Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
29-05-2024 00:25
Static task
static1
Behavioral task
behavioral1
Sample
7eec98ecb88f78b25f01d3895035347c_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7eec98ecb88f78b25f01d3895035347c_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
7eec98ecb88f78b25f01d3895035347c_JaffaCakes118.html
-
Size
25KB
-
MD5
7eec98ecb88f78b25f01d3895035347c
-
SHA1
8d387a62ac4f2677f802542a4cf976c64cf6a48d
-
SHA256
4c74674bb30cdd583d9125f2766696fd36142986dc76b8fde983d5276aec9e82
-
SHA512
d6458984f1e386302e229d782ff18e91abec70a9c8109a822a46e3d7c27527b4f6708aafc92161e65531f2cb06ca9d235229fa10172657beaad1531de3413035
-
SSDEEP
192:NsNoPeCmb5npnQjLntQ/qnQieYn9nQOkrntw3nQTbnUnQEYqCuA7pdEgwuXMEnFz:SNoj7Q/WKKWX
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423104214" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FE14C041-1D51-11EF-825B-FA5112F1BCBF} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2192 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2192 iexplore.exe 2192 iexplore.exe 3040 IEXPLORE.EXE 3040 IEXPLORE.EXE 3040 IEXPLORE.EXE 3040 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2192 wrote to memory of 3040 2192 iexplore.exe 28 PID 2192 wrote to memory of 3040 2192 iexplore.exe 28 PID 2192 wrote to memory of 3040 2192 iexplore.exe 28 PID 2192 wrote to memory of 3040 2192 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7eec98ecb88f78b25f01d3895035347c_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2192 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2192 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3040
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5df14d904046c27b69cb3b70513e8b7b6
SHA1f3116f435c77ae9f0dd802437ddd70f77edb09e6
SHA2565ce0434088f0daa274a042a4506e51c11d05d5707c7d1943b76b68cb648269c5
SHA5127256ffd7db0f273f1642e65efd9ab875a0b89d61323d767e4b13f1788f9cc1e963078bf271667ea08a7174a7cd54a47bbb91109932d925916049dc73d40c7614
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b2dcb5b53a6192dc8539bd61806f00c8
SHA15559e930a671da48c493e2b2d6d902ea7e605ead
SHA2561a308bd983f361247c132150eadc7c70316915a5cabbe290ac3c5e938db44ffa
SHA51289fe9c41f68b0c89743cdc29e61132a03b1b21bccea99fa5dfb0065b02bc0490ca73874492b9f43adce9bb65a9caf87f1079d0e820a311737c9cab111867455e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD565ddaa24e9fadf1380afbb3442d44473
SHA129ada75eaf29c901477808043b42db4e5ce587db
SHA256e69643799dc249db45bf262347d7b38bde9f6f76ec6fa7543b8fdcfd38aad814
SHA51278197e2b556e47abe07161109acf5eeebf0cfbf81f2521bd47b1dbe3540038e11fb69c887efcfd84f9b0c051c13f98345d257f6f6d3c70a75ad1bf817afd214e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cd0882d8f965e8e3c6521ac4b681a4f2
SHA1c214432e7240c693657ddb91399c5ff094cdc76f
SHA256c90a7c7123c8266898f74e5dc20727157aa96d69911d7d6c6a559e6ecd2b26f2
SHA5121215c30128f74fbe32a450caf7bd21656cf396d7ddf8d27871cd3cef4272e2517e3482cd4ef428004d57498b163d6376524517965af1bd7f204ceecb78d03837
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50cf6bf4b81afef22ecefc9ae0c2217d8
SHA1c3ea63e605b87a3b7a0dc2b57225ef22e0bf168d
SHA256a65342e8d5b9e87c8a61d162ee994537f7fc0161e52bdfd977551be20a184843
SHA51236630c579773674397dbca7fdeaecd174c584eea0b67b5f358745d5e9d25d4f81ef515c10b5c96a6a3069b9c295badef6a695495a41968166d38ceae4fd95bbb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d7cd4509ef4b5966ead29b85ac868868
SHA1ca2da7bf09268d4b42a4bac4bbbceb8fc661b8ae
SHA25646d78c245eb498a5467c2ef28f40d6e3129110518b1630bbff64e553596c472f
SHA51206cfc826570b7029d613ae56eaec9234e9b819cddaa9e6c530d8f56b3acfd2320b7f4f12b24ca138bda4e86881554cda0e26832f33f1be993dd3b57f359f35b2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53e214141c136101a7c6a14058180a40a
SHA10f905588c10f95ad17abf8d1a2a85c4125dcf316
SHA256b6bb5922126414794c090e762e3953e0ffc1012ecaadfe222f7d941f348ce280
SHA51287f36cf6ecadc0f1ca2fefdf47c0fb71236f266d617f203cd49ca0a52b6ed94c17656d257adedfbe135b12d6703db7aeaec17f128e6de3c579dd4f9b01d3cd61
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d7c9e46756c74a02db777bf945ef0feb
SHA1bb92c21064232aaa011fa37f7dc8789f75a5d7b8
SHA256dd236f81037a8c7716b03e3a4f620dc1a63242bdf0b82081769d230c0752ea43
SHA512591d98eecd1e41c56a551fdd845a7fa74cf25dace19e0d1d4ccb7c3e443f8ce0b783597ef23dff60ee1b0e73dfeec6f6cc14cc79cc1067b85c28496de7dbac90
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56e9a1b9ab5294f355ee73bf956c8fd4f
SHA1badd7cac8ed8d00cd82acefafb428b600977aa4b
SHA25670a2935a34f5ad97ba18bed0e16694b954c24ee49d5a435ebf2140fef7ba92ae
SHA51283c672cc719d39528831adc5961548dbfcc2584c0f832de43bf156c45707c26895c29826a59f309fa5648d46cd5522a770da4157c15c8995a35699faefd125ac
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b