Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
01/06/2024, 20:05
Static task
static1
Behavioral task
behavioral1
Sample
8b9dd23813abc71b8f5480d873533cad_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
8b9dd23813abc71b8f5480d873533cad_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8b9dd23813abc71b8f5480d873533cad_JaffaCakes118.html
-
Size
64KB
-
MD5
8b9dd23813abc71b8f5480d873533cad
-
SHA1
488abd4d2eedff7c4b1d11f1bd2b9f6e8af73ce0
-
SHA256
8e63afe8fb7dbfcba7f0927861a0af4b86668f9cd3793563d7672bca8b5df07a
-
SHA512
cc433c3129ba7e8455d63a323ba05f93028f4e12be0d06c6b8ac151ec57b4fe5b96c2def5e18b17a5372b0309adc26514a6ad0360401b1d36ecfde672dac309b
-
SSDEEP
384:sQ/DgPPrh4JlLDSpbiF1JvmP2DHIskDln+5udtaN7subADyfntwewX4cjfeLeDq:T7LubiFPvmAeQD7ayfme5cYe+
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423434174" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3C525311-2052-11EF-9DE9-520ACD40185F} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2952 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2952 iexplore.exe 2952 iexplore.exe 2900 IEXPLORE.EXE 2900 IEXPLORE.EXE 2900 IEXPLORE.EXE 2900 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2952 wrote to memory of 2900 2952 iexplore.exe 28 PID 2952 wrote to memory of 2900 2952 iexplore.exe 28 PID 2952 wrote to memory of 2900 2952 iexplore.exe 28 PID 2952 wrote to memory of 2900 2952 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8b9dd23813abc71b8f5480d873533cad_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2952 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2952 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2900
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5919b2ec879c001cb45ca64907ad72c51
SHA1f29d74765342fde6339b6ddc0bf0695a25f968c4
SHA2562aaf73004e98eabf732e47aa78b3d855c963b90eb84c6b9acf57239e6f4a3dd0
SHA512f053e09cd9545daa9affc5a571837e0362a75b8d1d38afa0e905395bb5a4f4af6e816eb4cc3b162dabf2677b8c9a941fe76cff95604ea5c86345ed549b27d1cb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5afc61ad631667379b201b8bb175d5807
SHA1814c5f4ab8f21b40e0268e78febb1be3980f48d9
SHA25640d4cbdae5cea23e28cdcb8b0a6b951456d6909c485cd57f0c6cc408db97fdb9
SHA512cb39029d02fcdef9ce6115ff9888619964d0be7d6209d15c1b072289e53d9d3d3e2215c135c66acc33b031910fdde0a59b650a834c3c38d329acfb9b34e69d11
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cd2376ecc6a9cb9657d730bca3861e23
SHA1b29115f8acf1a187a47efef9d5eda15e6377e552
SHA2569d0ba1ab5a0b2443778b812e5294565facda6741bcf5113fd9270907fb9b6a19
SHA5128b4fb1929b41ff7a47ff896b743a8a61386d2ccbac948fbb5e648af916704fac39cbf3a5735b855a8109a2c1f281b873c531d2cd08786c3999ca9ced2292ef6b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e4ecead6131ef8441375a91fbd1239af
SHA139b6fd1d2d2a83ce215726ba6e18014ac83bc700
SHA2562f8531bd6c0c6b655d455783c77b0ffdfd22713727d0f5240540d98c41190bee
SHA512720ce2dd18cf7c41956608110518f023904c16780365e156654d64aee1629efd9618b487fe3027bcfe2d3d9a99be72676e78e40fdc4b18c270cb8b90d9826138
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51a343dd8ff1c90e8b3c7c96d54e29040
SHA16ab75f0d7fd287e113a4062164e97cab0b941c55
SHA25699bb0029a252b950e32331fb303f4556508d76b93d9a57cc7527fd8330fe334e
SHA512fbc2aa7bb2ec1e85221d685ceb6dfa04cbeb8e1e8400c4211311ea281359ce828ac237c675df4f7097ab40052919c6caacae93e8fec204fc6cfa9f359f495f38
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57a360e23f397aca0e21c3950290d3428
SHA1c01c37120401ea62ad9ef5053e157d4e62f8093c
SHA256d44bad1b97030f70a3688399be733e3eaf451a86fdf424484be7519c446e2673
SHA51239ffb932b920e8ddbdbe7835270573a9b87096fe09ab8cff940c11b3ed2741459dcf90f3adc1ff21e395e43b807ef6a7870c330f411992e8ff2631eafef4f6eb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5694eda158c096e3879fda8382b1ae008
SHA136ffdb3fbc866c4e2f7d692a620db54055ae7ea1
SHA256b3632739046b57a20a457d9f9beb6d29fda6016741a01227e07477b05f4e4454
SHA51237eeb47116b5958b1138dc6cd493c9962aacf1bde606f3a994e4afe6bf298ec990e602a0db41bd1a1b76ba0f82f345fde63908b429da5493a6ef05e759c8220a
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b