Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
26/05/2024, 03:17
Static task
static1
Behavioral task
behavioral1
Sample
742c0e77bddd9a92716e8463fcd4056c_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
742c0e77bddd9a92716e8463fcd4056c_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
742c0e77bddd9a92716e8463fcd4056c_JaffaCakes118.html
-
Size
28KB
-
MD5
742c0e77bddd9a92716e8463fcd4056c
-
SHA1
cf98505dd1cc78971649e770fea90ae0eb2eb874
-
SHA256
eaee504ba515fc966e5e7f77ade768935ac417927eeb78eb3ccc09d209110f2c
-
SHA512
f7a5a5d97fb84e94e4d5a88c9cec978702e82fb481b0ce6cd4370690dfd74713a2a21c156438831291b71e4dbce4ed78c7245c26a23717639fc5e1b3f0cc3810
-
SSDEEP
192:uwvcb5nW5gunQjxn5Q/knQieHNnDnQOkEntg2nQTbn1nQ9e7zm6sPn2Q1Ql7MBn2:eQ/jWVCn2VS2
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{84373771-1B0E-11EF-815A-6A55B5C6A64E} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422855331" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1744 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1744 iexplore.exe 1744 iexplore.exe 2716 IEXPLORE.EXE 2716 IEXPLORE.EXE 2716 IEXPLORE.EXE 2716 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1744 wrote to memory of 2716 1744 iexplore.exe 28 PID 1744 wrote to memory of 2716 1744 iexplore.exe 28 PID 1744 wrote to memory of 2716 1744 iexplore.exe 28 PID 1744 wrote to memory of 2716 1744 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\742c0e77bddd9a92716e8463fcd4056c_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1744 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1744 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2716
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD535d6c8172dc25f7f61adfd0c835eb1c4
SHA1e51eea3da289ba184dbb9a09d0b9a1cbec9bd1af
SHA25682e2ba9ef5825914a791ed0acdfcad94e66af2a5d69ca592e8ac6d79000b0884
SHA5121d57952d9bfc80db7f7d06047eb904e1ee16affab60fe4eceedc447ce2e8b5a14dbb64c770f95dad6a208e7325062a253a41715e32163d00fe189357d6acb8b6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e7c2521e68c289d002504773caf7fe77
SHA132c373a3c2deea8b626f3a960a67852ac5f39071
SHA25682143cdef5eb4ade7463e871bfeb3093af0a7dacf272c5a2bfac77adeb093c6f
SHA5123cfa3555a9d63fc59169614d8191141490aa1ca07ca23f854236e80c371bfee061e3e8f60b5d45bad37799415a58a8ac7b30edd1d026d289ba0425d29f9555a4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c5a56df9fe8e23be8b4c0ce89fca0375
SHA1bfdb147cbafa83bb649cf77ccf1d287c9115979c
SHA256816754a30bda6f4046c071adf7f623a07b1085d9857af402552cc5e053a3e226
SHA5120cc1e8ad5a709fdf6239da35f95ca19919dfd804973432a312893cc0345dc7fd8fc5a80bf79d696b6f76b492d71bac9c818a69a22d8af2297ccc56b0fd547c10
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD598e533ae07f7680f166836716fac65cd
SHA1474447d1fe3d9d92b667d87f33087f7cb4f522f0
SHA2565c9c01df3a4114d681d46bf05906922cb5a839459b6171d88e70c2dc568e074b
SHA5120461362f4409e612a37eeede54ee71329bdec12998f38d26628c014b39b5a7274a74780ae94733c221738ac0f720fed4841f7b51a9e578bc0090899268a2f58c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD577cd1f68dcbadcd67a7dad3f1e6758d5
SHA12ba24ade2bf19e162648e1cc74ce62d12b33bf29
SHA256644993229bd1312d15e952add20ad126a135c4a46f790b57433839e61c4e720a
SHA5127bca27746ffa90eeb3bf4e26af026cd8ab063aa2cf5290bbe107a48b1b681944665bee742dcc62f854ae1b6639532a6b34987cf2f22fe5c64a1d65b75ee97bea
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e49f7b6ffcb1c410d91291b66b9921bd
SHA1f20004d40fca271ba4ce3743d4f7ba2fd3ba3e42
SHA2568ab5ea6077844b401e5dec7c032324065cff7d3f42d53a2fa3a0385524944bf9
SHA512aa34c885cd1c33965e75609780caa6b67c7f943f067eefd0d4918768545e47e0f87ca23d90e5dc02927b29dfbdf480d119c4de01422f563448d0474120508051
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52ad1a72c6e4ccf414f8e352ad2ed6b3d
SHA1eeae20b46f076f2bbee1c3b35cccb736ed208e9e
SHA256f0f2cf1fef53856e29e22aa360e922575e71ffb8e977b0c3e6bf8dab719e0ac0
SHA5120a4532fa88bc500f031ba00c724c599dbbb399e936bac811e681a0b9eaaa7dd0dc5cec2017fce76d8d05340f9bc96ad0f8c950ee39d640ecd0dedde3854ffa65
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5859da0869f528e9c29f08d40e36dd7d6
SHA1346ddcdbb6826e55506fd334a92e4d6492fa890e
SHA256967d2c884ddc305c7aed79e707c2447223d2e335b4bbb5d2f6e7e4e1243e2f55
SHA512a4217bfb2cfef997af8321cb928f72f4ee5cca207592c66f34a543651e93fa65d55473c8dd5e326a8a35fcb4fd3bb440206651e54f38195b184a768dc1a206e9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51110225a1cf1ac17c4f0af84b17d509e
SHA184d63436ca957f020c7df0d00c4c1a407ff40fd1
SHA256f30ac852a15e41252ae250983dab89c21469a3b0cedc5c4e194dfc94175597b9
SHA512f5964633dcf1e462184fa70b2de04321c209b65b11d507bfe5ab770c0873ae1cbf1cd6aeb1d5cdfe467cfe6d762bfd05b1559b010e08fc36875f6b54873f62af
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a