Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
27/05/2024, 19:07
Static task
static1
Behavioral task
behavioral1
Sample
7a32bdf19b5a7b00e37b4beeb8c04216_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
7a32bdf19b5a7b00e37b4beeb8c04216_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
7a32bdf19b5a7b00e37b4beeb8c04216_JaffaCakes118.html
-
Size
23KB
-
MD5
7a32bdf19b5a7b00e37b4beeb8c04216
-
SHA1
1e0c78074094f2aba30190b92c420636784830ba
-
SHA256
6b62cae890522450ab6acaa8a45bb7d98ac711bb22c8649f540af7f9ff7b1b87
-
SHA512
6a46beccb94feacc114d595b368b0f32b9fa35f836b335f7138447e761170f244e10e2b17de56eecc4e102ba0a70519e59a62a59f0bf449f4b28cbd8ad2d493d
-
SSDEEP
192:uW9J18ob78Mkb5n2QtZdtMJNMuRM4cnQjxn5Q/wgnQieEfNn5g2nQOkEntSKnfn7:jQ/J+i
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{67ACB721-1C5C-11EF-A296-4A24C526E2E4} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422998736" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2268 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2268 iexplore.exe 2268 iexplore.exe 1984 IEXPLORE.EXE 1984 IEXPLORE.EXE 1984 IEXPLORE.EXE 1984 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2268 wrote to memory of 1984 2268 iexplore.exe 28 PID 2268 wrote to memory of 1984 2268 iexplore.exe 28 PID 2268 wrote to memory of 1984 2268 iexplore.exe 28 PID 2268 wrote to memory of 1984 2268 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7a32bdf19b5a7b00e37b4beeb8c04216_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2268 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2268 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1984
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56ce37da3102c9653eefeee9f4ab5fc57
SHA14789b2d66d4134dcaf70318fc15efa0d2d22c869
SHA2566f185dd9af989da0fb6078f71b1011be9cc3b21780b216e69689ae6f0b8620c3
SHA512a8423c3c9e5d6ae97a6bcdc4637df7f980d99ce7a480d90f3a5d6abdb61c3f29670f8168972c4e70358d0cb7ccdf6dbf75bad2dbb25b9393b1b87e113b977ac4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56773f645a17e5df3ac5ee3bc04c1c9e8
SHA1e047ed1c9f71c7b3ecd878ce3620ca4c533ff8a4
SHA2568134f3c01c0acded6e6f7e45dd41d869e9c2801a428eed126d1f6ba99d6e8c24
SHA51264f7def87bd1b4dc7dd428188118ee00c87b6c89bb8a3500f0ce82dd9fa9b22989c0031c7719b5ccdd22c9f4689323f96ae67f5cd97125c6181de48eb7df53b5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c65d8d92b4397e14d5eb4305b274a936
SHA1f316f8708d48798ff0e84531276a62ec99dce72a
SHA256e13087e15c6ed4109b79ca00860290ca7fe6b2b435d37fc528cfc374349bb2be
SHA512e5e1ce3d58d557c65f53f48fc3c1e5ddf4063bac0ec4749b443e76c8f59cfede7781f622fd8d78876984b26bcb7a4ce4e9274f260496ec69e917eda8d6bbae34
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a35c02551ad9faeaafc837bfafb9a575
SHA1ac79db476ebd4de078e55882984f82d3d4b00722
SHA256aad9d113766ca57c91ce6ddcfb873a25a1134a3288dd135dc495d47dfe3262cf
SHA512d430f16b49c1e8108c057110acb05e69788f354b12d6edebd0c70d9e876b5bcef90d683f287eff689049577ff658919077a14e5819dedbd4323dab8b1c07324b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5013de16fc0fa40419309d3a5b9045c1f
SHA171253534b32e78eb4ac88c334868fb47d37981f1
SHA256f37fa9ab402b0bfbdb29e7592d37d1dd5187235815f70468d48026015aec4873
SHA51281a658549f9a0a81de3ffcc95698705673e386671508e642265ec56c05ad1887bcda725709be0bf6610f29d25383ee2d6e50d25a99a2aff0f041c7e6c63116ec
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59ccc934159d26b16550421d46ad3761c
SHA196841872527544a7d9d832d29e79dd7b8ee416d2
SHA256ffbd529002243a222264d23f30e5d959d3b1fef7830dae0916638eeeea250293
SHA5129406dff40b28edefc09d04f0f9cb934113e4b71866aee723e124ae4fa012d6a0b2a9e07f28a5409b540bd267d21b355692b4ef2393d7baf98e6dd31cf18991a2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56c1be71925d9f4c127612b8f8929f47a
SHA1433106fdadaf693fa04dc9a4fd96c9644961e707
SHA256a8fb777694c92649ab8961fac84b5eea5f6330010f5a03ed77eefc3fe085aa6d
SHA5120f136b9d4960fd4a7155d7955bbca3d7150d67d7d5088bd8e9d91ec2aa087a42d252aea789e1b5c8750f8c09b327ddbb2a4b94fcff708b40f7b47e52c5d6c3f4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59c45e55f79754803cc6ae974a1dc1414
SHA1bcba076708696e15c092c1b9f6aaaf5eef3261f7
SHA2566d2eaa4009ac92c171fe22631f9aa901c86058cde2d71d3f532b5baa5b47ac2d
SHA51227fea70d9379ac2df1c6a8e7bf62951d497dcd6b8adbebfc123143eaf3ee54b4a4a987f7047a339cc69d9dad721ee107d0cffa79dfe463bc0f3da3e369db9d30
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b6b5419d60c80e9ef9999ec93be7d826
SHA169ad6910235fe8812a0a08b33ef198d318f4ec23
SHA256a8cf4df4c9747e986a30f26eea4bb5870549d2a4f797bcccb18f9b71e07b860c
SHA512130939d096c133de4d01319e1abf2edf97f804f055a3dc2eccc8ae5479d7ea6ab57c474ea9a676d0ed8435e551a9e68440884aa0c0239b58477892ab48e66a42
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a