Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
01/06/2024, 18:27
Static task
static1
Behavioral task
behavioral1
Sample
8b5c23a7d8fb3968c9d33f79fd205e4a_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
8b5c23a7d8fb3968c9d33f79fd205e4a_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8b5c23a7d8fb3968c9d33f79fd205e4a_JaffaCakes118.html
-
Size
39KB
-
MD5
8b5c23a7d8fb3968c9d33f79fd205e4a
-
SHA1
91a30df3d80eba89dc47546380427c40e29471ed
-
SHA256
48a795a1af3e8d3a61a4edb90e88da0bf2dcfcca927ca370106f1523754d5030
-
SHA512
c407fd765de90b0a6600c514e87ea19fc7a4ae9bdba4ecda04524272adaae50adccadb6a34c8527b7ecf51257172396517acfb3643a11a0ae69246977d80d755
-
SSDEEP
192:RiookPhb5nfnQjLntQ/xnQieBn2APnQOkrnt/cnQTbnWnQ2YIPmg220HMrnFnQ7V:koo40Q/zAofg2zey
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A104D481-2044-11EF-A48B-4635F953E0C8} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423428327" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1084 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1084 iexplore.exe 1084 iexplore.exe 1132 IEXPLORE.EXE 1132 IEXPLORE.EXE 1132 IEXPLORE.EXE 1132 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1084 wrote to memory of 1132 1084 iexplore.exe 28 PID 1084 wrote to memory of 1132 1084 iexplore.exe 28 PID 1084 wrote to memory of 1132 1084 iexplore.exe 28 PID 1084 wrote to memory of 1132 1084 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8b5c23a7d8fb3968c9d33f79fd205e4a_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1084 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1084 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1132
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57da257a89ba79cb6f7d0bc6343ae6dd3
SHA19ffbf3117751a64c42a1b3eb5b9c92debbc00bdb
SHA2563de0e1d883354024401c617fc5e0e464be594b5f389df4b89291ccc7ffb674ea
SHA51282b83ab4c88f8bd35ff14edf80da21e59073353d358294a4af270308adfcf86a3e0e37e6b08ba6e1c5e2b87898766a70b232a6e1f8071ed7385749e6c17eb2e7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e1ed89dfc0728a5e16d981091c77713c
SHA1423f50c86ab65554166f1a6a121c7b98a6e2f36f
SHA256e171dcc9e7f2af349f2086f67f26128915f2b34902a49fe2df84c6f5cd003fb7
SHA5129edd2e8f2059ab33cb9a6a5850e85d98ab2b89698b8fa78e891fc89993dbb4c1e471b2cbbb9c241039adac2d1685e49e1a59c00b65f6790a195f95f29b13ac78
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5105aa12d55433efe4c73d03d48d315c5
SHA1ed188def0ed2caace6308bedcdb441ccdc638ed7
SHA25658b2ba89a9ac425a06b03901761dda1fb7982cfdd0726b91b858aff512da4748
SHA512ce03ee25717bc32371d598ce9ac9d645e55e3d61160c484f98b1a16075b24fc6ece6f20a490b54fbc100fe2d2dc7492f19d18e9aed63a92d7d3e753347e71cc3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d1adf979c4c143a3bc8520746c447e6d
SHA105bb064bf2c1e0c5d88747bcc3acce1201c02c1b
SHA25634ef810a4e68cfbc3f00cd070b980b0f83cd7b8144d781bf698cb37c22da00ec
SHA512d483209053c66e1d4ff124c80b6c15830913fd4c10d9cdb30763ae9f08c64f7424861591de3bc9af5d314aa6d49b808777c3bf0b984a34d473721f3e1673ef4b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55353d1cebd2716558eb3f222884da7da
SHA15806abf50918e084a17c545e50f08a433122455a
SHA256488b2038bdbcde5479c7f166f4d0d9ca27ec0840956c0551a1284b437c466161
SHA5128362de6a77abb4d6678e3eeb1f26f33f7c9e5a62f0659b65503b80a8a5fd19dbece2c2f749a7a17c17b3f9ea0fe422a42daf8a08d72f9e8e6f5008e9df02cfbd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD586be33a289a6183f7e429f7e1700b556
SHA1fc88839280b07196047023ded9e19294bb934d20
SHA25649c001064d75ee3d96b4cd776b5cdd9d1ab05d985d79c7a292e7108543081de5
SHA512b8ac54521067315e0f24aaaf4c52696d3f4e2ca511ca22ecaad48e0b34047fc993e7fb5d31541abe06cb4278f74c7ba9aaaa826fc5ef203d712da9d3140969bb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5152d6805056561b75e475d38e8fd0455
SHA1560f0cdaa43862f4d9e77d42f2e09c2ea1474a33
SHA256b87145855d5c19de9a5304e358204c94716e3b699927e7b6accc37278d3273d4
SHA5128c6bfd52ee46f3fe1c5bfe67b87694976fc25fbf7ae4fcf78af176162bb494bcdcaf12f51d3fbcc85214f67e04e45d76c744016c047717fb1a36bf584387d652
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD583fa3ae3d070d92a2f9147ed5e4e105c
SHA1ba3e11d12cc4c586c904f2535a24afe7fa41b830
SHA2567d5d2ebae205e77ed1c65e8c1e627d129c2ce55f9d0df858970f3bdad54bc08f
SHA5121eb9e1ab5624682b2d8598b43fbc1c1ce069d9a8b4721a38bf2634a64cad30623a22bb14e05ef5aff8a0562927f6d647a6131ac6ca59e064d594292ece97d3f1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5eb6b78e4fe17ba68603e31bcc29b7017
SHA114020de5b88e89a44cb3dd593d60e4f9922e0f75
SHA2569cd673e009d6053e0feafcde45235f569a83b0815adb280c8cd7d6aa84b4627e
SHA512e45655be1ecb736d2cc9114e2c450bb6edb2145c73047f8e371afc65b95de7acd4263ad84d993b11c73cf610abfc6505ed5c6569887ef09b30f0855337f7c763
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b