Analysis
-
max time kernel
150s -
max time network
145s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 08:05
Static task
static1
Behavioral task
behavioral1
Sample
910d32960442d62499475e2b411593cb_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
910d32960442d62499475e2b411593cb_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
910d32960442d62499475e2b411593cb_JaffaCakes118.html
-
Size
27KB
-
MD5
910d32960442d62499475e2b411593cb
-
SHA1
82eda0966f32ed9dea046bd444a01139e7523be7
-
SHA256
ee9ed3503e1d6c473c3b3aa611d6ff4353e08708031f9cbf5cb0099d1be7c67d
-
SHA512
a0b3c9d1fea29740a44b7aad18e6fcaf01bdfaa9f10067f8bf61f1b2774aee68f398b3b91940d99a72577ad5ea815e011980f99c536a87c15462b8c57cb7c3e1
-
SSDEEP
192:uwDsb5n4enQjxn5Q/znQieSNn0nQOkEnt9P1nQTbnhnQ9egym6lpmoiAQl7MByqX:FQ/4BanmoijS0/Do
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423563786" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{00A57A71-2180-11EF-B2DC-EA263619F6CB} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2892 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2892 iexplore.exe 2892 iexplore.exe 2456 IEXPLORE.EXE 2456 IEXPLORE.EXE 2456 IEXPLORE.EXE 2456 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2892 wrote to memory of 2456 2892 iexplore.exe 28 PID 2892 wrote to memory of 2456 2892 iexplore.exe 28 PID 2892 wrote to memory of 2456 2892 iexplore.exe 28 PID 2892 wrote to memory of 2456 2892 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\910d32960442d62499475e2b411593cb_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2892 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2892 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2456
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD522b8807655589509a86fbea148ba9728
SHA170cbde0f0c4440901dd0e5963ec04fc4f79ed850
SHA256dfd28eea14eb7a8c00d77f590814a295340447484c3facd6a20efd2ed6f91b79
SHA51288c39ede8db65d9617155c16e1a3ff1e0af40e365f60d82529f6bc01384d987fd7a9ad63a2b791eb04ec9c946b0c6b05270582c0fcf8d2cc3b64132d3ff658aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50598caed9d9613803bcef3f86a74c47e
SHA1a79c976a1080cefbee5622d63601e28f15b49b51
SHA256c3525af54e64c58c21eec02945ba575a1e35044778c952daba3c4f0b9493fb01
SHA51239c5cab57e35c16bf38bb49a9d03e43eb9e04d6fb9b50998fdbc38ada089152884a7d72f06eff42e2949451d8ac44d4d99b48169ef5ba1c6506b7292431e42b3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55978def11b953b1c1ff463f227ee227b
SHA1bd7f95e9963386b77e2449eff571b41053a29da1
SHA2568bf59c212abd7546e2f338c2d0683c8a66403b4afc7e06b409334480f85493e4
SHA5126b94eb82c4396b30c38df2e7edbbd3de92f333e59b9e94ea76fa07990d4fd6008133cda5c7d6ac72d3b1fc11f9081c21810a8a37e8622a39c86f9040ffefc2f8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c7f673881832ff3a996b97d55676151a
SHA19a6e52ab61d517375a6ec5a0b7ed226c35fb7b22
SHA256a57f43d9acd38c983cf127c0a8cff58271bd1140436c895f7fef5c8c2e9a1332
SHA512120ddf66a38da63edbe93c041413084d04723ff92cc7cfce34cada3559a26dd6364a0b42b90124c8de552dd5f827622208aed8bfeebf536d988ac125b7fe05b4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55e3798e5d61667911873472f794053bb
SHA1d11a5b47a7adb309c5f39d14dec151556c8dfb38
SHA2566bc93e4f00efc39971d3cf203f16f14b47018efc5e2cae45100e235d16e17f7b
SHA5120deb19d7cdfde7439f2cf7b178c0ebcb10f548212bca61e45783cea9cbf5bb0eca36d021046cc8d3a986644dcb9492ec55dd60acb1687d59cf37fdf210bebd14
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a8a4f22124961f8fc1c0b4a5ac193d0a
SHA1dd0d394a74b9a9d21c463fa872b1b2ef7f383483
SHA2560069717ed7d4d39f934697fb0560b9a0ad13dd7f88c7186ea47775b64327a88c
SHA51297afc53c768b4f277398eac9941820bfb5566267af40987c1a591dbb359d6ff9eb5de7704dc54b0aa29d117821a0b7f82a4a338dfec404c1a91d0acb4c7c1df7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5453577709af6e7bde23d8fd9d26f9adc
SHA188c21c6ff5339e98bda4b1724b6e2a217a993069
SHA25642a89ecee9fcd000b1db54ff383bd4fe23a15fe3874d9a04d94c81bd2877f374
SHA5128c66ec29c83dc7c4f52d0d4747b562ff8424b2c1c17a1afffe2df8c2e099abd673c092ae260a887c344e07727df17837b35dd4911b2878e215c2f1e328d1f281
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bc75d4d943a3fae252e99f561370c9ab
SHA18ad0e1f7d44615b91ffef180a565fb1267576926
SHA256b96f4e850c067af6a59d237c816e02b984ef86a687cf5aae60f3fca8a7023048
SHA512883b873071d40f7707eb09197502e9f056cb12f7b126cb99a73818a4a7928bcd1f098c2d4cb1d2687e03a203678ee9cda6793a89e5e25b4d7a35700512378a46
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b