Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 07:58
Static task
static1
Behavioral task
behavioral1
Sample
91080b69c96117950f9784da46ddab66_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
91080b69c96117950f9784da46ddab66_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
91080b69c96117950f9784da46ddab66_JaffaCakes118.html
-
Size
31KB
-
MD5
91080b69c96117950f9784da46ddab66
-
SHA1
23bf238ddb5ce5d5ec26a31ffd739fbf2f2fcaec
-
SHA256
0f0f012c7ed664a6c7e8287acdfc61e5c42924f54e4fa6487e518703526a1081
-
SHA512
40ff0831ef38b75df8b4f44ca23d312d5e0a0a6e206aa5d53f8b1ac279a14a3e5399e30b72df78aa4823c9ed798804088ecead9111748d00de2ef65156f98a0b
-
SSDEEP
192:uwDTb5nNmnQjxn5Q/ZnQieENnTnQOkEntXLnQTbnxnQmS7xHlMWVs3ytcBP2a5ge:DQ/iYxHMysrafUvQQ
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423563384" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{13486EE1-217F-11EF-9201-6EAD7206CC74} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2848 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2848 iexplore.exe 2848 iexplore.exe 2516 IEXPLORE.EXE 2516 IEXPLORE.EXE 2516 IEXPLORE.EXE 2516 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2848 wrote to memory of 2516 2848 iexplore.exe 28 PID 2848 wrote to memory of 2516 2848 iexplore.exe 28 PID 2848 wrote to memory of 2516 2848 iexplore.exe 28 PID 2848 wrote to memory of 2516 2848 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91080b69c96117950f9784da46ddab66_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2848 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2848 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2516
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b658dee127c9b7d4d19f2cab51aedc7c
SHA14ee80a3b32ae0fd1eadbeeffe12d6d48f345b8f7
SHA256457ba1478a695cb81a1579bd91f038a6ed41189c94ae671aac1e9bbdee8c632b
SHA512709c776c54890fa184612b680fb9727a5783a462507d0a8a96007d095ef20f35e59dbb09728f28194a5bb2967be0a2abe68df53fa54686f1fdae1aa4398144ea
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD542798507516326187c2996324a4f805a
SHA1cb694e8092a44b004ce0946430b6963970f1fa55
SHA25646b8f2ac7e3019e42f11755209de4cc1baf6767100f5feb2679f3538430c6ad4
SHA5122be0c0c1ec7a3ceb89d3a4fa7021f235791e313bffbb03f01d1042eff7a9c98ce9d041ff54c4c333a6fc7e5eae82e053168b2390317cc5d71850e812f7785e23
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cca551a10f294a7df2c16cfff8d6dc85
SHA17c1425a1d3834375ce3937aab3119a8346d77257
SHA256336532d5e0f0f694b68b829a87706c83765ea5f86583f0a18cc1e152c0f116fc
SHA512d0afaca204baab9ef5b830b2cf7ea102947fe2c7db3998449da05a866c8b2230478092829e1b0f55d7f80c648d646f726cb448063282d200ac3ff66411a4be37
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53e230dea57f69a41f4e10b62ade78078
SHA15bcf9142f6a6766edd8f61ab4716f578526a9290
SHA25689dd3640479f1419641750d34c3591d35642333db053d300079bb4384371db1f
SHA5129c4584f752f4b30a8d5152c030b8cc09a57524aee2f515928b655d9fd5d8816624e2b8b97ba20971a886f9394adfc49b9b5b0df66493c6cde0f2490b25038102
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD543af7cf709ac16a1af9d988712023193
SHA14414f250794671a67743eb57c53d2cebe8f2b9a6
SHA2567ff2d2227b3ba5d361fea3f609b33f1163b7cfdd05c96c877c0385401d91252f
SHA51239f5a31202c787e21100a6ba440b568b3986180abfb81aecc2a87d46c0452f4e9b95ccb6b629df8bded8dfc2a6939eb7f5d6a7023419f0c2bc165a3c371b29ed
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51f59afd81bf391291df7bb7691ef350c
SHA169c3a0434a6a2f855cf214f9aebb8e73a7206916
SHA25605e518fc4d97422b749bd526ca3de0e4f5044cbe102622e0c94a7066cd8d8bb7
SHA512f659c861e6e0e5c4ebc3b183cc1001418e9781f65c02eaa3ac84cd85522df417d1c755ab14fc164c37900bb1150c9d9bbe4018344d3c2ef05e5cb63e6685f362
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b976dc668b0148dd028dab2691c14852
SHA17a41578e7013595d55686b30cf7feca8d77da706
SHA256facd800bfef3336fdda5ba5d8794790ea54c3db8d068a6fd5a7114f41b5bd51c
SHA5120dd3f15c6e6d83f46b32898a8180c878e8fc7741aa99f662e84c48dd2c865cf25d877913c841d4b66e5902922f9668eac64ad4edc932f44be37d39f1d447f4f2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a166aedb8a24409c0fad8701b092c34a
SHA149d1bd24e8b6abff5533aef0bcda8fa1664ac071
SHA2565f083bd369d0f697c21a5d0aa4cc0d6522994586d94fcbe2817d3fc21f3e3294
SHA512a8b672745308a1f18ce186c8cabc738cb3aed6dbcaa19fbcc5132c7dc5c83f6fe9f7ee9a613ad28d7df9b10beb9b93f67397dc0550a9dcf0e9d64d892584dd00
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5226d675716536bbda65eb3bec1b8b86e
SHA161263b78a3f8d175a3c0f0fec98b4c38869aeb0a
SHA25649e03a73e4739dbecb6be44e2ef889066523e92da9ec07a632f1dc966db4265b
SHA51299c79fcf29ecd0186168959e77a1d846c86f26aae80dbe950bebd7147659ed264d89f8f76eececd745fd4d4d4de19f408dac43b332eb0a258d4e4e6815fb5db1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59c3273058a767696e80ff5f0f8b5cf03
SHA16fe3c2d0509780bc68c91558d4d673d45609cfe4
SHA2566381a5a059536a54e5bf2286ae16c4d2440d7bc0aebf56a20581770b309e1b74
SHA512ed665640fbfb65bf99a82fb799bc1911e82bfc70fa7ceec2e1fc4ced6004ebc4700e3a5b6c05ac1fda6408c3d15ecf6e05aa7f88b1aae4cc37406778cdf30059
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b