Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 07:45
Static task
static1
Behavioral task
behavioral1
Sample
90fe189b8be15b6576f09f0b2e983496_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
90fe189b8be15b6576f09f0b2e983496_JaffaCakes118.html
Resource
win10v2004-20240226-en
General
-
Target
90fe189b8be15b6576f09f0b2e983496_JaffaCakes118.html
-
Size
50KB
-
MD5
90fe189b8be15b6576f09f0b2e983496
-
SHA1
bc0e1619b7ae071f472614a82bc2ec57ab084792
-
SHA256
d7a8fb3b22a43fcbd321540ed9a7a00a37c5cfddd1e1c799af71e9f7f912f9ba
-
SHA512
b57fe3555871ed1cc256f83363c161037532803e815b62c33b6bf86b106d43e14619c189cafd5a927b94f71a381b3c27df728a9050d4481b6a56b354ed4b3830
-
SSDEEP
1536:3k1T3goF92Q5eTlXiWl0ToqWGyigcK2Nvm:0V3goF9heTxl0ToqWGyigcK7
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423562585" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3873F9C1-217D-11EF-932B-4E2C21FEB07B} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1276 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1276 iexplore.exe 1276 iexplore.exe 632 IEXPLORE.EXE 632 IEXPLORE.EXE 632 IEXPLORE.EXE 632 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1276 wrote to memory of 632 1276 iexplore.exe 28 PID 1276 wrote to memory of 632 1276 iexplore.exe 28 PID 1276 wrote to memory of 632 1276 iexplore.exe 28 PID 1276 wrote to memory of 632 1276 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\90fe189b8be15b6576f09f0b2e983496_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1276 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1276 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:632
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD5d5400bb35394d180b1dc0f6a4c96b910
SHA13fce828ee7363ddd818f90bf99d4c43df236d042
SHA256b79b315ddd1fd2288546a53753b17582bf732b6975fb5d114eb947e90fd055a9
SHA5120ad088fc84a1803412b452b4a1f6612adb30e77264f2d3ceae1c1db408e93db73c341ae3e056d15ea3e9525bc6795a4cb613d06de31f919628fc9fcac182d7a0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51244a6d9c259d834076e5b68b46e3d61
SHA14bfa3216930f044717bbcb15884fa333dc646f06
SHA256a865c30d96cd1324f6fd463554f4066501e7b4a4c8979e566687b1899789d74d
SHA5120f82662ed0aeb8231980878097b07d68de6936601bc115ab19aaeee485ac31c4a747df552d1cc58d680a5956fe44940214cfc592728fc4a059a166da79c6d34d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56b0423e45fcc556e0f1f710ca8263768
SHA10a57af3ae9a6b48320988067e1793120a75e449f
SHA2566043d38d7a8d3c454d8a7945e3d1ce95d5d8257bd43927760db926ce5f8ab392
SHA512f87158e9aba05ed3689bd54aed12006d7d9176e728fc0a25cc08af5c5efaca31ade016c877a1c4f5b1b62558e7c52dbc0caa4a6ac586a297a69e2e8b4dff7f81
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD572689bf4b3f5343ef978f94492288ac7
SHA17503030acf1be732defc48fd94d61b26ace6794f
SHA2569c5c3d5a7c41209017345ab32f3436965fe51c007ab4e7e400c1443d45d8553e
SHA51230e49395cb8282f5545b76863da220fc56d5a49544f779b9a052fd631b9bd139de104cefe259d2ea6e31fd5f062f6dd75496b40148951b47a7cb04861a2bf71c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58d71d211dbd812f19d7b88e43bf56c26
SHA1bddd2bfdf2c7ee3db9a5fba2d90b69fcf3e06cbd
SHA256af9650c00a5fffd13e3475846e8ef3025de25213cba65c3e8e5ad6072bfc0abe
SHA5124cc82e3ec2fe540c91a341c2a76a4cdc9e62d67336beb24699630722d53aa9bd7cbf3d9a2ea984b4da8537a0156bc49025a05f17ed6dbede3091eaa577dbd9fa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50f2958122dfe3395d1ce5c5430f654f9
SHA130cffd03104f63d716fb1ba578cdd01ea43869a8
SHA25614d3acb1e1fcd8ba3290cf3e6dea688ff39255e9d6ac5e63314649386d7831c5
SHA512a75b13b3c0fa6f37afc4c0d7b0654ad36c2fad018256da32fb593f4ec9a6ea2a1939f0635b2fefc7074c2d374b98565a93847f9aeacbfe18b22809877d070f99
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5493fce4205870cc613927c57d8692cd4
SHA14e403239d49fe5fd6f8f05578bd2a9f89f43b959
SHA256220ab20c4ba05d0c68ebf9f975b98c85e5197baee5dfdc8efb1ee8b48ac95832
SHA5121bf51ab8fe24331a50c3268fd80f59f890d0c23ebd7260fe5f8d975b359eeb70905bc7b30dd89316fa103a41f4e96f1dafeb0dcecc144bbe4ae94dfbe9e01bc5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56b75ee38be74b31754043aee508f0338
SHA1d5ca375dd69479343521e2c4bae7c7c0e42aed3d
SHA256258acc316a6cd25ac23016ecabe39553e3a6bbeb412f0c084db044a5c982a4b6
SHA5121f01268773c6852db9f0bb082ff8d1ae723926fe733cd5d18dfc3270f251a8dce33575a99123497c4a6ea25b0da6f76f83a8c51c88ae8dbcbdfda0669fa08a7e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c15b10b99ffd5f3c641a41c3b750523c
SHA10b00694d72e3eb1e656739fd1b9ac760b70c5eb2
SHA256ccef79f3e907502cda44cc7494ad29e592505b43b11e2ffe3e445047b106e3b5
SHA512aa746909bc4bea638cae9b79d4fab5cc67a724eafb284faaf4d367c6074824c6f28c549598703ff558564353766144678288fa0d1f166392c8b04ecd95e506c4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD586502cef527603c224ba087419665262
SHA1066e6807205074675bd0cb512a69b93f62e2afc4
SHA256e1f0cecc00b277a8d291d2a9de949c4c96b9f8b7af687f2d8694065b4104457b
SHA5123d99b7656b64d502e62a751c4a2890b2c70b96051942e3ca433ccd18af2a4de724beffe0a3c88524f39aadf163ac74a24ae237258f69fd687ef09a7e07d31d7e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5010aea6aed34313b960a5be6b6763c56
SHA1b51bd20e67fda2f2f8df2bcdd6b2a4b8b22caed6
SHA25644da1f87559e887e241a9190af6d8382827df724805a82d22aef91d05c04edc9
SHA512e4e00e664c986efbfb5e310bac4100d3e8f82feaaeb878343f5d91d0892a7caa7e83b71aa6214006dfeab4b2d20a88ae8ec33a486190285f485c546e9f49f4b9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD55a227957b315a40ca4cedf02e58ee20f
SHA1807fd67d9e63ab14bc9346e91bf023e8dddfde98
SHA256b8ab6b0311ae72d22527d74079b5b763c782b93ebff9a805caa546aaf0e5c58e
SHA512ca471ba8667f9ffff096ed9fd1423dcc2d45312cedcbf7848782065db4d2d6017ab17dd90181f8dacc2e97783a9c2f85f5cea8902b0cc8e9747f70865b7f738e
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b