Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
08-05-2024 10:19
Static task
static1
Behavioral task
behavioral1
Sample
24641f7b85576a269449ce1e6a443b57_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
24641f7b85576a269449ce1e6a443b57_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
24641f7b85576a269449ce1e6a443b57_JaffaCakes118.html
-
Size
19KB
-
MD5
24641f7b85576a269449ce1e6a443b57
-
SHA1
fbe4389e0f445f7c98b27011f5c80a966b70e14b
-
SHA256
f95956ec215e69052cbdbe2d45c9985b7f426023f89c22d9a00a1528da0f8949
-
SHA512
6a68176fe08555a58c886c91ddb5e2cf8bbe4c1f21c084c26de3c88033a36e62ac1aaedeaeddcf67167a44bf0883deea55521be6931b5ab6a38fee87069d2504
-
SSDEEP
192:SIM3t0I5fo9cOQivXQWxZxdkVSoAI64OzUnjBhWY82qDB8:SIMd0I5nO9HhsvWrxDB8
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421325445" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7914E151-0D24-11EF-A41C-62A1B34EBED1} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2084 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2084 iexplore.exe 2084 iexplore.exe 2052 IEXPLORE.EXE 2052 IEXPLORE.EXE 2052 IEXPLORE.EXE 2052 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2084 wrote to memory of 2052 2084 iexplore.exe 28 PID 2084 wrote to memory of 2052 2084 iexplore.exe 28 PID 2084 wrote to memory of 2052 2084 iexplore.exe 28 PID 2084 wrote to memory of 2052 2084 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\24641f7b85576a269449ce1e6a443b57_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2084 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2084 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2052
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ce0fb46dbc6284b7839551eb5cfec049
SHA173d303de9fafe4818376ed534512a4180cf03f7b
SHA256af16cedf8c1b5958e0000625d04ba5b6cfc8504a1679c4ad011b24bd0fa969af
SHA51293a6d242f44f80ee9ab11c99df590312ddbf65ae85726cdfeb0f8e335ee8abf4ce2eced52e14a1fe8dbb100b0a1001ca7b6e6674e0415f64f535296770c838a5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e10c73e1de8c08d1831d1ed5159a7198
SHA164812b9d295767ecef63f7b6e24439a4ab1f21d6
SHA256ffc6922deee77dc0ac66281e3ecee05ccda5af95660265d86add6a410e919d1d
SHA5121ddcd2815d7082243d81b7d0a3a722ba2cf974f4212fbe442807d5ea23af81d9537957edb0e6930e4808581fbed71a19440cc97b344daa6410f225fc751ae0e2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57bfe943c32362dd3b47c85288dabc00b
SHA15e6995a62b2b00aa955a318a5126b72a86c5f959
SHA2566933f85bc00ad992490d2699fddba77b527a2c3a391169f7dc4122488c31a4ee
SHA512bcda3f9c8df381021ddd7c7712e59c5e849931ef4986eb43b4dcf6b5b884bd265fc7fe2d57003004d8ad1a8eaf19f1bac84b5f7427ea97eb347f22cd3a45d4d1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5becc41ac1a9eba6124e502d9a2d3bc34
SHA10c9e512b25ff46b9b1dbace728cf7c50ca88674b
SHA256cf9f94af16bd59bf89642a7a9653ea0c0385a67162531c424fd18b3d6adbaaf4
SHA512e5a9994a9a245fa70dba6908cc649ac3ca7aa85b2a4a312a7268f7d11d51bb94adc4d7ef63b395964f96f239bad1f639ede6b89daa2f815c8ce36b296cc613e1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a0277943ec1cfb01e7f5fa3a2bb097f3
SHA1222584b8762c34b5fa358c50b61f794c70d9058f
SHA2566bbb28dabfcfe762a3f475f67c4e5056a927ede9f6cb17f6641472524264b1f8
SHA51297bc2c01f3e2dc5ba91adf62119730dbc186731e069b639ad9afd339e7c4a693cce9d7ae394caa776f75ee31fe39e4d76e7336785774286a7a1e1005cf2d46aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54c1e0c6a9b3025b96b38380d6c2bfbc8
SHA18a1e58af08330b6e6afe6e850fb8e716088f2139
SHA256565edf93090a01d6300415c71ae457c6e06d478c0a034e04072fac76ed220fce
SHA512a5814ad55f1ecf4a17a4e42a2f816d2df460af11addaaa0d573b93c07d50d858243a8cdcf3816bff657468875d48eabc4765012b4a7c0640233a135dd36e90ef
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52530116814fdfa33b806d33eb8bee9e6
SHA1d89d7bd76b495058ede6872d4a364acd2186e6dd
SHA256bae6b5adff500f6fc35406ea36b6736b560401f1de2e747b6cafc3d1df726332
SHA51279c0c9946403f15adda5c13c399f357443dac5c684fbe65c5aa14cbda925f3ca1004f163fef8f7d240711f5369ce1ffc8e591a4b0ae07c9ed2d7ddabef57eec1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD528bd80821163f5af8c58bd772edd3d4a
SHA108fe9c6712ba5f8a261d3431bc9560dc81e310f9
SHA256c57009a46b3af1efbf847e9b4274a3fd9d86f378c42a6c38a67ac11b5f933e6b
SHA512a993e0fcbb293bef982bd2f36c5b1cb65a53440ddf4b5a6899f14a475ab7da096f9b92848d2e4fd099cf97c3eac4e7881a1c750afaf9507c7ae63a4de2fa9c34
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a9497b4890dbdd3f910313f3a20989e2
SHA13889b544a5d295830a9195f4640cbb7a1eb96d1b
SHA256b706d2a43d5076fc51e52c5da5e6b4e125db53fffe758a906cbf3dd13f04eb5e
SHA5129421ccc3d29cb0368f2549ee6cad6392e83539840342a09ef81b695a7e057b89456637f60fed9396d3574d3cfd2ed32137145da88a7d7e9d01f93b136414dc2b
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a