Analysis
-
max time kernel
150s -
max time network
145s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
27/05/2024, 12:11
Static task
static1
Behavioral task
behavioral1
Sample
791bf1bca168141abf35315bf6691a22_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
791bf1bca168141abf35315bf6691a22_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
791bf1bca168141abf35315bf6691a22_JaffaCakes118.html
-
Size
18KB
-
MD5
791bf1bca168141abf35315bf6691a22
-
SHA1
beb1ac69ae464e4514d89492db6c61e1d729ef42
-
SHA256
4c766ac5bf14412034ed7026ee0e82ef28d26b8ccb56289a92b8c5fd91587c39
-
SHA512
a146b561d1dc976fad9760697d1a7c7ad63448361d741d9ed474db6f762421be912ba54e558e394d584b3b146e65a932cf7140c4f15973e45726486a0317df62
-
SSDEEP
192:SIM3t0I5fo9cOQivXQWxZxdkVSoAIo4SzUnjBh+g82qDB8:SIMd0I5nO9HHsv+jxDB8
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{37F58DC1-1C22-11EF-9A09-E25BC60B6402} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422973746" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2656 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2656 iexplore.exe 2656 iexplore.exe 2556 IEXPLORE.EXE 2556 IEXPLORE.EXE 2556 IEXPLORE.EXE 2556 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2656 wrote to memory of 2556 2656 iexplore.exe 28 PID 2656 wrote to memory of 2556 2656 iexplore.exe 28 PID 2656 wrote to memory of 2556 2656 iexplore.exe 28 PID 2656 wrote to memory of 2556 2656 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\791bf1bca168141abf35315bf6691a22_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2656 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2656 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2556
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD530714e125a7f79f096fc16bd725be006
SHA13fde242da10f5b6e46790e46c13e47b6d04a5d73
SHA256bc5403a803b9f48f99542ecbeacb606ac6f2ccdc441641430b680c0a396f7baf
SHA512ed583828c541e056abd360f84e2c24eeda87e0608f25812702df8b065a9078816192003fc24d37e732def92b2f08f91b5d3f07fbf014748c861bcd3f33d30a88
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5624034b2b9fb72b4b0676cd58de3f4b4
SHA1d24023895446604d5476f137c4423ed8a0ee4554
SHA25652092f591f622c1b45440471bc4826cb46839b9cc1b3c7830ca637276ba8f5e7
SHA51228a9cef08203e25967c769f2b5eab55595ae508130f6fd93a88ca75d23fab9c8970d0e85b1c3f0a823ab63e95bfb7482b0df8adcdca514d35aeee6033ffe6d17
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56e1f6e47c85c27e8d2e77e40e30e66f1
SHA1f2d823c321bece39da46767fadbd47d4d5cb7d03
SHA25688ddade905d4648737384a374b28737a4bf10b76e38406f98b9f783e80b705ed
SHA512f094365edeedd0f1fd8ba0d8ebe58983621af639af990419c41cb2cd977f802fb435a786c15e06bcbbcee10be92896939ba39fc8b40bddfde32fb82972e7e2a1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f19d529a673c7fc69b14598d28e148d8
SHA11c6963e9a39b23df747a81670ebfcbce5335e876
SHA256ba0009026a9a2f2a897ed5b7f4d9115972620d59268073cf0dc18db199ef33a0
SHA512df932b3dad6f28027300ce3b8fa6f08842dfa0b66f02115c10c8db505ce5aadc8e784984591293c143998676436758c7ecbc15e8787bbfa1c5470603c6b08e61
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5fdc3dd4744e95a57d1282572770704e3
SHA1a2f8ab4c1251e4adab3a2cad1b52feea8034257d
SHA25615634fb2fba711e81271044bdb76b73e419c3853d32775df76403ed0ecdb4c4d
SHA512a5d57d5671b13fea26b9cddb9c3816dc2e6db5ee5960b1452e7dbad56be3da6700189a91f42791e17e3f5af55325bf3cd10ea6b1e39ab30a63d564c829a43006
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56e495f555d39fa38c0f7c7b8e6177f85
SHA15a29d1561aa42b2a4a9e36be3603835d5c8ef11f
SHA256339c9aaede34811e5845424ebf5169c92e6646260df6e1417f5bbed5464445b8
SHA5127200a07d95d375fa63a15a48c345ca84d61a7d1737c5d4810e3adf78874e09667f1e3d8ba75fb1d53a44110170df52a0b7add4163d054da22905bd0af027fb5e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55837af601ed6ff2f5c1fc20b185dbd67
SHA15145d298c4b0d1ac8435aae8e8752d63cc9aaf1c
SHA25615442fcc6aae1ef5222ceb1d8b7309ccb3078bf3154f173a413f7209ef0df66d
SHA5125d434ed1222a55bb4370be4392504bd62cebab00a2d4d554cceaa8fbe53717bc3ed1939d0a8dda6f62118000c5ec8b270e3a7ebfaae72bfa23de53b040d6d5bf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52b19bf8f9d71403e7de9277cfa14dd95
SHA1edb765ae56482f51d7beba3e3269cb5d20f93170
SHA256e1056719f38000d3395741a29fb99ae2832f46eb0ae3e493f7b362f609f1511b
SHA5122c59fbbf7d6dda296bdd7c822ad8a7178115f6b98df5d96cd603ddbd8e2083fc7521be256aadcf53e549660fa8ccb46f093257eb7958581dff3f3aab1d29376c
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a