Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 07:45
Static task
static1
Behavioral task
behavioral1
Sample
90fee0823b3622a8e97993e50695a67d_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
90fee0823b3622a8e97993e50695a67d_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
90fee0823b3622a8e97993e50695a67d_JaffaCakes118.html
-
Size
20KB
-
MD5
90fee0823b3622a8e97993e50695a67d
-
SHA1
411eba883cc76482db7481e4d0b54a6131a62d8e
-
SHA256
7c786998dea9d5ddcf250a24c9b0aba1355c6211031664923fc12945c3d03169
-
SHA512
e9ec9d6f7434afaa9181bd3f1e3458ba407d280849d876c98ce18e4fdba2592aaa5cbdf6176a40baeb30777a6cd82801c917f2bd1767e1d8f37041c00c33e105
-
SSDEEP
384:SxAcV0irovqCUdRKaqtGwnmVkRRa12/IBR0SAsx:Sx7VfsvqCbXtfmVt0SAsx
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4CB2B701-217D-11EF-818F-FAB46556C0ED} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423562618" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1768 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1768 iexplore.exe 1768 iexplore.exe 2172 IEXPLORE.EXE 2172 IEXPLORE.EXE 2172 IEXPLORE.EXE 2172 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1768 wrote to memory of 2172 1768 iexplore.exe 28 PID 1768 wrote to memory of 2172 1768 iexplore.exe 28 PID 1768 wrote to memory of 2172 1768 iexplore.exe 28 PID 1768 wrote to memory of 2172 1768 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\90fee0823b3622a8e97993e50695a67d_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1768 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1768 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2172
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e19c41e0ad05313caeb1cf2986fe6e5e
SHA1f79e128ba6f1190bcd29fc4bc3f9d2f9c7df0074
SHA2568431a7e19ec7815ca612d22285d0bb6f1978524c89b447e67137b298d35233aa
SHA51281ae96b1b9738d4e81ebd19f573a5ef0895448489966d47de314cd2202bd93a83d09f793133a4f459d4bba2030be5c69120f8d956f805148a490cfec57869084
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58ad4940f17c924a3122f95babe1352ed
SHA100646c5ac9f2c13068e6875cb660d93bda4c44be
SHA25642c36df04ca8ca4d05d2e0dd4f0d63028dfc98c03fd7520462989fcd3257a83f
SHA51200f63de26679cb1076b487168af1eb791d94666d55eb3fd812af2eda5776efd8b87db5768b13f905736b60a79f964ef0c8cfd157e24cb12e6ea8001899101394
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59504fba15ec4a06c635ede89cc76d25a
SHA1d32e341885a89b05fae224e89867efea5fff4491
SHA2568c1b6d6e6daa0fb698208d46d874afe9488b92a5075a0b9692585fb7d1e8425c
SHA512034b286a3133346f188710b463d303dbf351e23755654c3aa1bc684d4297375ca07024073640ea02ea0ea9a2a5d4a28e0a11bbc3881bb9de2ba0dd5f13268e0a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53b47bca9bd3768b7fb8d0e6d7e76b995
SHA19f4f619befde197468f8fd34b231795d1554a7c6
SHA2566922a8ecc8e77f81b596fb7a44edb0c3ca2a3c6fd73e9a90fdc63844b0cc40c5
SHA5122f26381a8d2447fb26056924e939667edca37fb58768b7281ad6e000c8951c47d1a7e7fa07f0b3b3e277152cd28091ee0c7e63970d00143aa179515e4307279a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50018d804ce5a2573cb30f286e6174db2
SHA14165a4a37bfca8f30082fcd5898daa1cce8abeac
SHA256bce5f9c1529b550e00190441d2c0f66816fd487ce2f3bdd482195a26ac7c0a5e
SHA5123babc6011c4e5209537ff7f38df12ee3dccdba23eb5d906649ae4d64d63f86f72bcb6e693b5c7049d90f960c1fb59e218a51cae5c43a67ca6603ccc0fbe5728b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5023a601c551a8046df86167ca6d90c5d
SHA130c899205dab0ae6641e1c6bf4a5bb0c65e36668
SHA256564de85267a89e42372f6bab3d430a9e0d1c8680597b37c6c5d2c4d01a82a5a2
SHA512248b7e3a9bb228befd834410bed52283f3fecd65ab4411894a99428d21a066b299a3341f15faad00cc646d1b33bd0f4e32b07233ab8954461a0640e5ec0279f0
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b