Analysis
-
max time kernel
149s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
31/05/2024, 15:30
Static task
static1
Behavioral task
behavioral1
Sample
877c2a1c2bf4b7eb3771f870d2977014_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
877c2a1c2bf4b7eb3771f870d2977014_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
877c2a1c2bf4b7eb3771f870d2977014_JaffaCakes118.html
-
Size
51KB
-
MD5
877c2a1c2bf4b7eb3771f870d2977014
-
SHA1
15c05dd086dc215aa3dc3f079c14927f0569b8dd
-
SHA256
70c51fd0725ecbcbcaf1081d6d945f064e319dd7fa2bbdbc52f717e3a1f139c9
-
SHA512
93bc9316f642fcab9a09e8cc5c40ab73749744a0a953de67d3d54a2f8166d92f7c12b7e0b199192217953a48d9bf437f806ebe543018fba942e86cc13019da50
-
SSDEEP
768:KDmXdsUw2mcdupMcNJON1ukR4NuGCfEMBcb/1rk18V4m5u4eyaKRfW78:t+Uw2mcdupMcNcNQkTGiJYMAx5uHs
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423331297" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B615C9C1-1F62-11EF-9F9F-D600F8F2BB08} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2424 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2424 iexplore.exe 2424 iexplore.exe 2632 IEXPLORE.EXE 2632 IEXPLORE.EXE 2632 IEXPLORE.EXE 2632 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2424 wrote to memory of 2632 2424 iexplore.exe 28 PID 2424 wrote to memory of 2632 2424 iexplore.exe 28 PID 2424 wrote to memory of 2632 2424 iexplore.exe 28 PID 2424 wrote to memory of 2632 2424 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\877c2a1c2bf4b7eb3771f870d2977014_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2424 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2424 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2632
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD5967a27c0fb203fb9ff7faa28a0247886
SHA1086f2b941765642d5161fc69337f70918cdb1a7b
SHA2567be1d8a38a738b26198a55782f54c842971afcad8c6e577847487e6c86b57c4b
SHA5126fd191ad5a8fa39a9b1138158d6ad3453e633765e003e15d242660549612cf1c990b39f4f13b97a796c2fa710dcd39932704c1cd79992d37c77815ab79b80ff7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD580b3117205b03f64619ab9fbab86bdd7
SHA130c6088599d2fbda2ca7acef758d5311c4c5438f
SHA256f42558e188952f2bc0095f2f0a2b263aaaf6cb37b86cb906d04836090f040471
SHA512352cc2ffa78ea96e190ca8a28e0193323e4e5c8531ef801a3a75ffd44d42a159aadd087b72ade0080def5f2cd8d0bc6d5e6eb72468359f61372df1a8d0b7f8d8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d7a60cf0e1ad9bf7ff8b098a38e0a9ff
SHA16af12c14119b6998fe42e4d9b2fe5cffc8478c1b
SHA256a298d57ec3932f4988df648b1f8479b52b9606784de30105fb57d6919ed94e15
SHA512ab3e7d2a1ee3fa8424065a492ff78ad101c402301f2e4297261504427a4b985d7bd221555463fb880b2bd653d4f50860ea0cac86c9be29c22aca9f42e07243df
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a307d978c398acf00dc8b2738e3ecb54
SHA1031efa63b9415fd08befb45c0a46ed9777852ec0
SHA256c51377c35dc74cf21eb7b2d3a477a275621e1339a189dad6c118527480dc0e8b
SHA51276772cbde30b3f0a4880c9db0973f0ec1dec857b950728d74111ff3c34ddbb3d9335977fef41633d982a5df0b1819c5f24c74f53762cd8f759b6bc18ab5adc1a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a9c201cf9faa6ae9e8ce2b9069f06f8f
SHA16bc1023c05051cd78647cc5018aa0a376b331794
SHA25650be09c4950e32f54397affe16f771968993786400cb4b70c0c126051d6ab37e
SHA512a0c6fb3c63572d106a27b0cefb59a4f7cd8f734bf884ce22b7aed8d9022ec294298fa90333a776954df632a4e12abba22832ed37022d847fa270f07515464137
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d21513a447214591256d7027f1807aa4
SHA17f8e4216443c8f4afffb6853b861c3b5580bdb0e
SHA256aca0aa9f3118a75acdd484a4a2c8601630d09cb7233524859166c6594e84e5fe
SHA5125c6b1a9f371489c9b4c6632a1ab144cfb1eb77ed8b25b8111c9e834517444859e47514d4841688183bd2446121e519b47e92972ec428d056d01418a0f41754d4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD576181b5a02a524f82c1f6eb7e0a26b49
SHA144632c194222a0dbd35edcc73a2ea771e8821107
SHA2563a21348f1b5510a8dabbbdc8532268d47d427a343cb5fc48f65901937dbc05ae
SHA512e9414a0e94f738c8ec4d6252e65260d1332b4454beb82b741acd34a590f4afda7f148349d3a939ce22582c30483c91f1505b14fefebb1c603c144f1f369ac12f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5166de4ecff3d22fed2e19ae2bc3d62bb
SHA10856fc521754fbcdd6b60ef4901dc48565c04df3
SHA25622e001b295f44d86b934c86335cf42c64eacfffb8757823fb90f13cbd8d694b9
SHA5122f5a1b0ae4712f96815e0c2d0a3a2e695c94f49e2197d7322361c1cfa7c03f31c7e5726b80efb8df7eb9fef9649db849a552535786fb6a9ae30275c262961165
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52176890f53e7169ac448ef4a7cbe1dd2
SHA12b1a588e693501c2ba64ab8260fb5f3e7c9408c1
SHA2565a386399d654bf60e7e57c62a36759afee80947ab7b7218c9cc66c73cf2a1894
SHA51297ba5fec1d86e94c15b5daa4fdfbe51b5755b0715084b83fbae7ac79c484975cd01797bdbc6c56b92bea65ce55f60fe5277cc6d5516aaf48eaf5e9d50825d6c2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d108c80d794864699536d9c578139718
SHA1da3ce5632d252a1027ebcafcfa86710a2bf44f11
SHA256bd84e51ef16a8cbf8704b27464fb0f4a7bd46e18d39c5c0986d7eb3d7493f541
SHA51243fb00ed920e6b6ec1186e61c78a92c2fc9ba676923e3187e1526e8f1fee5e8b9cb939f3101f11bc1660b8cde4a98245fc8d44003ad9f24c23ca98ebda8ba43e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c3042c5faf4a8d690cd1fe38d365c7b9
SHA1a2027264c0c59b84d85f85f73923f066696d7bf8
SHA2564c1090f64c5048a833733ca6c25d7a07b26a179f915a45bae9b2947c233c0416
SHA512d12c04741c99b958360cf1baf0f3d75b7f83b5f2b65affa21eb8da89e615e4678b082cb18a295ca50b29a15dd076d86a4d199d4cab6dae808efa56705c6fb7d4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d991130da2ed9ba7ea490c13dfe8beee
SHA1dcb9bf6ff773659794b5035ed18e4ab206f6f781
SHA256b6e0a10ea133a4fb0cf44912d4e47a372a20d79cc9612b7d4ab303cfd9eb6476
SHA51277c957940ebce8f6c57980ce0b0884ebba09a6b52c8745d8a6c493919d4d9f045ae445dcad3fc7d9044b94cb15e880a0e7949c7e67b223d9cb93b2ba08b9b998
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_D727CFA7BCFAF501CEA426110263B756
Filesize406B
MD52753c190e428d17215dfbf76a31a8f5a
SHA188841e4588e66699984208aba5eec476a5c4ff78
SHA2562d1d928113ccb955373d281844a9c9d0baf6d3b9d0aa2ff3af92ff52b0248a74
SHA512df7a540f32bb39571750b26f823b4b8d802ef11874a5d8534fd42c296d8959f95faef4038370742f23555d54597ce4b03376fa28475263b8d2070a0157c00144
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD5de0485f56ecabbd52728c1143da6f892
SHA15d16d3d044a89a4703e59169b1c432249183694f
SHA256da275289d83595b958791e495f4380955e0fdb069e9e3d5cab35c60da4411b69
SHA512f8d9af902b1942e2e13f905ba81b74dc43e33ef75233424081bec0fe55c9afb014d7e7d1e9e7b78cbf380504aefe57df06633d0a4565730ef1d159a2da8456a6
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b