Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
29/05/2024, 07:45
Static task
static1
Behavioral task
behavioral1
Sample
7ffc485fc8a31a629069ea11a6dc1518_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7ffc485fc8a31a629069ea11a6dc1518_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
7ffc485fc8a31a629069ea11a6dc1518_JaffaCakes118.html
-
Size
18KB
-
MD5
7ffc485fc8a31a629069ea11a6dc1518
-
SHA1
915af9834fdc56c23dfe66f6f347b03431d91860
-
SHA256
5b3c9196e9e6f68b6404e48284011702c42f3f5d9f1bb7981729e3944f9a0675
-
SHA512
dd69bb46c6544725c9a872e327fb644cdcd0c5ce4ef5127cb3694af41b7e8d28b85472057c8b15083556cc45a0954f4474156c251ecd2c124e89253c0d03702c
-
SSDEEP
192:SIM3t0I5fo9cKivXQWxZxdkVSoAI64yzUnjBheg82qDB8:SIMd0I5nvHVsvejxDB8
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6E7F44D1-1D8F-11EF-9034-729E5AF85804} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423130602" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2032 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2032 iexplore.exe 2032 iexplore.exe 1788 IEXPLORE.EXE 1788 IEXPLORE.EXE 1788 IEXPLORE.EXE 1788 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2032 wrote to memory of 1788 2032 iexplore.exe 28 PID 2032 wrote to memory of 1788 2032 iexplore.exe 28 PID 2032 wrote to memory of 1788 2032 iexplore.exe 28 PID 2032 wrote to memory of 1788 2032 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7ffc485fc8a31a629069ea11a6dc1518_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2032 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2032 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1788
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f755ad1b437d90c159135e2340a2311e
SHA1fdd114c96bcdf75e7d4d9ca78a74725c59ad420b
SHA256d1c0c11e5bdc571c44bee2fcc1ba49e6c3ec21063dfbc67ede40b633c9999a8a
SHA512e97df230f76909bdc169ee76a084558a186756e9ef41a9356ec61c917146366c19adc370291c0481d2d3ea1eb6271b3c91bc3f22919d1ae0642686dc61af2eaf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54333328434563a8dc594d68fb6350959
SHA1344dc7741fff7e9dfe29c2bf2ee5766040eefa75
SHA2568854cd52f3d76a08a597923f4ee3edd0644b644b6a23a628487d48b2054c8b3a
SHA512d2f2d13a8b6ab6a173c491c5fc8ea02507db8d9b340d0993aef9b980d23cd56ad0ca480ea6cc5fc5319965abdad18bcd9ab3b283341643fbf3a66f0c72226269
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59906b49077d6815f97e2b42bbb572d5b
SHA11970de64f88067daa6bc6c95cb3ba0da9bb40577
SHA256f2285754695ec8cc5ae610d552f1f3a37964f4a93fcca9675bd4b66330e64184
SHA512b099d116d5a4de63a0c13b6dba3641f311af25f7fddd2bc2aa5fbc3a060ffed15180783afb130c61e095bcec74e9b26b7aecac93850926a798b40fda976dfd59
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5845979dff9d2ce7f92bdfc50c776d251
SHA112ff377252317193276189e6f167a6a752b9e9fe
SHA2561134ef29eeb26c161f46bf16f64dc94b9832eced56fcc9935b9a5cd97999557f
SHA5122c498558a2aee3d8661d5ef426e03d44cba05933cda90ae9a944a203a3cb5e10e22c1d4c57812938f9ebe7fe7b86e739c7831c11351556aae824952c2f385228
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52d59c8a3bc9964552aa289e0d2a57b59
SHA18d0c2952c9f855cfcd4bd380cdfeb3b856b65e87
SHA25646ea03c1cd97516de3f57efe2ca323437abb1f7a8515f9382ca593d036c205b6
SHA512b4cfebd7bf49b09b9b579e8f8765fa38f05b9543692aa88db144a85c8afab3af59e72c378602b16417b0ca3cb7945cb0d229be6e463c4bd44029e1f588c4f8f0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD508b70445785e5381e6a830b147de51b8
SHA132de6abaa6ec05a1e3a1b2053922a6b4293488f8
SHA256a37b1f88a0d85de822007074ef90a31d0ae98a880c03498a66f674445cf9e555
SHA5127608317ce055270b742e544931f16f7bb518e01a40a75c228ee6c2764199eda69504b6e33a7504c3cd3ea31ae78ccc3749c3c2a2f6af1eab217ea8466e57467e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52364ca6937495dda4fe5c369926e4480
SHA1e709b6fee9c804a3c5e776c1a3703a6fc0fbf425
SHA2561192e6d0b1b808fdcd090cb9936b2f2a7e5f34a86981b5b983a012fe12e331d2
SHA5123f106da25a532e6e27f380260c9037ed4c00fbfa1026f6e2357ae8f041cf2ec03c4b28d7dfa2000fe2f239aa60ce68b5e653750adcfe0be3480ae7605349a208
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b62ea57c27f049c5e6c93319cf925c4a
SHA1aeadc6163c0bb015eebdaca005b1a1ed575df77c
SHA256f2f8677419309b8a326de0bf378b993d5a42f0013ff3f488865994b0d75f0c8d
SHA512639903c2b47a297dee639e8b60552cf26bd77b166e09a84566b30b9ffac09f005b7d788acc1a8a4e1f92fee84c6fa0d48d908ff827d3563e5a724cdb3cc61f16
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5db43fd990c76786d75e5c357d4bd2d69
SHA175f2ca436c38e37d5d3ede7a3d04821cb91aa50c
SHA25691f8996eb63a5d3fb96b3198b6175edc8d2159409c12b573b54fca8983e659d5
SHA5123e293c243332b6020964dd2d18edfd4cd2b1f168e784e30e29e918bdc8d8e08a05bf1c352ea236f3698b50ae6ae9f86085b5238b77bd25d41ec2581eeef59193
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b