Analysis
-
max time kernel
134s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
14/06/2024, 01:14
Static task
static1
Behavioral task
behavioral1
Sample
a77b97e429549af0f13b6dc26265d037_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a77b97e429549af0f13b6dc26265d037_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a77b97e429549af0f13b6dc26265d037_JaffaCakes118.html
-
Size
795B
-
MD5
a77b97e429549af0f13b6dc26265d037
-
SHA1
8b01141db9dfad07e6b8e02e6a0c97f5f02cca5a
-
SHA256
41a0b3a97a9297af1bd53dfb94a06981e442a21f790dc704fd9d2f3f0c5f90af
-
SHA512
5fea53dc7334f488244c35601bc7fe163bab9d4ac5fd04ff46fef059f2919e3bbd55efe10b5d2e273557ad46a1314cea754e8db9195ebaea28639cd8dc739e19
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000cf3b51b8ea389619f5fe336858d39d5004dd63af17ffcf0705a1caa0097b4b31000000000e80000000020000200000008a48e090036d42868a6dda920095cfdafb44710f7017bd1f8a000ac77dabf093200000002c1c6121c0820d1c4c7377e4be5de1b924c46e347fe5b738d59317547fe0eb6440000000b71ea324f6aa079e83c81172a3a21df169fa6708682cd9e9b48f1b51a189a5f9a979b46ae532a079d01d9c2616fba2836d056fc381bab4e46d453d94a5ec364c iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1087bb3df8bdda01 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000596ef654ea95d403f9169d91c414d5be431ce9829d1839f259857f43fd73541c000000000e8000000002000020000000a3aede7e4e88adef9fd6244976fd910b96751248e7ae4c170b7bc4717900705a900000002a93a33e312749f4ca6aa468845d9e34f48b932b7ef5805d4fd442b5c932e8a5ec02315281abb9dab9d6f916e1c0e48fe8870a56299697b75de22e732935a745718c15ebb9678071ef6f15588560ed5b63bae4860ab0819d972af5a6e6c4a3eacc5b5870bc99afbaf724d05be61abcdbc7aad0c607a389fb695fcc1f949b10bc705b673a6b0c16b2e3b0c972a17991f6400000000b793ac51946b8289611955ba8b1e04be5900b7e191d26dcb16b4735d13ba517e9eb90189223bf0ba5e0848a6f22b03563269a44ce2a4c4748f33734fc0b13af iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{695208E1-29EB-11EF-A85D-46C1B5BE3FA8} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424489521" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2220 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2220 iexplore.exe 2220 iexplore.exe 1088 IEXPLORE.EXE 1088 IEXPLORE.EXE 1088 IEXPLORE.EXE 1088 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2220 wrote to memory of 1088 2220 iexplore.exe 28 PID 2220 wrote to memory of 1088 2220 iexplore.exe 28 PID 2220 wrote to memory of 1088 2220 iexplore.exe 28 PID 2220 wrote to memory of 1088 2220 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a77b97e429549af0f13b6dc26265d037_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2220 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2220 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1088
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD556319fbcc6868e46f0b175de637eceb4
SHA126f21d276d5c0bbaf6e9b95e914e16b7a7d7cc14
SHA2560ce19dea17493c1d449ab5ad968084ff958774cf7c8cfe39bc4b42c8efb4ee83
SHA512e2beb4d1c8dbd42636e4308ade11a349a4dc8d84fe892d4063c5fbec64d1729039302119f58d7b4db3128a499694baf0267b774970ddce5f836846275f2d8234
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD584907b814bc9983b1ef08006210aff1d
SHA172b1b4b63b26cc3195e8896eff5f519e0be622cb
SHA256841a316da5b89e0289cc49a6e2464eb06731b6b8a8e371bacb78feccf4eac1ac
SHA512ac7ec9b716bc3e4f0f81d6d6e7e8b81728c968216bcf4a3fc5e7ddda2683feae58c6df72491fe8952364c3c102157c3f7cee00c269c0ea991fa54a9e1733e219
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f6c43a33ebe2bed6d7c25bb3e3e82c28
SHA10281e0b9271d806b206d70b7c19c2fee060bea44
SHA256436e5d40e7dd2ba573380aa73efc53233b69ac32e746db7fa6edcd00b8049054
SHA512ec3c87deba5d1dd1fb9cdd606978b90a7546ce8846800db25c651c9324632f230c10734235d0d656d4602ac50b98827c2bd01683d5c61e8ec2c0c09904c00483
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD547082f7a751b9f07d09378a5443c6c53
SHA144d5bcffbbd1055ad29c0d75dd9ab56b33395364
SHA2565ef48dfb8983303d975609dd1fff6a3e4440ad60cf6ffad266018a0432dadf50
SHA5121f14e605ee2f2c29cda4e78aa22d2fda850ec6ef102bb1676b3ad99b23ff31bd07036fd2b69b690986a88bbea1a21c7c90e44a6e2a4c49dca8e0efcf73e5799a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51e6bd49117f1225cba6072ea7b278d0a
SHA10942deeb623691698c2852031c73c45ca6dca9e5
SHA256ea5919219cc0b2e3cdab48cabfc0772f7ced06b53d7a0ed1d944630f91758df6
SHA512ae9ce3dff9e9c9bcf66e04f1866b46055a7aa53c1ba0fd8268aa6d043fdaa2abba19c9f757a7d901042c0ed08d76d30af834e425cd9d1356f3590d160e702ced
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53e5aeb391c64b7527bdfc4e3ba9e2412
SHA1d025460460768cc0f9a52d212a90f0d8da190d68
SHA2565c5b733c10aad4cef95f71ae53907708748055b402b583b51dcceafd4c6ac538
SHA51214e1cd5d1e703b23b321d885ed582809f39c93e44772c6f0d1ed6f63cf397195fb1c9222dd1be0a386f1974f0f23cbc80918b8b3b070a75dc3ae793bda65eaa0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58b12552e0cfc2d35883ddb3d3a898399
SHA1c94499753ba1777aa2aba6c1d9d65270bac9dfb5
SHA2564f4d2595add5ffa2f2c727c9dfe3ecbc7aa66bedb8f2cb0b478cd387e05fb607
SHA512c42be7162746aca4a75ec7f8eb27de8a3371cee47f10a457da2d9c7fdeea366980b9bda701fe57abe879c767dbb109c8f5b4e882039983c215d781ff545ec552
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57bdbef11285480b9dfa414170a59357d
SHA1a09882202817c20ceb6912c12ae16c1bd6151444
SHA2563f45c741ef2d11ce268aa5e8e1ee2a7b7244e9e15d871e04e3b1deabac7ba133
SHA512e7ad83d888fedc2386efb1057342cfdc8f296a0c7e0ed1ea18fae075c7d62037bc46099090afeb6fe26434f8eff2f2f7876503aac3b8d1eaffdbf9ed78394266
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59952f1322393d22e12ea619a282f2b9e
SHA195e64385094da67172844890afab3268fdf9ea8a
SHA2566c37c3808f1250d80721fa1db9a898739f148559f70b9635ded0c61d00ef149a
SHA512ff383d4aea090f970b46fcdeaf66e5dcdcd132198dc324c6a6ebd7f2e5f0c8a9663801560d6062cb52cab7249c4145c24f8d54db75ef0d96ee1122daf084cda2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54a6edba41e50e5da53b2d0394c40b921
SHA1ecb46f466f37c8b6c08753ca0bf38cc0ce9a226f
SHA25660f94a066e4d13fc23928c7474c5da950dd48bd5e17c49796cc6a6e033e48f81
SHA512d53f1cb70d56cea69adfa3edd50f7db8ff3e6e9d6daad81d7ab436be4cb4fffa71559f9350e9c717070bb1daee401906c3c14831bab47df5142682e5ff46d401
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD597f764cb72be7a216948b9bb6764c94d
SHA1bdece068cb5aabf9ab43e78a65313a4a7f9e7c7e
SHA256c40a66e441e6608aa564eb780fb2e62bab636bd26493fa07eedd9040c2385056
SHA5121179ced15f3c41e839e06d1d59df6af37f0aa1712a40f13311c8a01a4d3b3c20eea30cca8b25bd53848bfb102191e22e319206c8e947a2d299c81fedeebeb501
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e1e86e6eca364c037290fadf152b434c
SHA15bebde16eba04619929ec98ab97cf585e7c13fc4
SHA2564c063c73745b38616ae785138e412f9eeb4b34fbba6d38b51b77404396fea7c9
SHA512796c7c9f7818a94e8b66683a2c139d440375d326ae6924210e39a5b633c3c8b0bee41c347a26575b03c626e54792cb46df0f450d8f7f61b4057189c46fd52784
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD554389de4250b706b8fed3d8e16b01b8f
SHA1a8d2192e8ccb02a95251c7ffc534ca4ddab850d8
SHA25634f9b3a72063c1c984db84856e7aa63918017a887ea44af00baf0ee911435c74
SHA512e717ecd710bce3e2914308ea7777c59c2974b62840fc5548431e0b29383ea7241a22fcb144d79d2778679600ada8049e97eb85c27eff9e56d9d4b220c865244d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53ca4b3cebda9473525109f7e39d5496e
SHA13eaa9a1132a96a93d509dbb2a023cfe89cc28361
SHA256efb53fae522eaecd8a7635f93838f73540084cff67ff25a24631e410b17579aa
SHA512f265c2467c660e4e52fd446a6a8065222a4015a90d36c21fe87237e24a5b1794c0387ded2eb33c1e694e504a7210bf00962fd6b13220d1779ccdb15254327b55
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c8265453a7f104b169576bc68bbe1225
SHA1123cff113d7990aed60cbf03aaf1ede414ab10b1
SHA256c9963496da75a9f0390b9756f4354710b09c25a4121c74c0bfe2b053f09e154a
SHA5120339943815dc02743b2f0e7695124ecae6be84f2305d56a7d32beb91680cfa0e7be189d3ff2e1322ec743422a434dbc4b203a250270b01ee957d4c30a5a768cf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e0e2fbcfcbed75ef49e1b4ec4db8b220
SHA1545704e49ee3e22211414f09d1f210eab33f7d5a
SHA256e97c5d916661b8fba5005fb86af81d6827bcf91e59959f87f045f3657433dcf0
SHA512f159c305e46d96a75b419830af2e69f18b22d67a6e08ad24081825e461a93c2d09caf980332f4d82cda0fedf13c6b838194a8441253bde28e951b9d3595793c3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD566567cbc45d55913e7f79369ebb5e06d
SHA1ef42d7158e9d996b7bf750490b6394c8e629e351
SHA256e13c51f5527d7d977be03fc3ee06ce570a719fd33dd4aabcbff4cbe3bdf278f1
SHA51212ab589c36fe7038f161f14040f7098bc628e916d8f0af4ab2df050f6937c72adf5f4c9639668458b9daf8c4ecb08cdd3f6defb3645899c253298e6d5af1548f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5166a0c25d328d8e1ca7315cdb19bf3c1
SHA174fdad397727b265edf31f0e6f835710708ec3d5
SHA2568e1e2a380150bf1d7b8a63f41871b42303bbbfe4fb5b875cdcc49105100aa94f
SHA512a1210e3373d595c8cad0e1a751476bb86624828583c0827ac2bdadf1f451617499de5bf464cc4376dc262eac03de8afb5f496b8beef58b9d98dc4d2759d03c7e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5150a3bdf9a73bd9092a430cb9329a6dc
SHA18a02971434af78df03a8a9b5e100878d735e7342
SHA2561c260e8f4a27cf966c7765e7141672b98d58b8de932bccdbaef74bd65ec01162
SHA512d997940b5b8a4112cfb2d3eab082503c86323b22c7bf063ca9dbb46db1994eef8277e576daac77e6512f370f1954d4932a459d7f1a4bfaa1a96c8730b45fb257
-
Filesize
67KB
MD52d3dcf90f6c99f47e7593ea250c9e749
SHA151be82be4a272669983313565b4940d4b1385237
SHA2568714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4
SHA5129c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5
-
Filesize
160KB
MD57186ad693b8ad9444401bd9bcd2217c2
SHA15c28ca10a650f6026b0df4737078fa4197f3bac1
SHA2569a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed
SHA512135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b