Analysis
-
max time kernel
134s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
22-07-2024 09:24
Static task
static1
Behavioral task
behavioral1
Sample
62aea186ab34e00c6ddde50b219ec7da_JaffaCakes118.html
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
62aea186ab34e00c6ddde50b219ec7da_JaffaCakes118.html
Resource
win10v2004-20240709-en
General
-
Target
62aea186ab34e00c6ddde50b219ec7da_JaffaCakes118.html
-
Size
6KB
-
MD5
62aea186ab34e00c6ddde50b219ec7da
-
SHA1
3bfea2e671647db82f9706db0f6092dc0341cd3d
-
SHA256
22e4b2ebcd97a57a8ce9a63aac595b04863e6f3c0146b1701f5281e00af821ea
-
SHA512
022a8d286823960de29a4cf2f6a479c6fa9dbe5c1ca762c0a3c3eaa5c613084fb49909a5a10c8c8b1c0aa56a6e46ce74f2f06decd214133ebede40372ada8e28
-
SSDEEP
96:uzVs+ux7EA0LLY1k9o84d12ef7CSTUayB/6/NcEZ7ru7f:csz7j0AYS/Cd4Nb76f
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f00000000020000000000106600000001000020000000e76c7996de4415379e5dac93052fc4602538071fee14cf5a031332aaf289d5df000000000e80000000020000200000005dd399dde4d6b6490712e4d3d24243141843f0516276dd07dd3a0b7f2a83390820000000c812427183dc3005bcd4967fc9677667bf0dd2dfca752fd940d8657ec19647e64000000062783fcb3cc19de0c70abe3619a0df847c482abc30d56b27a2a1d0a2d277e98fc46e4f705be515546baecff6f79f95f3fbf5909f97042c2b9d40eafb4af53ad9 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427802170" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6030013319dcda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f0000000002000000000010660000000100002000000064bec2a46069f00933db79313db5b085f8a59ffa5768542c88713bbf7d417918000000000e80000000020000200000005ea06f05533e6acdee7186d50dc49431863137fc5eb781db4e490b986de4c9609000000016e52ee3bcbdbba92b2f6722c117092ccbedd0e77fbba45eb2733d4955fc1f0590ea3f00fd17f3ee728b7737ec7a74e9e9a282fec1b1466baa553db9c14d1dfd458d0231723d44519c33fd9308bad358e8f1e117be464feb3258ab0dcad386e4d4081b3d965ab762ae30528da2eed3db9d6f1ad22cbca92ddcb668ff7fe2cdc6fc295540de4c9be191adbe9075f6476340000000aee37eeeec72e7172432a8a556e1ad7f06c62c31cb3c3cc0bc9265c8b67b8af88714449ba88e7c0c9c75d9fabbe79d201f937871c869cba1b55ceebb735f55bb iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{457825A1-480C-11EF-B7ED-52723B22090D} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2704 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2704 iexplore.exe 2704 iexplore.exe 3016 IEXPLORE.EXE 3016 IEXPLORE.EXE 3016 IEXPLORE.EXE 3016 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2704 wrote to memory of 3016 2704 iexplore.exe 31 PID 2704 wrote to memory of 3016 2704 iexplore.exe 31 PID 2704 wrote to memory of 3016 2704 iexplore.exe 31 PID 2704 wrote to memory of 3016 2704 iexplore.exe 31
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\62aea186ab34e00c6ddde50b219ec7da_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2704 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2704 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3016
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD589c9ac1eb2cffc23208fa9533ca66afd
SHA12aafa473a24a86a7a6bbdf98a3dfce239027d7e7
SHA2565292961518771809f103bbd460ffa416084f2c402e087d9e6c0e6f9ef1ea90e8
SHA51207a366f8fd0cff501c1ac7053d9cbeca3d720a86170cbbf16a0d88c03fa342117a5fdb67870ea44d6ebbc717eba519fb72004f01437fc35ac935aff70f9dd671
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59e75f5a7282f291786b3f9a5bea3bcaa
SHA11d766e8c01b434797bf90bf400527019e5353c3a
SHA2568125058cdd53d2bd64f885791a4e375d8e2e0400ef0d5e2d855a7fe0aee9fc94
SHA512751387a5fdbc4cb3b431a4091fc729850363148e2f703f803a9117d5de20da82f87388b29fc6fc0de702b704d86fa336e7893a5e0fec67869a5cd7d45baa80d0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD587136c24fab424ee5531fa730d94ccc9
SHA1a092b320a868494239cb70159301b13f28a4bc19
SHA2561828b0f17aa4c0df528cdf77768cfaff983fd22d7909405b538a7da9d672c677
SHA512e8c8784b82a87050bf9552b666b8372bd6bd12d3498494831dd54b8abc27a21e85742322c0c6c4c3ca7e50074190fd7d06efb5c7608d865561ecf443f7ef88f7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5326ead2c0e853d312eb06d1cf1aaea0a
SHA1cd75cddcb248a65fc245acc2af30ba1c118ffad5
SHA256b9b12ee34223d0c20b7ebfbe2dd7f8a663f7b4753b57866b4cd67c5ef778f040
SHA5126cf957e84182df8d7e6d60d122ed2e2aa1708ad20faf610bba5ed3de0380ceb09db7a83801771ae1efbc91417fe6628b8b2ac8482a12a3291d14da4a10f749f5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59a48ad0ac36b0d9b714a5111748b953a
SHA17db966b5f1d44644094c0966ced3469b0e54bd0b
SHA256ff34cf6837112e762ca9a18fc1436b31d1c226ad01a2e7ec84f7b273666bff9e
SHA5122e9108208dce6fa58218ac483085cb7c00262bfa0702bfda0c25bcfdcf3ace1878622c0eae36f370cd67e0372bea66e3336d605df089f74263ff9f54c14ada02
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57e8ee46af2ffe6f8942c5ce62b4640bc
SHA15beeef916a658859535a98cb06ce53123b4263db
SHA256ec2a8890f4f94e96620cbffb7420b9a63611c3cfd42a6474f8a37065d920664f
SHA512ebdcbdd3900c2979977dcba41adbe39c19b1ed4553f036f42b797058763edebd35b4a5f8cade57c28019b45af80831715c374272f82f5c00e88b5b90c5a8504e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD596e0ed4ce6dae2f1ba987cc56c53b330
SHA105c33b34aa4b01b7ad558b3d44ad91b97a4ba2ce
SHA2563e96449a67e03a255bc915540d98a138ec44f9b41005e2f882df4acac3a5269e
SHA5124059d1ebc2d29c8f97fb5ffb8cc5a02731d3114f5760f2cb3023172735cf201b22e7394fe918a81b5525765579840a618982ba59c340b8e2ff7cfe4a422c13a8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58ce847f807d7ce238004cad5b7ce3c4b
SHA14730d127f95f05a57e6aa946bedc5824b0a71e6e
SHA25641b8ee373286407bbce813c1111f7916a336472fd313f730e5ef266c46a146d2
SHA512f0f3a65f1fb8dffe7b96f95208be55adcdcf1f0722a3b83b0e9d761a810957fd1c21906d3cb2fb32808316b2a0151cb7bc10c8e7401a31715219bb99afa58a18
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50b085f97fe197f78124f782c62f08952
SHA1098b7458505f40c7e1efe36a6f4f267d396eab33
SHA25693ce323b0f8c7e5aee65285cac16ea44d9a1efe252c87ad794eb7e788cdd4d37
SHA5120aa515d9dc29972709d0b8e60c6ae19c8e9b2a9350cd9349f18f7579c00513582c15dbb90ba3e46ffe5eee379f80cdfdbd044f0ad7492ceed620f18775e8de4e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5876ce3c35f50902e9f4306042dfb967b
SHA1ec32ea9b26553727cd04d645a97c20d6d222ba63
SHA256055a632344c11383a6e8ede0e3da8337db306f89641ca1d9a6305369a7008e6a
SHA512d3569bae5d44429983dbd747356e87ebb2d9daba37f97196119872c2c2f409425293abd66bbac4002691829f0b3aadccdf6c11a11369a0820b56120335b69370
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52a32e88ecd1ebf53a548618c8269bd4e
SHA1f386324ca6ab3a380e463db6fa4193631c87b84e
SHA256452025837767ab4b7591406222a24f88f6f9469f86ba8055c0b0827f01d7ee1a
SHA512c84cd5c4dd4548d2b42ccfa8152f001e2409a64bb829bdb1d916a7dc953b0966bb3b4a68659fc14191d3a0238e3202262a536b24c1481f67a1523ded6b2ed678
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD553bb695a775b22de029187d9d353dba1
SHA1c32cec0fabe3470df818c8cbdfe659be890f9176
SHA256bdb787358d0b591b612e11786953b35163308f5ea8822892c2304fefe81934e0
SHA5124c82133a57344bf21538efef4fa910f02460678f078064ad187e6331219572e52316d3c178592b51ad9cccc1355a9c4711cfed7edf868193ff254fbd1901f845
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD570e76a4a66929d91881de452993f87aa
SHA17856b3201983c027c2258104ff5482634ce0fe61
SHA2569546e3295a30844270a0eb8e4c82a6a73931e0210385f5c351a0e24bb5402382
SHA5125b40c136aac617609302358ebc8be76aebcdca92110406e3ee8b20b9a19982ae35f4309f0a716de02cc582bcf46ffdd0c15fbb8307e0dd84265cfd5794c2ca52
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51aeb0847b340eac2f9f2b9744ff5524c
SHA1e9131ef76458c994c49001ee18dbe3c75d4d19c7
SHA256a5b772d44552d7e73388b9377f09c249a596052096edb988d0625b2cf3211ab3
SHA512b03c1eaf0b53529de5b45273a27211562723cc92ce047a02070eef683dba81c3bab9870df1a6a4d1d1a295014e89d3776e7f43b1d5ce9987d7386107a9e877d7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD502867eb48bd7466ad57c2c20958887f1
SHA19e804ff99d0d3babc34be4c77e1f6a60ef3e9733
SHA2563b916e35e0fa3a74044dbb5ad8fcad730aa6576cd24667263bb79a2816dd99dd
SHA5122350109cb6a0b628205c3a716df2df9841991abcbf319262575ce0c498de1f74f70d55dc87c68c57573639c3d57f244432279167bfe40a2965e15258797b8047
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57da6177bd170de5d5d5b09af51755700
SHA12a5fce696f3b55b19f79d1bd9a5ff77cfce7817e
SHA256635b13b3ef52f8bd1d38b4b06a39d6ca365bdc5ab13d38436aff48f2d2a9970e
SHA512718a3a5144536966b0c95b33ef88a4df00e868304eb7fe8a30a0c620b99fe367f0d764f2f67d8ec66a8770782aea8bae338624ec87fb7a7273e93dd8b5969083
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50c28f73f324a6d3ada0dc8df9e274b92
SHA1590494ef9319db84947dd887d73b679b621e03c0
SHA2565e3121f63f84266d08ab680e9ce7240cf9e2717721a9933f67bb89a8c74b8d3b
SHA51224bf489f931ccea27178c27e5de291b3dd1d06d0bfc17bf833645c9be4559e04bd60ca57007f776640a96518869ec668eff29b64f41583364110da9813a21ec5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50074557906b65a6de477a8011c57463c
SHA1e41526de5459811b6360fdfecbc873d137d1e37e
SHA256c1df06c5c90df42ba200303487b1f360447a0f1b1ece65db7a89909587f9cd64
SHA512542b2c92ed451324251665861816fc95943824076793d150598de32ea9effe45dc76a98546010e5597803de3ad18e7e8a4785fd5db8765ec95d39065e580a715
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b