Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 08:04
Static task
static1
Behavioral task
behavioral1
Sample
910c99c5bcb58c0a085638c6807574a5_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
910c99c5bcb58c0a085638c6807574a5_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
910c99c5bcb58c0a085638c6807574a5_JaffaCakes118.html
-
Size
31KB
-
MD5
910c99c5bcb58c0a085638c6807574a5
-
SHA1
8d82685eba04dba185264cc4248b0cdb781b3361
-
SHA256
75c11e22707e572262a45326200852bb39f32dc719255e2c3121964f718ab2d5
-
SHA512
1700a7300ee5e2536410ffabc636747180b021f1021ac65cc76a5d080f78ae91dbe7fa4a539926f6307021ac4f3fcde83545b5c61bc2ffce860e0cf88ba94e07
-
SSDEEP
192:uWvnb5nwpnQjxn5Q/rnQieSNnCnQOkEntttnQTbnlnQ4MCgAxRyFLqDxcYLujZQn:RQ/VekyFuVpLkZQiKJqCyOD
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E8DD9671-217F-11EF-BA28-C2931B856BB4} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423563739" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2140 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2140 iexplore.exe 2140 iexplore.exe 2180 IEXPLORE.EXE 2180 IEXPLORE.EXE 2180 IEXPLORE.EXE 2180 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2140 wrote to memory of 2180 2140 iexplore.exe 29 PID 2140 wrote to memory of 2180 2140 iexplore.exe 29 PID 2140 wrote to memory of 2180 2140 iexplore.exe 29 PID 2140 wrote to memory of 2180 2140 iexplore.exe 29
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\910c99c5bcb58c0a085638c6807574a5_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2140 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2140 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2180
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d7e3c18b96cf03c945b1e159e2927293
SHA10bab4f5847fbafe4cfe0719c5452df5929c0871a
SHA256f6019f48f216bf955e3c682a4bf69fa7467bf3aeecc8af0e3e4c447cae7da637
SHA512ea9eb734165ccea369168451f548933367274775b980717b774dfef596fbf5b98cc404f8d8ba6eca1b9f49ccb3d0d7f3b1b8ca56c2e59d718bed979b4ff5ded6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dfd90e38a09682c3902f0525d0fd3020
SHA1f5a3c3400b5ebe3e1962d5c04daf279a58de398a
SHA256a94b1e91c3945860590a6046510492b21aa14109e9ec660f2c74e8276322a8a9
SHA512298bbd9dabe713ff1c0ef21e415fd07598f6d3bd69fc6a3a6897e5f2979fcf3fc572421565ff019ed95238870834cdffafc49930a5cedf9bdd902bd0320492a6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c236d8c552f4aa18c89c8190bd11b629
SHA128cd42b46b9ac34b89cbe1ab683e3bec7d628fcc
SHA256f9675c82b38ec10b4f83d4233f4f27760432e2227a4212fe27c265d75b2f1402
SHA5126b8d97678a3b7054fa4b7fbe49c6307adfafaa7efb82853b1eed13fd9c4c814903576b8f420b8926a53bc9122b3d49ccdab09299a744d8287e4419db70687694
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58185aa62cfe52d633e8781eb2d75e684
SHA1ea66bfd3f67d13e2f185f81ad0e95854a8b2c927
SHA2566e9b0ddcb07ddd43db24ee0bdf38c66cc595ad149297fab9157618c1e3c359b3
SHA512bd8b01dd42befda2df67213280dc590fa753f385da38601f38cf33ef780b9d99d31778649157573b4479b5dc658245a1b01f98e73d7778f44363f5d9c1fc9568
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD520b91492e4d0d01eecc463580fd63510
SHA1e78780821011d66572d52a9d2c525f3eacc962c7
SHA256e13a1d8ad35c4415f3a0788059edd7c3258a99a374b8026544c2ebb8b2d87ee0
SHA51289054a05ba06713124a02fd219db80ee2ad614574665e3e633d7d93b05398767162ec9071624c73433c6b6d54fd5ccbb6d00b225b5cf4d5e70d33dfec78959a5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b22f1de0c17004fd852190c1e40b13cc
SHA187a7ecd26ef5a6e95da5d8ca2bcff21b98ea4891
SHA256e8f348d0f882e153cc908db52b9ace69e9bdf41da71ba63dffa595aa04bef548
SHA5122e6e11b580c9b54867715739eadb7a2da9624c24a6830b3a1f93e71ae1bc97d292613fb280c8cde2a9cceda968ad2007eaa0e30a548cddc10de1ff8784960524
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58169f11d9a5288615798caff7a437e23
SHA17693ec758595484592c706e4567972cd31167934
SHA25668387dbff2768ee5a54c1489c896be7b1d068a0371f4c60eda8588386023a068
SHA512d9ec6d54097fcd198ba105b6488ccce883c7542466cea7aad083e392619927190d8a5e6ba2e38723d1a7922852f3aedadef3af1e5c1a25fd278701157fd233aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5388ca987e5c7f7dde89379e2769f5023
SHA12555b831c5ded7b3473006348a530ee8a260f58e
SHA2564d8d0dd33fd64accd7cc655b797c4ffe6936db853f8fcfa5eee4ac4d926a521a
SHA5120265868c631e7ad6c0892eeddb6a9568f03efee0abc5b304fc7b603d58e636b6a04c37830f641380da43914664ae26491457aefeb352617acc8e02672639f2ce
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5af949da2e4f0d2501e6a83a0bf3563c8
SHA1da301b29eb9028f64d35a07193518a0cd3834bcc
SHA25627e4986521c56c4b4068775ff450068c45b6f96504075632f5e15199d8e305cd
SHA512398859f67eaefd426497cb0c01bb4148ae52f1e3b72a60f8ff9f57e7c3649148486710486af9552e3410340541a3239d467e15540fe55790113c4fc159d1ba69
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b