Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 22:36
Static task
static1
Behavioral task
behavioral1
Sample
8fad040af1121694a8a0f21d94ff8c46_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
8fad040af1121694a8a0f21d94ff8c46_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8fad040af1121694a8a0f21d94ff8c46_JaffaCakes118.html
-
Size
27KB
-
MD5
8fad040af1121694a8a0f21d94ff8c46
-
SHA1
c839f8a6022f87988f3c42bf7c30055eaf2576a3
-
SHA256
c0dd235c7824db6f4224c06d8dce124ea453948c26bc0744ba2d027a0eba9ea8
-
SHA512
c8df7aa0dc25ba6ba7cb748c969c6330e5afdc3518f6ef7b04b99d85052c530fc0c8227b1946985f85c24a718ed7b02eac406ed4ee083d8634aa3c1ee9e0d755
-
SSDEEP
192:uw/8b5nC+nQjxn5Q/pnQieENn8VnQOkEntDTnQTbnRnQ9eegm6uXWaM1+6L+Ql7g:HQ/CzYMWaM9SmpS
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{94641AF1-2130-11EF-8C93-DEECE6B0C1A4} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423529667" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2972 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2972 iexplore.exe 2972 iexplore.exe 2752 IEXPLORE.EXE 2752 IEXPLORE.EXE 2752 IEXPLORE.EXE 2752 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2972 wrote to memory of 2752 2972 iexplore.exe 28 PID 2972 wrote to memory of 2752 2972 iexplore.exe 28 PID 2972 wrote to memory of 2752 2972 iexplore.exe 28 PID 2972 wrote to memory of 2752 2972 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8fad040af1121694a8a0f21d94ff8c46_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2972 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2972 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2752
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5836090f7559a1e268083ef9edce52257
SHA1faea8e390b5c9cd5ca6b5f7b538a03e43ec593ee
SHA256aff9a5a07b025991d92bd3db3bb20300381c68bcc3ae3c6dd4f8656f62ab7a0c
SHA5129b784f95f0e0fce31acbe543d144251fc66d843762a4830a6092192ad31b3189be1650fec24630954b84f760014ee0d0c809023541c34cb572ec2d839fc951be
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58f77a5d644a2e724fb9d2ad0c091d6b4
SHA1cd8263add19457faaa6a38d48e2ed5c4a54af44e
SHA2567362a9b078c1b73832caef704a19279957f8e00b3d44bd3ab624cebed91b2a6b
SHA512fa192559d8bbb1f15502d86378f4c6bb6e692bf1b5ea2cd6a40a72d17cc579ceda674dc5bd5552359e182e3e9e5cf5040600f2f43dd0935f1f66860dfc3bbb2d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c12f106e4385272dac33793591af6a17
SHA16bc4a4ac9af8e0e551334d40c99a2cbb22eadfe5
SHA2563a1d0045fc636f5c6e674cf7af55896b2e33eae299ab26634b72e4a3a32891c1
SHA512ce5c8ce79aed55289cb6086a40f120a8dc898320ac1e7f7d205e2b0d75063497b67478f94f0a0852a3d23a0ce76e8478f084ca9ca9dc054198f52b14c399daf5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bd7ecd422804edbcda9b030e42c9ce1f
SHA157ca2cfc9225c39c4c51fd701ddde5699a1968cc
SHA25698a3db641a274992228ea6f3a6d36e9854ae1d73b65b4a975bb8d993706659b3
SHA512ae13e43717fb742fc6304d4d6bb6fbd0a3090cf231cfc368ac926d40360e38cfbb332ad4a0058f33a7ff3372759083d4e47e4515b679aec92c4201d12a59904e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b43bce290cfab46954c69a704b66bc4d
SHA1ad6232b011d327c990efc505dacba3be1dcfc395
SHA256018bf25598fe519528b88d1f70bbe9decc721d92cd074257e2e76c58a4b6036a
SHA512335766d52d38d97d931914439ed155de11567e5b75ea4e0a5072296bd8ae76fc985f0ddf1eaa501b138ed9ff4f907966b6d46376a38922a020be0f81b27f4b67
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fcf361cde14e17b81e4e2f8687bb8f72
SHA169caf8a16448532ea436ff0a1376a875bc2f65a4
SHA256d446a0c54a4f0c03f4b9c2bfa6033a1160f111e1c408bbb968c679b695cac96a
SHA5127535818cab5a763b1af0fea99f3a889f6709ed8c39a2d3b494c778c2c72136dd36e84d9ac76b9bb156aa5c55fe07598fc32a186da64e2fc3de3785c99ab40bc1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD542dad28f76fd93221b03621919cf9bf5
SHA1627b6ad7f6a3bc1be55089c6c009653f638897ac
SHA256bc2050ede7c7550e7863d44fbf583e3ddd9ebe152160316382e12dcc036c224f
SHA5126775a4d83cd49181b514c55f72d34598f943fc0e0d71cea4a4fb9fc3f63d7ef1ef6f5f1ad055cb120253c43e48524dcf10fe893180ca7f1fbc34088054b71f6a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f59e349b5189d5b6b66884536cb7c772
SHA1812266b6a7893c53b864566d873c7d0c83467a89
SHA256d31d666f87d5eeae3c74d59c413d227682dc6e7a46c5df048342ecfaf31d0aca
SHA512b8743f7988bbc326669f0190dc5b90c61f91d7929b27258e4f70647b05a67017d2f2633aec7d1cb55a43475ae92675ae74527622474b18bb6dc2c837990d6eb9
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b