Analysis
-
max time kernel
148s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
26/05/2024, 03:15
Static task
static1
Behavioral task
behavioral1
Sample
742ac33c4079e59566824b556d378adf_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
742ac33c4079e59566824b556d378adf_JaffaCakes118.html
Resource
win10v2004-20240226-en
General
-
Target
742ac33c4079e59566824b556d378adf_JaffaCakes118.html
-
Size
18KB
-
MD5
742ac33c4079e59566824b556d378adf
-
SHA1
796b263148890b184e4f444ddb4eb8e2e544c241
-
SHA256
1192cd663203966cea885aaea26d28745259d71e93e10e354dac20c2a6e1f7f9
-
SHA512
e775389b7737c6947580e5ad68d8da6d61e3abfc83ead0f41ab2e98212ccdfdc1d43ed5820d18d2dfbe518c2538d3fc0be9a3836fac4a80193659cdce138a3a6
-
SSDEEP
192:SIM3t0I5fo9cKivXQWxZxdkVSoAI/4nzUnjBhlv82qDB8:SIMd0I5nvH5svl0xDB8
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422855212" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3D462511-1B0E-11EF-AA09-E6B549E8BD88} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2128 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2128 iexplore.exe 2128 iexplore.exe 3052 IEXPLORE.EXE 3052 IEXPLORE.EXE 3052 IEXPLORE.EXE 3052 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2128 wrote to memory of 3052 2128 iexplore.exe 28 PID 2128 wrote to memory of 3052 2128 iexplore.exe 28 PID 2128 wrote to memory of 3052 2128 iexplore.exe 28 PID 2128 wrote to memory of 3052 2128 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\742ac33c4079e59566824b556d378adf_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2128 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2128 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3052
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD59590513cd253361aa4f3424ee7f735d8
SHA194bf2c11fb49761f23d7db75a7826fd1a189cd35
SHA256cff9cd3ab7b6c6fce5c66d7b5607e31a2cb73d023fefd891c14fdf0ea62816e4
SHA512616ddb1cb049859086af3c95737eb39c4a8acae45d230920b4797d700a27467bab9c453a8b3130bba4177bbaf6f2eb38cdd193c26bc1239980a0438f5a170ea6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5188e71281ee4903e3a23920872a0fc30
SHA14074712281535173a24aa8d21c4a530e7b1746e7
SHA2561ee52b0af689516b8928c8cf1a1076230481e44ffdbccb162fecb276c56e8881
SHA512c65eb0e7009fdae038230324ec3aa1a932a256e1af3c33c746bce2ffaad5ed33cb3a97ea067fc3cb1aaa1557f287aa6d6568aafb28376a94e30be935af166e09
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ffbec0d06232312c23aab9bfa89b4231
SHA1c94598907e0df21f1cef32e58e97fa7bdc268c70
SHA25636c601f01b4433e536c616c5fdf59dee6b51f135f5b5f63636f93b72f2731f3c
SHA51209163de045dc84908bbb532614b0a5a3fc37a0f07b45d74d338b3d4a2e345655333beb679150a85366479b00eb51a1a6c7137aca7a8a19bff46ebab9d7ce0d51
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a684e4c6f2ba5368d068974cc407b25a
SHA1a7893acabf90f97b47e7f38c32e9f8b234a9ab90
SHA256af098d0a8453306463ab9494beeefef335fdb0a0bae301af4322bf0305ab329f
SHA5128c0bd5a5df52f83d0dd4a9566fd7b9e67bc2f98609f2d446648092855ffffb72861e0a1d1752db1bad98f7111766660b470bcb492175501ff2e39222e1901ce1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c0b27bb49c322ba98b362f38cc9e6ad9
SHA1acbe4aea04f0a7f74fa99fe1f48059716857f4c4
SHA256941b2d620bb0c916c86ffec87081a53c14199439ff7f9ad7e9a9e8f5554d4b3b
SHA51265e182c607aa756c4360328116e5482875a97b48adfcee6d9b7e24fa7c1193ce692aa374cd3e8f8e162638f1af4fd2810639c6c4e3263c67584d2282cea296bb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5209f1d706d967cb4719735a490ce1988
SHA1e2fe487d5de4ea4ed94223c158e5213eb4912930
SHA2562561f272c28b0136e39c0e60961b6b4be2ffc00288a124f07a63df247fe78778
SHA5121a6af935ea9a17f58a1510b7022cf867655ec8860ecd58729ebe5446bcd7f7b271386918c9a09cdfa5dd437215c2baaa4881d78d0032ba409427c2da74913833
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f9c1ad937e7f99e15617011393f7dd78
SHA17e5317c385e706626002728986b0120b0fd8feb8
SHA25678479b079e7034d1150348753f2345c58406b90a204d44720a91e1f24d93cf7c
SHA51285d0558dfa8c213e33d0870d6a47537b046f1da03a3c20db3c374a1930e0675eec583c5f5236624c2ae309ba75c17bba3991cff932ad2d39bd39b5f77f7cc533
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59983797b05963495ead876d0fbce98ab
SHA13eceddb35b0526268053e90e495fa21a3428261d
SHA256430ffa1d605cad885311d3faab6e446054c2f94fe44facee46f19acc25f5b718
SHA51296aad5a0552de974b0686679af568f418f3e285623173fc77505e8f971367e25181ca6562fcdaeba84e2c2b4da3225461f42de75946308e3871311f176202a8f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d2bc245d269d22889fd5619275bb965a
SHA115a012e9438766b1514226151245b89821cfc452
SHA256f696b7df41a9859b64691843d3ea3f495a1df95e1ceb5074062a24644c090df1
SHA512bc2293f45a3ae52ee755d1c0602c5264a4dd17d3ab66e688c00009d6b76551a5644c2c701a8129d6b269f8966cde81e86898ba522f02cfc0b6c4a63cc60cde1b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56a2f03fafb2b71efac1538262c83c6c3
SHA12b537e7f845ef94beabdf4d0764ceac692193504
SHA25640d72546313274a7dc7b9f0da5d3ec3d0ca79615131cd6a81495f919d047399a
SHA512394948c5d08a29eb59d1a80658216c57145994d1b76059af9ac9f932854002b4e6265dadc0eeb10febb746c2758425ec3665b6a05321c9087ac60f6ef50d67b4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD5c4df54f232f58d1e266c741444d59efd
SHA1df220945fbe3b990fdfd2dbb73383f98b431bc37
SHA256327add35a2957ad63df7dbb26322799f7fe62992f47dd990972a9a32e5f9e466
SHA512163078744dcdcc767616573ae1f23bcb38ef0c98707b31a75f29d56ddee827b16cf89205b9a2e6c8c47d6b37e38b25861514cf2915a165b24ec9f9362c9430b5
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a