Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
31/05/2024, 15:50
Static task
static1
Behavioral task
behavioral1
Sample
8789de0ae2cbead99f5494938a728492_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8789de0ae2cbead99f5494938a728492_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8789de0ae2cbead99f5494938a728492_JaffaCakes118.html
-
Size
31KB
-
MD5
8789de0ae2cbead99f5494938a728492
-
SHA1
35aec611072d2e7e621616722d4f260d8666777d
-
SHA256
ca151cfa9eab83f5e6afc21ffacf81877f138e21c4582d116c6bdaecdeaa2c02
-
SHA512
8628e64574fc9d855dc08da915aaeb2765c8633761bda2404714d4be1ddf33a25533fc4c5d5aaafca08f68e7a99ea12e0de4f60aa0eb5b30f200c0bac68e1600
-
SSDEEP
192:uwRqMXnHdTfZLb5n65iGjup0NQK3fMQ47nQjxn5Q/cPnQieY6NnOeonQOkEnt+j+:8Q/jaxwK3+GQtFg
Malware Config
Signatures
-
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{77A6C9C1-1F65-11EF-9C59-EAAAC4CFEF2E} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423332481" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1084 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1084 iexplore.exe 1084 iexplore.exe 2308 IEXPLORE.EXE 2308 IEXPLORE.EXE 2308 IEXPLORE.EXE 2308 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1084 wrote to memory of 2308 1084 iexplore.exe 28 PID 1084 wrote to memory of 2308 1084 iexplore.exe 28 PID 1084 wrote to memory of 2308 1084 iexplore.exe 28 PID 1084 wrote to memory of 2308 1084 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8789de0ae2cbead99f5494938a728492_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1084 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1084 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2308
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56bcf8323bc110cb62eeb0490c75e3aca
SHA1b3b29c98e2858b60faa593d30b409e939cb416f0
SHA256f16498d08b3ed0011ebe9a7c374eb7158e068c6b4be3926d7532ec4a52cf44a1
SHA512b2458e055928a0d8fb78cffa8e5877eb71d4e099b48b8ebf7097757bef86952da02fcbcdb1ab1dd1c8f64a0f7b5547d6dadddc908eb7880cfae3200bedf1aea5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b7900de82bd9a015464de933a0196ced
SHA17bbde764ad18c5bf3314f5612fd15d3726f59475
SHA2569fe129067f62de164d7c04272dd8c218999677dde481f3805438ffbf1e9e8f6b
SHA51260db56ffef497d6655f2dfdd0b84412e8881419c7c5f3fe722ac2b0bedda13a0caa96419c03ec6041d7ae3b73bb4ab48341d9a413e3a2015c712eaf9788318e4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD534e0c86ce1df518c214543a230c202ed
SHA12c27f2c9c7b4bd51e107552091e17dab006cb55c
SHA256f1056ec24e38ca0e65324ca9e6600a1061990dfe0cada8c3a3977003dc7329e6
SHA512ef28122eb8ccd7c771227fd1807e653a7ffe5fee0f35f787c2ec76cc90738e819f3777a879a6d58abf34e0b081c9eebd77e143b5a695a0c4c29ac83810839ed0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51cc50c04462fbb519be7c3da24775560
SHA12ea4a2f23f39c5a69d3c89ab0d69bc5e118bb5f9
SHA25631d2aad10cbc860015a0b6563bd1682ce345ea2152a929cf75d0fccba705a9b4
SHA5122225c7c2878b768b2d8a05fc70084f45b6ccbbdd92e9d60b4d7c481e33a204dac6a9abbc1232685f968166dc528189571d61049ec74a5106ef49a4be0c7e229f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55f9021c6b662b81e42df39901a50a1ba
SHA1162ff3021cedccf33162a3cfd0f60ccc23b6a917
SHA25679c5f0c48508f08b25782cecbc38e88d4238cb0d85130c3c9c71d27399d682b0
SHA5124e8e2a3d47e0af819bef2ed358936760e2c93df75fe5723a68ad3ac6d4a7f72263f5684fb8d2c53b3fe7f446528a201a2b4fda9225d139af90e2aee901ab3096
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56e77a528a84cebcd11dacfbfd4509a91
SHA155ac7eb43f0e30ec95fda994774ff84598d6c4a7
SHA256c9fb93588170cb9f4c1f747b182624b429104dee7853197ad35212d370fa4563
SHA5121ecb154c0370e9c597664d6a6a11f3115b8d01afc20401beddabcfa8b5cfdc8709370cc6e2b47b60375069394a3f436873c8664fd1c191ce7273f4aaf2b23832
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5420b22fefe726ac05303e862a9221de5
SHA1db7c01a06f7ac5ab5e5e39975b3b2a0850d988a7
SHA256cf686b3cb54194a53a0d4a4c76278bdc2681aadb8b72d1b9b10c9fc12034c36d
SHA512d7d7b092e0f6cc7ece124787ef6f77f3913a413b857e928de7c457b379168f77c48212cf7b22e07d6aad457e316e95caa9fca1c6f5a883152be083b82aeabd8a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57c903e8d73863990e49a300d7525a277
SHA1587ab6ece2e48f735cbfd911307540b52ab38416
SHA25683abcb1f2a774c881d4940f15e65cf571a3a8f32179b92f157b7cb5eeff5e1dc
SHA5122955608a3ffa44c1a05e4c4f07535ff77bc352c6c64d6695102b78fe58bbae3944ab20609c1216424691047d50315c1bbc018abd79845655479277d81aee1026
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f16cc1d49d26a7381be09290249dfb14
SHA12b259db274e258c646cbc111b039f0bc73ac6ffb
SHA256e68e51a6793ce247b051452d3862ebb9865293cdd3497bd0100fcfeae87246a6
SHA5125d0432ca4fe3e63642b90d0a1e978132dcfac2dca3258d85b48298ec0d8b96e6c8e6a4d497ec9f1ed7a60f1b1c2b63190b436083a0eefeae008678015f5a7d26
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5333c3412d593f32b66c2f22e72167922
SHA11ca59bc0441df338480c134d439ad03683ef0a25
SHA256e56733fb934e37651eface6ee498b8d27b67ac47b09d964d3230b8fff77c8b2b
SHA5122f806f2b12e279e8def1bb483615255fb6af74df78604b8cabd4e0b6647274e3decf1a24f5743f7b316ffb1ba188d900ef4f97d397f16407efa45f766015686a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52fff60acef487b627d201b81391db87f
SHA1a971e3f51d7aec97dca97ffef55c1b7b22526d6b
SHA2569eb5862efaa6f155ebf2c7f840a698c16330f463c5a9bc282e6248ce4829155b
SHA512b40a552aab65bcab92f7cd52c1747d4b9a427f73610c677f912306665be12fe453c1cfb5e362c93b99397be02d12c7647e05a8fb83febb32f10a23ac8c38ef80
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b