Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 07:56
Static task
static1
Behavioral task
behavioral1
Sample
9106db443a70e1c3f161d847f9afe714_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
9106db443a70e1c3f161d847f9afe714_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
9106db443a70e1c3f161d847f9afe714_JaffaCakes118.html
-
Size
23KB
-
MD5
9106db443a70e1c3f161d847f9afe714
-
SHA1
b8c6168f636d602c65807bad7c4a68e6b2687a79
-
SHA256
29db3786fbe047385499b1a65fd2c1b21f39448c116c5c0467669059ba418b0b
-
SHA512
7a9581c7f91a21a92ae9a34d881b404239354941cb5f529efb8c13c97e17bdbc2175721a43009637a07a75ddb0c97406bed806c9c0c8a9094ab29cf149bd8363
-
SSDEEP
384:nE+DHAfhG/E+oA5yN9cjHAQ/s5W88n1EWrwQnqpOYgjBrQLbydf/Z:nE+DHAfhG/E+oA5yN9cjH+5W88n1EWrH
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CB575971-217E-11EF-B04F-52AF0AAB4D51} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423563261" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1676 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1676 iexplore.exe 1676 iexplore.exe 2268 IEXPLORE.EXE 2268 IEXPLORE.EXE 2268 IEXPLORE.EXE 2268 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1676 wrote to memory of 2268 1676 iexplore.exe 28 PID 1676 wrote to memory of 2268 1676 iexplore.exe 28 PID 1676 wrote to memory of 2268 1676 iexplore.exe 28 PID 1676 wrote to memory of 2268 1676 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9106db443a70e1c3f161d847f9afe714_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1676 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1676 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2268
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e17e5c902737f52766d8223844e3cd09
SHA1c463dfa7cf278f664cb67c63fea8d58be0802ca2
SHA2568c4f24c21954fc6e011dfc88aa8cd41c468bc3a30815618ca798df92b3038660
SHA512d1c394959b4d310c6106bdeead46eb1faf52bc037dd6f0a6de37b3dc04c4bb070620804c3f71cc6d1dddbb0ce0526adcd2bbb43cb2c96ee8d43db80f6222f43b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50f5458696458980b71daf812e65f70e4
SHA1db2a6ee85cf42c356087fb385f8c348419b82a23
SHA2563e3f4f0d76293f9e95a782c6c216afee4deeb1f6a5ddf7f46da4f5442cea4e99
SHA512c6753ace8b15035490325468b77a39762db96adcc7c4f3f1f33ac11d2b0680b8b3d5e6f9fd9c185557c77804266c848d433ac9b086ecdcfc9ca8aee58378931d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c4c211c6cfdb0680e5cfbd665067fbdf
SHA1325558f5b6f2182f38aed969cc92322cfac83bff
SHA2566aca1e1f4e1752905704cd7ef6fe13a32b72f812a7df9bbc56419102875ddc7c
SHA51210f91dbfa4bc4b4b07360723bb85a1731c44b178f167af78604d824c83b5c4a2a61cc7768a491e050b7685c1ecc65b9fc96113ebe1a0867bfe1e2f007b60a033
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD586c7fc9c1dd6a88a7469f299653b4d02
SHA1a1b8869f6b1a4f3c53c5b153d4d3ea065771f88c
SHA256e34ee8ea4c2e581ad11148f7c0b22a4ab931bfc1e9e30572a6b59943770bb8c0
SHA5123647e55d99aab5e4eba3f04a3aa6aaf1016ed16c05eecd0d0a60bc3ed85bd514ee0459039be158ed2cf7680cffa90199a27aa25467c675180fe7a5ed827913c8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d1ebe485a961b65b971f256673bc06fa
SHA1642f30343e3f1d765964cc296fd5a4fb49d8f616
SHA2562401512bf6d7ef477dea2a962e719d7510ab78ea317095f00f708361ead5dbff
SHA512825f5bbf648cb10108fa76e9f85e66e04be719204e863fe1bbec53d41047b2e0546cdc3ce767a1d9d8abfba0bb9ec3082dfb65c490ca08b6fd6b918383a4afba
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c5732652fd146fc96aa91336c8df7381
SHA1adfa2f85346327d37513d43251e43fce4d8099fb
SHA256d6fe6b626cac32496cea2d0d547bc33feb35ab93614947e976fec5356a4c822f
SHA51224e21b1fa751f9c094c43c453c72ae14a0ac30bcb966b370d208fb131dfff2a9b27c58561663a15a57873c6b9d3e422c3fe7b4115203f95978539a6b8409e53c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD530409d2834ba4dae3fb070767c5b7fc9
SHA1340898c0446b3cb848d38e88df8a8c2ae0bdcbe6
SHA25688d790dd553707e78b4bb91fe1ad08bf550444fdbf9d7eb7743547b21e0f3dc0
SHA512d60d358b3f426f5348429a694fbcc3b4d300814a62251c4e96db448904a2858ef188ef9a481df9dba9b90654a8bac1943c01632723c588c66e821abe85c9d995
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50d62ba61900fc92436763bb7c850d661
SHA1b5b55ef71688a3a9cb9fb1cb27e967ba48f12b2f
SHA256919e9c058ce733593cd37b7468b13f38883124b0db488764c99757c9155bc398
SHA512d40bfe3dd43da05ff22b2d7fd4ea00df3f2d40f527fa81be652eb179a8e8a19afa37eb0ce537066167d1c3a5cf09c5e163d01442084f0b382e66aac3f4a1ad04
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f976d1ae182f793e7a4f3a7c050d1ad1
SHA1f07644d65f30879c75b215c0fcae72922d1e02a3
SHA2560261a78e995d41a6136977ab1adcb9d1d962a9090e9ca0c230c239e09e11d72d
SHA512e259866a493e09b6f7b08ba7f0de09d2bb80c5b6e4c76a11d3631d1b9ce0d943be8538b6892951fb40172ded3ffd1128c951df87c58d215a686b4e1c4e9ca0af
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b