Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
14/06/2024, 01:02
Static task
static1
Behavioral task
behavioral1
Sample
a770cea7bcd22b6290720dfcddedac39_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
a770cea7bcd22b6290720dfcddedac39_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a770cea7bcd22b6290720dfcddedac39_JaffaCakes118.html
-
Size
461KB
-
MD5
a770cea7bcd22b6290720dfcddedac39
-
SHA1
af9e090dd2d86888f3f2b2dd9ae450093106cd4a
-
SHA256
8f7691be5df3ed32003ad3b6762f947b58e853ba992837d839b958936993c751
-
SHA512
69572bb4d8499787d69c3b4439bc1e787745242c74aaddf48f21e8b7140768fc2acb62c8c63febada3c7fc74ba7e060399cf4297d6122053875b480b6037dd94
-
SSDEEP
6144:SQsMYod+X3oI+Y4sMYod+X3oI+YNsMYod+X3oI+YLsMYod+X3oI+YQ:v5d+X385d+X3f5d+X315d+X3+
Malware Config
Signatures
-
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424488825" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d68ecaaa6babc04c862b84ed55c2d45300000000020000000000106600000001000020000000e0e7113c5af8f40789f2c3be9dcf978ad57c40ac06ddba350894ab20f389b4e2000000000e80000000020000200000000171d883792546e91d74742ded3bbe8329282e3cd3a771b3d50343c1841c64bf9000000079245858834944da30f9beee572e7944c05821fd4c990dbd4aa4b2c2f29da02868dbd852ef0cd72875b33d3a91c2690f7d3356d54200e62d5b4a808a730433c47aab22c9abcd1d1b51d4bffe3e749a1d43bfd793d44a9971fa9d0cdf4f2b3ceb13175adb63e31099e63884009bf7820ee67e02e26f9fc77abba5edfec6a8c50e0a44c65919ab4a7d8b405a5718857e1e40000000b9580df2ab9d45625a298a00da18c244a2e0841fb81022ac0b88be353d07c0345c330fcc971eccd267bde06c3cad0e5c1910e84a8c8c8fa4ac36b8972e23f693 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d68ecaaa6babc04c862b84ed55c2d4530000000002000000000010660000000100002000000032972d4cc89d5edb9b29eed6be42cc2e5f71817bced62071b19bb356823fc12f000000000e80000000020000200000001554030ff2a0269bae06ab68448ca61d68f8cb90c208179e914ece487ddbdd9c200000005a47d5c680cedc7ab713dc7e55fbe826ce27b3b365d126cefdbdda21d134e445400000001bc492a4b32f28ac6aed580df5323092c266f60b90be349712138ce78ef644a5d290e0098d21576236c17614bb53cc75e8d0a158cdbfa9430eba0cf3d92497be iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B51B4221-29E9-11EF-A5A7-5A32F786089A} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80b8e98df6bdda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2912 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2912 iexplore.exe 2912 iexplore.exe 2848 IEXPLORE.EXE 2848 IEXPLORE.EXE 2848 IEXPLORE.EXE 2848 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2912 wrote to memory of 2848 2912 iexplore.exe 28 PID 2912 wrote to memory of 2848 2912 iexplore.exe 28 PID 2912 wrote to memory of 2848 2912 iexplore.exe 28 PID 2912 wrote to memory of 2848 2912 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a770cea7bcd22b6290720dfcddedac39_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2912 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2912 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2848
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54c9b8ede0f73354eddd69eb21c33f562
SHA1ca04ad059c11458ae6f6b1d9f39a96ea75b4640d
SHA256177e1391e642d6eb61e751d09ed4275a7cff92892195c345c7b6355f6d53c318
SHA512ea47eadb1af102fcbc58fd79006763b86c50ba4c740abb82997e29bf3dbac5819ef59588236f7bb2df2f4b8763213a0be68d0565be532b04078db315af0a47b3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b31f558c60363b1c1e71ea91ffe2607e
SHA10bad97c47203ab4004710c9b5447a6c431b8da6d
SHA256bfa2a33c5f6abb8f66b67a70494aa931bde3ddc966733cac0f824e3d6abd90b6
SHA51265930edd34f849e376e16ca77ead1a40a527cc39e5694c165ae923e6aec1b0dd214674a30a4aa6f8ef5fa1456fb28ce1b158e4104b6ebeced03f4d548b1e0f09
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d9181f7534f2590accdd5c3d4de7d151
SHA1e7ef3e57dedcc301b98ac29703b5e736be6eeb4a
SHA2565e753c040f4a9d54c9a4cb6fd0af0502c2e6a2c07a3ac2acaf958f9a5ea36579
SHA5121b78de2b044b0cd6f4d9dff21993f666d3f2855a6258698c0377572afcb0131e38255d8a5c67b748f3150a10e4d0c1eaf073fadf2b6dd21fc0903a991479a799
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57a9377f37211fe7394f2c275e783a424
SHA1cfb8a5a41badcd34f48c1085817cee6abe4da0ea
SHA256fe9167ba162b6445db5c7c3bbecdf6983195079142046b82fff1091aacc11244
SHA51211ea041d3ff828e408ef3d1f1003bb032ea001ef1b10c7993cb4c2fb78480a2a6eb28733d99855ddd98a259e9c4ddceb368f07b593a6366c88cdffe43d1ffcf2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD505e3c312ee0201fea7deacf5e63b0d4b
SHA1615b521186e05c70ef6803a7b022a59f9abfdfd1
SHA256c2f8523d28902cfb5ecf7b32790129d72d1bee974a65061445a040ba557df0a0
SHA512d2a71be04d6584b3aad50e220c76300b7468a3fc0a380eae1e4f9ab97b6b0bf11fd0ccfa1e394952f91dbdcaf557498bac9bcdacde6e6398a52ff7f45909dff2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD544b323214bd830e376cb71e5803fc555
SHA1959af6457e930e735cd8ff5ef04272861859b274
SHA2560919fb27f0c65a539d906ad5cb4156df1070a03e026c78c2c2d78022802799aa
SHA5126387b39d9686ee74b2a1167b9c23a096cdb7c7235725596f397e612f051b84bd955394a5a9ea9d0df8c9f37f1c5cbff759091374797848db7bdfbab8d9175d0f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b8b339e08660f7e9e4f44a941f381286
SHA18857c46788fc253db85668ba4d6aa4305eccd747
SHA256c1cd2625d463454f103c97bf13fbd2141bc75b71c253ab42d7eec31dbb483458
SHA5126b48be937f1b79d02e8be8ae05c2e7583fc65f057dc623a26fb7261802b45b4a4a7a374824418f6cd1171e79bd21201f8ee4cdb6fa6e4b0ea271549b9ea8f8f8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5086372af9d6e216036f817cc6bb0b8ec
SHA11f6be1043e82bd015519e715237a198a7b36cf5a
SHA256a368f1744e57f5d255f9e42ad66cc9b3fa19aedba8ea62648a3972daa9160bdb
SHA512a8b75c4d2442189e3e0376590dfbda980ac3808b8c5c7a28f06b4fcb8a4e794a367f35619bd12cd94fceacfe37b385de7b58ec5d6bc0ef0f3c550a01a3387bc3
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b