Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 08:00
Static task
static1
Behavioral task
behavioral1
Sample
910962a904592bd9517c46f0700b8c69_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
910962a904592bd9517c46f0700b8c69_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
910962a904592bd9517c46f0700b8c69_JaffaCakes118.html
-
Size
27KB
-
MD5
910962a904592bd9517c46f0700b8c69
-
SHA1
0d237721425b3fae3d9515cf9c987539dbcdc8ba
-
SHA256
0cda18b00cdb031868d0c4899ff0853b0ca2c167295d820452d203bf70cba6f5
-
SHA512
01ea6013cc128b7038a31b21e55ddb0300cb6727230e81f2a12afaf66a99a6852c151ec5548e65c93a093cad197249298e8d6f36344992139061b68e6afaca9c
-
SSDEEP
192:uwPgb5nUenQjxn5Q/bnQieKNntnQOkEntZ5nQTbnxnQ9ecGm601qIQl7MBqqnYnW:NQ/fZuiqbSEHw
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6526FD81-217F-11EF-A4A3-CE86F81DDAFE} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423563519" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1656 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1656 iexplore.exe 1656 iexplore.exe 2884 IEXPLORE.EXE 2884 IEXPLORE.EXE 2884 IEXPLORE.EXE 2884 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1656 wrote to memory of 2884 1656 iexplore.exe 28 PID 1656 wrote to memory of 2884 1656 iexplore.exe 28 PID 1656 wrote to memory of 2884 1656 iexplore.exe 28 PID 1656 wrote to memory of 2884 1656 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\910962a904592bd9517c46f0700b8c69_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1656 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1656 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2884
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5680eabcee700705d2b09b95efc6d481e
SHA146df137ef787578178f67539a83d036fee016fcf
SHA25696dbe1fefe25d8c33702530a768d048ab1dc77e8f684415407ff03ef0a010fc0
SHA5121b2e5bca4888b29a85dad513ddfa99104fd3639a70cfaf5e4bdd237a02b171d3174afacc52bcf4429bd9ba622009f3ac32f81266cfea02c786afd34b1c9a430c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b9dda7d4087fc15f454d9c2fb1e81803
SHA14ddc63b90ecd76bad47fd1793d3e9799347155d5
SHA25678f218505cbd40c7981b3a0e40fb63b8e17292862412f8733a924e44d757f144
SHA512d3c0d882ba9ebaceb2bf707103136c69f402aedad5d85ad630bf747870f1bf71e6a7761750d0d02c5dd1408132d0478e95abcd88963eabafefea89ccd3b0ca7a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD584d9edb5a612ea966939c62c0892d3d5
SHA1fbe47844b09fdfb3fce1f426620c31f14096aaea
SHA25609464d952a4521ea5d0adc4bd03b96ce64efe7ea37fce08adf65351d7973d376
SHA5127e62b06c12356f63139a2c97f61f2e872bcc6a64d4c17e0e7de12bcb36c8147946f7b19956974c23677016b0ec3fa9d739d528f7a4dae807d01ad1b8551486d6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57a52ba81bd393e476c00cbba7e4bf07d
SHA185731017e5a3b215f360d629e285a9325d907a8b
SHA2569803e48459d5c28b24c78f61231b8747e3c6fe07349f5c5f4cdf40c924cfa822
SHA512cba4d0ef2c368d21dc6d20d9e91be14b47102effb6ba70c0c9ec4286b88af5c0be4564137b19884d5696abf81eedd78211f7dc932fbe630c6eb4f168378755e7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a9609c2acfced22c237704cc4854a9ef
SHA16f558a60c98132724d0e094e5286eab73e72a4d6
SHA2562608673097bb846a12e49989bc2e9d5e2c277463afde0a0f6829b18884b78b86
SHA51232bb1b049da3a0a597c618642a0cdf302373a81aa22fd713e44d84245eb2ca4f6693d10fe62af6a418d0464ccceca1206dc8d223d93efeda6d10c69aec9b1aa0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD579dee85ec270cf1d15c835f02d4aa9f9
SHA1a6e24705173a2470334084acb7079bdfd9568d4a
SHA256d5051a8bdcfaa7e2fa8c79d77964f84a8ddcf817b5d65cd62031733b0b6ea403
SHA51226e385baa93ab799d9feb112e3ad13bc68dcf593688cfab39628f14de4c3345d2c388483ce6e832eb1be78d154a0227521a9f6f9410c5271baa8c30cdb337ae8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56a01d0e0837ce6aab189c49e53b952f9
SHA10169e5bb6c974eaff1ccf9c68ca022df794ee7e8
SHA256fb2130f0ca2e645dfc9722e84531d4baee3a9479d3869f58acb78c170cbad0f2
SHA5127021f8df1311756bdd72adc61de74b3770367c4c12272a068b6465a39df4fe06b0990f1054ddfde1f35e060de51864137c991daf799a764afb2f5fd072afd1ed
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5406e17f6c39ee757cab56c4ee90b57b5
SHA119e502f7f16860e0d36d8600e9b445d2d3ebd49e
SHA2566577b1ecd0bec59ddfa5848a5c1b0cbbd4cb252d2d47c38de9efb2dbe294be85
SHA5128d046bc7047fa88e75a5afaf0319a1c29a28f9e857e27f459316934dd586b379b8a9b9395e8341c48b592f7635448e03565e41f07773921e55f817c16bc2b93e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD529777c5cc456a547c44e0d1cf24a1753
SHA15ae7f3cd3826c2fb3ec021bce93fc3640e22b78e
SHA2565a479bca970508bae7c0df0de0657df5ef6986f942508a1d3f1e5a729cc4861c
SHA512ce6a4e6a61d86133c1438f1310b99a2b2cffdcb83b31d17032040ba0fc1b41d8747f38fa12815b83c022144029abd5f87afb9474d9aee5e2d19c52b21719a594
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b