Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 07:55
Static task
static1
Behavioral task
behavioral1
Sample
91069deac8cc7cd31491ecec781fbb36_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
91069deac8cc7cd31491ecec781fbb36_JaffaCakes118.html
Resource
win10v2004-20240226-en
General
-
Target
91069deac8cc7cd31491ecec781fbb36_JaffaCakes118.html
-
Size
23KB
-
MD5
91069deac8cc7cd31491ecec781fbb36
-
SHA1
616df0c53f26ac5fc439d1750aa5adc00367cc61
-
SHA256
1d035ecb968f3215b175c7a1b48032b73e560c9853c70b6eac91aadd2a94c512
-
SHA512
37521eeffbd82cd50ed6c21d282ead61a797f33307d96d2bb43dca42d9165b2a23729fbfc95d7cb61539960f60c41655178ddc3da604a63ea1cc00a2bb7ba7fb
-
SSDEEP
192:uw7ub5nr6nQjxn5Q/6nQiexNnQnQOkEnt+InQTbnlnQKdjNvMBRqnYnQ7tngYqn5:UQ/Jq3L
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423563220" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B388D621-217E-11EF-B0DE-E64BF8A7A69F} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1928 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1928 iexplore.exe 1928 iexplore.exe 2120 IEXPLORE.EXE 2120 IEXPLORE.EXE 2120 IEXPLORE.EXE 2120 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1928 wrote to memory of 2120 1928 iexplore.exe 28 PID 1928 wrote to memory of 2120 1928 iexplore.exe 28 PID 1928 wrote to memory of 2120 1928 iexplore.exe 28 PID 1928 wrote to memory of 2120 1928 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91069deac8cc7cd31491ecec781fbb36_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1928 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1928 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2120
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD581333400d0f8abfe67f5c0a1642ae068
SHA1aa5f69349bede4a773a7c9c573ce1188e6763c36
SHA25664157853f7d4b2fd5858ca514890aa1ee77b2711ab92b0f4fe446ccb4fedf5dc
SHA512a85cd64a2a0377dbd6cb2326689d090110b498f0fcd4b0903cd661f32f583f87d115c29311c303cb03841398cccdabf3c25ab3e89ad3e5f9a08095f9cec4fc39
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ddb057854dbda0422b85aa422d1c079f
SHA10bbe983a85298811975a24d26a31239817541fee
SHA256d306c88996805c57b52f5a51e13a40a2c32d52c871db6f9e2222015a40c79652
SHA512449b7989194983fbb51e51783ff7ca6e91f331f6a57743108fea42e248a7cb6174a9d8e9135eca0f1cab835b5748365e73efa9c3ff4a56a3c10568bf663af426
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57e220a42b196b6019985faf66844df9d
SHA1ab2ff5f9c9c4143cec76c5a27cf8281506ac298e
SHA256de8eb2612b027ed07796ad54bcf632615e4c30ddee334c10c6a419143459bc48
SHA512f69f5496fd42c36b6ad6ab3b227363b6f8722b9abfe8cb7c3102ae722a6974fc7f774089250d79f64098b9dff0eab58ef0716f18b719daa41f2326aafa8c6927
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5572413985bb8cdb472c44302f2c73eb3
SHA19589b85cd0d1cb2966defa653f31c7e4b4946809
SHA256758e759115e5d0970e62c11effcc6b703a47dba7905362219e86c4d1a6fc7106
SHA51237c6444eef9389b509385371f6f7124a359baf0f9d00f47aa7be012c997bc084ca19cca3a16dc2b3ae3364c07eeb3fb8a3fae43393398d44e5cede622201799f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f7d37ec0dfbff9dc189547a75d7a1222
SHA16b05656e12e88a6e64c17697238ff48f5ffd42bb
SHA256875b02ff623a3378c9a86c8585a06a0ec96ebc51da9ebd4fa4a7b205c8fb2dd8
SHA512a80eedabf4a25eca41fc5b9243702cf081555af698d92666f17d6f8fc6b4c27d842037141e656deecbc4ed2c42db3fe584c3fa9deae3b7273441dae61e2a98ee
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5165167dffa59bf76c8702774ae1b4933
SHA12a79e92034db24bdbf7d268145cadf81fbca3df0
SHA25678fbbff362274644aeba6c7b9e8438216de4fdca4aba07fdab4aa631026cc4b0
SHA51279213d49877f701e30f6735777c9540bb909c5dc1b9e6a549802b53ad77ca148d83db93f8570ee14d21c3964adece3f64e99383731859637a11fdce1abcef192
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cbb57391899586e8cd1898fa9fa698fb
SHA1f1542acf3144e31e462b53a7900da506ce4566fb
SHA25656dc535b6634445bc6a6e76ec8614d2bedd73b1473b350c9b64b7573c65e5010
SHA512d56f3637050f169f73c5276f7176f08d3a985b7597ffea68b19cdc19b848297fa890da1a132afa58e461b68bfd28271109a0e8e6a5e0feb04c7f82e33316be3f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5094668f4bc63ce24d119ceddaa84b977
SHA1ace567e893ef814400e6f20eefd69fb59bb6df8b
SHA2567d4231504bc4da3704fb98d26e9d81f8a6f0f7e56d8d58e8eef12461aa266dfb
SHA512765fee018d5e4e1143cdc4d3e0568197baad1a22ac8df102f94f7edefb0e5e744b22ebbb900e510836e8914dfd5645fafea7d4cd06719bb6dde4f0fed0ee1589
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ec7a3e9a16d755c751f8c1c8ef8d4b3b
SHA1a7abb60058192c011a7b6a47eaa1213fef8862eb
SHA256fe59753f1fc8a7e75c4ad39d52a62f595447f5aaf9d562f5e0ac6f40cacb5958
SHA512e0ed9687e2e922c6f27cf7a2aeaab2f87dd8e9f669d641b94ab8a7a9e955daa4e1f00be42f433df7929fda2da02749f2a7f88003931e54f48d32a5e7d9b72eec
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b