Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 08:03
Static task
static1
Behavioral task
behavioral1
Sample
910bfd8450827dd5241007bf6d4b5e8e_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
910bfd8450827dd5241007bf6d4b5e8e_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
910bfd8450827dd5241007bf6d4b5e8e_JaffaCakes118.html
-
Size
19KB
-
MD5
910bfd8450827dd5241007bf6d4b5e8e
-
SHA1
3805cf7d00e047874b0d0d6d19f7fcd9c84a28f4
-
SHA256
f617c378e6ecb853d5a09da23f85ac76bb9769b77a20dd54d53f4a543c070ca8
-
SHA512
ef0661b30f7a91bed2da454fa62418b8f4c0a83ac1f9fb396341c5636e597f01a7d5168376c4a16688d5efb77bee94d773a1d0c2c02b2472159f09541aaf1ae3
-
SSDEEP
192:uwrIb5nJATnQjxn5Q/VnQieQNn2nQOkEntvTnQTbnRnQmSgHMBwqnYnQ5xNnlnQu:cQ//qSQkw
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D0707991-217F-11EF-8A46-EA263619F6CB} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423563699" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1652 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1652 iexplore.exe 1652 iexplore.exe 2172 IEXPLORE.EXE 2172 IEXPLORE.EXE 2172 IEXPLORE.EXE 2172 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1652 wrote to memory of 2172 1652 iexplore.exe 28 PID 1652 wrote to memory of 2172 1652 iexplore.exe 28 PID 1652 wrote to memory of 2172 1652 iexplore.exe 28 PID 1652 wrote to memory of 2172 1652 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\910bfd8450827dd5241007bf6d4b5e8e_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1652 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1652 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2172
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56e622a112ff2d0799fdffe1590345bc1
SHA1cf8cfbd001b236d2ef7eb549db345b9618ad3743
SHA25641c6a99d90c5e7b57d19a1e286f288f909c4b85cad014e3b44a95a96c0ce724a
SHA512ca0e6b021a633e357b8404e7ed20738f676fbc85843b8bd439e60e2c2fd1f7ad40a154d31f079f176ec8b050f27ef7303c1d7f249b736b95cd2c87af80d01928
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54bf7ed388d3b3c09f04ccffa6d175332
SHA1d28f49eceb9a18c171cd0b44c9bfd42bbc1581f2
SHA2560fdcbae44ddf5bc6416038c98bb34bcc8c6f677ee6e673d2340a1ded8f27e206
SHA5120ad83c666a8499a7a1c2f804f502c0582a2b7a60dd8894f1f1b3b16df08b64568de8b0cd16eb74c5823f6dfc6b8b417db80d558f90191177ed700fbd2d78c80f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55b4059241b2d8a267054869edc5b2770
SHA1308b8e02866beea85979f6569813cda0b7d1fa46
SHA25602450142c976aebe40c33bc97a3fd81218a72b417f236330ffd86beeab2a3b4d
SHA512e355d963fc5134f6b3525b16d9a44a23d7891b40a7b7f01bf6283c555342296c6a29d7939e305bcf5c28a496dc66b58142326ddd12bd243a708272f1971f822b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55c3820e20cd73c767a573c8f06048f0b
SHA11910b0f7a2ccf9f4a4fddb7dd167369c566d1159
SHA25635d273084ee3a87984acd23dd5de5137a5f67a066f752d5dc699d11dfd881593
SHA512ce2ab7dd4662873a5b446e9ea1a4adf3c70017c02ca19a5e8b530a11ec77f4c4d14ca285c6de6109e6ffe93b51d039cc47ba63e39e42ac8a164132b4cd10fc58
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c0b60d4224ce9ad07b1ef6400ba804c6
SHA1352d0f18bc09e746846f06732a8553d928c41e04
SHA256c9e5250356b1708e8a520a3e1fe6ac1709447ae490a9475a30c5813b1e4642b3
SHA512d28b9cbf807ca71dead40b98af8c07c845aa1d53f78e5cba4329d4aa689b07405ac5b151386c77aecf2a88b00ee9f46bfd35fa27647c3985c53dff714f01d7d1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a054dbcdf18137a9132134f96931b12c
SHA1ebac66bb4d6095aa2204fc27ef4d502c1f4d0b93
SHA256a32cdecd8b0a0fe018c29c9dc3f23c50d979a7b092184c23e67e64a9df7b6f8c
SHA512bcb590adeb58e3984c8c1f8ae7ac978314464158d23625b6e2e5933b80420af7ae96ef9e7956f5d06e7918c915fcb2f291d9d6943e8908d768287e6b0a1743c0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51c79c312a7f3f0d1c7298827f4c04fe3
SHA1d64444ac9338a77edaa476cd05c2d65d44def82e
SHA2563803f132e0a948340c55d621c7499ba0e5ff1e69ebb4b290edfcde8a3717f314
SHA5124d1cd58ec9d81751435bbf78987f245ac2383bcce3e54c74c6da7facf795ecb7469cb803fb9ac7f278c66d71a5f7fea4daddcdd4e68092f627d78af731c6d534
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55d2fe6e3d85ca3efaa385d60cde15428
SHA1d2f60f5a0edbb8a2571d102a821d526956259c95
SHA2569bad38eb7faa72ee8def1a861e73c52b38b3d9579c920d2a367191d6233ad4ea
SHA512b2951dc61703f172154883799f35198999445d9e3bc4f6ad79e91eb1eeffc2113ce51fe3ad26b879a06e24d6b971bdfc7fa8e5aeec55c641120cdf1b229d0f73
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55715eb1379564acbc083aa961125bb28
SHA1e691eaa8d1c72db3d22438f71dec2f29aa928042
SHA256ef8e6edaae4806b7bafca94cdeaac9c645c8b32c7d3d2fcf1d17f7e984860728
SHA51296024437e177168c130f2c29ffd4ee7af55aa6a57bde0a2a6a450b1a2b94200662defdd81d688ba95e59f3967fb4d43c2fc34133925a358cdf4d0f198113d6f1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d9c38665f12c687f86a0d5508b48ca7b
SHA1d66285a6325a047761102b4941c16c3283f0fb30
SHA2560f6f8e88349dfb27fcbe0a1b7d41a21979894ceff4f2197637d0e4b0c008be1d
SHA5128b990be6fe14df335748f674c3ed5870785cfaff2972606f6254f344cafeb4bbfc1185d144f43e2274df522761ed4432a3900a98a8575c4d6dd62021a73ab5eb
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b