Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
14/06/2024, 01:02
Static task
static1
Behavioral task
behavioral1
Sample
a77144461206357dd838f5236dfd78c4_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a77144461206357dd838f5236dfd78c4_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a77144461206357dd838f5236dfd78c4_JaffaCakes118.html
-
Size
461KB
-
MD5
a77144461206357dd838f5236dfd78c4
-
SHA1
64e318afa16aadf337569f45015112fd4ee862cf
-
SHA256
ea9a9a00ea9e75d6aac4abfd128d83311e04e2f96e8324286d42e1560fee5890
-
SHA512
74aef9480b5370524be81284c4493f0ba6efb31d06ab443cd80b9e4b33d0f5affc9e436eba169269cac86aa1a2c3a3daba62f755ce691d582fe259a08b7c9504
-
SSDEEP
6144:SksMYod+X3oI+YJsMYod+X3oI+Y3sMYod+X3oI+YLsMYod+X3oI+YQ:b5d+X3n5d+X3F5d+X315d+X3+
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003969ef181485dd438c9777309568e3f8000000000200000000001066000000010000200000004ff8b28dcee3ebb9857dcb901f401eac27a4a16015bcca6bc4ec6942a0a2e168000000000e8000000002000020000000d8ccf0496cf46613977944a813c4e135f53a3e5c157265dcefa1113dbfb3570720000000210d799f770c7a9ac00068521b5198e1c071dd2e1e668dd01676122921b1601b400000008d822f28e5934f63b293afb74d6d97447f31cdd7be47fe6ce510b54ac304d185055eab12ef7cc8df5ac60bfa6ee606adc30360737dfee7db82b9f8a13a2c51d8 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BFD002F1-29E9-11EF-A34E-5E73522EB9B5} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424488831" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003969ef181485dd438c9777309568e3f800000000020000000000106600000001000020000000bcbbee0023499d910e59ecb0dea6f300446b0916737ac0d725da84a5c8b67b87000000000e8000000002000020000000470e1cc1e9af248cbac47f4c1e2d1b08a196c9cdce70f9a4caab25defa51266790000000659754d0d92324abd21f7527ab93bd5d846a7886c0a91757559fdeaacebcf66026d5d0a022c113acbfb4343e2ad63ae52003738239f77c70e251e4fef0d29afa0b5b2253eb1bc5fefb765e389f86e3f3ff2ed4aab896e74a58490cfd7df819fe695793ecd929635bc488e08909fbd62ac444c3a070843069f8884aa5052bc6f8ff18469842b24cdbccdfabc8a7f64c7940000000affbf8ebb76cc235362a86fc709653ffe8196ca607c4b22a237ed01a1da67cf9d13e1aebee1d47b5c5cc7dd972ba4541b5cc615099d341ac04c46997cadceec6 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60f66698f6bdda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2236 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2236 iexplore.exe 2236 iexplore.exe 3044 IEXPLORE.EXE 3044 IEXPLORE.EXE 3044 IEXPLORE.EXE 3044 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2236 wrote to memory of 3044 2236 iexplore.exe 28 PID 2236 wrote to memory of 3044 2236 iexplore.exe 28 PID 2236 wrote to memory of 3044 2236 iexplore.exe 28 PID 2236 wrote to memory of 3044 2236 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a77144461206357dd838f5236dfd78c4_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2236 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2236 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3044
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bb964bac298d0a257791408fcf9cc7ea
SHA1161caacd806af90057c7c265640ea6b63f60fe95
SHA2567ef31f89fd64218588851762b18fcef31d62015f0fbfcd237e4f858117d613fd
SHA512c26e42b8be43038df049595720b5cd760eca311dae583a4c9242ea75a45805f2097f129981bda33105dc791028634cc2c4860079c8968df4f33dd299c7ad4207
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50feaa11c4fa22d6cb905fae3b0128d2e
SHA13a7f953ce10724e611eecd1978bce8d12f6fa18c
SHA256024dd8547dabe86cc93ffe74bc8dd28283bfb88aec070f973a4db8bd7e26a789
SHA51288871b0f47ea272cd4b2198b4972d77bacc0993f2edf3ae6b4fe6e7941e05e14c6b18ad9f0e89ebb8848730de2f0754cae86535dc1c89039609979ba5588318f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a2ecf6105f971090faea10c9cd3fcdf6
SHA109980981344eaee992d67b28c650918690732003
SHA25627fdbe82b275673895d0c96ec980d2cac1605176bcebabde32c6720b35bc13c5
SHA512dbeab05f903f8c36454736085bcf65768c173bbf0d849d82de68108562b562f6e3a027264b520a6a351e7b20b3f7178c52eb855ff68abef2bf060ac82c20a018
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5839765909b9ad0cb99d2ba57197de662
SHA1970030e7163ff545c83e6841faeb6e24e6878508
SHA256388245b7d93462640f86942a26ee271827901c1d57b5661de01c4e0eefc20179
SHA512557f53714bae6e398f1deb0ff646a7ca78e7547a286affbf6ca47e6f916e17c1a708c3c454b8f9c9cc91bae8d71e61ed49560ee1eead8a29f28cbdab8a923261
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52d0f634a2caefb85c267ec2a618ec358
SHA1515fae234b2692aa01c60079c107451fd3ea3147
SHA2569b24d83e31e16e0ae6e7dfd6651834356877332e11c14366415ddac65707949e
SHA512e2314866e949207d444195d2b129233538a1aa6013e9fd7714421145798127f7caaaf47f3390a0c044490e544ff9f1bc78bdf5993e2c063f123f3f70c5e69959
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55a2be07a2f71cf637da9f361f29ab37f
SHA1a6a47b8a9bbd0bba0a6df5a8bce2cc1eab9c59cc
SHA2569654a195de5049eb1896e493334617c44bac7114f46090aa1331eb9956d8805a
SHA5129545ee738560b5864932f7184c912e5a7bf4a60963d2bec95979bc22556047966e57543a3d62e444f04bfd9639359f6c3b6926c3a530d48e52053938621d30b5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD506e4605355ae66d45d869076b49b2335
SHA13107102e154e945cd50010274e0928892327ed19
SHA25607fda7c4fa1a1d7eab4647daf2a0cdd828ee5aaae138f6df722c70977ffb16fc
SHA5128b2f8ec386c8e26b4b5d5d2fc876191c325a0c874cb971973cdbd60574fb9da97ff9f1872b82bbc631a60a3cc4202ded451ba8d233d45f545176f7971e881f58
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5338c4a6b6664b9ebe2aaf100d061d588
SHA11c3a5c503248560b7cc883fd9c1c9c0a115d9121
SHA256cd2563a60cac3d07141cff85e743df9b963bcd40113b34c538707e477ee4da1e
SHA512cdbfb542fcd6f14f07ad9956ab521f38902cec0911c719325a9ec11de58825fde36844bbf79bff5e2fce458a11af1a410805d02d032bfb5007a3df42b7819f77
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b