Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 23:43
Static task
static1
Behavioral task
behavioral1
Sample
8fd82186064662b140a72731473a44a4_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
8fd82186064662b140a72731473a44a4_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8fd82186064662b140a72731473a44a4_JaffaCakes118.html
-
Size
18KB
-
MD5
8fd82186064662b140a72731473a44a4
-
SHA1
7ed8a144c938cf7b521715d4df4c1ce9b5b31478
-
SHA256
90b10f1948dd88246b714820874ce9fd0a452d337278522d2eefe93b458f834e
-
SHA512
a992a5cfbd0f69cc5905c625f19428a9d9389ae5a386c096b4002488d89268144b82f08a2c7c1c2aff83ea08f5de3472b8125aa6e8adf18948c17569a7aa3d01
-
SSDEEP
192:SIM3t0I5fo9cKivXQWxZxdkVSoAIV4FzUnjBhn582qDB8:SIMd0I5nvHtsvnSxDB8
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E6F568B1-2139-11EF-9907-E698D2733004} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423533672" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2016 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2016 iexplore.exe 2016 iexplore.exe 2976 IEXPLORE.EXE 2976 IEXPLORE.EXE 2976 IEXPLORE.EXE 2976 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2016 wrote to memory of 2976 2016 iexplore.exe 28 PID 2016 wrote to memory of 2976 2016 iexplore.exe 28 PID 2016 wrote to memory of 2976 2016 iexplore.exe 28 PID 2016 wrote to memory of 2976 2016 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8fd82186064662b140a72731473a44a4_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2016 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2016 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2976
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5145ea10bff1ac5c43c8df91fdb11c4e2
SHA1c8cd167abbb56c6d370cafdfd9bdc2ef575c3402
SHA2568883fce64993858be2a3c806b74bd85f234f77159b4c8c5792e6251e1224ca7c
SHA51261eee8ee1f213110adf21ec1296b1c483c27b51e8eb8a8015afb3445ff89e3914483d21249b2094a0e897a69da971f03b34c117f512b9faa694330c7e1c7d039
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bfea3174fea7654c61b1d16a6b46b74f
SHA10900440f7b3111740e4dad542d8c3b021ea24437
SHA256ad0495d4566988b84316d9788864da5c802ee92a215d5e1f9d327f57ed9c60c6
SHA5125360d0279c4ec9f0290d4bf63392fb75efd1fc7c718a635a7f40f61a384bdc71900b94b2f83731474849225e5d6fede8b512412b5b502fa254080b969e6708ab
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5445c3c879fdb9752b41fa40a8e852144
SHA13c8f9afcf36dcb785340bce9d6e20ef207e4f3de
SHA256bed1f578c08eee9aceda9f37a5bb40a377f3f8bf175677b4cdb8512f2d79d138
SHA512bfc758863acb8e6aa86d975f0150b66bfba76a9141331417ea472c1b3d0a95849005a6dda460546cc17f7f93534fbf8f2bebbe01637ae79ed341669f7e7083e5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53ff56bc2449c449370b696f0bfd76a8c
SHA1d490a914cdd8ca58ecafd3332a2d9ae8bbd19673
SHA25602bc29361fbbd68f2a6698a98a6b58b87db0e99a9f81ae6f5fa4241b4555e863
SHA51283ddc80922073bd7d42571a4a50d7c26dc661ae1e0cfd2625c677f315dd79b8dbcc5e4a300c10d06016b5c7636bd04ba7486895caf8b80a1490384ece6dc80d0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD516d1d368d904070c5820abe31fc526e8
SHA13c319527be750b72f7270a4f717f9d7d5c0b6d1f
SHA2563f2752d46a5d019ff255870886ee82618b5c46be009585d7fd83c7afb65e8f1f
SHA512aab0d258a33b94a3e0b04c4367397e3679773874e85060326649c2ceb89872722ef38b07fa22d502fbecb30af848eca70985a1e94efba08f7a56f17193fb84d1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ec9af039a616f93c3aab0c667198f178
SHA1a4b91d1d5b46389f135a1b635de6cf56543bed99
SHA2561a60aa04e1f8158c6bcf5581a65ca4d4513942bc17be34bfc3a515c847ce5217
SHA5125b4ef39f145d801a1bc5d89cf824ea89664932fddd80de53812fa973e38e7d89fc87e7a4b541babb6b98d159c3ff566dc5bf63cde4a13d1af4c9caacd5dc9526
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f6337d97e18e92e40d61919d3456ade4
SHA1ee25218d9909de54a06b7015e11d3d7f7f6cda6c
SHA25660be6d895710b85cdb340bd9d483445f50c7db1a55c2ecdacbacd7b02e8d17fe
SHA512e830d03beb2f982bb3de5f45450d70138266424291aa1e995b8b8e40111cefcc056723d73bc8912b10d600d3a2cf5381ecbdecb2dc45089aa82fe304d310866d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD554adcb4435819175fb186c69c57fc087
SHA1fe7c08099a86f6a3bff4c93d021a4063bd9e0f71
SHA256869fc3ea9a1d35c690a8c67858d4686b368749027b4b670a1cc1a4c2902bcc4f
SHA5121b6fda9572c69bc6717cd2a47b2c271aa651162bccf39e0dbc90242a892cc6885e5fd5a5c122d4c73006c112ca0402e754e0608f0f6eb3b3269d43e807f13b6e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52b6184b01be0a634f0f63db2c7e21758
SHA1c44ab65e77f66aef5a67d7eda0b713af635b1868
SHA2569b3da16063e04c1670a58deb5a175263c0bf9ee43ad99ade5c40fd0d6bb2114d
SHA512d114453bc6b3af35b82b503c1ab152f05ef5b115bd7ff82d8d95fc009c73fa6355ed676eef5f1fd68f0313164a8d51e11126503c93fdd3cb765335737f86f861
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b