Analysis
-
max time kernel
150s -
max time network
143s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
09-05-2024 14:18
Static task
static1
Behavioral task
behavioral1
Sample
2a5bf87469ac093ffb81abe8b102c9bd_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2a5bf87469ac093ffb81abe8b102c9bd_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
2a5bf87469ac093ffb81abe8b102c9bd_JaffaCakes118.html
-
Size
17KB
-
MD5
2a5bf87469ac093ffb81abe8b102c9bd
-
SHA1
eeebe881f69c3503c00944d14da9bdfb83dbe072
-
SHA256
3681939a32c1a6b86017b1a9f93cea87bbdc44c23712d8a1c61ae6f776f66210
-
SHA512
30c680ed3e15bc1ff60a584e757a23c35197d3f33a3c75f355cbdfeff74c9f2e8d9d0d6216c6ed7bb7de603a8b3b1e48083cefb5fe2ddd2c32ed27b920170c25
-
SSDEEP
192:SIM3t0I5fo9cKivXQWxZxdkVSoAIe4ozUnjBhsm82qDB8:SIMd0I5nvHPsvslxDB8
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{071DB361-0E0F-11EF-9CBB-52ADCDCA366E} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421426186" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1284 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1284 iexplore.exe 1284 iexplore.exe 2916 IEXPLORE.EXE 2916 IEXPLORE.EXE 2916 IEXPLORE.EXE 2916 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1284 wrote to memory of 2916 1284 iexplore.exe 28 PID 1284 wrote to memory of 2916 1284 iexplore.exe 28 PID 1284 wrote to memory of 2916 1284 iexplore.exe 28 PID 1284 wrote to memory of 2916 1284 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2a5bf87469ac093ffb81abe8b102c9bd_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1284 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1284 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2916
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55d00359c9017a8bde5dbb573f6854332
SHA196accef25fdcd019d78b55e33caac8096b9ecb7e
SHA256c1ae65f6ac817e02be8a77f17d3682938c53099f167735b44e36a410a5d4bf84
SHA512338246217ed3cb87cb397384f2fcc6e9764e624a9ac3b53c59cf85b0b70816895814ac8c4e4ae0eebfab258bce7e4825a8dbeae2d96877b0afc2e0c612812913
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52abce6ec103d14d9cc9a5aa64b756ea6
SHA15d6084848c1f722ef8d50be9d617de7b57e4efb3
SHA256bdb103aca37a706b9d7e30bd6789496d12905f21e2f132b55631e6fc5d17de89
SHA5120ca0adbf3f474cb87e81c37e3e762d7ac092544aaf129d279b38c035c4376c704f47ec78ed62f00ece36feb78329d2bf2542efe101899019db6d989c1f2b16cd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54e183230b6d4811d1d3a3e15b5cd4ba4
SHA1f3d735740579d6c84920bbd33cead6786a1f5b63
SHA256f06429d602c30930a98f1cc33296e7e0109ba29231d4512b227800e08a3e35f9
SHA512d44b9b1cc259e54f16395f41eac4821bd5fcb5e4d691e307d5ad42f9d9a519bad710760dc00074892fc96522b74da0ee5f54f129d67f680faf5663c930f47b15
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f02e14feb93d2211b42c884c42de2bbb
SHA1e8911db8b3933c737244769a2516c0951f4f21ba
SHA256ba2c61b8221bfeba95486c7877b68bc24fa7862444890bf8709f4ad7926fa590
SHA512e85a4bae3c5c7326e9eef917390fb1b6ca4527afb908b8685560c318f607765babec456de948bfc5516bb6db7c130d9808fb062ff4021f1118e8f112fe8a5f54
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c4c31a78658634137701ced5ac93c337
SHA162e80bfcef2512a6fc56b5bc7bf8680372345201
SHA256c7b82ee2bf6ace29b3d3bbe053a9da6280661a1ec30d01498554bba5835b670f
SHA512830b91e4296a68a0996accbc6314433c1a951f552a70087eacebafdb188b268f6e00f7ab042e9edcd827812195abbd1e3c093bab311b5f70474f5c801a3b8e7d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b0c7fef277c584ea2fed1ae803433826
SHA153546a731d6c5f33ed68f43240a5191377276e8d
SHA2561489981e536ec58883d0e4dff204b25c08240b4a6db0a820986845532322bb1c
SHA5129d2af47a947f35dabbd94d841350fe2bb0e5ccb3e5fba89dbbd0c06f42debb071f37b70b3d13078ce02aa85014721dc4cabb9a938dcc192c25a01fc72ac5e502
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD505ce9c8b8f871be3598dfe3767203477
SHA103b3c7e67746ca8ba0f6bb3a05af288fd0e4b20d
SHA256d2170b355e1972d0811194310c24e0b4a087b6611818183fb011b0dcd795c8e1
SHA512ae923f2ff60b7581c0e7cc3f6c9a2b307d5b9ef65134e56d17cbb391201c5fd4bcef0b6d429359a3d77874619cf6382834c9f40e1adb5106bef1477fccd01d81
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ebd534ce96499a6cb3ca96e8033a3c43
SHA19bfe035c0ba1694f893b2d49b6749c524300a3d0
SHA256caab90850e18c4c28ba52291fa49093f461a50002bc158e226aaedcabb045523
SHA5127a96f7ab04ae8196e766cb2c29bbaacce11d1f0627baf91c0d74f4656edd2e676da9379df3f347dcca249f20f3d101114354694d706297c2fba5cfa415635abf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5cd0e46dbfd33c0f23981426ee8ca5654
SHA15928482ea77325ee692df0d16469593c5cd7d24c
SHA256714aa97860b2ed80fc2a1be8f7e499bccab65acf637eccc678265448267a2f94
SHA5123c1723f87d610ad6579d267278333d5ac30cc09e4b1f1918c2546747f659145afefbfc0ff0c21f9f2d29fa3358b59bcc5bee4ad5e6e505b11aee36cfa8244143
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a