Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
26/05/2024, 09:55
Static task
static1
Behavioral task
behavioral1
Sample
751a7a35eec4c65653e86b1d7ec7c94a_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
751a7a35eec4c65653e86b1d7ec7c94a_JaffaCakes118.html
Resource
win10v2004-20240226-en
General
-
Target
751a7a35eec4c65653e86b1d7ec7c94a_JaffaCakes118.html
-
Size
53KB
-
MD5
751a7a35eec4c65653e86b1d7ec7c94a
-
SHA1
8c2995be12f9c18461cade8ca84ac32878fcb924
-
SHA256
16100f5f5fe12cebf19a8cbe8459bd91ec8a48705e36b1ec21b5b2afcf1a5896
-
SHA512
21622ba3b2e3d057b70fc97fb60cd6e1d3c63c47dc3e2947c3e17aa12fe0267b551f4a52f94e2d9117dafff697d44930f2773c749bb2da6ddbd0d7025c907509
-
SSDEEP
1536:QDIunIUXElvPf1CavjIqbZgtUL39d1ngtM48tRJ/qud5ea9hLtMchAfVuiaObLtL:QhnIUXElvPf1Cavrs49d1gtM48tRhquM
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{229203F1-1B46-11EF-8B6F-CA05972DBE1D} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422879219" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1728 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1728 iexplore.exe 1728 iexplore.exe 2972 IEXPLORE.EXE 2972 IEXPLORE.EXE 2972 IEXPLORE.EXE 2972 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1728 wrote to memory of 2972 1728 iexplore.exe 28 PID 1728 wrote to memory of 2972 1728 iexplore.exe 28 PID 1728 wrote to memory of 2972 1728 iexplore.exe 28 PID 1728 wrote to memory of 2972 1728 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\751a7a35eec4c65653e86b1d7ec7c94a_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1728 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1728 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2972
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59f2ea0d9bfd1cce1a85e709f05193ba7
SHA1dc1aeae2920b389862069c20ba3139ae9d7c64d7
SHA2560cb643c5e733091b142a55a855d99a4f91393abaa3cd47045f7c098eaea9fbd3
SHA512d5982e100401d06fa8025ad05b264168b912e2aac7099dad704780cc9163c713cbb76983d4005e3114480b2004ebcec502dacf27cff4a017a2ea053524ce3427
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5315fec5ce4cd6b436940191e6aa1439b
SHA180200e3b5ffe2825a5d669f7e6f4eb48c6c63265
SHA2560533c18ffdabd81d7f69259e7a6fe5993ec6885aa88f12da11ea3c3f88c332ea
SHA512f6533e68de02cdd73994c82971179dbc545c9897ee83315160b084557f0ee05a38b319bb52e04e949c00ad4837cf39b696b2302eff400a9117270e605b8ba3d9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD511df1c932dc046d989c55bd8a2f0c6a8
SHA1b595594937dffb59290e0daf62814a201a0e9370
SHA256cb50f37f5fb3be175ab2adad6f4e7ad3a1e6ebf6208fe60f4de530d0b9d2ce05
SHA512798cc27154b745eb2bd3f0327d0a45f1909fa2f68e61bffae9fea751ae6da914c0fe665b6c68976aa3ec5d5b28a4798c23e9f821a9f464ddd65de51eefc344e7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD572bb73b166bd80401cc263fac5172202
SHA1fe5d555a93eb3b90574c5720781f00732efc84a0
SHA25678609889fbde6efafa05aa2e7fc2a533b0c1169b47243787ede2c323b2113967
SHA512666c6d05232f0afcd91604ebb28de4b3d068a87d7a7fa8329a12484035ab1c7c0b3f346f643dad4bfda513bcfb662e10d5ee9254d8357bd254cc72d42703ca2d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a888491b15ebbdd5235754bc526f1402
SHA17d6cb4b96e2e8d94023f4c94391f42bdf5914a52
SHA256c8581a06b9b815a42205f90dc3d77eca6893f5c71d503faddc27859188fb9e44
SHA5125f970321387f1884895c1a90fa9e527ae2c4c6de59330a2f7faff261b0d034fee466f43dcb1d52451d17f9d65ffb711ec2e6e50b9728131254bfee459f960a0d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56a69d6d63216df5275d4f6be2d2989d5
SHA173115e12f5c8431e952387cbad90fceb0564c4fe
SHA25672b0a07262fd73da3dadae82ffea0d821177ed49234863131babbcaf60736732
SHA512fba3a9b7d252e093dcc134eec4ebbd19397aa9d443ba84514304b42c63966475e7c91e1cc28d1afc32b6fa80eebf3b5f10409635d2ef3cea4b9939ef345fc111
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD518c2831311f94faa753b09cc638204d3
SHA1f7b7fa1b1fd412e19861fb31e51b622f3f3fb318
SHA256abc476933cf8b1b155b59e14ee47582453d33188b27218166deab466c0e612a1
SHA512ed6327b0b761615c1bde4d3a430af6d6f4484dd157fd4b13ccacebc6097ba86f99150abbae31a00ba96279e4719afee4331f71e913cd5bd81a8ce2abe24d28ef
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a874fd69c778d78fcc27746a56c4d430
SHA1379a22db8faa5cd8e17b130c1c108e4a422a9b48
SHA2569e212de5a0ffdb2f8db86fb6fd927dc8de34cb37cb684c0150eee9b1deff8119
SHA512c892a29f31c1494ac8aeba939d277b696568b02d117e1ca91c57470a891bf01f4b649c1a16af10c2f161754298dda14b39acaf16800381dc6962c349fe14baaf
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a