Analysis
-
max time kernel
148s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 08:04
Static task
static1
Behavioral task
behavioral1
Sample
910cd2cf60157940b39fef6311e65f23_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
910cd2cf60157940b39fef6311e65f23_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
910cd2cf60157940b39fef6311e65f23_JaffaCakes118.html
-
Size
19KB
-
MD5
910cd2cf60157940b39fef6311e65f23
-
SHA1
a2f80fce024d5de9a11a2805c77f97a809fa9f20
-
SHA256
ce995f3661dab19b71e276d80b252c61ccc53903b412727a84b9c30e7730a461
-
SHA512
2fd8bb9f50ed5a26685a5a87adb55f7b86e5a53de5e0c7b236cf0b80e3ae8453b4c4d0ec096d4d7ea2e3472b7a8a8272b7c7933eabe0c17e1eae474dda37c853
-
SSDEEP
192:SIM3t0I5fo9cKivXQWxZxdkVSoAIZ43zUnjBhZD82qDB8:SIMd0I5nvHBsvZ4xDB8
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F00102C1-217F-11EF-9486-4AD8236FB259} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423563752" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2204 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2204 iexplore.exe 2204 iexplore.exe 2488 IEXPLORE.EXE 2488 IEXPLORE.EXE 2488 IEXPLORE.EXE 2488 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2204 wrote to memory of 2488 2204 iexplore.exe 28 PID 2204 wrote to memory of 2488 2204 iexplore.exe 28 PID 2204 wrote to memory of 2488 2204 iexplore.exe 28 PID 2204 wrote to memory of 2488 2204 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\910cd2cf60157940b39fef6311e65f23_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2204 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2204 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2488
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52094fc30d85ced7e6813fd864c7a8d9c
SHA1c9a3659bfceb4508db260476819279b2a9883a19
SHA2567570ec058b026f02be127eb81ac6c1746341e2f0aa5503a87da15dc6f83e9cfc
SHA51201348923c0e2ddb8539149b20ce23523342a65d77fa70335ce71a8680745ae26cb0849339c637613440c08a0a33aabd0cb7051994ac7b15af1c79c4c84dfc85e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fa600dfdc0a5d55fe93667f58b6d78e4
SHA12518cd88e0d750f8f86172eb1d6335ec86e31df9
SHA25672611f77631c8d4669e885aafde8ff886cf062fbdc3f3ff730e5038cee5fd639
SHA512fdd7347de1d7ed6df99fa0949e8000e8ec0037caca95001fa7b14b9d5b29d509944bee5a897d84b8560acef049cbdf702bb37e6b9dccb59f5d8dfb465cd37adb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53a30ae0bb64a81f84ad52a3553a72367
SHA1a70544b54e5321b46f89c263b5392a50b97d8051
SHA256472af63c0198a6bb0a8570afc1f3a05d591de2b3fb985a8922e86f48a62fde07
SHA51222c30621b732f19789226ee104bbd999666996e699c120aa77d3d69f35ce4b41f769175012087989ed73170f64363bb8251a7157df4d97fe66d575b4b18db98f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5346fb2d98b4b4b3f20f8a3764fdc5e81
SHA1ca2b082df62b35dc7948a845a9a57bbbaaf7ab08
SHA2564442e42ab189022ca349276dc05ce230c8276ab4a6daaf3a886ccd8ab3b6175c
SHA51277b37c86d95e47252a0a553afa394bb344ea3046cc7a28481be163f702e1d2009047b6fe4a55d43bf4aadc8262b9c25e1249e311af997b197a85b3077f12f511
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b92751070d13dbe865b45d2a664a89ff
SHA1b0cccfc3a7eb2d069ebe62aca167b400470cc694
SHA25687f0a9656a6633844eaf4b382508737d5ff6b9c69ce5f52f4890ae007f8fb6d0
SHA512ca71efec0ba561503428500591d00efbc5c37156ba9418f1d432d434fed749987396c2fdb7f0aa3cb08f3af47569a74b98867132e52c5b26bbd7cb7f8dfcbaeb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD535acb112466476173f1e7efcb02d10f0
SHA155d21e15272efb6dcc361da9ece3b25367c91459
SHA25686f44e0096bdd7b4b5130afb94b1af3c7484a8fda17140384ded21385cf8e4cd
SHA5124b9fca2b726d793819f8c9bd2358da1dcf35399f6c8b11eb676e2f0de4d233312156a2a4ada033fc3ce2614c29d1c5349931304a84e48df8ff646820da9c90a9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54b90a78f4e0996c0c888c10e7e241ed5
SHA12bf07b2ce58fb22e935059a0460201fcde0d6b25
SHA2564bb4053b30ad3a7569039efc8da885f4c29b0160fb7c5ebdb56bce911708b796
SHA512eafcf8a014bf169d77160b3425e88542d13de58903386496c5c01c71686880195aa090ce48da7125a0563a1f5748ad96f790821f8ce43a8565cc0e5dc69d97c8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59ca8593655e71484b4bfa9d89611ea35
SHA1419396f9e4f0fc285231b9f6b37b0756a132d707
SHA25646ebdad8c5d12dbb1b3ba889e09d83a63652159dd1bd82278b103bff7b7c0edb
SHA512f5175cd44204555a852aae0a835120942f38217da93f220c17c4477c2af44cfc4d2c7addacd2972263245d886b74f8406b09e13f0322a2f2a988055ce8478871
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a2675924dea12be12431844d74faf77b
SHA1b9642125854449efa46797f99a9468dcab7eb8d4
SHA256b52727c40411b80517ca293eec5c71f851541ec5654c37382e5de65c0e933099
SHA51203168380c11f0bcf81a7150e317a2eef61d95fc8ea325bbba4fec43d03600c01aebc011bf1494a484ec2897249f8ab9eb654591d22d187361a5a17965e99979f
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b