Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
30/05/2024, 01:22
Static task
static1
Behavioral task
behavioral1
Sample
82a2d6b35e37e1fb1f569f32efa7bb89_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
82a2d6b35e37e1fb1f569f32efa7bb89_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
82a2d6b35e37e1fb1f569f32efa7bb89_JaffaCakes118.html
-
Size
27KB
-
MD5
82a2d6b35e37e1fb1f569f32efa7bb89
-
SHA1
534807597e0f9952e6491f9f8c29b820e36d2a45
-
SHA256
efde68e18811588e43978a3e256edfc8cb88854d1ecd805556ea8c15a3121565
-
SHA512
37c96d07270b327ca4fbdde33f6033ad60fa118628a7f18e25fc7f1d052769839325f884178f706b5a0df1eefc927037d8cec11093d655698ef0af4013b43d01
-
SSDEEP
192:uwfNlEUcb5nAPanQjxn5Q/jnQieCNnonQOkEnt9FnQTbnNnQ9e0ym60xCEQl7MBT:BlEUxLQ/AdaqCvSaTbY
Malware Config
Signatures
-
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1854AD91-1E23-11EF-B459-56A82BE80DF6} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423194023" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2320 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2320 iexplore.exe 2320 iexplore.exe 2184 IEXPLORE.EXE 2184 IEXPLORE.EXE 2184 IEXPLORE.EXE 2184 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2320 wrote to memory of 2184 2320 iexplore.exe 28 PID 2320 wrote to memory of 2184 2320 iexplore.exe 28 PID 2320 wrote to memory of 2184 2320 iexplore.exe 28 PID 2320 wrote to memory of 2184 2320 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\82a2d6b35e37e1fb1f569f32efa7bb89_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2320 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2320 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2184
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD52dcd17213170b1c6f5e3e5fdf7a41087
SHA117b51c64af39d22c1d944f339d938b80f98949fb
SHA25688344dccb8b5ed8d7e8ae967a3904f492baf30c787f0570b45df637de1daebef
SHA5124679f351d370ab438df68019df1097a3c58e5246c3e24b5e16719a4ff36271e60662fa3c5029d29dcc7ff457821ec64cbca6b09ab453f2a3168f98659143ed14
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59716c9ae55776bf5a027fa68727ff529
SHA1f8db9ba84446f9ac122015a127ea77a98efae8fa
SHA256513bd4b315306078058cb323c026d0a9f1ed9cd3991a10515b8b7ebd67f3aed6
SHA512c81dd284f73f82cdd20b0b95b9d74d0998dc498bb1bd10e676754c022d8ecb7d90e388b500fa08dc6c039510bfea3a69ef541d12cc38f423b0c46be827ede41c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55411548e7b1714d5c1ee2da306d649ab
SHA1ac17cdc3a4d5a4ec9fe2029dab3397ae8fb89c87
SHA256fd456e9ac839e8a2a04e0c5507c203f9aa900716820ea23a07dcde0eb27c355c
SHA512db630b3c1da3bb388d7b24b727364a1d6bb53444eafff629fd8520d1800ea2458710f3c7754a937dd01feb63732f15fcb25635525a503e2d98b158753138929d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d9dd2efd65e52bbb7a8a15c7767e19a2
SHA13edf405871e693030a922f8ca418295904a1daac
SHA2566f002321211abaae1f64fba6af9f7dd178612e6ffa647f2d649b3aa407f8f855
SHA512f1b5a433aee1b3d9c470e7abe43caf41a32661614f6d6e8f6b4eda2c555e14375aa6588bd742b49fc25ebeb855d1808ac087a3445a085ebdab348f74e36e1d3c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5207a2a987335f2a7169fd6a22798c3f1
SHA16f3b3e5cd36c8f860421fccfb349c7dba0403a15
SHA256cf1eed7ca3e39d6558ae932c972c8e9eb27150c46217c89c84f52a80f231ef27
SHA5124c81c755d1b9f70ddd9ac5ccd91b302d37bd6a6520ab1f1a7cca4401f424e2ae9b8ecee4440fdd8dc0cf6413520b3b6a93b7a7042f3a770b8ae0767ff23f56f7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57bdebe1f23bd5af4d982887fbed650de
SHA13a1da1095315032cb9a8531f69f2f70bfd3738f1
SHA256df1aec27bb1d619bd2730f44564eff4b2b92cdf49b65f9d1512a2781db3db562
SHA51227be6b8821ade8c5f7bb74e571cb1a440e2c7b08da0fd991c802eb2f1f896cf7163d874f0a8756ace7dac67df3fba47b5d8c73e6798191117961390e1ac1af7d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5eb54292b3173df70c9cfab7b0d8fc949
SHA1280171c940240636eee405a5edc9cedda5d3d81d
SHA25671ef30eae80f356c1a7f49b41481e9185d7e477756006f628e68ba2550152c13
SHA512cdcab6628b24cdbb62fa6ac1f498b22e6348300f2b982f4ee7f1f8a4066ceac95c1f719952988fc757e780b9499372cddea98d89b0b610cd46861676dbbbb868
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bc73732b5327e95554ec02fdbe7ee5ef
SHA1d037ddbe597bb2fbd164dbc0b40d0ea1fea5e0ab
SHA25670041b57b7bf42c3b33d63901b2d39f44929d03a9ae3b1ea65842ddfdc987545
SHA512aabd9026e6e3f026589481880fe174d32126f27220c6d62a9e8cd19413adc64211dc699aa6f8bcd70a9a7d2a00178b5ae477ce00f1c30680287a9123662c8874
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5148759aa5a588bddb6597b88e0997526
SHA111a1d3921948e47a5b09f824d1ad3d8d6c1e505e
SHA2560054cea9eae7043582b3e57a8881035b8eab4864ea75f7f53af6113473b8d6d0
SHA51275488d24d1e090454d522b73d7e46b512e5c8725ca51ab6b8ea3e1d3dd49eeac86457c7130eacb23c85bf94703245a786fdeb949d9dd665e6f8ac34d20d11e63
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c400793f2cb9bce69b6f10e6909a31f1
SHA1af632c219e734301413305d1c18806daf9102256
SHA256e2083e38b527b9c4cdc444239bf50504d5fbf784f01b73a458b2b1322892c715
SHA512fe88cd3b596e0ed5837f2ada5a6163daa9fff3e71201c7853c0cb2cd8fb5a7cf783654a4a92dad900cc33dc5a8a18f24c74b7ed2642fbbb75b4d184aa27818ac
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD56e5007e8195232bcd511b01192ed45a2
SHA1eae3a39010ac56049d545864965d3bff572f099e
SHA256658ba6fdad62640533957a0fb7df502e38843f022d3292d8faa5a8fa97638055
SHA512473e34a7e9a6e004d1e6adc7475d2a92de86f6508e900cdc877699ffd4abb1bdc4cd1dd81fa42f68dd2663a117cd49122e7c9e401e9c98246a565504cba7446e
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b