Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
29/05/2024, 09:31
Static task
static1
Behavioral task
behavioral1
Sample
804508896ce0d660a44a9f66a7464430_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
804508896ce0d660a44a9f66a7464430_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
804508896ce0d660a44a9f66a7464430_JaffaCakes118.html
-
Size
35KB
-
MD5
804508896ce0d660a44a9f66a7464430
-
SHA1
113e8c817495546e06407a7cad1da6ccd08c9797
-
SHA256
31ef81b43996a45bb67e54c348486e1f0959e460c9f0fc28d25a519c6a9e24dd
-
SHA512
368a5b406fb845a066b6fe7420e5e8257903d95d523cc1ddc361681f24294ed609662587f2870e2fb638e9a186c4f9c7b26271e55fb7a918696c05f9ce37f0b9
-
SSDEEP
384:SGvNSpHRLAfG9MEFswUs5EUw7eb8zXJdJmoEIicdrwdQhu85eVpnrE27JOxoPvuw:SI0zDSqbEJrFjBHcrE2FHPvH
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423136936" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2DD46051-1D9E-11EF-BF0E-72CCAFC2F3F6} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2924 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2924 iexplore.exe 2924 iexplore.exe 2056 IEXPLORE.EXE 2056 IEXPLORE.EXE 2056 IEXPLORE.EXE 2056 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2924 wrote to memory of 2056 2924 iexplore.exe 28 PID 2924 wrote to memory of 2056 2924 iexplore.exe 28 PID 2924 wrote to memory of 2056 2924 iexplore.exe 28 PID 2924 wrote to memory of 2056 2924 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\804508896ce0d660a44a9f66a7464430_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2924 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2924 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2056
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD5d8f07a792af888fa9c2455b1f6666aa1
SHA1292a0c5d8e6bd0862c3979583e9677060fb36c07
SHA2566574c037efb03909575b974f2c4724e6b8115715faa42b09a6db3df99fcef6f4
SHA5127af816216c7ec7a186a09a7674e5cc72664fc28baf40f0e8e2f26058a017435f0ed61bf2004fa0416dd842c05fa6de0076ab88940e247ca6db3dfd02da589781
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5aae8bb54cc4652f78d0ba30e04eb136c
SHA1367cc71166df4849685ac41fb3b1361f705f0251
SHA256e48bea648fbf26fdeff5fb3f66103c5cbb4a05a5f0cced3cf9eca8007680729b
SHA51286c319dd03463c2a1229c8f26eddbe10d6220a92e8821fb900f5a66655a2fd0e7279b61021619db4af8cc2fb156e168aa6de2fb670d804994a8fcab519a8ea90
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c604c7c577cffb356bef4526a68e5057
SHA17f0778a753948eb90d8b64750ffd91a2aea5c96d
SHA256ce658cc54b37eefc2184aaf7bf14f6cc384e82b9df755c66ba67e2e9cfbf3e11
SHA512f58dcd6938f72761a75b48ed128d40abc7f2fede0cb4aaab24028954926b0d4313bf9914ed40d75dbab5aebf607c3a3bce6d34a531c7f1b40f9dd0f6a1a6f19f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58b068639c33becba1004833713c85664
SHA1a9c2fc17e0360a1cd6fe1334b953d2fccb862b39
SHA25635f0c733d9156bbd3fbc77ba5a1f756de61dd6b62d8715ac4c02122370b7409e
SHA512cc33767d0b88cf6d562a02d7b57c2205e642ebd0683658ae298b0c5452a149891865f041b706cc0e60c03ddc74d068085e79c6de84470876e45625cabc23a45c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51f0bc5de8d665a827304748a2715a643
SHA10441dc85cc58a13b481162b28a2c4da1a57b3861
SHA256e9834d0b64e29ca5d33de8442ccbfc157e4b642405fbf0884a95d09d548ce8e0
SHA5123854fbaa4af0b6b1d1a255490d172280ab85246f5faab98db8adada8bbad77af8f958cbfa53c15bd8be5229d9231004f9ddac8e297c94a22a1de88c2292d22ad
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ff7533eb5af6c68a3305877db3ddbd18
SHA1942e0109b4587ff37c19035a9803482f526b73c6
SHA256ae69e67df999d7e901507c462a113ebca2fb1212096ee7e74c0ecdd3b2850e8e
SHA512a72d8137452faaa93d8997343027f5efbf67b7bb0d71ea0b5aa62503013ce8abe21d192c9f53e7c9c03ffb16c901074165a8fe653753c4a9c85c8d1a3875ed53
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ed85d59dcab70b6379d2ff25c1ccca88
SHA110e8a521a9bcbdf0b906c08b0342f10d6bc145ac
SHA25630534080ce59ec07d75859301f8f1fb4efe2bb31c1ecf56f913a261f0e323b49
SHA51282f8b0bc026f4425a6889f9f9a5302a0345f7df2be469c4ad77dff9f7ef3bf76cbf372982510e42c31e86daf1d8e5e8def7fbc9c4fc89beb3f67b0834ff30792
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e551667e7c41e98dcf9d6bad27a3e9b3
SHA1f187140a819f41cc13f69d6b977d58e8ee72a1e2
SHA2567e5ebc780c932b97826c811826bc317039a9a78920d08af69ef0a554879adfba
SHA5128df05dffb82194d6e43321374d28def7879ff6a648d90631fdad8296e65ea0148f27c9df3db3e31518ce5aa2be1b24ba9d6b4c516032d1ddb698ff4a9a002a65
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56286e2bbb9e27546df762fe800e83e68
SHA151408c92bd68c3b0cd35f46d0cffd62a04597f3d
SHA256bd05fbcce6123cb0a3de4f3da0f0b53103991b7d29ac97a0521d5bdbb5577332
SHA512077efc5bc6d621a276a8fbfdf5bceb65677f6c4f29fd259c81262022adfd27a4d7970141cca7236d26b70a9d166d9c4976642bd1b44f9fd8866062a7f428a6de
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50c10dde4cbead5e48f4663b82a229c47
SHA1263e4a524353f9f51f6896ad7a214ae83dc9428a
SHA2568b94f5a02ce3b9d14a76fb93ce4e44405c386ac5b9ca36caa9ffb27e0783ffab
SHA5123e200d018c8219528c0d6a4f51a2173b370e2e5b84362e95f9f91f9c891613321989da167b953bb7aca46bb95e8cdb853fa4d042c83196f4a1eb2f81130d5b04
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD574e704bee6522428099b9edb80d8a678
SHA1a3d38ce1b0098da4e6a347336b04825e1663c08b
SHA256744da2d13ad3d07f6fa3b34d2702abefef5d793d767fc58dc6b996ed7e272efb
SHA512f58bd2a8f2963fe43ade39b899392119d150c76d17cc0990b24e8560b4ccb072d005936f80d6929247eb2480e0f42a1791bb401f46516246d7338fdb1d82608d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c8349b4d7b46856e11403076a961b1bc
SHA12e20c0b776fa942c51b7b45f46859725b1a777f0
SHA25641dd2ee59f9939d55ad8771c5e1e16763881986cec48274d10a40a174ea69e3d
SHA5128ba297cd0e60a68965bbe7d6eef438f65d1e88cce6743e4c34cb0b6b6f6bd3a6fbea77c7ad55ebfdb8782335d0bca9eb93bf1b09e5e097a05fa87dbf3834440d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD5ff8c91c5f79d8ab172cdd6eb871e39f9
SHA1e4b9ed084ecc94edc556ff83a2b0e7702b23485d
SHA25670cab2da9f76f5f16f609faf65fad24a3668ea6556f4577c24b48732600dbfa6
SHA5129521f88f99452eaf3593c2e9c328d15be1474434bb99b5ad835d0d17da85fa8a515d6cadcc25ec16d345bf79ba29143ec15f285b3ddeabc6305830eba52aa476
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b