Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 07:46
Static task
static1
Behavioral task
behavioral1
Sample
91001af4892af75e4135c8389f6e5cb2_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
91001af4892af75e4135c8389f6e5cb2_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
91001af4892af75e4135c8389f6e5cb2_JaffaCakes118.html
-
Size
19KB
-
MD5
91001af4892af75e4135c8389f6e5cb2
-
SHA1
46eaacfcb60e198506ee8d4873d3f7dd1e2a51f6
-
SHA256
7a99e4b336d3ba620265451bbe1d7e70ceda7cfbf1b9123ac059fad4b64e69fc
-
SHA512
02549e17ef5df67f6c5301750e485a677ff7b6878a2047df438794dd5ab98fdfbca20e24519214ad451e850a198a46e1b89cea7ae45116fde674badb588a730a
-
SSDEEP
192:SIM3t0I5fo9cKivXQWxZxdkVSoAIJ4TzUnjBhlv82qDB8:SIMd0I5nvHFsvl0xDB8
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423562685" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7411C931-217D-11EF-B44D-5A451966104F} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2944 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2944 iexplore.exe 2944 iexplore.exe 2296 IEXPLORE.EXE 2296 IEXPLORE.EXE 2296 IEXPLORE.EXE 2296 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2944 wrote to memory of 2296 2944 iexplore.exe 28 PID 2944 wrote to memory of 2296 2944 iexplore.exe 28 PID 2944 wrote to memory of 2296 2944 iexplore.exe 28 PID 2944 wrote to memory of 2296 2944 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91001af4892af75e4135c8389f6e5cb2_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2944 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2944 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2296
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dc9004404abdf4dd96f8707a74e6f743
SHA177d32270e659e41c64dda512fde0e9e140984e6a
SHA256507444aa31dc6d5e52177cf0942649305e81a2bb608bd6e09a3516317905282d
SHA5126b93454c479715e9b9b31421e8043fe912012d6e4f2d46fc1e0e2b67e791c886e19e78f937aba6d07096822d45304ecca8623c91f5d096c947b8717cdb2830d6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5765780f6d820029a971add050bf8af4d
SHA1a0a92f6837d4589fc61bea6c7b72255855f56b05
SHA256d28ecc89d908bdf416339791cc804c4267de887874d9d95a1d912764c1de008c
SHA51222d7f77a307721d36d7a75ce16dbe71558eec0c3266bafde331f0c042c8f25b3e0fd35bdfb63799219cc4b06af98814e61d4b1c3f3e2c2b4a75b7390ea435a4e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5db5358b6da9a881fc268f22e614f0a6d
SHA1e1a359d1e2adbce989205a730e2c39bf04302535
SHA25616954c0756d6370f62dd042350adf60cd1b69f612ef9de6944efe06580eccfe2
SHA512780419869d422a6a6d68538049b13a8b7fc109d01866b2876c50f2b6ad9963963df185f9bcab716e0fa422fdf7181a63e500a8237e37cc1b16bcec8fbbc1c868
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cb558f7d8106b5a080126f72e1e06863
SHA1f17b5dd9a08f305340b686130fbeb22244ac9cb4
SHA2562b7a525d60182b4fff474eaf2dd56370b11fe8273ef3b03848aef0b48a0e5486
SHA5127c31d9336fd234f4cdbce0412d72876b3d29f216b7801322f68b31af5b50493fdc89a9066d4098cd5df106aea0071e0338ad89ad17800ff74a0bca96bfb79775
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ad642d0c261e8bf114f2c78f82a62d0f
SHA1c635d733d44505c5447650a95603dd09fa594a60
SHA256aec5ae36b10bb5bfc17dd66e7092a3c8cbfd05d9d13c2c9c5affc433799923db
SHA512e381222722af87cbc16198d8a549dfbeabcbe0b5bc76cf16b730a7dc57ef0a8712609711e3951b554248a7de2b055fd223d5d53c3549e8fe5a4accb68c647b90
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5860c7659fd2066829565d95241031a16
SHA120f7b3d0d27d2746adbd4e98f3798b6daa42b9d8
SHA2562f02a0defb784ad8ecdd4f21baaca1e1e71d159293ba12873ab89dd1f375c530
SHA5125b12303bd62922b92c7200b13f2a23808843ec29a1a352b90b049bcc93ebf1897d531f851f1323f0904ac698ba916518f51219dd1091fc360e8149efce460d0b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52b7242537b222c35b3f1a32092d3cabd
SHA171931171bcee6af2f590fc905259e6900c3441c8
SHA256642a9fa597d21ac41477edee969b37d845e01971cd2eb43b74c9eab97e85de99
SHA512e6f01f8c56e9125875be42715732dc4e233555fcbf16b7aadb659464180f11c5d522fe6685e5bb2fbeb653588ec3ea0ed61d4a5f3374e31ef59a8823c419f11e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58caabe14795db4af2b569ca1bdce9bb1
SHA1ceb4a1a64faeeb3a893051c83be87a9f645195e0
SHA256e05ea32d447cfe456441ee70eef1390761c1d8dd28a269bd73c204d654450d84
SHA512f7e4cae64c05a73982e7bd30183abeb5bb4e21f07300ee7f70e17c435660cba374c6ab5326868f079ab6ceef1eba4ae62c8f76d4fa76f939ef30ba60474a9e1d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57a8fc63982ac2f78f7338cc044da1950
SHA135172bd2f305d845188e118bbc6c0d9d2ee6092c
SHA256da3873019e8531e7619c899e77746827dad796acec7a60f665b16d2a3a43b50b
SHA5121bb8251383294b970663ddf259902a09506fbed477565433a7d606a2d98568a6925e04d04480917bcc9caa3c15292ec6aacf0e588434b97e1909e4e16f8fd643
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5837f6eb1b6c5cb04a5ccd918fd346f2c
SHA16b7210cad6d23f8418ea8d8a238387a4ab59604c
SHA256a986c369ee4f4431e747fdedf01021161b34932fd62d4cab80bcd8ecaa272193
SHA512606be9e6d340fc2947aad077b6a5e000257401464cab4e637d74b7da1f85b57186591735e137a13560db95f757fa1abc145f8105f645cb545719a01b225208f1
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b