Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
23-05-2024 21:14
Static task
static1
Behavioral task
behavioral1
Sample
6c46dbde3724d75f53b17fd0f0ecabce_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
6c46dbde3724d75f53b17fd0f0ecabce_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
6c46dbde3724d75f53b17fd0f0ecabce_JaffaCakes118.html
-
Size
23KB
-
MD5
6c46dbde3724d75f53b17fd0f0ecabce
-
SHA1
c813aeb039d2c4fca39e8a42b01d595b35f23b75
-
SHA256
f96d380d65b16c1785c050d1511a1e6363b84e056dc2932b010117a142384964
-
SHA512
ac4feef3d946db8ba51b4c762fc03b574d9890b1a0458bf2f21a3b75d0727c7f18360843b0baad38150db59b83286ea5c9bf49983be0ee3cba929d82fd67443d
-
SSDEEP
192:uW34b5nA+nQjxn5Q/XnQiemNnMnQOkEntF9nQTbnRnQMCnQtMwMBGqnYnQ7tnqYP:FQ/2gT6
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{68D4B461-1949-11EF-88AC-F2AB90EC9A26} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422660728" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2256 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2256 iexplore.exe 2256 iexplore.exe 2424 IEXPLORE.EXE 2424 IEXPLORE.EXE 2424 IEXPLORE.EXE 2424 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2256 wrote to memory of 2424 2256 iexplore.exe 28 PID 2256 wrote to memory of 2424 2256 iexplore.exe 28 PID 2256 wrote to memory of 2424 2256 iexplore.exe 28 PID 2256 wrote to memory of 2424 2256 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6c46dbde3724d75f53b17fd0f0ecabce_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2256 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2256 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2424
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD515e59eaea7ece7c1dda1b359a5dd8751
SHA1a41f0677c2d47c6a4bba5ede97fecbb92a4c4eb0
SHA256650b941acbbdee32c14ca0cd6f3cc40bc2c1fbf4a42cfd1eae2ccc0d646f441f
SHA512ad72b6b84530597370c6b9804778115325c7f62199a2ca83d053951a592b8d9da9471d6d5cab7327f94e7030247f9a30fde26d04853d16f39f373b3d862bf506
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51bfb92b700480e085c45eb3002be644f
SHA13ab3e9a8398b8c38575002f128b7141b1bba269b
SHA256a9da141a2a78c5242e22ed2d26eaccd331c27c1098216f876e874ac74ab57c81
SHA51243ea8591100ff1687f45a244ac6bc003ad4e7092cd3d99f843cb5965dab8bbc80103bfabc22693436203b118f43dc11fa0897abb106c40999bf8c62b7d332711
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a10ce265064a450911d7aea8d921a26c
SHA1cce72ea74704e21bc9f1a6d6b2531494719981cc
SHA25634cd257e3a25cb5c7c6924bd19605fc06357007ce3b6ab3dec9a0acd2edf1578
SHA512e383b9c963dc5688f70fdbcd7e874cf5d6c0a84023aa1de425795269219c998f3a4b8fea5dd91eaaf6a313f6bd9595d037627b08f47ba23a2c9166e2758ae6a5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ef541fb94400c71fd329f4c417c4ab84
SHA19a990fa0759910a265aa895a17c51df6c2d86296
SHA256739c2266ea1c608fa8c2873680cc761d7aee21f8dc14d13aa3dd171bce059b42
SHA512b82f268a5a39036352bad92e4a87890f092c0dc4e45c532dde696bfbbc220d11034d4afcc6407e26fbfed8d9af21e54cfef925a2f04fde8003656184fb44c4c8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55fca11c4922dc0f908f0cb2dd2913666
SHA1654bb1508f9321ebeb98695e1e76f7bebcebbb56
SHA256bb496b81fd561791a024be7cdf3c8b539011de0a36825c695a15ac732c30897d
SHA5126d0f26c5e1eb39858c0deac97e502b14ec25c63285dd696324238a8093514d5c033109418ccf58bbe15be570779a32bad761ede2e6e2bdc38502715abd5bf2ac
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5511a3a8029316d2d865d439ac82bb7f6
SHA102200dd81e08328970844a73fb95eb39f5ca0a6a
SHA2561611cc66155cacf082d337c70bb081a6ef31e55590105d504ebc6e6392b51016
SHA512a1527812f74496697710574d4ed91f092e52877f52560f3bf2eb1216c67de4ef2da717b926ca9bdca8b23567f421f2a242009cdb7bcc2b5762e6dbbf4bfeff19
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50debbbe1c9b336c8501a97541c8aa971
SHA18c9e11d098e829de569774d7b06143d6954f247f
SHA2568f7247248c70c9f87382e057c79d95153abd5c00d2877a6e3e52acf82033f3cd
SHA51209d5a7eace993df0e3f61b83237e36f6eb72556d07ffcc4a3a6908760491e7850fad5aef23d17df8bbad4b62bce1520a96ab4058350b1cbe5e57fc601bbdbf74
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a