Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
26-05-2024 04:18
Static task
static1
Behavioral task
behavioral1
Sample
744d2d95e4b7b238b142fa3bcc9f91ce_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
744d2d95e4b7b238b142fa3bcc9f91ce_JaffaCakes118.html
Resource
win10v2004-20240226-en
General
-
Target
744d2d95e4b7b238b142fa3bcc9f91ce_JaffaCakes118.html
-
Size
23KB
-
MD5
744d2d95e4b7b238b142fa3bcc9f91ce
-
SHA1
75991e8a6661e1384a26d6fd39bd46f5119c3bf8
-
SHA256
577c51c7149c37c9be4a4aec097af5ab0679ea9ae7c6429e978ca384fb9245ac
-
SHA512
bb3ae2449d2dd39fc340c510cb28852a6e271d392453d7e6ef22a6e041d8d50e2ec690408e84d2adfea46e50842e21e97a193b9c4e41efb42d3ef2dca8bf08ae
-
SSDEEP
192:uWfkb5n62nQjxn5Q/RnQiekNnPnQOkEntrjHnQTbnxnQKCnQtewMBEqnYnQ7tn+C:LQ/xReC
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422858956" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F4DD6051-1B16-11EF-8DB2-F2F7F00EEB0D} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2416 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2416 iexplore.exe 2416 iexplore.exe 2596 IEXPLORE.EXE 2596 IEXPLORE.EXE 2596 IEXPLORE.EXE 2596 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2416 wrote to memory of 2596 2416 iexplore.exe 28 PID 2416 wrote to memory of 2596 2416 iexplore.exe 28 PID 2416 wrote to memory of 2596 2416 iexplore.exe 28 PID 2416 wrote to memory of 2596 2416 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\744d2d95e4b7b238b142fa3bcc9f91ce_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2416 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2416 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2596
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57ad88d9b0d72d50e63d78cc9d26ad825
SHA156c806d541ce4a5637a79b4e50ab77ffdaec8e9c
SHA25641304570c295f1bc84dcac65d29c6129c3b048d1d40d5e9e51fadb90ea0eece5
SHA51267fd778b6b8a12dba38a585149190cf6b251d2eac10e509277c8c4c9fce4c0337724b846b9f3feff135cf400ba987f364da317c012a07f6781dbf9dc66671352
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d8b816c9287341b0c09313b283fc427a
SHA16594afaffae7e612c0917f22aef1fee54a4248a5
SHA2569a9d67df0dc5b9b455e1fc01b87da0ce5c924d54595e3fee76831122dbafa04b
SHA5128cd25fb49e26495f65e252b47c29da9870f37e3cf8b5a81b46e62066f771d8e3613e6d8869675bb57a4fb3266488cc3ffbadb4398e774c195a1c556310e45724
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ac69e77299019ebf9a54fae62a1525c3
SHA110c1d63e63b4c6afee59b4c5fc779f1e302f44b5
SHA256e3e72961ac986f39a1861f7cd6b5f81c350c5f7a6b8a7fd4c899a1d609dddee6
SHA51207c7b2386fd5b6f31e8efff33e9ca3e1ef1038f9328c22baf215c11eaa4631112576af2686c312ecb4684f6f69e25558883806be62c6b86a2915a3198c5942d3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5160f5ce8381ef80308c885b43c760103
SHA13903534080721250d92492d3ea3552f36e2b1400
SHA2566b126d04cc701202097bc17ecb1647644a7ec779d5b3f0b4abd6484505854db7
SHA51276f7f9bb9879fa663642095a5672c15cc3790b0225ae7eac0c8c844846a34789dbf89287323a4fc6c28b7eb30768e9c3def34c156f840661439ab4a5803d42eb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c64d3ca42f49236b0d874382dcec0df5
SHA17c3bf2b0c92e108f1275d4ad0a632f4aba0da053
SHA2566fe2e60a6b8df26fe166f11a4cf072c836a6ace81142decda3782384a125a3c0
SHA512775ee2c7089c0f44262af4844318fdb1864519ec24e4b9c438fdba5dc66eae65d2528449e6b6b939c808bdd4fb835474c25720b79f532daf4b6f02c9f8dd7f89
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58da4b2a8898f3799d38b41d6a0157302
SHA1cbf7eb15e010c209ab4a8613f2664c5ed83a20d1
SHA25636279ba215101ee6508a4fbc62d2cf6a5b85738bf0b2a96941cbc2d747c9baa9
SHA51265a2fae67bdce447560478f0fc8756a41ba2a2767678e29bcaedcc5319b92702ae37a0ed0246ed9a77620c68a2f1c62eda033d8ee36119538a710bbf629afd08
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD584d5f03d2fc8c1eacdfb7922a79c4578
SHA1778f775ac2909a8866826662d9abfbac5d6bb77c
SHA2562b0e1705b9b9fdd461b32b5375a1e9c97b6359cff448741c856cb6a15d26c30d
SHA512f37041d54d276ce3874285f2f7e187181ce5e72defeeec0853732a71d47df3a1a89a3ba487a1de8b1694a4a6098e3b438aef9ec5b8b9aadea0791a2e1866d24c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56d572d5de0a6357ef64637dc1d262f7c
SHA1372e0ffdf1b7ff0e80535c06f51e6eb8a7ebd154
SHA25620fc1522b6a5a9b9fa91ba12eaf2e43212e0a4efb766d7663a6969c93f9ac66f
SHA512be161cdaf2c3cc67b2f5905377c003cdefe1583591c14fbf1a64d31f2c82611b20eac2789018f507e867db34af2fe753bb2e8cc6883845512541e7bb0e8e75b1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50ecd85f13c670a11d9af0eb1d17c680b
SHA1f852a3c378868abfcbebe91234d4108aad8e4625
SHA256b8932be0ee77af0a85baace0368276f529256d9af8eb5a40c292381ba89c2091
SHA5128a4f44534b6ac02893ed18c41c113272714fd7aa847350ea62efa8025c1b799eaa2d7cc7f4b2a68b4e9cb8e7a3f2ae05d3a77765f3c68a825aa49d89ea2d5ce8
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a