Analysis
-
max time kernel
143s -
max time network
144s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
09-07-2024 06:00
Static task
static1
Behavioral task
behavioral1
Sample
2f3aed7a3f84867f16deac94b66058e3_JaffaCakes118.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
2f3aed7a3f84867f16deac94b66058e3_JaffaCakes118.html
Resource
win10v2004-20240704-en
General
-
Target
2f3aed7a3f84867f16deac94b66058e3_JaffaCakes118.html
-
Size
127KB
-
MD5
2f3aed7a3f84867f16deac94b66058e3
-
SHA1
e87725ed0d00f2adebfb71b4c2c8133326f0d7a7
-
SHA256
416957bccc8dcb6858c12675882c08dcc90fc02f3e3b7c53d015c516868048fe
-
SHA512
6bc594e213420586af959d20590accd816088d1ba919a1437ae2297bfe5e374c996ccbb93e3008e195a5f471cea33f31853505ddb66e874b8db3c917bfb6e137
-
SSDEEP
48:g9tttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttv:b2
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002aec918cb9fa9248b7812ac80df2e74c00000000020000000000106600000001000020000000de8bd62a90d15332b9aa544b20e4c93bb4074f0f720c415356cb155cdfa94aac000000000e80000000020000200000002706dfa6db61f02ce99195ed86903a817ba86522f9141e697c832ab08296100a2000000020eea8571d958bd538af9c7b997685a9981222110604d58d42a6a71d3bca10f8400000008c337af19d4c0d90ebe7381c418772aa1d08a348f9fb8d9749b67ce6e7d33cf14185f78c3dd556899e6c246368378174b9b805775ca57d5c40571b924995054b iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426682262" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 4084599fe9d1da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C8D05291-3DDC-11EF-86A3-DA2B18D38280} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002aec918cb9fa9248b7812ac80df2e74c000000000200000000001066000000010000200000009d3c8539345b826ba6f9bde3f7ca005636ac0f0b2e6cd2e454fc864fc7f2ca1f000000000e8000000002000020000000a54cfb29647980faa344b84b9a2f150f43c7002126108e152887d0c9aff1c6eb90000000abcaa82f86074b2e52ffbbb638c50f87bfc25836a25fe62c4bcb68a165752e070377751f8f9293634169c80381e3ab266a979bee80ec3f4abc3b7a8a1469e3067f69b81c98c3220d4b1c44b1be3e76325f72a9e088cb623a7395950e9701c6d012292c9051fd3651dcf7d15137045e311cd801a4722fcda3342d8ee567b91832e6f128dbc6fcf623a84721eac59f4b734000000029417c3fef8c92835fc4c03dae0bd19c32227f74995523203b8ec446dfe90c0311f2598726d60d8f6fd35be9e40637b6aadf7b9584547b7b76b0a9fbb3b2d149 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2408 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2408 iexplore.exe 2408 iexplore.exe 2384 IEXPLORE.EXE 2384 IEXPLORE.EXE 2384 IEXPLORE.EXE 2384 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2408 wrote to memory of 2384 2408 iexplore.exe 30 PID 2408 wrote to memory of 2384 2408 iexplore.exe 30 PID 2408 wrote to memory of 2384 2408 iexplore.exe 30 PID 2408 wrote to memory of 2384 2408 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2f3aed7a3f84867f16deac94b66058e3_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2408 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2408 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2384
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD54ab39b7401d659c618b19f6d827c56ad
SHA128cc8c889329cec005f3f51589798e525e66a96a
SHA256182dcbca9bbe1a2a73ca2f3ca772c887cb536a0e5f46463eb0c0fb1a73b43360
SHA512aaa72a1c81e9458f37f7b56d8dbb7d2f9116db452c5927edda7d2802291680fb585470dd519c1e6cda95836b28daa9a9596e91516bf439e7a6ee40e33876de2a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD54db32d8e2f3de0a334bac0d59c7c9994
SHA1051b005a89b06b5db65ad1cc9cb21c6d745d0458
SHA2564a4c88b65335fceed351898667f21169d0e162edc58c55b4378af3a2e8741f75
SHA512fb89029dd1345d13f162565e36ea2bd34691affcf39c3c2b120d205529561216472d8553e1171a642317596af9533f5e05e38f181dd7ab8f8ada341111bd3170
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD557d85d3793b906c0206f2234a823f554
SHA1122a85309146801479c45c5452683570280bc49a
SHA2566ab8aa47f4b7e5e1452a85133afbab951089088e7b72ed8ca8c9257e46694af6
SHA512bf00f4f2310afe6a7b906f6cfbcc548589e838e2d6ed20dc1b5c50715e7456545eafb77b4b5fc2af5c26aadde9ab515066d87a506754f93f6b7820b62da7516e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5c6ff9f832a5942db3f335e0de0be7955
SHA11f7ceab2e0f56861006e5a6ba0351dff3865421f
SHA2565622b86958b6bc2477c2e81e18ada46c9fb43c7ddb05920fa0fa9f3c92ee48cd
SHA51254b92de8ecbb97bc79f09c519eeb83e93235319f436301d838afc5733f50c8aedd84d41c737cbdfd3c02be5e8af79a9a1a8e3518a9f89b4ec6642a18637b6053
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD53635457b312fd685d6087d28984f2da3
SHA18176cca53fe5195d2eef4ecdfaa2df1739553178
SHA256328fd82fc4500431a12e57d90f8f71d533417c2b8733539ef50c3db0e09573f6
SHA51289968165bc8d5cc7b868c790694073233d9572d56a247e806c80edac1929038db63be94b91f6b31bedbb68237cc5099fa79842dc01428febc51c740b94695140
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5a6d9722fe13371ed086b16efe92f8b76
SHA1005acc6eef22951692f4344eef8232e9136ccf85
SHA256bffb439a6fc58b57714da63b028924f4bfb0deca352f6c314d95170221660bdc
SHA512824ca7e68e92fb75251d1e3a0df0d8025bc8ee59490149e831a54889ede86212930d32040666055eb41850ea7ee7fa2a25b1246f55633ddb11ec88630ce27f7c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5b01b995fec5eb3236110cac4881812c1
SHA1494cc880aaa919bc99c7b3cb6fd610e5cd4b135c
SHA25650e94f114a4a83eeddf2734a3f10be26b9eeda99c509aca8f60e864d74d5f12e
SHA5127c1318fb86cbff286acfcb1a0a6b3245591a640a8b2ff31fcae333d263a5a845c675d8763eeebe5bb14f654378849c1d8ff02fb9d6171873102b7eed78ae4d77
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5c3c274864eb0415af578df9ee4012173
SHA1232e432a0c3dfaf3439b42df9db666e1ed5458b8
SHA25699f1cf0eac9b7b293227f05ec22aa86969d7260103354566c3ce7c3b9650f818
SHA512e4794196be15a33f1bd1fea95c419e173308d56393591c7d173a94b1f6d3bcf16e5fc6bb6fb00e1159eeb38e4aa7f56311d147fe6df86412672dd0025efc82df
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5db6676c5c05a7a99ea3a7680600bf4f2
SHA1d1f4410a6fb44052672eb5315e9ba79e3d0b2ab6
SHA2567471cc703c8955f6b1535e48433b8b55010e51017b2255ae403f9e746eabf0c4
SHA512c8fee1e57a1fcba8fb2b68d8d0b8ab9fc095a7a70c82aff3042b9e42c4c49f825e87da5802db37e57fbec1cbba955ac0ff36d6140df2f4babcf36149a8bec4fb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD54a8f5e12152d1518598f7aaef310f073
SHA1d7c3622a7f5d58aec76283d87f56463860f74bd9
SHA256f9a08971adf9ec749286434a3bf23152ce1bfada499f6c0fab725a4415f9fa5a
SHA51251a4aa2e21114aaf90a507480c9da84166bf226fa05fb5e8d4499afa2525a517ccc4dc52253e9b0a503793d52132635bb0c28047f135e15ab763b24270c5cf19
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD56ef670f67349b5bd7a9be364a5908def
SHA1304957e4f8aaf1b044f6d33cca00d2701758dd44
SHA256db1658611417f9d3f9cc10384098b80fe42996e25b92b584301dedf69c937604
SHA512f39026b82ef511e428a3e190b18174cccd677fd3bc1fc046180aebf22a0553c10c16df61666d3138b9dc36c997bf36e8c9629ce8b3258c64dab758bc7cc6a609
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5d22de8fbd6eed28f80332992c8bd0d9a
SHA16888d03cdaa9667f0a69459eaac56ca3e39b7d9a
SHA25696e9447071364144fe723b75602205bd3cd99da7f4bf219301c7381ff14e4b7d
SHA5129186142d6255a6ebf0a095dbf7aac640d3252c4b2f5ffdf4dd49c8be9afc82d582abbdcfd63f333aa7f1eeae9b57a4534ecab83c00f9688977020600d44394eb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5e84c5ad7aa3d9d942bf28d270d391745
SHA1744ada6507a61558e9dc19a7bb22190c3fc92c6d
SHA256f58d45d6c63709d6f4a75dd8ab5b5a9a764317e1473fd5bf152d1b9d5b421ddd
SHA5125ec838e947fb40497d679a154f807f6a8d745d8e08b140f6c20b8c1bdb646872401f28a37441c58da47394a7de9bfe8ded6a544aaac09c8b53e5fb886a61b942
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5a9c5658007f59c09d3c7bdb527f73d7f
SHA15c769fc7a02fb1b3b5f3491d005ab28c5a340c8f
SHA256658e582d69e0900a63063bb6223242ede1295d02c7ef58f36a805ce617894bd5
SHA512a5a44ea440a42f45ecfc06917c860d33d059c027f54fd971e9175f325a421f60158b58ef5791ce7e59314cacd3db3660ebd60fd1a87ab52ce38dcd694e5fde22
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD52d97a77c4aee3413872de906d6c1f00a
SHA1e5861aae4da178f9e1dc9cd7afef271a35e43529
SHA25632d64ab2565c8606178573bed340701cfe822a37b64a0f0db6acba9a86a50f11
SHA512db2df4a6d18ad40186eed79211b69dd2dcc38f7f8488d0afc2e3a5d1a75d4b6f8b754d95b47843f8a1da41b2b33d5b8efdd5510697daffc863e23e1e1f8f0536
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5d603a670017f11743a27ccf8902d6d20
SHA1bfeeba702594e39e16575b39fe170cafcc4ea6d6
SHA25699ca559593403bb1d317dec9b75706f2107a9e2636a1ab4f546373e6c74ef23a
SHA5127c3b01f73027082c503bac7ab857e32c50f4db038542847f0f90357f58c9b16f9fcdb4f269b5c2aa600e1dd98ca9aa3334f59ec402b382c82df5a996f66c443d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5e4421f8883dab595aa8129719a104d42
SHA1baceaa944d66c18f7b7706f2de243caeec24bb55
SHA2562a941122d1cf6f231202caaf994f1ef11a4244c3f3a4912438ca2309f729f773
SHA51248fbf7ec780b47904790480f56a040dc555077d1b344cf7ec80f80e9e8047baab70423cab6d94391df3d2156fd0d7a870486a01a1a923a247bf0710377a75fb0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5d9e0cb757d4519d8eacb21d8c40a053b
SHA11b995bf82426e2756294c27644d072cec26c3620
SHA2561ca749f3c382c141d20c4c7f93ddae2999a21fc21ad16b99c30df6810f1e1b35
SHA5124cc56225593a65727ebc4432fc096e0e92a77115d14fdca235579ad9ec3268de17ed529e01f05fed04c32f740fd1700608173ee026c986e9c65b84d1c63de361
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5f509d04d19c00f862b6a349e4a9253d8
SHA1dd4c3ff2ad1d7309d13f695c63a5cfe19a41cf46
SHA2567b3d51f6f32d200014aecf2e7a4dc5ef22ec069d60cafb1496ef50cc8ba79ece
SHA5126fbeed5daeda34e95d7af6b795123b1f8e4d10c7e41e44e51296c7b0fee5f2edc382ad5b6d7d476521bb67143f5418897d86c7c8cde9c53bb79258aa22f603e8
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b