Analysis
-
max time kernel
117s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 13:31
Static task
static1
Behavioral task
behavioral1
Sample
a5cd35490061ea47372ca3158ac64e18_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a5cd35490061ea47372ca3158ac64e18_JaffaCakes118.html
Resource
win10v2004-20240226-en
General
-
Target
a5cd35490061ea47372ca3158ac64e18_JaffaCakes118.html
-
Size
461KB
-
MD5
a5cd35490061ea47372ca3158ac64e18
-
SHA1
be57d7ced8c0a60e2aacb81b40037fa356dfbf96
-
SHA256
23fd8d6f1193e1ed35959497244835843a9d893824b7bcd2ae07bfddb9a9cf92
-
SHA512
08030ca721d88fbbe7c5e1d9a98906d5c1dd08e34e5b5721481726f6a8fcf350956625e9fcf3260bc5604eb1f9c26050ab091626571c4c58db4096d921082d63
-
SSDEEP
6144:SQsMYod+X3oI+YJZsMYod+X3oI+YusMYod+X3oI+YLsMYod+X3oI+YQ:x5d+X3l5d+X3+5d+X315d+X3+
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b623e9b7128144fac96f874944a227b0000000002000000000010660000000100002000000054fb959cf9e84a874297b369e118277b0c4d67ed5275e4ee5ff9b3f3662aa931000000000e800000000200002000000099e950cf111fa4f210fabc0ac9132e52729517d33428c2ed0dd71d4dd0fa1dfa900000001407057b55887cc3a74a25d984cdf8266d0a743440be1e814ab9f16079d113abacd31e96b6410df3d091d0d4b82ae101552fbff05bdde1591c1919f5f8e6d06fc2ca9f780e55edc6a9235136e3e37266771b079873b0f688b7031772cb9280d5242db62eafb1c97511914c9993b41e6f2975e5a00d63f823de9f10407cb72274c6fc95998d9126a400a020f40dbab69e40000000611e3a13f5264ea8d0ef719dc6b0c48ee74cba4527ec6b0e115f991a99340689bedeac8482559b2495ad8bc147a86619349c4762f97d4bb5babca0a06f3e9d71 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4D289BA1-2989-11EF-87AA-FA8378BF1C4A} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424447383" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50b4be2596bdda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b623e9b7128144fac96f874944a227b00000000020000000000106600000001000020000000e1b6819c18427f784665fbb8f6c925f776777a666fc911001457a14ce74bf017000000000e8000000002000020000000db3dfc1f7e20660ce5a8b867326ce0da63aa945c049d36a5009ac9773b9be70420000000838aa34c867baa9ba3a900dc7935ba57cd748cd959abbe8bcc93daafbf3a5ea2400000005c031b96340b596b113c4e0fc8aa467999f1b1730f7756192a3875300911e505d1b65c1224700f4561981f23970d529fbd158c23ccd31940ef2870c2ef266700 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1688 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1688 iexplore.exe 1688 iexplore.exe 2732 IEXPLORE.EXE 2732 IEXPLORE.EXE 2732 IEXPLORE.EXE 2732 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1688 wrote to memory of 2732 1688 iexplore.exe 28 PID 1688 wrote to memory of 2732 1688 iexplore.exe 28 PID 1688 wrote to memory of 2732 1688 iexplore.exe 28 PID 1688 wrote to memory of 2732 1688 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5cd35490061ea47372ca3158ac64e18_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1688 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1688 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2732
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54c12585e5444d1ad1666694529fdbdcb
SHA1feefbb7ee5ea9eafd7b9dde6cb77e7d3ff5170e3
SHA2560384c25d3f6f9514d033e1e879dc3d38330694247fcdeff19870a01d94307dfc
SHA51252450648a0c5270e5efab59c537b54651c51241b57767bcfa940fa68f731568bfae314c578ff00fe52a145c4d4e381a25b9bbd9bf355eb5dca845ad1090f8b07
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD533a9eaa0f982d5b1c40b7ca158470668
SHA13a67db48b2c3e095c3b95dfed8f7c677fb40017f
SHA256ccacb024998c21d6d5715d35db4dd333b12892542654f1b973a575c2004e1af4
SHA512002bab581cbb092c173a603b299c34cce1ab9bc096bf052f1efe0730b3565ca8db14f1ee8ff0fa03918224414ccf01dca496a504e7b853da29b5eac5735f364a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51f2110f69a732096f7af17fe066264e8
SHA1334289e3b2e9e8c5875f83fc62e3943d375d7c49
SHA25689f9ea0669e5a43acf83ee81847045266ac94372ddac45ce9d637959c213cc2c
SHA51210f2d81bc01ec220d163c437a6687bc6847474ebbb63ca68a5cae67254f776c60a15b947e8e732f71f628207c2a6d0e4621ca61d9690a910d3b766510bed4b62
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b9540be28ef82d1fc519edf57b08ab14
SHA109e033c40f9a887250d9ed88634b8690ad08a1ae
SHA2564f1c60dfe57374259323bbdd30508e9b1b4411569f92c49796f088bfc9f6c0d7
SHA51210f6cc30e328ae7fc8b2555d45e61155b4926c600533d0cceae58e645d5ba3010812557eb4b636ebde6899812a8deda312e1e5fd828531c218bc05c7f4e13a22
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5218bb09df749beb9527413b2bf256d71
SHA1256e731ec4d03024c977b3df3faf9d71890f4a0c
SHA256001dba7d4ee45d84f335e49524b26cdee6ca1b6e358ac2ba9a1dab59d3cfb39e
SHA5128d82222d60610f8352bc6d28fd6de714b6b21049678f2ca1d08f87196a235550cc702e94bf1b9d830967d71a3163bd0806cc4b5f5ed2dacdbbb607677981e4ce
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59a90dbe5c695ba9346108651188593e7
SHA116efa0076017345cfb8ebd1741d5c6a396ec733d
SHA2569149013661ed1a5d63a0074ea96a2bbb51bfc037922654930fb028d74bc7047e
SHA5121948feeba898a956f970b175e9bcfc4692580bff64eaebce3940d2d44460671b9435a913964df16dfcf6fe54455bfbf5d996e2dfaaf2168df044f24a1fbfe664
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5aae155e353b97ddf0ad3351352361835
SHA142cf976b418cf4aa807f44b74f3344413f285068
SHA256e3ebff7fe2db029d8a7de3d0a782359703ad96751b14dbf3f7ed0ddcd4050f44
SHA5125f992bec608eb65c0ad4f90d34f264724d91f536b68c5149866fd52a318d87471248b78012febfdbc1651c12ff8ab85251f7f7d3aac9986f7ed2b3e829c624f9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53b8c5da4a1053076db9dbc059199dd4a
SHA102ffb67220028d720d497adaa678f9b1abf50e27
SHA256c713d8a003048a14f74e4201588dcfd93e53143f470ce521eb53cb7a9703ffa3
SHA512514be9e6e002e6770e6a4b1281bf7dc8c0b83fd179644217177738ce75088a3eb1d8cf8ed221cd0830857c8c669b5df370139836abd2d89b64bc246f124cf38f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b67d2a124e748e0c15e307f11e98eb98
SHA1a192041032983d54d1950c137c8c257dcfceed94
SHA256b9d4c048f7639647fbd0934a1758be02974eac23069318fec34fb5fba9f1ccbf
SHA512038ef75660aee7420c25d31d585918622a231f6f5b993283c5c6e2ec5e9d20b8823aea130d95aa3a056b473057908368433184a8b9ee45c927a3528fa426a6f3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59fdbd92fc0795f4e9547be1b50b8567c
SHA179157b5d0d67f5b6c04ac7af3db5a96d4b47f01b
SHA256f5ed460f258471a52ece533653bc21247d485507fb4878dc88de7024bb92b07c
SHA512485422a3770e00b586770da96084630ee92de1db7eca12140f55948add9338ca010350ed84f4c1419229c489d7feb5f6e2a174eb4a2863aa6988c6e780e4e64d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5df3d7a98616c8f63987907c4d1c684f6
SHA1e8caecbb0e35262a22b631a18eba90342004e38a
SHA256708eea16d8a202b21acc25364860cbb8cd5a2e7d260e999346dd0d86c7f45e32
SHA5125959f0032bbc7b761c085b1915cde81ebcbaf54e8412d63cf413aac9221714c440ccfe366ab446cd624aabfe0953285eb707011fdcd2b93a8293c13574c95927
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD521a7cb52932bef90774fcb5302f6822b
SHA18faa0cd5fa7ced9b6e7b011ac201dd312e6f0341
SHA256cf3b913ece9927dc0f7906995730fd2c3b24636c7e54b2c2e730ce7c3273c35a
SHA51210db3b4eb561689d45b59583233a1a709f7392c318bcbe161b91a247422e0744bb38635dbabf49d07096e6c55baa04eb1eeb7924bf01403353a3ab694e351f81
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e963bee7a2b17f8c5f406518bf13adb8
SHA1cc90ab5112576abef6fb4c359338465654fb1ab8
SHA256a2af5c3a913d1a0a9b1f7d819dc9d7ab3b3483de4fa92b13cd17d4c4491607b2
SHA512f3fd4c20fa9c76e6aa4ce09f8e4c1b5d67c1712865721722a5b51d7c5c5560760b5dbc2ca2b3884ab8cf83fecd6317dc1d329b438ebd87982279756c94612bb2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5160ccc9ecb9fd9cafe7387ebdb942f51
SHA1e937c9d7da4d07a437c661707f23eed7e3213bfb
SHA25675809980e4dabb3cb5cd0a08a28fe0e8351c7ebf20f120b895fcce21da15431b
SHA5125376cd0a8e4475cda2aedacc97ecdd832044acbe3453c9ce27b39e2cefa1f7a96450032bd3dc1c6c250704b3db09f1fefed49f536fa1bb956e150069599517a6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51ac4fa0130a909a7349f9033f2f8216f
SHA1d8171473b318a67726fbdb7e914913c21d7d67c9
SHA256909d788dbee6fd2a3f6e158ee608b1a6056aac09052be99c957216a0f57e4984
SHA51256ac409640958eee1b238ce55e27290b232abbed1afac3633eaaaeaa3b430ddc70c71cbb2ea6a4ff7a351e1f9c8ae94a432573b78a45794b1d10168b76d4e541
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53094f8762d0a4cc4a23758fd7181d574
SHA1301c7a35ccf0fec9ac305fe56a439889df79c9af
SHA2567a3dfbc13f11a968c3a800dec911e77f32735fce6a5ce9eebde7ad8bd8439c0d
SHA5124dbb70b6047ef1b451f1dab72c4fcc24eea59244b1efdf223ce78343e54c71f3ffb336a21b03db1bf91df3b22b6a1900be096e1f45cd1f1495fcc2e217359a5c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57557cf80c9cf46519cfb414a3f0e6830
SHA13a331038cbd2a4d3762d77fc10f1dfb2479c82ec
SHA2567178137ef2d6c3a9ffb48e7092b588cb7fcec8040c7a1c85aab9fb0438d914a6
SHA5129315dcfc8049c05b7299db263f89874b90b0f5a88706576e0269e481fee195be1cef17a23b823701f8c0d188bff0544f1668f68a9130565b58977ec188025abf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5641e468b70abbe45538e929842fc4511
SHA145b685b159a5bce7583038dd06008195f7ee8f5e
SHA2567559eee45f707a43db765a086415ebbde1264115ed7e03a00a6c00d8a8906612
SHA512a04702b37d960edceec9cf45e23c7b4c0533f98b64a94ed7b803134fc7891e9cd020fce662c619448ef9f303e599bba115cbdf4ca1c1d5cfcfcd6a65b8057648
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b