Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 07:58
Static task
static1
Behavioral task
behavioral1
Sample
91080b28bf2463a41ed21ad71eae3d09_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
91080b28bf2463a41ed21ad71eae3d09_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
91080b28bf2463a41ed21ad71eae3d09_JaffaCakes118.html
-
Size
28KB
-
MD5
91080b28bf2463a41ed21ad71eae3d09
-
SHA1
d934c64196e4bd1c4722bed715099eb706b14414
-
SHA256
ff66553f4c11db90320a774585242a462f05d5dfb2d259168f07a97ede79e8fd
-
SHA512
e295f587dc3c28168bc2b805292bfefce32e2ac3284981c2c255b536f0af393d9557ef7d5e53a9265ad64b91636b0c52ac7e2aad713753b83ff1443089f59171
-
SSDEEP
192:uw/8b5nHsF0nQjxn5Q/3nQieWNnXnQOkEntxJnQTbnVnQ9eY+m6/5gOVXQl7MB2s:vQ/pB2RgOgSr
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423563374" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0EB51B81-217F-11EF-8962-7678A7DAE141} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2400 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2400 iexplore.exe 2400 iexplore.exe 2616 IEXPLORE.EXE 2616 IEXPLORE.EXE 2616 IEXPLORE.EXE 2616 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2400 wrote to memory of 2616 2400 iexplore.exe 28 PID 2400 wrote to memory of 2616 2400 iexplore.exe 28 PID 2400 wrote to memory of 2616 2400 iexplore.exe 28 PID 2400 wrote to memory of 2616 2400 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91080b28bf2463a41ed21ad71eae3d09_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2400 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2400 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2616
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD59cb47d8a3d7ead1f5626c0b4f820be58
SHA12da1688fd1a6b83754d941c5b85cda4de6e6a1a4
SHA256a97bfb525f73f24d1e553ba7b353417751903f1be8ce632af897b3ceb242131e
SHA512b745ed1a810c967dc77ab23ecabdf7b22dde5eb66a1b3984fb6f44101b9a0d7749e7cd6920d91c900fd94d6a87776c21ab40eb4a8bca98a427944fa164ce0b95
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5f46c865252f7a73fac2b039c2cf82035
SHA1032a0ad16382a23c5690b8ba9cd41896d4a5a7ed
SHA256f5741df1014e69bc7b552e01a579d59aacdeb81354cb9fcc9176fc51b9d47627
SHA512979431b7f28a78cf1c6edf428dc3a275a5120995f3e84aace3274f24688dbd5fc03162cd2e6a5a204007ab3932a040e36907a303bfd1ec02695d9454925fa647
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5cc15c11dcc4ca2c8480ad582b83a079f
SHA1cc5b2787187b11617a9df2feeb95b3606c3dd1b7
SHA256a54d23d28b7438ffcc763ec0c8106815053daf6b0e893ba79146e8c9cdd57e44
SHA512c9f2f7a1f947b8ea002cef71be888538f4c2567e629386e884a7dc831dd80937be689af2652834fda9f1550a3fe9e50e22b8997adb42b681a8014851fd160dc4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5bedcec9bcadc22984c9ce18eafefe995
SHA1bec620f5eac3c2f8e816a20e309671af6af1da70
SHA2568a0f602eb68709d47d6d4a5e1e51d53e842b493fa40821604cae8eebed23f7d6
SHA5121903f09c70b0c1a8e8469b4c088e26b72d47874cde6d3fde187a9951f2910ba1f1257d2dd45922e509bc449f0b5758fe8b142cd27b879157122c6527546eb61c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5b09ef88dee0b64356c791cf077fc8975
SHA10337cf5e1b93c1b4464a6a943940fa691cb78fe8
SHA256abb90908de700a9742d6394ee6ebdba0d45faa295425707863a1b19eda9c5dcf
SHA512640444bd0d0342a2ea6ed342862f9e981725748dd22c8cd01724d327978c3081f94cf26ae4a4965fcb13428699db54e8a6a81b970966e9a5238816655cbbfc7d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5addb5a4c2eaabb25155432baa2ee077d
SHA1205c90cf2f98e2d0cc5455669742c2ee5ec87b73
SHA2564515ac2989dfb2ef48c381f05aaa15616f2a088777092b4ea201a1054f7ca11b
SHA512fb77524989e2fab1eacdc2478758e085d38dba42b6377a04aa04dd236fa7f89c726a81b261e1c9db390cd812e77bab6a5d817d0ffeca33d4ec3b1f5a1d337427
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5464144f5d4927860faee942e11e83f4c
SHA145c7986d2014968f83566dbe64a609470b778a0c
SHA2565456ec4537f19611857a4f10cdc7b377e6bfa166bd5e2ebb391e25ee31f36842
SHA512143fd895511389b6d675225f17d06d75b011a7681f8b05b3cf2db69d2f2c8efba4ec0d0717402ce509225e32db97219f541c7edc082b68599f6bcf502ba2384e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD52cb755aa91874dd810a65838bbe33fb7
SHA1aab3831816f61c12d8af90a688ad807e88ad4d06
SHA256e2be72437f36410346629c87236c87b651d7a04eb1de63d7eeb6c153f4e67411
SHA512ef1cfe86542a8bb919100acaf3208346d6ade976c4b82bf40a91001e0e69c0c3f4bbf1b0712189dbbccb6222c242384381e80267d27b7431f71142b1f1ce1b7f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5726675ffbb40b251e4830a08d242e42a
SHA1368a05370bf757982a1bf25c55747460dcf76406
SHA256abf8b2c9668ee3db2031d454ccc31c08df63552b1c5fd3d635ae2a18b709fa36
SHA512ded714c6b52acef9310ffd265335e958474acfda501d4422961121a08d80d560625cbf4970916ce8db47d898ea16d5479b602dd034cae3b90484d454713afdd4
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b