Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
30/05/2024, 14:15
Static task
static1
Behavioral task
behavioral1
Sample
846fc613b3bd00417b817b54a1b79a7f_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
846fc613b3bd00417b817b54a1b79a7f_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
846fc613b3bd00417b817b54a1b79a7f_JaffaCakes118.html
-
Size
23KB
-
MD5
846fc613b3bd00417b817b54a1b79a7f
-
SHA1
cffb0ea7b01a20cd3a66b8e74df24d62c99e93df
-
SHA256
899fe53cd4363ae37a2ef6d6b32baccf2225761a23bd80479e4cf9702b685066
-
SHA512
1a57556221ffaafa0fab2dd46f0d52b4e78cbf59c6c42cd6260b4998c5217047fab117a3c1a622d5670aa67d319bcee66a10fcc0c90c632a216634c62a75da00
-
SSDEEP
192:uwTmb5nfKnQjxn5Q/2nQieVNn2PQnQOkEntasnQTbnFnQ6v06J4RnQNjMB1qnYn3:gQ/UPvv06kzQQ
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423240427" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{235C7851-1E8F-11EF-AB84-52AF0AAB4D51} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1712 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1712 iexplore.exe 1712 iexplore.exe 2600 IEXPLORE.EXE 2600 IEXPLORE.EXE 2600 IEXPLORE.EXE 2600 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1712 wrote to memory of 2600 1712 iexplore.exe 28 PID 1712 wrote to memory of 2600 1712 iexplore.exe 28 PID 1712 wrote to memory of 2600 1712 iexplore.exe 28 PID 1712 wrote to memory of 2600 1712 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\846fc613b3bd00417b817b54a1b79a7f_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1712 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1712 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2600
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD541ce428f7010860724c77fd7fb551922
SHA1e280c6660d8fbe498e3e6b7a1f2b00b1a91e7e55
SHA256bcc13424374365ebfd4d31f9cd8808913294feb9169fe5cf5f358fdfc109a895
SHA512f06f3f8f64a84a77f516e05adbdeb48fd91c3ed4f459fbc2a95625aef291cbd5771620d7de1a1fade73c49f1c0aafa9cae5b212b35c1a9aa9a4e4403626e7d7a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cb833ebb95a6416cf8a81747b94602cb
SHA175fc42d3ffd454965bf6410a4c7d0d3a6d3f427d
SHA2563e9d845da6bac43745b2729e3d50d881e19f44645a0ac70a6f27d68a78707817
SHA512592f279323a2d31b49e5286782d878de4c4236c90f73faf85dbd5658dbec21cb682b70b00f60b197e0f2c08c64b61f40fc91a6932e52df4303fa7d024bc0e165
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD518fcba8160bfa327591c20c2ffd00a99
SHA10a656f0bb2c9242e94a1b75651cb4a1ddf48dec1
SHA25656cbfde623b99f2db2499e19d3fba79f100a9632bfd5bb6ad10e4ca054a359e3
SHA51223e5cc939a8cdd5a5a6d6295a53bc4b861d7b7215003e37ae29317610d4d3765d033fd50e7cd041dd4053ac63172333bd8512488cd3cfc747c93b6432fedda81
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5405bb6f737850f2339d9591e625c82a0
SHA191b64d2d4decfa11fa3bca5065b7b9e3b5f1e501
SHA25699172e8110643a133d6958df69d2930fe8b2da9a580358592e472600363cb3e2
SHA512d271a0e0b42f781c5fc7d3a2d7656130a6280e12fb22f12687eb0e6e833d66bc0cd76ba24e4da69af5c589dd8ee425be25928d590f18fe67d172c79dd9986148
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD505f000910331639d02ebcd1c4d899549
SHA17dcd43a060c17e72c475e3f5eb3e1c1ad5bdda61
SHA256d466bfa5b20d1ceb777ef6fac5c24ae52717f38fa0dea18d47785223ea3f74a2
SHA5121e6a6ead5a701bb3cfbd63dc37ed954272d6836f58f0eb1d7be9f5488dd75540143bbb5a8713cd16e4302daa38a1ad3fcef1c2808f2ef29c670ace1fd3b171f9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59536cad5cc34f4de6e18eb13de9b2f04
SHA136d2a886b9e8a8ac447f951ae629b66cb670f42f
SHA256b8b5ecb0ecd606509d8dfe3eab92b9eb973f044f451abbf013d9f4269180a9e3
SHA512f8a3fd8aa6b4d7a5d69eb8a736a0b000c696352999c11ac5b886683c810fd9bed6d011946c9f1d31371abfa1cc3bc7fae0d4d7d8f1de69dc49ffc23b1441958f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50cdf9a048738376a1bd477749c84fe78
SHA12a4eab720dc5ad4e480aec5d991df15fad9b317d
SHA25667bc58153ed89d5c1a93c57793a185347f8461981fed3708c39b6285023f7c59
SHA512bdec088145b312625fcbbf449722d8ee9f4ce43323510401e7b3b24098b36b4e6427e30ea1b8eda42786984376de6c463139e019135bad97fbbc2ae77fc0f495
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51b000edee08f9879a61e2a15f8de0598
SHA1af8009a083742768d77d379a51c9554a731f3eba
SHA25621cedd5e45485167e21d39f77b378872c80c403a106e4ec67f5e166f4e0e82e1
SHA512f497cba0660cddd920992ca153dd6376d2b725a9d9ce141864646d4e1da5ae9b1f4cb78cf229ce1ba8414a25bba1eb9d59c0ee1e47e029c48f4c5ff082722abe
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54cfb79e561466e78c758bf6e2561d685
SHA17b25edd040a9c1cf371c9910583046a509fa54c4
SHA256dcd07d152065e308b8a800635dc0fee5e06968be0f74e68e9b268e1182096d7c
SHA5120e512918f5a3b24ff4a8b05829bc7f9b637263c93484b86bb332ad905edd61ceb8e440ec5241c48a4ed74f7effeb114bd78a86cf83f639d430b808714c59b098
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b