Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
31/05/2024, 22:25
Static task
static1
Behavioral task
behavioral1
Sample
8890b8199e5163fd06a15b1a2b25f84e_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
8890b8199e5163fd06a15b1a2b25f84e_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8890b8199e5163fd06a15b1a2b25f84e_JaffaCakes118.html
-
Size
27KB
-
MD5
8890b8199e5163fd06a15b1a2b25f84e
-
SHA1
2e918714be17d09d212ed794e1f3c12ca553fceb
-
SHA256
1ff8a59808ee7a130f0f9328295da3a06c51d4dae7ceeb207a8e0df1475477bc
-
SHA512
0f0c1ac9a4692a636fd9642c1dbfa6ed89fa86cae873881839e05d12b610f0acec0388551997d6d9cae69684c958115091f525eb2d30a6d0a91ac737c17e4fb3
-
SSDEEP
384:+U8RHq95S104QsJq1vclpfQ/jZkaGlHaiJ2UaUg+dJmZeQeDAU6pavydNmSH9u6H:r1vAo
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423356196" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AF030281-1F9C-11EF-A346-76B743CBA6BC} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1680 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1680 iexplore.exe 1680 iexplore.exe 2612 IEXPLORE.EXE 2612 IEXPLORE.EXE 2612 IEXPLORE.EXE 2612 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1680 wrote to memory of 2612 1680 iexplore.exe 28 PID 1680 wrote to memory of 2612 1680 iexplore.exe 28 PID 1680 wrote to memory of 2612 1680 iexplore.exe 28 PID 1680 wrote to memory of 2612 1680 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8890b8199e5163fd06a15b1a2b25f84e_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1680 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1680 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2612
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD566e54ee6937284060a9e036c84e98051
SHA128b1d9fc589595941899a178e9323a3b6420b755
SHA2560d46e2263a8c513d0e5916ce1c08f35e15bfbb7c21c14efa183e973628ef8d9b
SHA5126c8fa915d4458191eb02e23e37dc801e1657abba445e6fc9c2761836ebf2920742d9cc7487c43f6ce19f977ca5e56c01e4edc3333bf6b00da665d2dd0d7f1bb0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5753db1f17c578475c5b8a57b00bcf849
SHA1e2b3b26b4d4f694083b45d6042e6d8ff000a528c
SHA256fb646a9eee72c26ff548410f94af3eceaa9feb51844ab9f636ad8019880ec83c
SHA5127876b40758992ab5e4ad92ae66df142a559165a3e433a20787616d08de5e5a23038b480021c350e5194b5e97edc0dc1c55c78fd6320f367939c036305beb378d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54e7aab0196514e3994afb0b51829641e
SHA1992e77cf68a6da482b84ad12fbd62039b3dabac9
SHA25696df54c0285a196e4a2c1d90d05e45c649d54403fa7e27932d0fb3e230a12845
SHA5127d9b7d69365c6747c6b64512b4faee7bfe3a288f999a7f3fb73a256984740187992cd5cd58c27884b388bb787c43e351df8d7625bb588fa6e9f5c2d9b3178cce
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59e8e9b23f99b49b96bda7fe3d402771c
SHA161ea8570ccdbd22d93ef1b87d9c24a89596077e9
SHA256e4facf399972a503c2d805363f0efbf6776650b586ddba4b2211ffebaac46896
SHA51294f0206d61e0ce915294c7106117671e816fdf6498f2b4b1e611db55e337ce313b19d9f9e0a0f90ab33a6986b14fc0c8fc1d469ea6fbc426abcc36ac33ed0408
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a5bee4b961f3ce2a59e41e63a2a17512
SHA15f645b52286899d718289dab2c67e9226b18f1b5
SHA256936b155b0c79b8035a05c16400e682cc9b97ba05ddb123941655b5f71bb973ea
SHA512eebeffac0b186ce8e6cb856d8c8e56b8f70adb7541ee76aa8a0485714099801a9b82a783e6cabd9a5ac196425e7ca869d338b6fd6b307640f477a18fd28d3a73
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57c9c41c53514f7574d2af7b3d88d6ae1
SHA1394e5258ca8f7bfc5294dc5e1ca6ee7fa0f4cb96
SHA2560eb9c9da4ae120432aa8400691f4e9b8a215d7bb4aa867a266d23b98ca431e89
SHA512c1edab405e601ab2f465b0398f3508c92470be6c6e3c6ee5c086b8c3b91f66767db57e0d87b68e3e480c5b2f4cf0267ff7126a3222f3bc2b756ddc79545136c4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ca747e538f57858603f508c7963a9548
SHA1dd0450066e61189de5b276c2fa94f684bbfccfa2
SHA256ce5146bad52bf92b490cee1181964a2601d1a142c33c2a769d20ce2c4083c980
SHA512184e08c5cab35ba3c69fefd420121ecdeacaf2cb300cc7e3704243370118b6aa9723b5f0e95fa5165e01b65672004afc19259091550aa7234aeeb6521c08c55e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52226efad4b9c4584cc0b200fb62bcb33
SHA165d8eff0cbe23f130c348539a31e049f604b73ce
SHA256fd6c5befd5f370d0a20285fb333916d8e8ab21b2483a0a8f49e1d6d51b260e1f
SHA5125aa2e4794aaa59ae33960fa678c621c961eeb7fa6f947399e6bb7d97f23459f73434ff1871860e9cfd3ca1c3dcacfdfdf2d6fefe6ee8c90264d466ba131847c6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5051bbcf7936c5a40b864e8463abc36a2
SHA118c3c729701b4cdeb026e24c1d18064deaff4e15
SHA256e275a585f04d5b0fe0421174002e8585ff280d5744c9b7ab642909ee31163b25
SHA512ed77b5e028d9bec196518394e4c9e037a138180681690e6a68a5fe328e95d4024f29267bdc19fd172d281514b4fc46a7bc695c76670843edcec64a45e0c5e725
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b