Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
28/05/2024, 20:51
Static task
static1
Behavioral task
behavioral1
Sample
7e5baad25317a4a83ca2e989b3ade670_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
7e5baad25317a4a83ca2e989b3ade670_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
7e5baad25317a4a83ca2e989b3ade670_JaffaCakes118.html
-
Size
34KB
-
MD5
7e5baad25317a4a83ca2e989b3ade670
-
SHA1
375140c33d3a77a8b311fbbacc34ef43acff5944
-
SHA256
7e8501d741f6ba4084cae9ca36e135fdd556659c38bcff50e42d59e8bb3fd0eb
-
SHA512
10844f51944d58fe9120151d5293c267eac284bb85e244ec823b12404db81f520e3679c1f8cc3729e7b09fb8e15c578e98a9da53f852deb63bfdcf43c953e662
-
SSDEEP
192:uwvmb5ndqLInQjxn5Q/xnQieENnFnQOkEntDrnQTbnxnQOgPcwqYCcwqY5cwqYQO:nQ/0pCz5cNks+6HZJPajBW
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423091355" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0CD4C3F1-1D34-11EF-8456-F62A48C4CCA6} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1712 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1712 iexplore.exe 1712 iexplore.exe 2044 IEXPLORE.EXE 2044 IEXPLORE.EXE 2044 IEXPLORE.EXE 2044 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1712 wrote to memory of 2044 1712 iexplore.exe 28 PID 1712 wrote to memory of 2044 1712 iexplore.exe 28 PID 1712 wrote to memory of 2044 1712 iexplore.exe 28 PID 1712 wrote to memory of 2044 1712 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7e5baad25317a4a83ca2e989b3ade670_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1712 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1712 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2044
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD5916a7eccb3712c4f5e18eb54a5413c05
SHA16a7dec7b36137eec39941735011137f43122ab2c
SHA256814a56251de2ab06dc0769d7e241e47d22964b76afb1c7c15843df4ebd5739b6
SHA512a4dc1832fc526f8244a2a08ca436ff484b83930c3e031766e5778593e03fd9e234d9e59dc0755c874995b8103f6b518d538b5c2978c0527c4d84d5ae2f7bdb15
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e16cefe408f84235f14af1dda3180a09
SHA1e358a3a9b0c878b5cded8013eca09b1b5484affb
SHA2568a9dc58d2d7eb9ed96935aff0345996fbeb0be8f99143270fe0dd65dcf6c3abc
SHA512e87d61698aa3d3c55379084dbb12ce4336ebef61526c5252d2c512b02c008cfe2c17f5d219771d997873e38a862c07fb9fdb82ad16edcead93400d1241cebef5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54f7665ba973c308bbe0b8cd5717afbf3
SHA18088bf32586b8e140589ec4f9d9c3a7bbc4ebe55
SHA256f53451e96541a11f33c9001c5acfab20aff557a1860a01b16a3023af70ff5729
SHA512c8b3adaee92c2d5129bcf71c4aad68a71879eb805500a90316e18ff1ad24a58847557860f97242f6dc5536772f3738494625e493aec179f8f914ee51550503eb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5dda6f26450d76c8e2577505bb7d24df7
SHA1fcb0cc2122b9e7043227b9f5f393bdf844698770
SHA256deabd2acfc10669c99fea69fa3d9dcf65196f2a05cbb7f75928faeb8285a5bd4
SHA512d43f6e830cc1a2bcaa08b0f898bebf71430602bfa8ac78b82fb63436040872dabc56c64e4d651f4aaff4244268e6d358e42fb7ec8e5dc84d5d8ea2329886a313
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5acb82555dd5444a0d8f018c957cc93f1
SHA1c3246f00161bae0eb7222ffbf8752437fe2f0c20
SHA2566f273b4a6a8a44f90660ff440bd3367d94c7fd7c31575ee36eb2f567dfd0b380
SHA5129304be3193fb24796adc00b9ebe9acbccd10c31522454706c6458ff31fec3b5c9ecc0aa6053b95dd7af3e4479448748e2cdb4ae1d917650459be7da687358544
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD577ad8fcb7fe02f61f031816839ab5a13
SHA1e6d5e42350613e55cbb5d6ec8d717c189da226e4
SHA256edbd82a52fd62cf0b90983b42ded725b1558400ef1ebcf81786ddc6bfa84b8fa
SHA5127240262b49b70127837e0c40b5a650dc5f2693d82cf95c160e5ff9cd173de46376942eeb918cfc4dfef4033e6226b5f27862f7be523ff4572a6a47613c1080ec
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5503157817d73fc74c1d53ea9530c1989
SHA143d853050629c7dd309663e7190d30357d3dae1e
SHA25617cd239a8938d278e7cfcc00d2c465e4c11197e17fcbbd91686488ac00db62ee
SHA512e99ef4b08f0d7e8e520086dd5b1c2fec0b6c14bd79312c5dfc5231614699510c57654bfe322ca1f31ad5999dca89426d415de91c54fcd02ea36e0ff4c82bf043
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57871dde996d226a15d18471362ff2b38
SHA1c934c385d4dac1ae98cb7cd8519f9c64cf9c2f8c
SHA256a4399566b32b57f3efac880473ac08220372373f282f0a94f444cfe98d304698
SHA512e21939cf692895cf3525ff2008bdce9d98b7f126f4dfa2ad6e7a33240381685c13e5de853e2754547403e15824b30b612aa07bdbdb1c8717e537522a803e99ee
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5451fa8ae73b243f50348983eca7025c4
SHA16756c43185d2c835b3bef746f9c71774a0a42af0
SHA256c1cb768db26d9cb9913180040c6c1c00ba0ba9f6b197ec93789e0e109ea0c2b1
SHA512fb35dab54836a6000ee9255152224aa702a2fa038c77f0ea291a3130d087e32dd45532f3c22216e3a9b0360cc969182d3fa574ad5cadc6eeb3caaeffae4e6370
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53cf953788dc2fba4623177722b9df16d
SHA13f2762c98bec51915dc54291582a8d298eff9a5f
SHA256d7b83825732ce2039c64b5e1186f2a04aa3529cabbe4f0310c57bbe315046dba
SHA5128c5f04bac399bbab027f6bfa709a8e41795e01ea8cf8c7683387d69408a6c96752a9fed94d2298c78632cdbc8fe0b54599e647be3a6dc2d675e62d3266b3519f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD57c37d5497526322fc85643dbab6a7e03
SHA1d4a3435c22ebc0c6eab140611610631ec6cf7bc1
SHA256c9eb59d51028f7dc8ce0adcc67ec7c2a18fad13a21a14f156f3b629995e46ecb
SHA512589193cac0e797c87167dfae53d655d2350eb1e6c5bf3d29374ba57edcc2ed1cce5fc20d4b16f5a4d32dcc2c87ee06dc7cedc7b1301c826c21e1b38b6595e530
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a