Analysis
-
max time kernel
149s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
28/05/2024, 20:24
Static task
static1
Behavioral task
behavioral1
Sample
7e48de9833c2ca8363328e37ca962041_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7e48de9833c2ca8363328e37ca962041_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
7e48de9833c2ca8363328e37ca962041_JaffaCakes118.html
-
Size
18KB
-
MD5
7e48de9833c2ca8363328e37ca962041
-
SHA1
d891bb4516e809cb53c2fc083fcf1dcf35066654
-
SHA256
8907e3a773f49eefdd2f4e4788a4019bfa92aee4294afc578e2d5db86ade6f72
-
SHA512
08e0cb2f1cb14896cb52c5b82de7672f4be1c69552320c5e8762582150e28531b481d712fa9cfd147e1468ba45c272be8de62530352a569d9ae62d050eb632f9
-
SSDEEP
192:SIM3t0I5fo9cKivXQWxZxdkVSoAynf4pzUnjBhzV82qDB8:SIMd0I5nvH4CsvzuxDB8
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423089764" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5927C121-1D30-11EF-8414-4A4F109F65B0} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3008 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 3008 iexplore.exe 3008 iexplore.exe 2200 IEXPLORE.EXE 2200 IEXPLORE.EXE 2200 IEXPLORE.EXE 2200 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3008 wrote to memory of 2200 3008 iexplore.exe 28 PID 3008 wrote to memory of 2200 3008 iexplore.exe 28 PID 3008 wrote to memory of 2200 3008 iexplore.exe 28 PID 3008 wrote to memory of 2200 3008 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7e48de9833c2ca8363328e37ca962041_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3008 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3008 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2200
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a6098c08eeb62df0f041884f488c8873
SHA12fbc8dd5b95eaf75d6bc6bf139bca8ddc42633b0
SHA2563b0bf9d2fff1ce4c6cfbcfa57a4790d7855ff7a2764a464b181d4b87a2d53c5b
SHA51248219f7d36212d347b0f385b2d01d23e99b26cdd8c693e527380ea49f4e38f6e7ef79cc060c4372fea65b031d50a7c31589c78d649fcc3ab2bcea14d21fcd023
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a9df29626c97feafdf27af229bd164da
SHA1e27160ddd84e140fc5d36fa6914e43120b1ddd77
SHA2563ae20b9e810027d10376621519de8c474e4d9c33e6adf9c757402211e8777541
SHA51226a6742ca12c09d9973f1d27c3348ae0ba584e239a4e226601879d92c3174ef1ced9ff3d83b6802b22b7f73bd99351b07b7457ed6689d0f9bbe1682d1d1f01c6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a3960b228f91b666ec01d5453669a47e
SHA1ce483f66962918c964c27cd20b37cb4f9f0c54d7
SHA25630eee0f14fd47391ee4e4b54c0fa1933b3f02d1c2f964c18e3bcb8eb995e1753
SHA5120ed6c0fd6697ffc8522e416c6f98a973737443b74e4a1f283335bbd0352bd1dbfe23f6d45a002af73e421bf04282fbffc1b25ce7ea7af9f32e97c819b3bbd48a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5314443b9aff16629f6b1dbf5d1e3cdd7
SHA11a8c6dce8fdacbef7b62197673879ee25f372c2a
SHA256ba255d0b94d483f9a7de5fa07c4955293e6fe061715bee76c1812963d28c3b7f
SHA5126a7806738c30249cc9a30def3a8cb7e2296ce97cdf330381d7b011a19aa08cb1b9363d25f9171a559d509915179cd56e9ee8339b928dc99f8f86fb1f7542f991
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e49f1b4aeee604abacc2d7812dbf6029
SHA1a765c8f04595e88273ce669b7ccfc3692ad2fc06
SHA25623fc02acd34ba2df1f283bc815afdd30bc9b54a6914e9b3a96f79da862130367
SHA51286f021cab923766e13ad26f5dc002db5abda4fe95f6c5efc31157d04a8ac9cae0bb687de1a61ce4afc15f051c7db11d8caf613dfc6ecc1f989296cb497a4dde5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD522bacf8bb4b0fa143cbfacf81c2a10b6
SHA16b47b6541929efe0877342def37819beca9f04e1
SHA2569d300e299f7127b071cac8ccb108e16b4eff4a02d5cdec8baee996b56613f475
SHA512a374b95ba47f3e621ff84cfef535431e7279046767fa94e729e124723af66b59f5e4d56248205420918bdfc607e4f0e8e2a73babd1df7e897748c6bff9454da7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5af7bcc0ec40907ada422e16ffaf6333d
SHA1727221c1fddee0e13db614521d885aeae5002c7a
SHA256006d36e6a9a9e5c3fc24d91aa03740b4dae4b5b4f3c431cdcd217204e9de3705
SHA512966c4abb698cc02e9b4c0ee6f368664a485c1b6e7ebdddbe91a8d4440d6171064e84f6abfbc90ef8552dcec5f14f0caba7f0a7452c7ed1bd8aea0e7c9c3cfb24
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f12570dcb6216e29fb108cac33ad2b53
SHA12f6952c63fbd4436fb4b433b586d3be24e5fb9fe
SHA256bf01d1d6a0a13b3779e9415cf58bfc312247fd5519dd8a697ba25139e2d9d478
SHA512457abead4cc7396a4df45899f11dadffcc3a3b49f667d04c53e39430304b677bd8d1541e21725004ddffb2006d29e5f2c09b10aef3865c928ad5761749a5b0ae
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51fcba83cf0dcf4591d456bdaaf2c0617
SHA109f2386bc531bcac633fc70c9692188f69f2004d
SHA256973af2f58958629b05c992f3c25edf267b65ac765dbb8e1a956b3a2bb58ff5d3
SHA512e0e7bbaabb6a429094a66d52101d5f47c263e6bb67671c46dbcb85016727d1f0f52e9f796b83121363f4f4feb63595fa39bb28fa7f6e0348c7cbe38343a67734
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a