Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
01/06/2024, 20:05
Static task
static1
Behavioral task
behavioral1
Sample
8b9e081803cc60e763c04767e22ec665_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
8b9e081803cc60e763c04767e22ec665_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8b9e081803cc60e763c04767e22ec665_JaffaCakes118.html
-
Size
19KB
-
MD5
8b9e081803cc60e763c04767e22ec665
-
SHA1
4a1cd4cd6764df40b93d38aff0ee8f01532ac363
-
SHA256
c5c7ce7b09b5557d4153e3a496871a3c7c469bf5843826284de2e66c1b238dfe
-
SHA512
a4f33f76b2f3b6e0654dc2ba9b8ea1ef68d5381bfc507ae7db804c5d2cf2b46c2c8e83597db7069499e8dd6c4aabfd84a7df912974cf8982a4d044a72a72fde2
-
SSDEEP
192:SIM3t0I5fo9cKivXQWxZxdkVSoAI543zUnjBhZj82qDB8:SIMd0I5nvHtsvZYxDB8
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4379BED1-2052-11EF-AA6D-D62CE60191A1} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423434192" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2116 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2116 iexplore.exe 2116 iexplore.exe 2700 IEXPLORE.EXE 2700 IEXPLORE.EXE 2700 IEXPLORE.EXE 2700 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2116 wrote to memory of 2700 2116 iexplore.exe 28 PID 2116 wrote to memory of 2700 2116 iexplore.exe 28 PID 2116 wrote to memory of 2700 2116 iexplore.exe 28 PID 2116 wrote to memory of 2700 2116 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8b9e081803cc60e763c04767e22ec665_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2116 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2116 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2700
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bd72e68264e84b3336c2be078f857c87
SHA13f898b3ea29fcca7ad689402ab3e90c283078efa
SHA256fa3e7d5071fcd291af10f5019a39b8493a5243dbcbe14a5635b525435dabe1e1
SHA512e6946d8b963d82cf0c37f30dbc0d2501b311efc738bd6ab1c6d56e378b6f48fd76ce53cebbdf1fbdd2ee950a955629147e97ebef613717136dd6b26572bff050
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a1bf68fae35c9bb3d4e1f6fca65729aa
SHA16d745c061961a34e9cc5a107e99a5a6aaea0a6d7
SHA256c7abffa89e63beeb027de61c6836b5475ed3ceea80b4e5a2334b9198ce4519f4
SHA512b323d745b616bcea79f09dd7264094990f3bb7ff6e003facd2f0c3b5fca262c2863edb8aebd0014c7667e7de405cd1a7f3aba1ab33f8c543233b17863b53c01f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56ea45a06f6bc7344cea12bd436ec94f8
SHA130e8fbedb4abb955bac8ba57b151e4f1a34d168f
SHA256f0e9c74637cc10ec0d1d5c17ee19613b8eb3c7f72c18b4dd6986da6834a4fc50
SHA512a0e52c9c8f6f2b88f3264fc0b1e210ef8305879dea308bd776bcaa3582dab49dfee163d2f9470c4101483c307f7489e02df789b19acdc514b5c14576fef28df2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b96abc3b9116488b3bf8851d9d371f33
SHA18f42c590d4fbba9c336651acd012459fa3f65efe
SHA256db1b010d39b2ea326b9aaf7fb73e47242600c3c677606346c90c9c108e30650c
SHA51218c5df75af4f030c449912eb241c1a76a444b69d148f4d8b7e774fd55c7f17f5d4bbef588a83264caf7bb4280e26c179e1d8fe914056b025aef39f6191cb0a1d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5596c81ecd17145b1917e3488b8870662
SHA19caa3856e1ea5dcf394afc18d84aa83efcda7083
SHA2567ecc9aee25e888d0963dd5c2be6222448d55f419d715594cd5d47cee0c6e52ab
SHA512fb484acf3e55ee981ccef446c995d4b9d0ba55788fd4391b97cdf1ecf62b250e67b0c3015782029d5f3a0d5821163ced88e447a32caf1c2c0b1358945d26357d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52f91c105295471101895e4acae29365b
SHA11f34af5d7fefe27ee11fe6d8bca320ec93e8d4ad
SHA25684d8eaf13b40487c6d12b678ed42705b35269a2893400784b9867602c9108c1e
SHA51235f0ef9403271262d5ddc10f2176648cd2dfbe9f9b4981c279035c60285b827c7d2e052a002fda4680013d983e4aa5e6074f2e8d1d196d58da693dee86670a5c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51083d3beaee9005f5a7b619689051b35
SHA1f2cce7ce345388dea750fbe44aaf6404bec009e0
SHA2568956402012eea279e07a34077e64071e2b513aeafa198577e066f69b9d9f55e0
SHA512f658a5d1b75f013edeb157d772dd8e7a18a511291b96323777896e35d1926b366c1f1f097e06c8b32aacb7592a351341629d90795bfc1fcb61ab301edf40334c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a6b4279acfdafb48e6748ceaaa58e6df
SHA107ddb94df4aa1a5e1e0d52094fad9b9cf11a7c51
SHA2567c0a422d447c9eb1c564fa58508835bf028753e5f1aca26ff507bb4f8f96401d
SHA51287656f70e04387416e7f8e5082becf3ae024c4a9d7329451600e04b6f2ed8b2a9eca19acd5080fd3a0ab06390282b2fe0c28e6748f472ccba405cd69d8cc82e9
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b