Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
30/05/2024, 14:07
Static task
static1
Behavioral task
behavioral1
Sample
846a5f44bb368b9e25871fff47d76c52_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
846a5f44bb368b9e25871fff47d76c52_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
846a5f44bb368b9e25871fff47d76c52_JaffaCakes118.html
-
Size
34KB
-
MD5
846a5f44bb368b9e25871fff47d76c52
-
SHA1
4d6cd307fb33d3fccc15652b748250a9e7d73d82
-
SHA256
b5dc4708bf3f208b73ec4771fe84787572404692ff3b368f2de9c6246e363d2b
-
SHA512
7212ddbe667d27b4ddb3ac79aefde8895a7350a9898289bad2161dd08bfd28d7281d343e98d6ef80526b4f45242f3c5de75421c1481844c223c16d113844f40c
-
SSDEEP
192:uWTnb5nSd8PnQjxn5Q/snQie3NnCnQOkEntMmnQTbnFnQ6XCrAWpW+knaZUcFqNo:mQ/Nq3sQpY4tHp/dz6LNFOP
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F66FF0C1-1E8D-11EF-8962-7678A7DAE141} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423239922" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2556 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2556 iexplore.exe 2556 iexplore.exe 2312 IEXPLORE.EXE 2312 IEXPLORE.EXE 2312 IEXPLORE.EXE 2312 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2556 wrote to memory of 2312 2556 iexplore.exe 28 PID 2556 wrote to memory of 2312 2556 iexplore.exe 28 PID 2556 wrote to memory of 2312 2556 iexplore.exe 28 PID 2556 wrote to memory of 2312 2556 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\846a5f44bb368b9e25871fff47d76c52_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2556 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2556 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2312
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD505b73971dd14e9856dfd551b22693a75
SHA1a75275effa3bfb7901da3af9046338b13a182971
SHA2565889566ed483d8b9cfd220a09bdcabbe5174e7937395665823fb59bd7feeb51c
SHA51290eb874da2e799898a082c721e350f0d0b75aa522dd01d98116eadc641a1d97fb0d8c8205c84bd636681d74358bd47b060de64855a145da57876f1346b0b1085
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5eccfa27005284ea0d5bbd943997a42a9
SHA163e403607551d926927832ad4c62b56699278e2e
SHA25657adf2c672c0814a3011f85eb57e557d4e5c48249636a5e34c188ae8feb80a05
SHA512ce7b7c4b98b7c76b9f4306d46246f5fd4e39523aa8820a0cd843a371a26db20b91fa2b66830593c9f722063261785543cf2c945d952977433d3c2fd995bd8a51
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58bedee1e557b90ec6caea2e5c72ed01d
SHA1a26340b90bd2bdd860e50f5cd791f3f0633e4b08
SHA256f8d3062e8366218fa0f6b37938fdf5354c634fed9e262fc28ac724c6cbdd8da6
SHA512f4842b6b0e84959b93b252cfda37549993808bec6c9d11d2b7815cdb6f0d3259f8be10caadc342878077850ea57659f8ee9de47fb5a3bc2123653379b50b64d8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dab792b7de334a9d512fbe3e5d882317
SHA1c0a9948f1bbeb2e8f493eabab6765fdbcb628a74
SHA256823fbb7ce53c360f630ba37254515e3df751b2e0d86d1b89c430287763d674b0
SHA51263d290ed9637c5b8a344a0324b7a8c95efb04c352db0a5d54449ae17004e96d686c3e699c091fd6ebf7967b19f03009767051e5755e016253fc0782e1cb2c75b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD544d1605d7e265917fa58893f54f2c3f7
SHA13c39a83df3fe6029d367e2ada7b9d33ac4aecbed
SHA25692fa7fd38c52fb30ef914096bb2999ab3c4a07209cc3ed2abfed4e360cb4deed
SHA51284e2bbc813b98920ef289c16a141b066be7e66a1eb0c1ef759c486dde801cfcc46995261c72f313d9487842d4fa35876938d3365adba808848108131c263f99b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b4817607bdf63cfcf3ab72d568ce3f5b
SHA13077ac3eb99555ae9aefa338e72610a83d6aaa23
SHA256462aa5ae0df9797b44cd3195ff9907164678ef984a4bc05314eedcef86ca56e4
SHA512cef7f74944ad3c76606c790869e9f7e368968a3a6a80a0197fa85706696e77edcc7bb83b40d4a2e6768b077b726be6e87ad4aab560cae02dd96ff32e9f72ec6c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cfa1ded07d0afd34e75f8e66db4a5572
SHA18bd97c041210cd21315851e6cb76acf2c0a89a00
SHA25677baf12a03d141b83909424c07729d71a029db3581f936a58f669bc582700168
SHA5126fd6ec1ae4d8cea6698a13692a2dae402a66886fb249db732ebcf16f55a2fdc63ca59d5a60217b9bb6d5c390670bd2e3836a023530c946272755b1634009078a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5aac4c54e8653241c581fd8d157e3436d
SHA1fe8813c109adc5c7ac0992a034b4c500834e2f83
SHA256fc597eed4044928da54fd29140118d173218db509756ae64be20e3128785817f
SHA51284016d6e07443b0d67b8f8a852608ca45091e56c96f1c35ce16ae1f1e830ab9db67f6c2ced04e9dc2821d85f0e9192a39402eb632797424a63b145f1ad1c5550
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b