Analysis
-
max time kernel
134s -
max time network
141s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
25/05/2024, 01:10
Static task
static1
Behavioral task
behavioral1
Sample
7063dd810582d6f66e885d2cf9b6c276_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
7063dd810582d6f66e885d2cf9b6c276_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
7063dd810582d6f66e885d2cf9b6c276_JaffaCakes118.html
-
Size
32KB
-
MD5
7063dd810582d6f66e885d2cf9b6c276
-
SHA1
50114e13483fd009331858d4c8ae0de1e177f515
-
SHA256
4d0d7a1816edb5ec2d4dfd7d167db96502eb38752fe0dd3c1aceca7fd090b333
-
SHA512
96ff9c3e9b7d134b122924f0f4828ae794fb835a4e56ce7217d225b2e4e518e89dbf25f7f2d1514671d7b41bdafbc4600f8c6f11d02a1f8cabdc549b52e75e6a
-
SSDEEP
768:scykgTgE9RlXy6T6+L2JW0/ILfOUlGUk6XoFpHlMtfJK3g:schgTgE9RlXZTN2JWeILfZk6XoFpHlMr
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422761305" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{98E9E3B1-1A33-11EF-906B-FA9381F5F0AB} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1692 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1692 iexplore.exe 1692 iexplore.exe 2456 IEXPLORE.EXE 2456 IEXPLORE.EXE 2456 IEXPLORE.EXE 2456 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1692 wrote to memory of 2456 1692 iexplore.exe 28 PID 1692 wrote to memory of 2456 1692 iexplore.exe 28 PID 1692 wrote to memory of 2456 1692 iexplore.exe 28 PID 1692 wrote to memory of 2456 1692 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7063dd810582d6f66e885d2cf9b6c276_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1692 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1692 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2456
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ce6abd63df92cb2515b81b119a004c94
SHA1c9c0d2247e6694667ceb136d63ea5431c5785503
SHA2563c7eed3a37a1d9cd3630957d74b449090ae48725c826eb90c8bca0fe2a62bee8
SHA512d34efb6e2e3b67e4d29697ac9f13ac6665f6fdee2f276d884d85fc6363340798cd63d9c95fbdaffe47261a035f03271855c08f79556bb2dba7e76b16948e7244
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5869f3ae7528ef3505f9e91938ca3c478
SHA19e37031b16aadfbb52f1aa911748d278935c6937
SHA25618734dcdf5fad8e025773b4d9a424fa345f3d0649014588bbfcedab588f3e058
SHA5121362e18acb567d02390b1ac63d8c39de3c53853fd13b31d443146921f2a8ecdbd4fbc71695779c6ec968a12b4541b0d4fe4da3fa451a4a8e689fe1e38394a9b4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e67f950433b37a5fa6cf2e8d66b96361
SHA10acc9deb41618a995780cba6af806b8735db4b77
SHA2564342bc0031151b85ca112bba414e460146b83abb9442c63b6886fdacccf174fc
SHA5126e2939111323238532d50965caa1a103fb04f8bef306684af5b04416cc5bffd390693320879cd814100ce292a8901bc18a9784bb8c4f985428177e493975ccfc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b614d770a3394dffcd0725778a6426fd
SHA1fed673c0b49da050f111941a14a197f0f8a0cb41
SHA25699f682dcf93b9b649cfca1905cee26e1eef05e5768e92deaf4aa36b2f6811ef4
SHA5122577c10cb6516dbb1bbec0ef6ac022ad722cb1bff27518889c405066df9aa3304e8c43a6362a46637897a730e3699933819efbfc07e7bc8e7354272a51d0fb91
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5fc41432d4cc1231b49de935e18514f1c
SHA1cebafa37397546b8fd7db690faf9c2c38d16814b
SHA256cd5c8587c5d98108737879fd60336ebd7356da07937ff5138cc049cd6f1e7577
SHA51213ebd39ed46c1f5de734fb99c6427c9c359a088b32c1b605c72dbcfe69e5b7c250d0487da036c6094416141b1783147bd3bf7a04c128e595023216ce8fb44b1d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c0864515501bc4dcd2e15460af14de55
SHA132cdf2816965913b547d93688527307b40e14f9c
SHA2569f35194e4d2ebee7ecfde09ca5a3b026dabd6c958539949de2ff6a4998e5406b
SHA512053f179fbd421a0b75c88881ae69e79ae5e0c531e994337c73bf77ce3fb8a88496ec56488e6260a4c7ccbac1e4b237ed6553af4308ff73b7cca35a3399857724
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD561f9a5f645e9ee0e9b6f43ee29f8472a
SHA1aa3e847b83c2234eb1f2c267aef0a92cad0c1ec8
SHA256584fb7cbe1111410c8178802e169f05434cb1782e0636d778724294e2385f187
SHA5127863025832cc80f77634f3e29821b26c2aea7efc0e157f2e670abecf7d1ca6e99cf02a2cddf3df7b5ca49ba90d260113904ffd1cef5a098db08147ccd4febb15
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58d6fe76d0ea14d530f77563b0c3e204a
SHA1e4cbd49edbbf4bb3281d0e57667128ebe685f5ac
SHA2569557a8655ff7094a07b511f0aa16f7d5b70c90b9f713d7426135b35d9f6143cb
SHA51285ead947cce44cefbb60d875384ca0d34f12d30c8718abbf2f90db19c6fefc0d88664bb2b8738860cfabc766acaa1708b9cf5a712e638e8bada6db5751dd4524
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5481cf8e2bf10591e84d6bd9910001030
SHA1445119ed86f7dc90b5e7fb97c97f1f245482728a
SHA2566cc85d5c7a5f53004905bdff52e243c7cf78e3959101fe32717ad0c999d89b66
SHA512afda717d29f886d3c46e1613d7d7e495dbfd2861c1f9085844d027fd186601df7da93be733b1f7c7ba7358d850f84da0c320c106464d7d101f8db1a78db85f58
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a