Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 23:09
Static task
static1
Behavioral task
behavioral1
Sample
8fc17a38d51c8e67a5ac0fbebe8a1773_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
8fc17a38d51c8e67a5ac0fbebe8a1773_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8fc17a38d51c8e67a5ac0fbebe8a1773_JaffaCakes118.html
-
Size
45KB
-
MD5
8fc17a38d51c8e67a5ac0fbebe8a1773
-
SHA1
9dcd6dc9f6e1cc0da38304fc77ae256f6ad5ce69
-
SHA256
dd21fe6c09fc7949745450867d11f1f2cacd239b7881ecbc428f969e1cc73783
-
SHA512
d931f839703a42b222fcdd870bb6c377c9b25aeb412610962e5d64504ccec29fd4e8ea412a959908241a572a14382dcecbcb2d718b3af217f2e01a4acd86440a
-
SSDEEP
384:STH16T116TJtSqCDxPiAZMTaiAZM/c9LRqm1LUzuTWrsd0rsd0SI1a901a9m1a9t:S5Yct/2Xv19Bqu4YMvcJ
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1EAB9F91-2135-11EF-BF51-4E559C6B32B6} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423531618" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2984 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2984 iexplore.exe 2984 iexplore.exe 2064 IEXPLORE.EXE 2064 IEXPLORE.EXE 2064 IEXPLORE.EXE 2064 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2984 wrote to memory of 2064 2984 iexplore.exe 28 PID 2984 wrote to memory of 2064 2984 iexplore.exe 28 PID 2984 wrote to memory of 2064 2984 iexplore.exe 28 PID 2984 wrote to memory of 2064 2984 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8fc17a38d51c8e67a5ac0fbebe8a1773_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2984 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2984 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2064
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c0395b408ba8a48e81045504f2d1709b
SHA1fb3c95519e6b0cdc90e6921d16ad1781f481b82f
SHA2565bbd04e338f4b6448ee2132a143bf5b200e02cfec8071ff1e3c0c23150f9e498
SHA512817d247aeb2a630299260cfd442dbb822400207ba64e7d2ca0877dde2eb9a64f0a396e0abe305c834a7a2e1a8f87540dbad7a3cc7dbbb133c84d424a729eb63a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5148ba4594da3ff944e5c706deaec4e8d
SHA18dc82332f63fe00b360641a1c33a6a0ee0995cfc
SHA2563e8dfaf21b54e0a15c2bfc33834b9601bf40e0359d80c3f55ea31d7e0ac9ffd8
SHA51266aef2b717bbda764864260d84ec7958bf7f95b4480d0fbf4c8ddd76ab8c1b5d863a7ada97b663fe9f4cfa4924eee2ec424567b4d7d66849184d3774b62d137a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD505c6af61526ad63ca50891904915444c
SHA1e1faea2779cac7128ceb8ef618db06e6196046cf
SHA256a4bf03c84d989239a2203d946e02ba88d8aa67517eda43da4594c785135b73a9
SHA51230807f38832177bb96c5f2768764c55b046acecb92fb7ba08d0b4242cd2bcccf6673de36b1cddd4c7b10795c1c4f60e398df4294c70389a30ece45a47e1884f5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5eb664687a3300734af8cd267cd7e7d6b
SHA1b23192dfd367446cc4eff41ecc7b91a221026d06
SHA25640e240ef15de7749df3dd9a0f82663235fc5121400341a5ad649f51d0e9d369f
SHA512dcbb356e37d20156d182dbf929d53e052ba9990e16997d49a6db938914b3ae8c53eadd58c575633a7b9550598883ae709fd0e86908e337521dd07e89426090ca
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d9c75b15a6ea7e44560e3db92a23f518
SHA1e242ddc2b1acb7de46df52d2beaccb921fe0e801
SHA256668df45828b6e7fba87e74418ef24f30375047ec9b91c29ebbbc08b53b4e5eec
SHA512cc48369f0be489958d9fcc12d2c92034812a499df2a8924d8aa38ede5a5fc777362d855472ffa19f9d6093760c7c470b404b3d4b1b96af54e1a8f6aa93a69940
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53a5037a82bf6740fe1f975232c4b5e65
SHA1c55c021e818e21a32603b2a3e0b67f1d502f0ccb
SHA256dfd87a7f6d2f71b5ecde827717290ad5e9bee5f1d195a2ff59f1c2eca26746b9
SHA5122dbdf174215cd6abf1489ec4b340debcfc687c3bf720775b7f19ce58ac2da393e35b52054785c56f1a4dfc60d58558ff50411f4db0880fcb152e936725daef72
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a7c1a8977f58e82339c4896e3ec14b29
SHA10724d8966a5bb81cf7ba717f89cb1dbaa508e2a7
SHA25606b641f7dac16d52cb5bb4957ec744f4a5e9e570346cfda993b04c94108d74a1
SHA51211f25f2c68ce025ae3f3fb790ac77f633ed010bf2fed4b25ce58277caeb4bd05746f701aa4b682efadfbfb4efdd73fd021f0b760605e560050013cb75a937e42
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55960c706586d35420b91abf878ae2590
SHA1e3853eded365f50867433a201b4a74f3a27ebe10
SHA256e26b19ba7f7d93946282f8426668d84494008b76e24af36fa5fd0df6a7d377b1
SHA512d31279d981a5a3a52d76e563f0755a0cc7b5bbb1385196ad5bc9a776be04aa0739c2c1775fbc338b383a371d904cdcfe42c9019fc90e4f7f36187bab321e4fbb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ab59748bbca8f56d23db7b96f1fee493
SHA1833cf66f2e61b8b14bf9d84d150559944fce0fe9
SHA256a70e514e6c3af303e88599dd63f6aaf0d600b5f115eb580e13cb71c0a454b9d0
SHA512ada120f640c38db4a3be3314efbf32b2e7354c9c0aefd534980555eeb368cc5a154ea7d3625b92a3b6d1b6cbebc38d73cd15472c2919210736c029faf06d95e1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55d61e73f41b47bfa1637f2977530d117
SHA1206d677fbbdbe5bc48f703093f589241dc6bf21d
SHA2566c26611f0d7007939a23a449b79a89345170723b0195d32b2fc9c3f6b5966d0a
SHA5126478839926383170aa99cf2b91b17516bb2f1186254dfa4c0a0e1c3a09d8fd3778bcbfdcf9e3e5096d0ef74562aeb796f88c96a1c68a92c305b63598e02f332c
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b