Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
31/05/2024, 15:49
Static task
static1
Behavioral task
behavioral1
Sample
8789a19860c94022cdc1b25b744aa21e_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8789a19860c94022cdc1b25b744aa21e_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8789a19860c94022cdc1b25b744aa21e_JaffaCakes118.html
-
Size
27KB
-
MD5
8789a19860c94022cdc1b25b744aa21e
-
SHA1
b3d6f9b66bc4262f5e7edd07d5425adf164e9ed6
-
SHA256
183d65cbee5e99c0f5a4cb14807ccc190cb8d60d0eb67d60128a1ad72f56cfb1
-
SHA512
3e530908e871b951563e7a83e8b34b5db6a89b83135d48d8748fb62a83100c6df0e9f72fc19e3f91bb327e0437f03f4d17a51e2a9606f80703d21701126120a6
-
SSDEEP
192:uw70b5nNinQjxn5Q/knQieHNnCnQOkEnt8+nQTbnNnQ9en7m60fZDQl7MBnqnYnb:0Q/ciNEZaSFH
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423332469" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7001F871-1F65-11EF-B2DC-EA263619F6CB} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2892 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2892 iexplore.exe 2892 iexplore.exe 2456 IEXPLORE.EXE 2456 IEXPLORE.EXE 2456 IEXPLORE.EXE 2456 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2892 wrote to memory of 2456 2892 iexplore.exe 28 PID 2892 wrote to memory of 2456 2892 iexplore.exe 28 PID 2892 wrote to memory of 2456 2892 iexplore.exe 28 PID 2892 wrote to memory of 2456 2892 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8789a19860c94022cdc1b25b744aa21e_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2892 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2892 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2456
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD522ed7af22227bb9cbeba5bda05967540
SHA1e83a89fadd625aecb2da072cc00987f5ba8ece85
SHA2561c3ec8d3906d7b537bd5140002c8dbd685189fb6d1f9685d6f4f572871587c25
SHA5122f9fa1b3e8c88c6ed9f32cfb9fc73381bd869ebb46cfb5104b5cf5b04351b63e1c12b87daea460b500c0eb5c8e6b725e4b8f4d72b263668f23dac9eac8590f8d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58ecf5463b77561a3f2017ecf01ea0198
SHA12e4028e59e9eb0d233445831f36e5e5f47635f2d
SHA256a89965b43d63a16c506d13240568248d60e7eaa221d82b79d9b19411cc5710b5
SHA512786d578d63b8933ec9cbd0fd552e8b5a0346e65111d19f41b495898fcf5eb6153a2acd5f2eae44ec64afd0436b34593c64c49cf73a51876ca8781881f3dd14cd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fa8d93c7f599be43e13b313efd0303aa
SHA14b5b46d885f2f6d307b20dbfd017c47c42b76df8
SHA2565585aa369c68f6ab1ce50f0f90cc186ecae7292bd132f4a0c7dca19d39af4e90
SHA5129b0445c32eae592ff5b3553abf59d7740c6a20ecf36fce084e3f3b32ffeac2bbfd8f264ef4a7dd4b6f1c43e1ad3b92b6fe5da16bee215fbcd02afd1296dbfd3f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59443085bff91d7ea62d80140cd158933
SHA124691d86a3f80b8659e06f1791204537427b65d1
SHA25691590fef5fdadb70f3a75154b9a593936c92201c7c49a4e1afe2b2b238776576
SHA512f901be8d69d61e9c602acb26deb82475bb5148360cc405ec8492511d96f92a3850acc8f7ac947e2c4d9f3cbeb683527030455eb749e3276ae5ac7256480009e0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53f0790b9a74cd2b7b16a0fdbc010a907
SHA1dab78e88016a3281bf2104b5c4b87c2b271884a4
SHA2560ce8b19ac26cb34dd4ffe14bc8a05ede8a00b511a6019f6a60244c34412648c1
SHA512fee1e5d546100ea0807452ba7a7782e95ccc49f94d80e34c992b063db8c4c1d570176fb28c989f40973f84a2c0fd9015da65df2ac567dab1ce19966de5518046
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54d6e4ecf15d0d279d43c2e0f65448c6b
SHA1f48fa3e8407679e3edeaf31f4fd816ea390748e0
SHA256240967f28d306bf1eaf1a0a55fd3904be15240f6aaf67d03b76860fc351bf817
SHA5129a0ec1b159aeedc10a9d0884a5047e02da166f8d87fac2e45abc9a164ff5e22e26d46859320814e8f7648acdba9490189df950c963883fe39008a7ad2f2f7a45
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57bbdf4f05c0d392bd63f4fe334db1cb8
SHA121eb98efc64d4e9d5cb5f21f8bd336198e73a7c1
SHA256cff3707dadada2e370ed6d19db52f9209889960e851a4e6a814c8de89a44be51
SHA51210480b554a27da47598804020b0b8049d224aed357b1d3dcc50ccd8f2d91b7d684fdf7522025f0799ea14f2a7142c04a5f7a2ee9da0616ff09af0b13235af0b9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b4ddfa54bb396eb15367444f9cade25c
SHA1ac4784987f283f33559e53a40edc59cb9c5b80af
SHA25686b5117fc1542a0fa82513aeb8cd13ebccdb2277568b02e922f572cca5612a55
SHA512a8c7de813b99f2fc0c7a879173617e576f77e1aedae0d6dfb432ee3875845453a79a4aed880b05d820aa54b5f4afce7d5aae1deda33cd0563d3ebd84a6b890cc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52df2e2c844ab08457c4af7368853e24b
SHA170724b5c6f01f65031ebaf6c2cfcfaa860250609
SHA25640781c1f2b64eca6e0f3370fe797088d325ed995f3e3e410b66f098ec090482f
SHA51238727feb3aae390cef66a0aa87f6ca82ce6fb1eccd62e4c25bdd3a92bbfe90b82078dd2736a589e0b9ed91a70caa831aab94d562a9c5f232981ad86b6147c1a4
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b