Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 08:50
Static task
static1
Behavioral task
behavioral1
Sample
912e4e4f359ed5a3621d623baefda2a0_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
912e4e4f359ed5a3621d623baefda2a0_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
912e4e4f359ed5a3621d623baefda2a0_JaffaCakes118.html
-
Size
26KB
-
MD5
912e4e4f359ed5a3621d623baefda2a0
-
SHA1
0557e752e1b3f0d169222124df038e3f7158310d
-
SHA256
86f42acbedd1a3ed80ae492dda805b4ebf5ed1b9972b0a4e6ce7ae45ff88fea1
-
SHA512
5da09e8e9ecd17556415c5de032b7c4a060b9641f8a5aef6d205530e9e098a6a34fe9ca05679f054127b1999c3c42b9a92742319a3df6a205991156c62b390fc
-
SSDEEP
192:uqE7jmb5nQGnQjxn5Q/znQieyNnvnQOkEntRlnQTbnpnQwCJVevo7NtJFo+NzQ4X:nqQ/0ygcqw8a
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423566499" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{55F328A1-2186-11EF-B27B-DA219DA76A91} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1900 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1900 iexplore.exe 1900 iexplore.exe 2748 IEXPLORE.EXE 2748 IEXPLORE.EXE 2748 IEXPLORE.EXE 2748 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1900 wrote to memory of 2748 1900 iexplore.exe 28 PID 1900 wrote to memory of 2748 1900 iexplore.exe 28 PID 1900 wrote to memory of 2748 1900 iexplore.exe 28 PID 1900 wrote to memory of 2748 1900 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\912e4e4f359ed5a3621d623baefda2a0_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1900 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1900 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2748
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a5c5563eeea0e1389486f58a3f545d9f
SHA146ac3c040379ebf56324e32f5a95449eb2a963d6
SHA2561a2e884065670d3d48c6428b4ff1fb4abe725748f2737273ae1ff4877a3a0ac9
SHA51253ca73b3b9328ae36772684a4062321d25482fd28e93cf3fc4026955547aa7248b2900b26d3e7bfa6dd023d3540248d446373636f9a000deddb2a3b792545f91
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f825bacecf46094c3442488548cc1a33
SHA111f2e7240fd2886620a113473c64166dbec7df65
SHA25653494d5d45886320ed3bceff4ba46e657196abe224167e4ad7313c76255bfec6
SHA5127fc507bf4c077092ee0399fb32a50e7e9dc74ffd3fc78b8e7bc76666eb46ce4da95446e4c306a26fac7db78551d5aee3b68f2ade33aa33f4aea1cd25cfecaf75
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f140f161414e5053a96ca68df06899d8
SHA103f25f95fce00a77670610c0676a7d874f45676c
SHA2561cfe53bee081a77695f7758aa155de41a225be6c45b930bfdc04f690e31ab89e
SHA512e0a461c98ff0a0318f09c514f66070fbb7be6b497f675ff502a9b4cbb9e168d7b745a8578d2b2e889fc759e21081d8ebef24223e96d985f92e0d37eb02f5bb68
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5924652691b524cce3203f18670186477
SHA1fd3799665353643487d2c2257dc25a94b9b63cb5
SHA256228db5f5a9f19f68eab3110fa21643a394c6a66b9b6310718245e808dbd0f400
SHA512115954ff0446bdabbf5685defd8a2f2bc9dde8281e81ff11de15b07afc465fd454c30346b884b290b11ebab5a70dc73acb37abd71d30dbc2790744983978d274
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5142a8bd22e53d24cda232bddbe297a92
SHA111cdd4e8634d2b3ae62176c219c5da9a0dd78d8e
SHA256a784fa3cfac0672ebf862f3afb6ced217f950568ce6f7c0a632a85c7f0d8a3cf
SHA5129bfab3fb3c14b736b4c55fb61d42459292b47e3a4695177d38611b9da0f6518e1f2b99166ecccfab1f775cba0f82a1dd43124c07d4937bae487bf8ec2c457a0d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50f7b1740fe7343ade33aff706e2ea6c2
SHA1b648cb93f820216b08ac89ed9e5842114a3cda3c
SHA256ef78e4885ea783d9193608a9bd3ff4da2af9f072d5098b2750db4f87d040b787
SHA51231bbed5b6a0266e714e17d127fab6641b90be5f1566d2cc1d2d3f81d92cb21d6b0d3db0d858b73f4618fc5b89d39bb3b63d111c99abba8060be7d9d326f519f6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD548d55cde46b47e9ce8e35eb66b01272d
SHA166f8bcdce8a4005e12285db558688a1a584248c9
SHA256310a7308a0fce5a7c2d01b82430d1b12a90fc911318fc817b3f143550b1ef731
SHA5127b6fe205e44f22b929c797e687636cf1ad1c62e17eeb2a00af30e93a65058f9509cf4c92698c4b996a024cf544207dcd3f9d1d2bc03638d110c9a41d22fdda9d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59e057915324f3363977c1a0e69eb5d78
SHA13c1b5f6a6280523488f0f6e0d13ba31b1d4e0978
SHA25694ec459518ad66dd9577815d55ccbff4a0be95385c1de5111cc828965be93f7e
SHA512c96cf6130953e244f59bce26528b7eaa8fd84143ba478e9f07a91ff44bb89f7f277c6b2c1ea8e483a3415eb5396e320eeb241d0a8a8d81d660021dbd9c5e6415
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55095e898ca677663343652fe1600cbeb
SHA10d122669fe557de02e9d0243c713f177dea00ede
SHA2569827edaccd455d316d5cc3f90550dc5093fce98f6cb9fc4ba488d3b310e609b1
SHA5120c3bbe9bde8d6d0f4b3866e61d435de8801a9ead51c9a7d9663b8163cbc7351b1b1bcdaed7248917f167cbd001d4c04db99823006d6f00b7711f088b63dd7b14
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b