Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 07:46
Static task
static1
Behavioral task
behavioral1
Sample
90ff67f3a3baf55309b4570029b664d0_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
90ff67f3a3baf55309b4570029b664d0_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
90ff67f3a3baf55309b4570029b664d0_JaffaCakes118.html
-
Size
23KB
-
MD5
90ff67f3a3baf55309b4570029b664d0
-
SHA1
8b65e5381c16d5a1442bdebf3d187cd41ba22694
-
SHA256
d217b314367708d68027ce31676f61f28ab033254d4e1c326932d4b099cf8a4d
-
SHA512
739c9fbb9cf9b73f7dd72b86811ea01445358cd78c38ff755531930608bbe64242083c1fe9975480cf98d4770d199d5624704c67acc569b27076247f338c14da
-
SSDEEP
384:DV1YKHcYPUtRp9IncCFEw7Q/C4Zbp86fLKZ2crWo4SQU3I634yJq:DV1YKHcYPUtRp9IncCFEwf4Zbp86fLKc
Malware Config
Signatures
-
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{619322E1-217D-11EF-BD9C-4E559C6B32B6} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423562653" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2932 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2932 iexplore.exe 2932 iexplore.exe 316 IEXPLORE.EXE 316 IEXPLORE.EXE 316 IEXPLORE.EXE 316 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2932 wrote to memory of 316 2932 iexplore.exe 29 PID 2932 wrote to memory of 316 2932 iexplore.exe 29 PID 2932 wrote to memory of 316 2932 iexplore.exe 29 PID 2932 wrote to memory of 316 2932 iexplore.exe 29
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\90ff67f3a3baf55309b4570029b664d0_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2932 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2932 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:316
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51da9b7b0ca5bd67a5e7b0ce6ba5beb1d
SHA1af7e14607d43b433f81419a37117462c6f20c1df
SHA2563710e831075ec6d8dd8b770c8e9e1bd23f8a1b4bc584e4725d95b6ca8b0db31d
SHA512d3567c56f61d79e43c9d477e1e3f3aca85ddb0f6114afcad347157372580b9ca742e26bc718267b8d236922698639e2f43b6999ae991e1f2efcd74e40cf0c3b2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c6e4f2f7b5ea3e10eaebeb19fc22c68e
SHA1e37a91e5154b8428f2feb5a08defdf8d08204f9d
SHA256ba25b5b844788d4f17b2b3799132a086e7e1c3fe6276406d61309f0ba8552e87
SHA51206d23ec4919d7b189871290c347a455f5a255ec6beb2887d5318fdd6bc9cf2d03e273b4f51b9f103ddadcd2dc2137daa244f69aef43c8db3d87f80d2e8ca9be2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53d95750b47d743eda92c42f9d10489c9
SHA1dd8a6cbdaf09694619f648d1cb43096d230757cd
SHA256a1ac7858c98e09b17660a6aba9780e031bcac036f8d2c11a39ff9d1a1c37b8c7
SHA512aa70f6c7f9a9d9e13c90142a66657c4c2ced48061f9a5a18be5a299b638cde54d7d57162e4b8ded67352b55d2bbb03d614f75ae21c1d581d612da49e4e2a846e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55afbae9c6de904d9b57899a165655298
SHA1eecb6656082777eba934cceba41c4a0b5bbcdd0a
SHA256d11ac7dbf520a511f83d04997c0b6f535e0040f5ca87237a96103024af5a97fb
SHA512d3bb183c10dd9f7540b202a2fbc1609e6bd7d918bf39346dc16f674e6a098ab99379b768cc5abafece4deff69f9109ee01f61983f74a6be964712f0bbcc222e3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55ea2da7f96e16bf501881e5b23349a1c
SHA183eb77d79391edd8b8f69ffc20e9cb7414b93427
SHA25683dd7418cc41a2a8652c48f1b08b79220650ab5716b97f22b0aa4295351171a6
SHA51286156e0057e19986569c301673148ec9c903cf40de417e5f674cad302ffc59ca0438e6380608d20a006e813e020f1744a3ca508d5e0ccae2609e287b9fbb828f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5329ea2caac11f2f49302d5c793663611
SHA14c96aec944e96f4cfe887450c6a531105f0dd8e2
SHA2560b435c34700d4683782d351b51f2434fbdd1ec4283a6fa39a5a1a12af8924ca0
SHA512e98408fe7fd4c1d31851432d712ab007089818496ea52e937f3682a8957d51d317bb361be90d2b89685a00e12e9be13d43558aa5fc236db4aa573ee23343e7f4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55b085c240163b9bc5f8d2decad3304cc
SHA10c1a2b6f2a07cd0ecb4db76bc5ee89a0f1ced096
SHA256140ed107ce4a93624715b782201c813d6b1c87354e45079d9269a044da81000b
SHA5128dfb0d5ecd488b891c6ea351908e79307f464499fc17c6fa3424abf28d8e679fda915b712f7a3f36833b6e63d8da868a209e2ad8411d21e5ee9bd6fe1cb12fa7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fb7000a6fa89cc7ba10926ada94293ca
SHA122f05b79fcf9dc07c4fbd7a2c6e4ac9d6baa62ec
SHA25674f3d3c7e39453b92074244b7f2c71a26cca599f26ee35c03d0a0dc7fd1aaa5e
SHA51267b7d2025b1f393c399900fae27372de48b85bf6c797430a3d0363124c0469fc9b9a396197e565bc8a81a51ff779f1cb06ea0537e81ea187adc2f895186d42b8
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b