Analysis
-
max time kernel
149s -
max time network
156s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
27/05/2024, 19:07
Static task
static1
Behavioral task
behavioral1
Sample
7a323d8034fcc5153ef360d3203bafb3_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7a323d8034fcc5153ef360d3203bafb3_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
7a323d8034fcc5153ef360d3203bafb3_JaffaCakes118.html
-
Size
23KB
-
MD5
7a323d8034fcc5153ef360d3203bafb3
-
SHA1
49802f5a08d464f0f0cc154f7f719b82164731d0
-
SHA256
eb2d146f117d99cf4cbb4721e3f73196344fbf8c719b1a7cdcd708d9503d52b4
-
SHA512
f3391f56de61a97a2e5f1d8c67e581cd0cd6e0e4b7ba01668b62a6e592a29556e13518a9daaef5f7b8eef2c20632ef176ae1decf874cd6bde3e851d54569235b
-
SSDEEP
192:RegoQ1r5b5n+nQjLntQ/JnQieJnVnQOkrntLonQTbnOnQ3nnwJnQtkMXnFnQ7XnY:QgokrJQ/thv
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5171E391-1C5C-11EF-9960-CAFA5A0A62FD} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422998699" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1368 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1368 iexplore.exe 1368 iexplore.exe 2744 IEXPLORE.EXE 2744 IEXPLORE.EXE 2744 IEXPLORE.EXE 2744 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1368 wrote to memory of 2744 1368 iexplore.exe 28 PID 1368 wrote to memory of 2744 1368 iexplore.exe 28 PID 1368 wrote to memory of 2744 1368 iexplore.exe 28 PID 1368 wrote to memory of 2744 1368 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7a323d8034fcc5153ef360d3203bafb3_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1368 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1368 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2744
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD520d0554e2fe14f56d32a1b4b873fc4bd
SHA17dc563f45c3655251f40a5777b4f0888da97be81
SHA256ae4d57841534a8f000cdca2b012e9aba73f7f4037770784324b4b0fa7b4516c4
SHA5123899447813fdfdb2fc3f17b3692faed3b0286d6d89a846c6eb51be502ff7d8e5ea3361dadd343079be8e2b967c40c19fa25f1d55a829718d6201a931a4c88d94
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52a5f6a16cbd3e489d632260356c9cda5
SHA1aff2848df5b3d8440afce46738a27c492526c2c0
SHA256da87e8498bff5e58c026e7f4d16adfcdb967d258246aae7f59572a013dcbded3
SHA51285794f888df4da0c4f8093c6dc7665ebea4660d3905e804ae1d6190c96332ba6eb21265624f42e1ef9ba3d55aa7890e4295fe3dce2d20950788345dbfc6648a0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51e5b1d5b2b453ce41ea60de54f580ab5
SHA1e02bf9ff5824fbba1d01defa2a1de349a7336d70
SHA256f23033097b016b7869308c24efaea684cd8468d2fc1d33bfde8f6ebb98b507b5
SHA512691570b76fe84a978a6c30960233a08ca8add27b5a746f979edfca2c2c02e1b701339ac18b8e63a9099f7c1c57180f94346e7772a1c6f88b7b81381b7d5b000e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD511d3c83df0f36b5b8288c61e435c3863
SHA19353de03374f52e3b702c488c0d8d2ae9add663b
SHA256921d950bfebe31c055d551bc8583925fea64e77e25f6b0209d39ad7dd6d4b1ac
SHA51298ee430f29635d1930bf56c0949a0be30eba9ef5cbc67ea86210fd06a62e9270826a48618551e963cb265ce3b7610b241af4f4dd4fc55fc276c5d2ae547fedad
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b4c13d3db930e731a27a05c35a81666d
SHA17fc29f62d33a0c5c58e1e26196b44bc61cb1a0d3
SHA25650d419ada84e10e28f778fa9ae19ef3b3a4c51de56fa5eb98b644b433e008e4f
SHA512871effbbfc42b73f99f1fffec7290a43905dab33f51df6236409e95b04992b9a401fd71362b662aae1957b83dd5863a09f609d4b9f8610e3f139afdad35bbb28
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54434dc01d8d4814c60a37a4539aaeab6
SHA1d7d3daa4add9e9a542c354fe93471bd1e2cd4e41
SHA256a1ab7a4b9c2d5b2622ae00a657f02b591bf6767f6cdb32d9d49082a751735c7a
SHA5126e105753ec395a73d31f8a5e0a12c4dce7d583c30f8e4840100ee0d3871166e43471725440cab02520a4e5c6fd3f86e1346e3455b544f32774d48b6119877075
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e2c59594dc586b4f8e21cb44e56bf86c
SHA14576a1f53badfad6facd088e459707bff7726509
SHA25636e820553bd8f36b25a5628b19904f8f210d87f07a4d89d1f7b9bf60e10f3935
SHA5121995a5ffa702620eaf7aa1929cd9fa6131efff419cad31e9ada8d8cd6258bdc973b203572531f150c1c2cd08275a063ce9ec79cb2c7845312dd1971d6a77d494
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55ed5b28c75ddae0fb66b65d670a0e161
SHA1f3c184dbffac605b3019f9abbe0f8b1ea37946ba
SHA256378b74514bcf089d70800388bab8f94e5e0d4d36892474e1a589e2800becfe88
SHA51243e8048843c2398eceb2914c7dc2c66ef5f95d9d1c0a574f60aef6e840cb70c73794d600fe04d78b67062bdab540c8f199849750846849e10b0c291d04578ef9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a9ed582472fa1146395318caf4bdbb78
SHA1991d9cff983d0863f5f0dc06c9c54df3e261cc18
SHA256473fc04071b3e85bf91c1cf367daa4b93c7584e65ca8b0e4c6a3e8bf70d5d74d
SHA512d16c23ee428b48fadcee669f9383dc6c1956cf7651eda5644dbe6f849bbf192791c844fd3003dd967fec1c9a3da71d18075f491f62a72d3d6b7a14cff700d673
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a