Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
25/05/2024, 01:10
Static task
static1
Behavioral task
behavioral1
Sample
7063d128be6e71612281dda14949bc7e_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
7063d128be6e71612281dda14949bc7e_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
7063d128be6e71612281dda14949bc7e_JaffaCakes118.html
-
Size
22KB
-
MD5
7063d128be6e71612281dda14949bc7e
-
SHA1
d8e0ec764a109bbd3cb4d20cb0e3846ef0d452f6
-
SHA256
90d0dc3f9a0493a22a1926d07dbf2bfc2b82076f08a3071a29c29754c320765d
-
SHA512
86c037ded5b36113be71b02cee83bbedecb2242e4742e064605ab08e957d3adc6a0cdf9859d0cb7dd8ca505512a081659f8e4a502ba004ee75d9a5e9be02b996
-
SSDEEP
192:uWHqb5ngOnQjxn5Q/unQiedNnNnQOkEntKonQTbnZnQ+CnQtZwMB9qnYnQ7tn6nu:1Q/S61
Malware Config
Signatures
-
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{91309831-1A33-11EF-A585-5A451966104F} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422761293" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2392 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2392 iexplore.exe 2392 iexplore.exe 2604 IEXPLORE.EXE 2604 IEXPLORE.EXE 2604 IEXPLORE.EXE 2604 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2392 wrote to memory of 2604 2392 iexplore.exe 28 PID 2392 wrote to memory of 2604 2392 iexplore.exe 28 PID 2392 wrote to memory of 2604 2392 iexplore.exe 28 PID 2392 wrote to memory of 2604 2392 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7063d128be6e71612281dda14949bc7e_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2392 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2392 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2604
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55ea1a01c3f6dd36d5ff586ffb3da5c7e
SHA1ccdc1102d45c52984d38bcef690e63a81b906f09
SHA256b1ad19108e9e5ad6a3e67a709e83f5233735a0d6f76327d8d97784bc51125422
SHA512405ffccc1f4207ccad4b5f6e23547fa530166a5a79e08b02190cf2825a26de9efb3544b1857ea88c07a6f2248b6e349bb3e9454aadd380bc0d62ddbfd0113473
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54d709a5a07b32d8370629dda29cf5927
SHA1aedcad220d25853a7ff49620bdc7a49dfb97d4aa
SHA2563482e5850d08ad88ce0e9116d058ce765be80fe0ba804d326049a951c69fd187
SHA512bd422e2a808b5a40c82dc568904e05134fe8673cc993a87819196f822fbef484cb92b5943b7f7d23769056806179746e5bcdb4b4db520b6a96445cfef130f896
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a66717c12251c7edcb72d4011fa5301a
SHA15fc13d6472507045b03287583c5945e6857ad6cc
SHA2565154f64f93dfe497425f54fb13b3b7b09d9ec87993a0aa32be6d7804b00aad31
SHA5122e9cdf732c3c48c2bcff2df93e4b85593fba4d2a27aefb8813145de2668b0ae89a52fc32c0f601f4f634f128ca80d5238870162844bd4295db70b3153b617d6d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5143f7d5b595c999495b7d62bc7b4998d
SHA162619d52c1a69cb0c49e3611c516bd123c058f2e
SHA25625844740c0f1b1b9f947723ecf2eba8b104b07421e8cf2cf1e4cdc2e9c15a000
SHA512a7ada301b879e71aa1141246ea340e5ab87e8bb137e3ac51a5b97d8a053cda2c6e0e4d7a761a76066596e0ce9ae08394c65f882a8cb2fe3c8abbe22d0eaa0e21
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c7e0f68d58aed51095bd4a1d0a79b49d
SHA141d7d31c7084b2087ae759d41dc09fa2b80c5f42
SHA2564e00361936a260498c2937f32d734dbd7f4ba2b564ee8bf888953618e133db38
SHA5120e50ef14a1afc232546bfa70c5c2458c5212e8a2d8255e3510445793c0ab692c822d9237625c4e99341b9f54b7780f8533063d3c15f4a93bd1442f8ced0c6165
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e4f960470ea5503e32785479e2afc854
SHA1c6f3ac3944102109729217e5ca5cc77e0a55fb57
SHA2569f868562dae429bc161d79154afab43712b48f773b3e94d3d06e1870fd3f4aad
SHA5125c4c78dffdd0c91a1e5e957f25fe0ab3a08bd68208663f238b346f26996fc4472f2128f93d02dc06c794ab83cd88aa1e415f0494fe4eca498dbe856444663ced
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54952bf5336e0a42774bcb6cc3c4502c1
SHA1529021ed479dfe7eb5065a47648ddda000071879
SHA25667cd571eca3091e606f2bfbd85cea10ece24481a3a713d33a90a0c205a0e3e23
SHA51274d86eced80f3bbee7af99e3323ba3f51161040fca1bad0dfe55348108146d3b402901cef1f91962d7daaf5822bd8388b47344726aacee9c81938771d16d944f
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a