1d620e6f8d791cb2cde73574ce7aad4840d6df1e12e80c12eb70bdb900000006db967616f577ff1a9732eb78cc16fba44c2125167679ecb3140d9b3dba75af9e30f2ead1d6b8b68d4a811b0ace35400bc8cdf28fdbb33911e1cad526eee2944efc0be18a03e3ab20c153bb0efb1a59bab9342fb9cb4c08c3b5daef80f2975460dbf2c0b108aef921b54f40c5d15a774bc66872c77e1b467cb2393c0948b223846b90dbb7f0c0ac8d803853b6c72c1d1400000009aaa170678baf10cc3f6ac87cfd107b852c8abf76a0fbfb3b7278662add5edea429005663fe20e87e8e458aeff42bf30b5398cc34742b850f0ffe77440545410 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2220 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2220 iexplore.exe 2220 iexplore.exe 2632 IEXPLORE.EXE 2632 IEXPLORE.EXE 2632 IEXPLORE.EXE 2632 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2220 wrote to memory of 2632 2220 iexplore.exe 28 PID 2220 wrote to memory of 2632 2220 iexplore.exe 28 PID 2220 wrote to memory of 2632 2220 iexplore.exe 28 PID 2220 wrote to memory of 2632 2220 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5bc5ffb79e7a31e3ba3ecd1555657b2_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2220 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2220 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2632
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD584765a49cd1b5920c8aaad9df2d78b84
SHA14a61566fe0bc4929e7cc3e2c9b24c7f61e7e6883
SHA256a32a7c00dbbcc30c4edd10bf17570812bb620c78518605be2a1096546d4cb3ae
SHA512e94ec2e9798f0f010e0d4cfd641ecfbd04dc9691597b7afe9f8eb87669f4886040e3982a2f08d3c5cba76781d5987bdc4afb0e56655c161e50a34c34c7487c5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d13cb378af9a06b2af2d6253737f6d86
SHA1989919b7f1e1a9d1ef17b3b9485967beee13eee5
SHA25649d2289d897ff36a2f2a2122675bb68fce98ac42a7d31250a19ddcbfde230bea
SHA51275ffd7c614bfdddc8a50686c037ec76de7bba117fa313697af9b118ecf48607bc2261669ed365a10f689d2af670ed644ee058242492a3405cd99d995c1cddbf1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b9864917001d87566583abba44aca174
SHA1049566d3fdc23c48531fa57bce6874f46b47afee
SHA256cea97a6c970c897600ded8cffaa329e19e98eb06da133f34339ce2eec3958d7b
SHA512c765aace0cb90c89d959bde926d6872581b5fefc0c9b082526c806653a0b4b065912088fbb0d7d012bd4a86a675967263ae12be132f59ccf0175492735e8c95d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50ce0cabcba5b11627202e21d50f7d46c
SHA178d226cfadf2c00aa53be38dfec684d608634b52
SHA25687bb89fc7e069aaf55cb9b70930274e3a3adac0903ad4541cad88cffcbe24d9b
SHA512ae420401d2b38aaa0bc7c79b31b81ce722ca5fbbabb3c8cb9ff8ffccfe672f8bb962f72fd97c39f617100002edff99c3a5b563678e4eb858db9f8e4fce9fc484
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f3f17e716ee5de13f0cdcedaf977d02b
SHA1838c7f112502b3056ee1dbfb8ff9edbe842147e3
SHA256ab0bde5df12f8e03b807bfdec3df02daed7829e6ea9f7eead922a93e9eb97744
SHA512ed654d21b1bae1a13225708b5c6c8033c11dac3372e765da671a55fe95bd695ad361fffa8a2df2d989f570415cb67b9b20f7fea765a47dd23630f09dc775c2fd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD574c453164fdc633e825bc41f536100d2
SHA154483d3f2de583f1037f642a32cd9cda659e5fcf
SHA256780b9a58e332f614fc4ff8fb5cbb7e9ada106075ff5177e35c77166ad488e405
SHA51287152863dbf3a9d5225619933ebd3fefd06cd766e77493c1d3fd814766783c89f9aba12b3948900a1945347cad2c7be61fbbcc0f7ccd956a9d2c89d162391e52
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a1c3b52d18468eef77835d3abdabb823
SHA1603556c7a71fc9634b324a339a82ca35b13e848c
SHA25626d168d326a4188a8f43eb3b77ae32c7391e2d4c111afd69688ceb38056a41dd
SHA512d64e0924d8420588d5ffbe26b83eb02ff14dd6540ddb1b4e1ba924b48d29bbac3a5bcd98ab74984a765f04b813d3360b33cc33a402bf926a664356e2ba12df1d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54b00c9592429bf4ef59730e75b385870
SHA1f7b292bffe89ea91da8f53235edcfda5b3f22cc0
SHA256dc7569509cdfa1f5802d5258480eb0ff91221a990b67e6c36108646a6e08eea0
SHA512b656d9ac3c5e0625eb01077e1fc6d0d649325647e82a3f5c3578ddd9af31d017e5d19feff4899aa970abc4d0368354e175054dae49124d270fe5312162904423
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57770be92867c1680b9e138b2521b37f1
SHA1b97d1f7cbccaca19afa1cdfc9f2d1c5d664f006b
SHA256983697277027474b1aa150c0b1e30855c876c5e8a8c69d5a0021ecf54138634e
SHA51216203643f561676688d2c4dfd4d6b755dbc67079552fa81ee74d525c1689e1db3bbf6eed85b1fef4064d2712a4005fb64004b341c78dbd3fd45fbdcad49168d4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5337fa45f492e62d3a3c28ed26394985b
SHA15360fb3200708fe6dc277087e5916022a1baa09f
SHA256029e6d40f37c972abe10390bdb646602ad058cc3061234c3d59581c82a65d14f
SHA51215e4abc67f0b2da085c3c13f98e7d700c57043cddf1812b58c36900c209f2ee6a1962f8341235d20cb3923325917cdce9abb80093006e455e23aaca1dc644358
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5335bd7cb9cf3d8109af422a74c012964
SHA17fbe51f985bd7944203cd0618c3af7f714f9d046
SHA256594accb09a9628314cbfc70ce7b68499472f8b81c5a60d96ef1951db2a987177
SHA5126640e59931b86de7fa7fb3a45541dc295c2a22ebd2012c53d0c250c78cd2a9f686a1242133ae8ac374b726c6a12fefb6c109eac93a7fab2873c2571e3cbb8dd4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD550acfcee011a0f028a1fe1b14721533f
SHA1103dfc3ec9995989a1ecf7b8a69da09a14a2bae0
SHA256ad5fd1b8e72c8463b09603bab19bc4988a0b043f0fdb5c2a1da8f5034a612eb7
SHA51263e7dc910e0ddc76af54e30f484629e30dbd73b97b46ee1deb06a06cd292995fbf32e0c5662f1c1161d304f23b8b7389c4d3a9f3e45197d35ccdc34288586f32
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59b3789d0f70f6d45ba354df57f660e32
SHA1360b1ed4f29894e1bd1885c116a31753526dbe3d
SHA256af4696b703e1d90528cf8bf43d4172af6a7034dcff1776b426836daa1d413dcb
SHA512535ff9fb7f9588608711175a137559641fa31d461dc0fc8dfeee145972c81022527499948848e6c28032eb7f8e78540f9fc0a86b658769c86ea25be68e18989a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dab3899ca1284c82a97ae5cc8965f673
SHA12205325ef1c53f4a5d550650c2a54fd0b789a02f
SHA256962197eafa2eda8c7eb2e1aff108b3bdd0b57737c671ea742ea19f0404d3eb5d
SHA512d17b413646952711873f1c80309e678ac11dc583c9449fab88f5ad19d59dfc9a931df8079cd2faf657479c4d92ab81c8a84dc6aea67039d6ca3bafedec58ee88
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD536535c6590f10cf8e8131e7e7f96bc43
SHA1f68f830f09bdfd5e5986c657f6e78b5994b5f242
SHA2564fec03437120ec07dda2b8c6c73c46f07d6a640b2d19c1957e77d73c7e50373a
SHA512f64d71e05a46d22ca52edb720b625dbe3e3c326479bbc8c6d182681df484cbe892308d968fdb4eced3d2735db4cbab9805603c3c66b736722bb32868b386ade5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e65c8ee1324c281d49d2cbeff2a7b5cf
SHA1fbf8f50053d0b3db744d40265cef20dc5b49a115
SHA256d236c2b8330c656707f2c0d8a677491b388b08110f6b9c4286c86bfcde00c1a3
SHA512413e3a5f482a94db7a0130a6132f9d2a26c789e5758207e9b7780b35143798afdb20d715a3d7fe4f16f0547f685c3aa2b35a4bd76d40c5108ceb469389273e57
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52241306551c76a8fdb25ad7c7a102878
SHA1f29075270c54179b51a43676b1eee15ec8c47a23
SHA2566f1ec1d6f4f99b0bbe16cfc8f7da377c5e1a34c1fcc442084e9e2f3fc9bbff48
SHA512cbbbc2b9f16b54a62819a41bf643dab65fffd4977ae26bde90aa96691398cf4c66688a8c3d72984eb98d415572a86267789e60d4bdab1809993caa901920f810
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58ebb2ed759079c6ba8210abc6d92eeea
SHA1e57814104d6f1d3e269d263a1162f54ffa203fe6
SHA256977a5fe463a0d1d37ead75e80dc0bb8d282202930e29b784dac1c135ebe2fc18
SHA512e567500b8634205641eee2b89efe101709a22bcc1a6433cec869acbd881710ecf6de65872219651d8e382f603eb0f24b65eef2f7f93e8613b96a36a216eeec63
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD559edbed7d588da9d754305461e7e49d3
SHA167ef27d2d1aff762a3f8ee26da0a29cb84d4b20d
SHA2568ae5e3cd2f4ba7f14cd67507f6932b4e709334a2a0a3db2e2d2216d650bcef0d
SHA5128946bc891e4eee3841e14de94d10ab0da27d66b25db506f773c0722be7f64469367507c92386fa8f65f1fe252c96cf99760120643d388a72926e63f66bd69e39
-
Filesize
67KB
MD52d3dcf90f6c99f47e7593ea250c9e749
SHA151be82be4a272669983313565b4940d4b1385237
SHA2568714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4
SHA5129c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5
-
Filesize
160KB
MD57186ad693b8ad9444401bd9bcd2217c2
SHA15c28ca10a650f6026b0df4737078fa4197f3bac1
SHA2569a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed
SHA512135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b