Analysis
-
max time kernel
122s -
max time network
136s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
14/07/2024, 06:02
Static task
static1
Behavioral task
behavioral1
Sample
449ba29a8c0b21e8426d454e343095ad_JaffaCakes118.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
449ba29a8c0b21e8426d454e343095ad_JaffaCakes118.html
Resource
win10v2004-20240709-en
General
-
Target
449ba29a8c0b21e8426d454e343095ad_JaffaCakes118.html
-
Size
1KB
-
MD5
449ba29a8c0b21e8426d454e343095ad
-
SHA1
b888d84ae102d349e815d59642640f6add41c4b9
-
SHA256
c8295a90177827d8c8d834595f2adaa12a8566bc8b8fdb37b88b4abfb5456f55
-
SHA512
83bf6b27588caead3eaa72020d42788587ffacaf4c4cb3432375b859a9dd65e670a0b5fdbe54358f9a92e10d9980fca565bed62cb09ee4ee695012e141d3cdca
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40b4b487b3d5da01 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b70000000000200000000001066000000010000200000007838a9c83c0340ffc165c2bb0f8fbda8c9f2dd7b8b65dc3cdc62d61676c3daad000000000e8000000002000020000000ea116c7d22edd30cf42bb801fd41d864edc17f6666a437dea5f24422dc8eb0cf90000000756a6b819d12a0e8df10c33f4cad1e2c7c44498390df8aec157600c9c9a5f59c931b2e3147c26f0e478b47f6ef95a2894e78dafc30aab6cf990f0896aef3d026f6308ddd06bb330901e35fe03a7b508a8dc492921e702a8e876af60a2ad1968c0a4d4190ef0784d7d3e65762809e67cb4d22caba6441f26aad3d32b9e5dc4e8c1955c8e6820da9e9ed0934c914547900400000008c56f2f568ec755d8b6f4dbd88378c97090265b432956e6cec47c836d4d8493420d0f9eb684093e441d1e5b5702d315638da02197812c3060f18c8c910549808 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000c3bd440d4d2c9fade61da6f52085a80f65cb8bda8c107a677007e63b8b122a1a000000000e8000000002000020000000a2c19342523a7869a4689f1add7682922c08f2c21de437e39191c8b373a84a9920000000a449c653b04ce870f5e45a508f7ca33ab02f4ce0816fb702e76807c1219ca16c40000000935d48defdad88c4aa9ab528919f794f99b8ac012e52b6c4763b5904e8454196620a971eccfdf315193b8b828f3b97e8d5e2de02c5b18d3a2aa54594ae739885 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B22098C1-41A6-11EF-8D34-5A77BF4D32F0} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427098839" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2816 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2816 iexplore.exe 2816 iexplore.exe 2708 IEXPLORE.EXE 2708 IEXPLORE.EXE 2708 IEXPLORE.EXE 2708 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2816 wrote to memory of 2708 2816 iexplore.exe 30 PID 2816 wrote to memory of 2708 2816 iexplore.exe 30 PID 2816 wrote to memory of 2708 2816 iexplore.exe 30 PID 2816 wrote to memory of 2708 2816 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\449ba29a8c0b21e8426d454e343095ad_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2816 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2816 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2708
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54d3b6e971649a748a99267d43e21d06f
SHA1078b59164ec9b958b41ba3356f89f86f978f2183
SHA256aae9a26019070d04ac81963e290b15ea7d97e3dccdaf1683b1c8b38af72e1a7b
SHA5127f71e344f556482d474bad38e873000f846f27dace40ee65dc168ed9cff49977f034e713d44644c8cfca503b7f2d34fb83e5859d71899c157f7d8cd50875fa08
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bae1bf8f58a638743c29d79cd108f677
SHA19d10bed2d6c909dfc6402a8d756d241f5e6bc150
SHA25694ceb3ee18b1da22c1563c196a5db962a802ac8070800be501bb607751d01c2b
SHA5123e45d050efeb70a01c10a8e6dbe3d79c40c4d20be6ce643f7ee998c6c9afe767863b43baed3020912fc4a2c530344de56295898e49c65c0bd6a5a4527bba57a4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c6ac1d0b755a0fc97d1d484f9aad1919
SHA189dbbb88e4d2e1c6afc349704717289d81011dd8
SHA25619b9227dbab978413fb431ed2ba89e307c6849cd51ef51f7c86bcbcc40fc7d9b
SHA512095052c4401545b0d3f6c60f1503d568f670e7c9dceb0a2bd4bfca6fff844d6b42f0f4ac556715cdf4e8adfee8d8361ce1c888386cafe4944a8200df4ca2f518
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58551eb4478df221036eabb4704cdf1c6
SHA1dc5635bbc9614afe07f3a3f36ed12565fdb98151
SHA2567bee28ce3511ba99f423da0602af36b143f1c8850462aefe66ca052e91156dd3
SHA512c047c371a0db43782547289049d1ccbb05356f6f14034c793c1ec943fb196e144e03f6dde2859c82b236c5755f172e7809971f9f13550c3e1decdb86e91221e7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54af2f95887adf74b0b670829de9766a8
SHA1e2c6190ee419c5ef4d52400383f67a45a1f54c69
SHA256fb3c7a877251ece388c1a338f8e77c5bf491ecb5d9183cc5d444469a7bc0cedd
SHA512fa094222c0f43d5f3ef90f23f72ef12310f3c95ee1026bf7ed11f1ca3abc6b38cd45c201abd6e990cebb5dff0e49da169e83e4df97680836b2aa200aac8cd184
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a42d0422e7935b71e909459e087fd7dd
SHA15165ab3f417c5ce7eff2739cf378d34cb4f7b641
SHA256a036933ca3cb63e56524f7835756cbfcfa4d5be2dcc06de216803af803f902ba
SHA512bd09331e3dfc10f6221db60ecf2e5b0f1a3ea3e19b60569da2841ee9b7ed7e67ab7513ce79911ab037ac3b00abb847bfbe4cf1a88032ad4c67040ac70f6937cd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ce76f2f442846e37391b880fe3cf6441
SHA11f077153dd90bf31b4b60a8c56c1496b78228d7a
SHA2564dd0f9833ac6b1bd973e61c9129f8411e8c4f28aeb5da7afabcc1a0d7e78dc37
SHA512b445c56d7598ecd20e8bfcc12ec226a534ea75cdbdbd2d9ff873b12d11666494499d33de8ed42d4b525a1a122db031f431fcb93ecf730449b62b631a5815f2f0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f9df501d30568007e61cd9c202f0277d
SHA17383a8873716c6aa756177b740d9d5769320620c
SHA25649659e4a75a3e744cc93dc434fcf76262ba1762e530f0eeabb8ac02ce5cabe10
SHA512ae5bdb7d61f585d0d50786a1c9c9becec4e5f57242f1f25103c36bec5076102cae0405ed6b2691e1274b8ae4ca680096c0dcdd92fb234bde2e0b81033a61906a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fc3ab9bbde1d6a47b3df7aa360979b42
SHA1884de80ce7d56d3a2674208eb249407cb142c50c
SHA256138a815c454d5248ffd46ae907462aa31a63eeb9ddaf9d639e0e6cfdbd995a64
SHA51244b05e2d6b697c8cf61673df78c8edaea9b95d13c1ae6a0fe131f2a4166556eeb7117d58fbc1a6f07ec671703b30cb0a88f6e6875ddd31757d998185d42a7a4b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53eed4708bd157e56a12095a53e40f5d5
SHA15e161212efc78234197cc43e7632f65c9cf42d1c
SHA2569051b07c566d79b46aeb4d8b633c6b527fa73489ca08a1d85893fcd8fcfa6691
SHA512d7c819a6842c1e9585bbbaa9d84ec1c5cb105c223f3ef245d0b9c95f539c9e8f85e963036e7a1b46b3f074af1eefa02f1cf0ff54fb184b991f3ae0255a8e8fac
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58467d84088a0fe5e4f357b194f1c71b5
SHA1af3e29b9d3a949b2b27a44aa43f885dd4e5eead5
SHA2564bfabd767b6bdb1befd105615aa66341f7ef23b634f87e79164658db4cdf58f4
SHA51217ef687c3d2fe0f15782ac42a49779adccb1bb2dff03ad708294f4e4e6f912219738371a1533187dd46114a9fa439adea01428682a83276301cfbc29deddae28
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56d92194721b0041979803fb54e6d9c6e
SHA1cf3af59f20a79222046b09c255cfe7a496c8ad6e
SHA25650ade9e2fac989379c3db4bc9a8d84d4a1a0996b78ec290621cd3d5ad8b376e9
SHA51244ca52f708879b64512b70a2a459608a4959458a88391b1b9f531c607f6270b53c0ec38559219616cb36f50808f76e61b95f23dbc529bd4bdd31718901302a9a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b0e8b17041ed8c455d4876fb863e3534
SHA1a0defb1d2751a4cfe228cd1c78057d9792829416
SHA256d879067c4d7fcd994174581cd655acd0f5f20d785f08a907d204023c688b1315
SHA51268d5beab2a270123624605ea7e6cc23efb953d99c15ab856a68b52267334d952637493c7cd24cdbf025d71a0a83c4cbce763087953aca637197396939d165dc4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD516dadbd7131180583786e5038aa1d21b
SHA17d970141e244a819ecae1c635fa89724653775be
SHA2562809b7c5c2278a00d8b35cdb31a52980e375470fdb50d16a340ee182cfed2279
SHA512ca353992b6a14fe13cc8b8bbd83cc59fa03015def0cd8720304ac0b93305d89e0733ebb1e8c6aca85d9f1f0baae7823cd1cf3deaf0efd3460e9b65743ba4b69f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5eb2a35f6d4dfd78f05af8a47d1efd4ab
SHA10bdc56fe7148eafe89a4f8e057e5ecaecac0ed60
SHA256c43fd8b58b0934ff9f0e4f109e934fe20a0b7d6ebd3a9cadd79a0da722b10ea6
SHA51274b23825a97e7abcd7e6a8ed3c185dda7f4263ebc3a469959fa48d4e0dea82bb3da1020ff49a5b868cb072cf23550e65542957944531c556baa563e799ed01b6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5525e2dd170b743bfbfe6116ec8c234fc
SHA10935de4d120b900707044dd6b3eac60e454d85be
SHA256d1b4a59d3b4987c4f819abb0a4bacb35fe37f5f7fa9861855724c21eb04dbe94
SHA512061117795299efccb65b8f8206beedac7bee0b38411471c112be612412acc2c4e2b288f5d7e5b0a1e071e49bfa4724548c86ce545337e1d2550f04270d332f0d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54d9905c9beedc8e85ec5467a7d89108a
SHA1f6840c490c33e683716f0d6a8fd3498752ea9abe
SHA256335063b5a624bf57ad1f6c73469dd807e1020590375c83f426a71fd74b480d80
SHA5126dd6a8f1463501d2717cc397ced2b43bbfe14ef252c8c1b18c1c40bc2bb851e5bc2b5821927083a4c1f9f24900654cdf4f9304b4ee6258b1785f9f4bd1d8836e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ed86f2efa97c2ac703fcbe25047b3402
SHA1652108d7448702d31422dd73ca47bb699ce1d2a3
SHA256281cde835ab0b86f0f9fe9e01af4dd4e498943ff2c16ea224e2ccd6df43d8f6b
SHA5120d1880b272d36c13dca7efeb6ee6f76adb163abe56f3ea4cd91a43d42447d924c17b28e23ca124e5d88efd94f050f42c3979c5a0dd798d057343dba2add1c5fd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53b66a34bfdfb00cead1f6ee39816e225
SHA1715fd04ee2a36e175d83b8abcc3889b254550895
SHA256903d367e4a093192d052194fc12e0fd14f0ac0c65d4c35e6c67dfc6ee4754690
SHA51296b002baf2ceafe2071663954ad2e9ce386fcdb204e18d08d3a9af6466974556081f80566c741b89d01c7a9eaa56a8ebdf87e11259e81387942676a36d1c8677
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b