Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 08:00
Static task
static1
Behavioral task
behavioral1
Sample
91095363e9285ad38544796df3745683_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
91095363e9285ad38544796df3745683_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
91095363e9285ad38544796df3745683_JaffaCakes118.html
-
Size
28KB
-
MD5
91095363e9285ad38544796df3745683
-
SHA1
7846d7c0b976e01cc4160a2d54ed3ab1c51c3214
-
SHA256
7eb2cac0b0755d8726d4ef2d1c1dca0b38dd0241745dbfa2e68bd7e10ec248a9
-
SHA512
cf328266412d7740b53a8d1c23f61eeb63dcc84758e54790e1f711f773765565a71f1f9e9cb0f145314d2bc390c79807b7a25b65e658bd4e815526bb31434a8d
-
SSDEEP
192:uwcJnw9S906Bb5nnT/4uV/O4fhEk3XjBnQjxn5Q/BFnQiedkNnbpKnQOkEntL5me:bQ/EV6EsGkSB
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423563505" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5D71E051-217F-11EF-B023-6200E4292AD7} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2188 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2188 iexplore.exe 2188 iexplore.exe 2580 IEXPLORE.EXE 2580 IEXPLORE.EXE 2580 IEXPLORE.EXE 2580 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2188 wrote to memory of 2580 2188 iexplore.exe 28 PID 2188 wrote to memory of 2580 2188 iexplore.exe 28 PID 2188 wrote to memory of 2580 2188 iexplore.exe 28 PID 2188 wrote to memory of 2580 2188 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91095363e9285ad38544796df3745683_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2188 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2188 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2580
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD52701c0c392e600b47b3c9139dd40c28d
SHA1e417a84bbdae04118c611b3e661ff5e788576cd2
SHA256fb3143e15bbb10c6c9b4fe28ab136bddad565d6ac32cd9f3f5c4d674aee5e53c
SHA512ad862cb3b85943dbc75585cd81520fb3bd8b0b0e2b67931a5fc3479763f1df6a6e4f0b760632d1064d6b24e9db56926d046472fc508c37781961c3fb94bd97b5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5dd0d57863964ddde0b3a7facd6b6c946
SHA159b26cd6d4575c4060250137cf49af771bd733b4
SHA2564e7fcaa4d5a6101c574f803fd35fbce9bfa7c45dee59c3eeb91c137170f4556f
SHA5123dd39329b9f272ad4257dec1d2c46780f168bcbb229e3a2d589816a5577a6a3506cb4664a2f174cf99c0ad5fe17a1c5d9e0f21a2c5fe988496fa16af78c29136
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD578fb85693271111a29fb5229f297375f
SHA1ea0d311d1ad793ed5d2a993099f73e57fb8a2d82
SHA256f65fa26da51496260744531585ce9cc549a34a91887a46a1c87e56d16455121a
SHA512181dc9f67451a3777ff7e4e0e6ffba7d29e434ce2b2b75c93eb89344b70abdbcc513be41fc96602aa129990d8035a61e3ad4c234b8b419ef9c7c8e3f69b12110
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD50598d25ef33ef388e899fd33c01b0047
SHA1073695be9b420a29331a4c68165e26809f260e8a
SHA256956e5727883cf4257a2d7e6d9565eb808459c5ffad4161384d6275e1368ec3f7
SHA5125286752c59fd80738ce3882fe816b807b7dcc5a3b885e587533307e264a3a370e76319ff81ff9281dd047f4b9390f3db7771045f89ce76383f49aa7c720719cb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5fbd90feb9ea1b6b1900db1e95b472409
SHA19337adcbc79ecf886216361b7b3f46c0a74e6a02
SHA25639d5c2e4ee843d13d0bf7df930192aacd9148f2c5c3287cb791db38ed5bcb48e
SHA512727e626c4ea16d4378a4e181e704633763967b93a7efd08f45a3e284d87f46d9ac7f510c2685dcf556be0a0aec30f8d803d6fb9746a5166e736c9d3a249664d7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD57a3d9967da90197986575414d590a69f
SHA1a2dda5152e9a02326f331a4748ba0b043ecc459d
SHA25665b18c863937bd483c485bd00f67d4856e6baee7b0cef1d3c3f30d6fe69069ad
SHA5121546b974b1e5373930be09ac998c3e11ce8676e3ad1a1372a12831d7b1939d8273d5a96aee8866725c7f630418ecf994bf4b93429ec1d1842ad2de2b49db894e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5d146f655eb84d828aa9d6d9429eda80f
SHA15a684f950ea1035c416144885843a096904c25b6
SHA256c22ea08ddb36da0e2de004d5fce9e573900130ce84755654624e5895f1f83c60
SHA5124fabdb7066fa80388678a6044c0fe9b2685ee6a05da9cd943febb8c928dd2277da885ac21d26b24d84a5f74d3ba2d2cfb2614ccb217f2ea1d562880863317551
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD50d7b7081ffb522dc820dbaf1785dc9fd
SHA11f7e09f8594d00089227e2061e8c50c00df282d7
SHA256532480b85b78fe4518de56e7136443769cb9d6721854a6d9a398a605ece8a138
SHA5125a05565a4cb3ea86af4c87a8a5c95a52f27a4c3dadcdc8a85b86be11f9c64eae7134616f713e5112691c660faa15d6411b7ac55e51b9dcec93bcdbf3049190dc
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b