Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
29/05/2024, 08:25
Static task
static1
Behavioral task
behavioral1
Sample
80184f64ec12f99bd43fd39c236d2aed_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
80184f64ec12f99bd43fd39c236d2aed_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
80184f64ec12f99bd43fd39c236d2aed_JaffaCakes118.html
-
Size
28KB
-
MD5
80184f64ec12f99bd43fd39c236d2aed
-
SHA1
f66274ff9f076a19f1c7cad9a710cf90329c1447
-
SHA256
e46c0b7e57a8917f216e71b6d85ec42554b16415f9e9c217b7bf9807dd60efba
-
SHA512
99828271eae4cd42c2a15df47a3f26135e14548dfbea45066867765976009e62d101b13f80ceea9c448f28fe268d4868070ec4d6edfe97785e76021dc35e3786
-
SSDEEP
192:uWHz7b5nxmvnQjxn5Q/9nQie4NnYnQOkEnt/XnQTbnpnQCXC+AzaEdWcwqHA43QF:ZQ//p8PmT
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F881B4B1-1D94-11EF-A01B-4AADDC6219DF} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423132981" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2276 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2276 iexplore.exe 2276 iexplore.exe 2984 IEXPLORE.EXE 2984 IEXPLORE.EXE 2984 IEXPLORE.EXE 2984 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2276 wrote to memory of 2984 2276 iexplore.exe 28 PID 2276 wrote to memory of 2984 2276 iexplore.exe 28 PID 2276 wrote to memory of 2984 2276 iexplore.exe 28 PID 2276 wrote to memory of 2984 2276 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\80184f64ec12f99bd43fd39c236d2aed_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2276 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2276 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2984
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f5bd5a82ddb98f9bd36e0becd1ea3c53
SHA1e84e0cb2b6dda80eab9a41feb2933d2d566a849b
SHA256e4ab7a91d07e27c3baaf9a1f211b29ada8cbf3b0806491629416b4f8d047241e
SHA5124158fae9ef871de7d22c19ab020f3902630cb09260fde3da9b7ca5e6e0bdcfe11db1ce3f6b242ba774648af59609a3a279de3aef49505e320cfb501158751878
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c7342571b28dfdb0fbbaa217e25ce2aa
SHA1ddcccd7e3cb570fc8716cc70224d6405f23dfbcc
SHA2560313e60a109605d6f60b2772401aedb19e24a9fa980550cfb7f64979013a68a3
SHA51252c08e7f1271f8b3660d4c5798391c23f01847651c376edce16e00780f3a1d693d5bad2cad8388605ddb57b710ad346a7a33070fc4fd4985dc862f2f1692888d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD580d2b63fa5220fa3a19e34493ee0b6fb
SHA1af272ddde3518846f5c51dc693d2c4935e43940b
SHA2564a46c45b28d37fbec8f68e63deb7c921f94be871a4876e307b9d06973a9896ea
SHA51236643de72d5e7f43f19c3e0f8338606d543d0d1eb07bd6104b6950b46e547b02fbd4c171fee88e27f669006ebfba49a092953e931017107ce97bf589b11357da
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e5e0200be6582e55854701cefe5ab282
SHA176eabb47d6fdcd51dc3b55b20d39a1c1ad530197
SHA2566de374cf802a9b8a86cade2c900834853d679e73ca493d378469724385558946
SHA51265a15a302a781fc03212f3757334d861acdd167a7901450693a3dc24767fca29ef959044bb96eccce040d33bbb4f724629a8df9d89bae19406dd6394da7212a3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50f79ce046342cb0a648223ab2f92fc01
SHA104ca2894171cee52d427a2424c24d088e1547dee
SHA256beb3a0143d9cf6a004bc350e97b8ab246b480bcb55418c23bd4c66e4b49d523b
SHA5124b543915addec12b89628f9492e7afd37a8dea2559f78e1be77ca74a44af82220ed252e56f29bee3d4372ba98570b2382b25469c7671c0e20da111c16b440a15
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53bcb013f445ae4c30c7ac24bca8f3f6f
SHA13e0f1e40af83b13839ef076a202ccb4cf2c42cbb
SHA256b1b69c7128b17073b6d2862ec1906f5a4e4cf511b9bddae4065ae718ad3376c3
SHA5123e0d15ac87f2a9b66cedee08c9ca760630ad3600543c8332eac6cd8b93dddee857ba62ec291a49b1380ce41e9f03e87286fe559491dbb3ae946b466ccd9c593e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fd19c97a6cf9cbdfe70d050136f3c6cc
SHA1f199bab2acf7492fdf327f9d95554d1388dc22cc
SHA256c98443a709c4d73f356821df6591c403af7cdeedc22ac18706c46b3b3b6e51d3
SHA51288d62455867dc49b804f9f2a8967cc5085fc2dbccb4ff2c92d2bab5eb3984c3d920232d3da673ac515e2f6fed4dba53307325546fc4e01cd3609ffae22815af1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53f12092a8e0fc77a08dfaf97063c37dd
SHA10d134fdf1377160b37b947a6982ecd331fb869e3
SHA25608432b7e84c54a1e93712b12de35cd2db62775f8acdcbb0b7bcb25f657bf339d
SHA5125a14d21b6cd778c903de13192316fba33262f992b442b1b2846752b8a1cb1e6642434f542483cd82dc0eb430e1fa5c8905ebe0699f19bb13609eee03cf148acc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bd2c9885b3226bbc77a22ccfe19f90d5
SHA186999dfe0fc3d3e22144a850a1244a4c9fe0df78
SHA256e7b661961bbaf5d856d42925065130a83a6b2d393a125e7b0b7bce4c29d90f84
SHA5125941bd4a69c1cdf3f3ea37c9d5f3e72e97fbad0d34d443175a70a682b9b5f30317e1c5e2567d751bd384a54f9612545dee6bf4234cc876d23cced56207ffd1a2
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b