Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 08:02
Static task
static1
Behavioral task
behavioral1
Sample
910b294de5e6c54f03894bc575b3556c_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
910b294de5e6c54f03894bc575b3556c_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
910b294de5e6c54f03894bc575b3556c_JaffaCakes118.html
-
Size
22KB
-
MD5
910b294de5e6c54f03894bc575b3556c
-
SHA1
ed6cda6473cd216b227eaef2a93da5e408004e70
-
SHA256
3ff50a800befd0b97479cd462904752f1d11e9a5af069a5ee49660552e23b8e1
-
SHA512
0efce2bf95a0a68ddb5f98c6505f706ad68ac974c9ba9d29d7236d70056854a2dd42a5ba9f3a930281b3ce553219de8c047f5b842aeec8ceea4808470ede02bb
-
SSDEEP
192:RsXoVsAb5nDnQjLntQ/UnQieCnonQOkrntWZnQTbnQnQwR4SnQNjMmnFnQ7XnDn7:WXoSjQ/VNV
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423563631" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A7E71831-217F-11EF-922B-6E6327E9C5D7} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2248 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2248 iexplore.exe 2248 iexplore.exe 3064 IEXPLORE.EXE 3064 IEXPLORE.EXE 3064 IEXPLORE.EXE 3064 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2248 wrote to memory of 3064 2248 iexplore.exe 28 PID 2248 wrote to memory of 3064 2248 iexplore.exe 28 PID 2248 wrote to memory of 3064 2248 iexplore.exe 28 PID 2248 wrote to memory of 3064 2248 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\910b294de5e6c54f03894bc575b3556c_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2248 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2248 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3064
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53ffc96e12577dd276052cebf7f517487
SHA103593954a59873dc58db1b7c8c8a45389c0716ac
SHA256d80239b6f59c9f957f6987a6d2b3417ab4c9e0fb1366fc53866e9d9d08ed62fc
SHA512367d0b7972e26cd0eedbfb602a1fcce45035df8716f0ba2cbd61ee71eeb9dbb9802cba89359e538336656a74864937821057e8a2591c90ddf3b386b3739370f8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50e046c983c3bacf2a5db3baecb2a57ad
SHA194b433d83089a4f2aba70f2401cbe586060343da
SHA2568b95519616377c0982f51469c4c78fb91a5c9c87e994362affc42f50858a76fb
SHA5120cc8d2c1caa169253bcc563f066a841db843b3d28af827863d4a1a942977e243dd20f390de2b66b1906c2463a4e65dd31b99d003de0859a31354cd314701b60e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e019c0f97500ba7044f26b0dc25de6a2
SHA16f35631b6fad5e17c25898312af50cadc1b740a7
SHA2569a89b6538ca19e4b28b8b399dd2da7a494fa8588194780251f5481b541964905
SHA51209ac5517e931afec1f0944caf3a6ee28c357ceca7e17064aee76a2876140955087b516be87f16106fb1eb08ce8f80a76294e7841bf98ae0d8bdc505a6a8274bf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c6b98e49f51d081787e54ca2642c03d5
SHA1b3ce0a41998c31009c17d977afa82b181dbd0f84
SHA25666a1e12560b96631d8f4e988a53bacb2e68238ddce5a3240bc9ec85bfa48b6f1
SHA51246ba2c1dadc28c788b62326715f92fed93de4b8d5db1ac40c9c292cc955e02ef574a4426f9a230ad15fc22f11d67a06c3fa7ae9e3fbb292697a36e18622b7e36
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56306143577b044bd0bbf1bae31a04fea
SHA1194a6d97b1b87ea43bc4e8bc821c5528c37b85c1
SHA25677f2b3a71cb117acfa00bd1e5b442f4bb872b0c4de24035449be5affe637bbc3
SHA512a59f9b32e933280c4fae20ae7fae1e4f98bc2f2112fad521cd25124550938200c70f9ac4ed77c4df509fa76c9918aa0ac372d30810c15d8a4b87065439799ace
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a33f4b2ccb45201d6b6e82b0692744c2
SHA18a85f30b48288bb44bff54ddd3fa1f3f597e81b0
SHA2564924c0f2cf3bb6f86b7a5fdc1b7324aafc24de7f7a7246eca25a702fe251d702
SHA5127c31383547a6e0dc53f77d8619ec7219006a903681922edf1b3cbd5d826bf6be1ab10a0d71bb2e4fa006d83e8ce605da70161aa617784767b7060a9443f3a6d5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50bcc0985e4a2e5fcb341523efc60a50e
SHA12cf28c12d1031b528a77ebdd955009bc5d658545
SHA2561709fbc28546a0f7a976ef31c528a43594aa88ebfac925ff433fd9c8187ba20b
SHA512e1d19dc61179dbba39ed5979c61cadc5010fbe0e68b52ba93adaa37bee167f255695b9b5490d070f08aae4448e9f4f3ac215e043b094486445857f28bcc10b98
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD508a4969f0ddd1f334e1d410d0a7a8c6f
SHA104ab2ee1c2ec88035094fa94d43d4a41ee88ade9
SHA256d80ad7be22401431a08ab3e4fc0343c3f4861631c87c24f6f35fb477f490eaa8
SHA512f42d1abc06addcbcda0e61e2e9b81be58204d69f272f350f6adbc6e628faee01ac4d3da610ba3cbb80f0455e78b137bd4e8401a27db89f2d28b1806083128065
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD556f5f9ef61c838227d2386c41ba2fe4c
SHA125df9b234867c6560b526543b9301903c11fe1ad
SHA2565a7494ce3246bc40cc106a1669c4333c2b624898117ded040336ba26aadebed1
SHA5126f99d74886ad35f9e6201698320cc1020da2f5e76883d0e19b79b7e724b3879dc4f0fb710a1cc461259c07ee5200e4cf1ec3aad8c72739abb048b8cc94001f20
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b