Analysis
-
max time kernel
150s -
max time network
146s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
27/05/2024, 12:11
Static task
static1
Behavioral task
behavioral1
Sample
791c08318e470c9a2591da580c33ec8a_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
791c08318e470c9a2591da580c33ec8a_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
791c08318e470c9a2591da580c33ec8a_JaffaCakes118.html
-
Size
30KB
-
MD5
791c08318e470c9a2591da580c33ec8a
-
SHA1
626aa5464bc14211809e5e6d149ef3c75c265e78
-
SHA256
db97d8380553fc66e423252b3de2c41ed0001217f0e522870410cf3bedf0a029
-
SHA512
80d89ee295aac5b9f0d3c3522cb88ba1a4e25d968adc03fbd040a0c1fc94cd7c56e268fca6eeb40f14f2c3f39b61a23b4e1017d909752fabca22871595ab3aeb
-
SSDEEP
192:uwn7b5nT2nQjxn5Q/rnQieqNnBenQOkEntB5nQTbn5nQmSvx0U1DTQJTWUZxyzJW:RQ/HxAx0U1KEbOCA
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422973766" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{44372081-1C22-11EF-97FB-6A55B5C6A64E} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2956 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2956 iexplore.exe 2956 iexplore.exe 3000 IEXPLORE.EXE 3000 IEXPLORE.EXE 3000 IEXPLORE.EXE 3000 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2956 wrote to memory of 3000 2956 iexplore.exe 28 PID 2956 wrote to memory of 3000 2956 iexplore.exe 28 PID 2956 wrote to memory of 3000 2956 iexplore.exe 28 PID 2956 wrote to memory of 3000 2956 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\791c08318e470c9a2591da580c33ec8a_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2956 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2956 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3000
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5252949e825efa7ae3e0d992b0d4f4af8
SHA1ead61e19443c6ed15f4e18fcb4e6d6b942171b65
SHA256cef84ff69cb073bac0888c93227a8f364061a8e43c2b76e8c0d1cc5b2624992d
SHA512aad6f11e996569c1f4bc56b3cd892701668df3d78577a361f7e363928c7be547d88b98e2a1d6e1bc3ba3195f39d8bedbdf99e5778fe67fa4004a6479c2b99458
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD508976096605ccedf2f745fb7ed0121b5
SHA1eb34a334fc68f84009fba298dbe16e79dc485d9b
SHA256c221a1697bcfdefb5296391a83ab3b7a200b3dbf298f4a8ac78b56fe283554e0
SHA512ab758e792399db1ba5a6c77f33934ff19f1799638ca14223f30acd87a88fba7b4e28c56d7aa6f872141610f2671287e6aced64af729546c17b033f2b098c0bfe
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57c0b9cd5e05f79237c2822627bfd491d
SHA115256b8c93611f83c8c56fa0772ebc1da2648bea
SHA256299feae129fd19786587902efe98cb4f85402fa62c9d84ba34f342719dd9f1ab
SHA512696b093447cb08d73dbd31e4f36a85bf4b745dae9281ee45baa6e69ba3c885a12f4d6622d164fa4d48e0fb24d18fcd7a2cbfc71014b9c9205d48848ac65aa84d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD515b9988b956ec614e25e37f59111b28d
SHA147c726f93df0b4e31c1d7da4f4be5269f2742258
SHA256e38da86092b4c0bcb30a53edac388112c199b2f8a83738c815fc8e906a2efb51
SHA512b8e6ddac5b157295abc56ad8e60c96c3285f98ddb790e197e3f3996f31e398c42ccf6693434efb4ace1b7aa35e2596a7e85ddd16b969040baa0e716c23b1e24b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD530ba4ae0042bab32661e82fd7fa66b18
SHA10cd05cbcebd97e59cdc115eee72988cc3016d930
SHA256b88a5f53fda33bf237b2c77007b560e301c3464a4fc60eebbf37eb7d66bd871b
SHA512286b820f45b1109f91d147f04327bed0d609c4bc7a82014b650828d1df4daeea007296ad7d5a68e3eff60479e3833e201b777e51c213c0239fe131b12b4b5c2a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a29803608d4cb710b90bc04d4b2f8857
SHA145cdfc61214d245deb45a336cb9aa7cf684ded09
SHA2561bbafa515d32c538654610f04f6563ecebdb0943ebe0483138c4ce29319cec16
SHA512a0cb51cf2c6b29e8f9503d6d0e62cb92f44f56b5d7442d78637d695ea05de55d68914ef04e64f8522a1d9bd4dee5aca93fc89bc2e7536604a3fe53eb2015d2c0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5fd002795a6a9b935bf511b447d477cd3
SHA1d25d6af098310b3a0d5444b385964760f82dd2a5
SHA256dffdd2b3a09fc60253f2aa9acb184c966d1e0f059555b52b0acbd4ac2e3a778d
SHA512cee2b590b3aa6742ad32969b611063c40dbfcebd1d8e884da108fcf40dcbbf7cc2e1718644872855d1e880adf069b610a98547fc28418b101113504530ad41b2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57db7ed0888b3c24e1c0e34b2d6e8ee6a
SHA1182a3f0d566ba4c771a1b3ba9e068b11a2691d3b
SHA256d11217df73e225f8eda7fb11332cb09b6e66bf3875c24b4a588dce8a42278f6b
SHA512189c17aee00fb391cb87c081007e169004cddf80eeaf1e98a76624835add2548073e71d7f0090f98773b2b3a945b1fbd28845f07831bba815b0876ef285fcbf9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53f0d77db923bedfdd7178285e5d586c6
SHA10fb65fea100744db857436e0ec4563daebaaf210
SHA256822915d419fed5bc4c9649c26969a180e9ab75bd4d9c9224fdf175a22b2ad359
SHA51241b1dd22ebf07a877d8aacdbee07f5427b186515dd3b00c6bc841776d2fdeaa917b2c782a253a8e99a194f0b7b8626a170ae95dddd8efc392163af83a36bdeaa
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a