Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
30/05/2024, 14:14
Static task
static1
Behavioral task
behavioral1
Sample
846f30366541ebd05dc5a1990945a1fb_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
846f30366541ebd05dc5a1990945a1fb_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
846f30366541ebd05dc5a1990945a1fb_JaffaCakes118.html
-
Size
20KB
-
MD5
846f30366541ebd05dc5a1990945a1fb
-
SHA1
586e7c0366d63e02641497f4da75a9f96afe3eba
-
SHA256
4810562bdb0427b6542eae244a924dbf01249ccea3e859072b05b609c938604d
-
SHA512
8a4adc3351af2fbc53488b6df172d95b5e8fb0090c8628cfe554b9895ff0e5e3b2f452c9dfb900632e4f00b8e3ada5e7fce56e0e9ef4b78f4b08e98d8529456b
-
SSDEEP
192:SIM3t0I5fo9cOQivXQWxZxdkVSoAIO4YzUnjBhUu82qDB8:SIMd0I5nO9H7svUdxDB8
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{001C73E1-1E8F-11EF-AF73-469E18234AA3} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423240368" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1276 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1276 iexplore.exe 1276 iexplore.exe 2200 IEXPLORE.EXE 2200 IEXPLORE.EXE 2200 IEXPLORE.EXE 2200 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1276 wrote to memory of 2200 1276 iexplore.exe 28 PID 1276 wrote to memory of 2200 1276 iexplore.exe 28 PID 1276 wrote to memory of 2200 1276 iexplore.exe 28 PID 1276 wrote to memory of 2200 1276 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\846f30366541ebd05dc5a1990945a1fb_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1276 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1276 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2200
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD507ef0e1bcd5cc68136d8684eb0dda23f
SHA1d48b075af4bdd18d8830e2f576f61b5ed4deb9d4
SHA256c6cf6c9b9824bb9e428d161b2b3e141ffe7f78d7a85f9b4f75f3afec0115533a
SHA512c1d798876676e4b98cd99c725cff4d27a39cf746be77ed244567f0e7205fe02b58fae507b858717645314e28ff008f9710453dbebca02a6d29ea69f0ca3f2ba7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5884475f1c84066e2098083971b280094
SHA112e179ec3c87fe512afcc81a4468c3ff9651ca04
SHA256ba13a8c1f0a0d819a119544dd3c363205da9a17267dca08091957050f170d9b6
SHA512ddf92a94735ba2809c2b674c023d3bad5733af2888bd95b9c97f2f64975a850232122bd979b7210621b9e595ea8d848f26dde53f7e0d812c6fd12b727fe74e75
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58212b6341bd3565e59dd2d50dcf43283
SHA1057ce3977c69a48f40751036b34ba028934c9259
SHA256a61a18c7aa03d0a83d7fdb5763bb728fe6f0f4a045c3ae10b6c492d0032558ba
SHA51240587bbdd0ec26a091a8ea09d7c4326e922fe689b0dbfe7573ed5a1093ce11b8d0a85386980f20138f6d697715acfb048749f202567550e320c5d305e580f860
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57e08206cea2249bced184104f0e5893d
SHA1d1168d17eb66de3fc80604665edfaee8762b8189
SHA256df97255a1911e1ec8b6a001e6225f542889ccf64a2c3f7a1b53da6bc11f65acb
SHA512a11d24b431e1777e6529006361faa4dbeb198b68607e98b9e831444b23a38775815f0c328edfd021497e34274dd16bf2381751393fda6246b53425d6b75a7d93
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51ec73bb7b2d85b90bcd8991b19371b06
SHA176b7517a018193fa0fa14060d5b88a91dba01379
SHA256f36456b7f99136a70d06f172a3de0d98f6868b8b16ac5d6b578f43ee5dd6809c
SHA51288f0919854f405be60bb2b01bd97ca06a1fc93a4b3f1274073a7d809a7508ef68a3a1ca8b5916cf2376d7ba89d96e03a416ff73039a2f36baa5101d1a4b301b4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53e50b55a2629a182ae9ff20dc1940242
SHA1ee349526118a0af77173ff890d5dc54900047f99
SHA256fa2a6d0615815277226b1013fcb95e2aebf0b894559cdd15a7ea9d0bcc26e2d0
SHA512ef3daff86f7822480c5fc9ca9f67f7d09e55d88a9f33295aab1a4e341744d58238bf45799dc22bd2133888013f7185dc066ea88568d25937d0a4c4349ed05f2e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f5f0a15ad40e206bc1521e6b64f77299
SHA16017a028e5f785b9d251bd15b0d15094458445b1
SHA25673b12bdfc90ddbae4df4d3a8be0bafa968dd392eadf61ce64b55b22cbf2f29c7
SHA51206788b0272a16324cdc6add7540d7a8f3c5d6cfc7153f2e5428fab297d2864c858d9c8f28e9075e532cf64b21585e9311939a76d2c25f59a41a0894bb5d7e183
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54145a8f4f8e10fd1a199c88f0d94ba1c
SHA1e3c8bd2ceeb0b2a6bc2e60d94827c2af4658df0f
SHA256bce26ea938d183982a886475cbadca152924d82426e13fb0eddcf90e07938b63
SHA51235dcab9d7d1b319879271f4303e69b6d510c33d301b7dc7cdf333325b2d4b0c240ff68153355eaf0763bf96349d4e5d0cd9273ee2bd418600f2c1c0f3871e69a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5147383133263004f646948fb95549fc0
SHA122c6e6be17e86e54942464ece73aeb4ff0ae4372
SHA2561759b1e9016a1f49104117c4f012c3f9e1025d66035517def48302e3ccc5b898
SHA512d6f3781d24041f51f787a4111ea1d985ee1c7d0372035253cf5ef21308bd07cdf4a413790eea6d86195aa59bca7454d427a0d90c9657b3a15952b8beaeec930b
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b