Analysis
-
max time kernel
137s -
max time network
137s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
16-07-2024 02:23
Static task
static1
Behavioral task
behavioral1
Sample
4c6b73c22399139e6b2b44bbe51fe653_JaffaCakes118.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
4c6b73c22399139e6b2b44bbe51fe653_JaffaCakes118.html
Resource
win10v2004-20240709-en
General
-
Target
4c6b73c22399139e6b2b44bbe51fe653_JaffaCakes118.html
-
Size
53KB
-
MD5
4c6b73c22399139e6b2b44bbe51fe653
-
SHA1
a29cd43fe2bc5bfb30cdf288d86fb8c136b13772
-
SHA256
4058197204d2cf1b5a6ce685fd5ab77829b6bb72b1fa2d425edde9a84c62d4de
-
SHA512
277de0af2fa1b59bc3e1f7f68606777b55905610e3b49aca6bc1e070bc550757b043b405009c0e75fc27ef6c2412d114b6d212e8738bee1426fb226592d8d12f
-
SSDEEP
1536:CkgUiIakTqGivi+PyU1runlYF63Nj+q5VyvR0w2AzTICbbDo2/t9M/dNwIUTDmDW:CkgUiIakTqGivi+PyU1runlYF63Nj+q2
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427258471" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b700000000002000000000010660000000100002000000087cc433efb5073364f95627639de8bfd60215c913b95397830e38d7c5028c60b000000000e800000000200002000000070e361c6c0fa2365390341ab2ae9d57cefe27494cb89e09afec3d76f9404e5ac900000001f325a87c95239dfb235904c35368bf528711fc8ae26c39607a4fb041238ffdc466b72732a79d7651ecde8da232984b0ac00f49fb5733144bd8a89cac153b7b7c38a1e862cccc4fa6c98baea010bd9a1b16876525d67039b39c4f60c3da5641d8bdc4dc239315ba10eb19ef6b82ac797afc4d2d4d9ecad4749823411cbff900780d14ef505f5caa9d230f784153ef97040000000c1fe4ed3e26588e4d508b7357d8ec836abbe6f6bd68722e4b50e9c302423fb5feb12b621a15ee3d1aedcf0ec762f84d860b618f00f7d73fdeff7358dc073ef20 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b70000000000200000000001066000000010000200000007acd2a622dffe25438f9b2080d4d00730d299527af0c05f35b2ef8d2e81b750b000000000e8000000002000020000000ef030af2d8c0d65a5382a6359bf9b72bc82e671ef7d49fb91fc2406d7e1c9b7a200000009aa503d0aa7604d4e311c0a6647e13beddfece0f14ad6e698782b8e1f3fe30e9400000006b94bf7417c2af54e10baec2f0924c447f402d2eb12449c9eabf0928d4f9414818025bab0e5536a2480ce763b4ad030f0ee4e8c87e605a8cf594bd30080f9107 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0f7fa3427d7da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5ED060E1-431A-11EF-A533-F296DB73ED53} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2596 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2596 iexplore.exe 2596 iexplore.exe 2644 IEXPLORE.EXE 2644 IEXPLORE.EXE 2644 IEXPLORE.EXE 2644 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2596 wrote to memory of 2644 2596 iexplore.exe 30 PID 2596 wrote to memory of 2644 2596 iexplore.exe 30 PID 2596 wrote to memory of 2644 2596 iexplore.exe 30 PID 2596 wrote to memory of 2644 2596 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4c6b73c22399139e6b2b44bbe51fe653_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2596 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2596 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2644
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD522e8811894a3fcf042e30fd6e6ba9e5e
SHA1c40aa14d349db4fd29068b5b3f4c2da49db9838a
SHA2568b8e1b876be312c0115c1f91b03014a3f55f669373a647c93b22bd6a8acfb1cd
SHA5121ea231ab27d0b7af3a6f596a98bce4fc89cb4a91f3ca0a611f7e6531c75818e4b925669be49528f8f09d59b2fe83b25f0313a59e7fc88aa12d6543128539d333
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bb5830cd36871eb3123491b27beb14fa
SHA1dd0c64c7d7fb0d48e4fd5e0fbc4146115e6a9795
SHA256e982d1ef65a96d1b42679ba4015fe9ddfecec6013f997d47d5a379360caf98eb
SHA512ecc5b141fed32ca733debf8f181ddd08a281b58ff97568bf5904c415807dbc3befc425e5d6cb4d9976f11d6ebb67f4dea3273c6a1e85910c8d177994c83e8efb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ed0c2311c4b5c1fb8a0e836fc6c99198
SHA1e2cf6679575b5125a8229943836ae2478620c72b
SHA25696f4541c248463a534b521cc1deb879d557b969e2423ef99d414bd6b7e517bf3
SHA5121b41e0cb60cc0f11e4233b1eacf0bd11a5866763493fec76b1203134c41a29bad40179e1682d39a13a69968092b9342b1154420a4213c49b835f3eac37fb2303
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ab62be1d3b664bced81b1541be50860b
SHA12c316612b68ae89c2b23c87e8a22aa6258e63d5d
SHA256a57fdc64c41ecd6715513679bd7cdfa0c853be6b4ff8a1645c49c07cdb520e8a
SHA51208c88e6286b674ef0bada229133e85ae1a17c1cdf7a76029f9605bd616f4d5b40f929a6561cbacf0e92c9ed6ba300a76cea77b5da0a58636555fb7ec9f59f72e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5058d54d66fe52e673e10af610e01e553
SHA154a38e70327061fd973ba8d42fc2e5c26ac8add9
SHA256020e312d5dafb66ba0a126c68ae715bfa9ec645b4be30f42a8893a20294da1d4
SHA51273572fadf8eb77db85ddd4c343230cd8aea66e59cc42a0e9b6a8777607e5da4dffb040bb9fb2de17217c4d5793ad9d56d612b189b8c7edf729ef6414d2e64bcd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52bdbed8cfa14b8651bde56159400ae92
SHA1130bdf2fcb8e3fa40afbca4f89260fd7ca5a6415
SHA256f3bc068310e1e12cc41cfcdde3fcb3579940557e038d33dc2e7de0417a8d57a4
SHA512c80878a565a65d28c732e6ad88d31a86466938fd5552f39bf7d1b7a3496e73cf996dd4e18c3773ddbaad20e544149abbfb095c450f048741f35a7db6b5e9a293
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD596d4504b7263302bee7305f11885ae6f
SHA162c5be4b426e2e0b5404e7ec70a45b29b7fe160e
SHA25674acf2dbea596f544873271745603eee45f0c9a8b201d5ff6c4fb9eaa98f24b1
SHA5125e9bf18ad2049ec48d5770c7601254e05e3ae5a23364673f196d3794e163e3609775d7dc8fdeb861a16df6e942de1d7acbc9920d55af52342aaa0b92dfcc39c3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD567470d6128916460e991a50dd46ffd14
SHA14eaabd9afb4ffbb026ac880ac6db8680ba5fd27d
SHA2569a4836a0e0b58dfa9e023ead0a4eedfe6ae407d32ebc108aeef41fba41c844f9
SHA512f4d1405e0bba19741a3dbed85c03d049a4b41922a406c4d7ca2c0ec549e5c61b580e7c5b447f1fe9fbd5dd3b99ce8a3f3a5d6309d7be0813148b5cd4c3563bb0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5876999c5398825525869557b975da4d4
SHA1eee075e770a9c2bf75914e70c345a44fc42c5429
SHA2568548b48cb46aabdbe4feb9550177c2a7bf72aa5ebc12742047149e783ca3e139
SHA512e2ac1668e10bcccc7ac1023e4cf6d8037cd72f9adb3931f20b05bbe8d22c99b26958f9be1c4f33bf24e963c52452d4b56b20a6c5a891ced89840282783f5d79b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5353b08c688d8c00a93e4cdde0d4f2c47
SHA1681a36fa0d3720231e7dba6b47e8fe9229605cb5
SHA25601e9452403509d6718d1e6c860e16f7c8377082aefa007538f4c830c3da85c4b
SHA512264b6f2d2945829370dc898af7f7933267c89dde9be4d086900ba4feb1bbfaa1e5d452c81930780b050b5096772a0ef2a1a395ae337424576f4650b6d734ce44
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bb1dcba913b3dcf9cd75981c42d7c487
SHA161d8845ea6ce6e14f6acc0aad49893113232cc68
SHA256ac57dc3f2b86c650f6ed0cd51b69a0549babc91b353f65602bc048cdec64c4a0
SHA51296e904e70ffcff855d93dab05e66ac41e1ee1fc995d38263011a93f59ed814e351afc6fb3f33ee0356df49103d826b79a61c859567fc2d9a686dc76966d06e54
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52ac6fffa582b2d329979520915e28629
SHA1999c68edc603abbc2ea9ccd597bf09516de8d390
SHA256622a115ed7609131e7db63ed0782fb7f474604666321fdc0fa7290c386b924f6
SHA512680e25fd044f8c79fa734a8a84c813e9bde3ce4e1e67f30c23b74446da2c28b2ca2e7e1f88f9388a94bf89df41c2348ef653c5206ad365bcde4b1ee380c137bd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD574bd33c5768035f093b0f705bff32de0
SHA1942bb4dcba87d4c683d2a0c54d565a3521a63a4c
SHA256b081c60462de8edac9c9c56ce4b924e2a541640158aed128501b405f99d9ea16
SHA512857e4cebaea6231e2f9335ebc636b970101169572a296de8172ca9dd1257720267ee7df8e50aaf081fcf1b001446e00a708dbbb089656cea6eed0f85e079bd80
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ec71388ae297c94ecdd34c645e461be6
SHA1a4b5fe3b7317185ef9728fc192ef5a39b1e1acd2
SHA2560cdd2351851fde6c361fabcd6525ff5391de7241dc38f05eb0a2f0fa62698c4d
SHA512a8b3de15447425d0c4ae814c080fc3d67562b385d7e653e9c952eaa765887ec31a15950b96a4e19963017cde542e06ab944877ad43423fd9347f73c9887340b1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dd8cc5cc0b9c4f997661c2011079b6b1
SHA169c7a0dc50905169e0d537ab143d0649cfa1b513
SHA256b1606a190f027a9a23f283e43f21988773840e4f1ce106981c00a53a368d3315
SHA512a5b4dcceb3eb2a0eda9523cca415f6bc6ed8b19cf65672a81bd1792597deaa84ba6be6d59e83f65e34254d355d1651882af1244b918d70e23ae620dc9de1ed17
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58c5d5daacd7356c0d9b12fe58eac56b2
SHA12953577bf2e7596a88c9e40aee7ee9d0499a06d3
SHA256a20c1aa9d6674b84fb0139856e2b1ea95c453d58c64876de31c42131734d9912
SHA5127091b40f87b86066d33dc8f9f42fe614c1d77a4772c7b76030a273d5074440d14c22c406e4f8a511f4fd37d518319d1e223c84f4f5ff6eed3b971f4ac665d4fb
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NFAY0EOS\style[1].htm
Filesize706B
MD567f3a5933c17b3ab044826d3927d0ba9
SHA15957076d09bacaa6db8ddc832b4fd87ed8f05f8a
SHA25697e800f4836b7030dd58fe6296294b7ff5ef1b5eb0e88353f230ea1608d2bb64
SHA51203ba224055ffdbf32b7eea30c764dc18d66cc6d8707dc5fafab74e155b0bb3d4d691c5788b033a68f05299547297125122778fa7e3252f93e7343d918936643e
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b