Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
27-05-2024 15:56
Static task
static1
Behavioral task
behavioral1
Sample
79a7d00d8777dfb936a663281a2bf176_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
79a7d00d8777dfb936a663281a2bf176_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
79a7d00d8777dfb936a663281a2bf176_JaffaCakes118.html
-
Size
27KB
-
MD5
79a7d00d8777dfb936a663281a2bf176
-
SHA1
c604c267223ab0131fe76fee1278739d5b9d14c5
-
SHA256
d8a3ec606ebb801ec0590b2cb92270d479fa45166ee0d887bb2fbb2eded041ef
-
SHA512
778979be378455c3577e75bba4788deb12237fc2502f5f0f520d3bca1741dc730ac963ba03eb5627e36348da07900b35dd03262afd6a036e95c141dfc9901f90
-
SSDEEP
192:uwnwb5ngWnQjxn5Q/PnQieGNnsnQOkEntVVnQTbnZnQ9eIym6ude0Ql7MBmqnYn9:hQ/gVacefSQLp9
Malware Config
Signatures
-
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422987241" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A4AB89A1-1C41-11EF-8356-E61A8C993A67} = "0" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2964 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2964 iexplore.exe 2964 iexplore.exe 2112 IEXPLORE.EXE 2112 IEXPLORE.EXE 2112 IEXPLORE.EXE 2112 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2964 wrote to memory of 2112 2964 iexplore.exe 28 PID 2964 wrote to memory of 2112 2964 iexplore.exe 28 PID 2964 wrote to memory of 2112 2964 iexplore.exe 28 PID 2964 wrote to memory of 2112 2964 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\79a7d00d8777dfb936a663281a2bf176_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2964 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2964 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2112
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57d568d73eb480974d3c0b82b3b0cde3d
SHA10f408fe308c2f7caa85b65438772d85279dc21cc
SHA256bde02f0925671327a09a6d114c0cef7524a99250f292e0a6969ff52b5978aa78
SHA51297434692b2eaa015c2b842c01554cd79f6e8ccbcd95ab2baaa7b1eb986cb8ae60c5be9f4d5453a0c6616b4951458edb23dc3ac82ff8363698f54c7d66232055e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f4793e42472303309e9c0486b0b65bbf
SHA19d69bd24a727b849512f4a07352d65d7dfc7839f
SHA256f6d23733add74fc5d78f8b729842f97bd4ae2239bfd070c4738f6a6153f9ac5c
SHA5126b8d96288f68f529483d4266fa60e0eb1d6af22ae326d979eba95ff52d0faffe4746460df74eb4ca7cb959be8ffee49afcca5bf425306b690cdb1b1468de68a9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54cf536e5f5aee8818aee8eb20b9862df
SHA1d1aa6130a4fdaf5388989ce13d7ebdb6b9ba36b5
SHA2565264aaa398b9d016f4d36956cc014a4c4d39b2a9cf62744915798919ce215442
SHA512f4a70b542b484751c719c401f6b2f91b1174f201f3a41e4d26b67f1ad9eade9c522c7d00c848aa8b273755377f52ac64c25b3c0c0dbefca5158e82c3856c54b5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e2608068a0cccdb77ad8124df5d5d94c
SHA1bcfe4ea90764aca2da6d60ce2e8d20e1ae0ad5bd
SHA256b456775d7d3fc2bb90c159ff113c1cd5bc4b0a3df2f6d038414fa5b71022fb48
SHA512aeb30c561ab5f8d8c7e8bede2d6c96e2be0ee6bf427a616843a7fcb045849114d687c8f0f8bba8a0180f931c75e65d8b082a3d9c71284432df859b65efee0993
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5efea5208d0f4e1dacefb8962bb15ba96
SHA129246642c23bdbbecc34dae6a01ec9da7668d791
SHA2565d80bc0c8960ad02d20d56582b13350ddd1c31264cf8407b6d9c5ee8e6d55de9
SHA5124ca5f0c97910330b30158c46b57999dfe32ca71455564d4a67bb801334e0d952a97ea39780129afdcdff0616b3ec87250ff873cc0aba1ba4e437a17b61ac7ba2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5220870a9adde0fbdcf75f89a3285ad7e
SHA1b650e95f75d36a82251e4de025477255b64d6798
SHA256407862f8c9d8e5e8110b4391ce73a4ad5bd37f694f6868bef9f868fb2a90631d
SHA5129b5d8067e3093f3f6152bb544fcbb04100b5416bb03476803be37e3c333df9a1aac4b8e44f5d4c45b26f14d246ecd979aa2b2e92a04f9a03c916eb4e8eb288fd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58d85fc0a53b88177dc1236138630b57c
SHA13ac8b6ec117585fd0a14d27013b80b69aca39524
SHA256fe8b6810db9d7f2cf6a9b288f03b56e72dac72794df00c3881f4b8e3b3db6e81
SHA51246c1723f1ea5fa34f0c2fa8ba6177ee8a7226d295ce249b85996dbb1a6435ad8b045dc172f9e3983adc721f45abac3e7a860f62ead1b1339a727c5e23a30f39d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57007188785c1d4fbc693aa2e6b013901
SHA1b4d8f8798da89483e67385e006308df3eee250d6
SHA256b707dbe781c25b3106a208a02769eafd4564beac206ecfef319ef1f957150760
SHA512c844cbbff67ca6cd71a2f12a89e6fc29936f77612889847eb2ce5cc92ded76153569811808ea395325870f49a89018ee850effea796e81987a5f128f3f28bb40
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5481da9f0fa42750597aa3e2448755495
SHA14068d634ff1a8764a277c1ff0eb30947664399fa
SHA256a71452583761781ee13e7870baf2a9bbeab07d6cd2de06aea0620934a14cf736
SHA51287ed34abc9c7ed9751ef4589cf8ca06d90164cb4fd3dfeac6aeb487e9e192e2166a7256990e7ed79d0cc1d872dc4daeb53e746ced932b86ee37602bec5313487
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a