Analysis
-
max time kernel
138s -
max time network
137s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
14/06/2024, 01:02
Static task
static1
Behavioral task
behavioral1
Sample
a771a25f6f79009b51a94f671afa7d8d_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a771a25f6f79009b51a94f671afa7d8d_JaffaCakes118.html
Resource
win10v2004-20240226-en
General
-
Target
a771a25f6f79009b51a94f671afa7d8d_JaffaCakes118.html
-
Size
538B
-
MD5
a771a25f6f79009b51a94f671afa7d8d
-
SHA1
464d4a1c00b19159adbfbe0c058a19e9c054a859
-
SHA256
f5748e2ceef6235c3d457d955f5b244ea2dc8dc8772b26355687c7f9e8ab3b9d
-
SHA512
aba95bca4f2cb1e76bb944007893fe29fbbe68f7df116accaf470491a38e359caa3f47535153679d880c058e5f38665bc81a5f1e19545306ddc2716372f70745
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e02c4aa4f6bdda01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424488833" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000953c09574bd0423291bc73ba7a6db81da3c7e66ff8e4c553cb209c7ac01e1814000000000e8000000002000020000000b3c7ac54024a159d82f678dbf3fe298a75e26c122413f12c3678738a235a62569000000039f1ebd578bc15130ce7adac5b38d2062b0f6046f135027647e9cd945b41997d1c1ec2d04ff112209f41f1da065fc4db8f821e57f6201cf1280288962f8ce3618001c9aa3bbbedafa16d8529bf93a9f5f35e20f931d7ea5c86a033250b472a8db2ce5cdcf137fdf4f51cebe04bac24efb1407521dac133678575d8e88fcdaa20b60109d211f27b687761d1d7337d6c2a4000000087932e24c1bbbfdedb0cfda746caac718b59dce1ba3bf31d7309a57b5d3ec4b443a26e3dc25af9ac99e6cb3bbf30c11e7d6e0e4344bfa7aac4671f474976e310 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000ac64d92de9d94f76c9534dcfe760567cbf6ba28d50b628d21588739976efdf00000000000e80000000020000200000008c47367f057fcb28b28be37a755309f49c23d9b61e3c25a9c20dce684814404420000000714303eb9a691f1aefcc112e1c2fbccb47993e5f10a63df21b00ec57c4e3554c400000002bab5d265faec2b6206019405c14085c32ad23f21d9d080b90b13ae76688b1e1e540cf7d7981e4bc77550faf04713c96c6cce1aa560921cefdf7570600354849 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CC4799D1-29E9-11EF-9E55-E6415F422194} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2160 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2160 iexplore.exe 2160 iexplore.exe 2928 IEXPLORE.EXE 2928 IEXPLORE.EXE 2928 IEXPLORE.EXE 2928 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2160 wrote to memory of 2928 2160 iexplore.exe 28 PID 2160 wrote to memory of 2928 2160 iexplore.exe 28 PID 2160 wrote to memory of 2928 2160 iexplore.exe 28 PID 2160 wrote to memory of 2928 2160 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a771a25f6f79009b51a94f671afa7d8d_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2160 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2160 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2928
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD566748c486562cb4b218d377b28313dd2
SHA13e52697b930ed471a3c6f5579c26dca99b11c806
SHA256a37b2be6d86169fc8981194472e8d0cdbcb7bf745bc429b3d40800184294cae1
SHA512034def3412175f0d992786c29dc75f68324f1b0f2e858dd845407610dc0acef584da6d99174c93c7f40d5e458a0b85abc4329ad9423dc668900fbc613ba535d6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55dcd225802770d66fa378e12daca9b5c
SHA16d59e4211d572a773f23d9c1a6e6a50c77778f4d
SHA256fcbd0e8e70592755f326946080c33f5a1e17fee2fedd51795373223c92847b02
SHA51250e9513b4e6ed3dd78e54550018187febf9e3cd024d77b8a760808b15f210d0ea73bb1ea01599e2b4568de4118bf482c3f3ff77437ec13aa8c62f5fd83c007e1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5131493b5c5ad3c11629790af22962bfe
SHA1b2e050c3bd916126a1400c41dd1b190db8bc393b
SHA2565d0f757431becc5070dc4501e8d2e0e119aecacfee63df63d00d8e8bff2f10fc
SHA512a987ab9be1cc4f156c7117e0b4d435a7b2bf8cc28c83f2bc8b218d20dbfd62f0baece99f8ba4a2f586e08669c34deaf16dd3d754bdf48ad50fdf78575b57e484
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58a4972d075c17489564341430230fe93
SHA14bd6ace932480d6c93462f74c127ab75fce2b508
SHA256b63b60180c4eb3d054359c43da3fc92195cc3708d5503a9448be59d67ff9118b
SHA512da959182f459e6210f7f4fbe289895c8ba29e2659f736856924a7ff76625189a7daacf692120bcedbc5a81eb06edff9d5a0651976cac1bb9fb2d35f4c7cfde5a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e7d9925d3a4a5aa86b21edb6e585f63e
SHA12a2da79539675e3b9ab3429d92c50f17fa85fa4d
SHA25639db719d8040764a6ddeaca9b4da6f7dd30081d83744fec3b487d70e58dae6e2
SHA512ab5469c9d8c004c6bc5296b02f2e5931cb114bec3a4bef04162959c30b07220fb8a52015e394e055967ec2eb4cbf4824ee927d0940fd677d46fbd9f89fe8cb52
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD503ccb9516ea739da2c3e8b676eb8e9c2
SHA1a2142f6f69f8e22e1a20e387f3a9e447c9560cfb
SHA2565066c2a32f7a85961cc171a46ee0b79aff50bff7be355dd224c3543202eff7c7
SHA5123289680b658663409dc20302edf2c35e84c67d9fc09ab26fd0567ba825451d60b95907d3047c99b5058838f3f1d05e876e5c001fdbb31148bbdd0223614b2a33
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5277e1df588fa5a6c0d8a7f9ccad91add
SHA1be265183e1c463fa2fe93af4c1d595d5289eb228
SHA256d3dc2f41645ff7a97055325ee89b7b59e89c14baa9538e3fcc59e140fee1329c
SHA5128e93a7aa43fd18093f665e786ec643e69f5941e0d9b980c9a32499055fe8072a26420e551a40e5576d4819a33fc666fe170a3a9ad91e03a1a97475d05b084f10
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b6248d2d0abcf9eb096df2057597f797
SHA158f79610c349d6c75a5f8e53f6459e14ca3c0875
SHA2568e50438da7eb1f19ca1f2d6ce61bf093469ed91708a3316a47e040c82df7c76e
SHA51204e04ccf4fcc87d616e7c6c3364d0746e7fe79f5722ea5c797bed192cdde98d0e14ded3f9a0bca9126023ee569263caf789cd3952100e45c151bf17ca5714910
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD586b78be652389b665256495cd3752529
SHA1c680fa2c9b831100f3183b033f0a45aa2f8bf26b
SHA256de8c49391009355b05f8375ac9c79e86aab268dc62bafd114d09de89d8b0e8fd
SHA512efa9685b94152de26cb5421045008aa3c743ef554923de9f8c4352d54e3028eb44793b8bacf9470be05dfe4ce409b30deab31c2e488e1f99a84fc06d3cec5398
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50e8d170827d7ce4f3b979ed929b95837
SHA114d25dba2837186e5c6710821c2b579a71553312
SHA256381ed23f3c0716e7b2bcc4b3814ecda051e1f90ea792f57cc2959c5a8e4dc0e4
SHA512285589e86f446d41f517588b89e8c3df85f017512c9c8a02c2cbc0356137f056bdd5828dd8e4c81046edde992e3bf40fd1f056f9a01213c90f76344b6d20d4c0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b77ed6e3d86bc765b8929edca6c6dc68
SHA183acffd24573fefef3faa8ee9371350e27844851
SHA25620777100ef0805936b296f5ffc7b1b542d16fe4f8f5e07cdf240cd300c2769a6
SHA512abbe00e105e6cc5edb438c4f8082b7f20f3a988cec443966d8e971ed95450703a3c146dd78109e39cf93dcf4c8893e56e753982b3740b0b46ed254cfec8ea7c3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51ab835a5c7195730bb80b3532c86e4ee
SHA105ac50147540863954ef5f75ff89e15286e34f5d
SHA2566aba8f394fd411b537e67abefa48b9c83a7116970c0ada246aa4607823c1b2dc
SHA512196220a2c92cecaa6e393270e148fdd2667e9a30c7ee75739214f3d7e3c4eb8529a0b5354098c8bb0801ac35929e3038bdac9ea5b5bca88ed2a4adc3200aa2ba
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ad145a81ddd96bafb7e98386792e6667
SHA1953c4d6939f0da227383eb11b8700d134d81b5d9
SHA2567f1a09f6c86a5c178a12296ec055c3b2b52d4c122cd639fcdf821854bf0f4f37
SHA512faa2eb834556a188faf0bef079b166377159d7c3a3c6d91e005548454d04a7aae79fa2d1d69761fff58855489a45f5c2aefb64a0c20a9e3d3f4e7310eaa6d353
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b