Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 08:52
Static task
static1
Behavioral task
behavioral1
Sample
912ff9e18af132f856ff844f91986815_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
912ff9e18af132f856ff844f91986815_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
912ff9e18af132f856ff844f91986815_JaffaCakes118.html
-
Size
27KB
-
MD5
912ff9e18af132f856ff844f91986815
-
SHA1
59ce15528f4d662ac63ae5685ac065b60345c9fb
-
SHA256
45793ae929e478a5f8abdcf515c2644798bb6def0fb38dc6715bbe32a1db3e51
-
SHA512
57b290187b3fbdeb6e1e593dc125264ba64b9e73d3b9e414f6fb27d128d7b42c00044966abd2e8e2588dfb05095fb590d31378901454fc2596641cf3e10841d2
-
SSDEEP
192:uqFQbphke5d3BwsSb5ng4Z9lRsHrZKGxpCsWnQjxn5Q/y2nQieGJNnSVinQOkEnF:nChzQ/QygcEiKo
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AC5D0BC1-2186-11EF-8B56-EE69C2CE6029} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423566645" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2184 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2184 iexplore.exe 2184 iexplore.exe 2212 IEXPLORE.EXE 2212 IEXPLORE.EXE 2212 IEXPLORE.EXE 2212 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2184 wrote to memory of 2212 2184 iexplore.exe 28 PID 2184 wrote to memory of 2212 2184 iexplore.exe 28 PID 2184 wrote to memory of 2212 2184 iexplore.exe 28 PID 2184 wrote to memory of 2212 2184 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\912ff9e18af132f856ff844f91986815_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2184 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2184 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2212
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f27a4013d5157351735757621ce0250a
SHA1388ff52aafce5eba1c580030356c0342f6813bec
SHA2565335f40b3b51c89bbe347ddd9e438ee8cbd3ad4df54ec77db7372f7f43e57fff
SHA5123b3c33268ef638eda0d409633ff3de4a3ff5c02d812c6ce64002d0bb01a9f022a5f648b50897a2da764f71fffb0d35118fe8d73755e0e973d65ed71c6c358175
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59721b52e516101211c493aa3846a130d
SHA18ce5cab11ecc62f058222b7e064e468edbe08dc1
SHA256327a93490f2767b52e6f7c5fb7a964530628d7c1585c926b343b35cbf0bb8d34
SHA5120164462183f8d7dbfc3ea2b9a7886e81f44af1261112a3d25f7093a26d38fb84f9a66c6c6e517c318301f9f6fdaa66eba3064e663caac7d2ddb0a82aa40594c7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5384858241c011cf5d67bb99a063aa907
SHA1b219eaff38e901fa47dc445473f9d7e31c3c3111
SHA256180b5b1faacbfb6f2089b3179b4b1b2d1ea0df7d31e4013907613ee72a031f00
SHA512483ce79a94a3757316f26c4724effa9887b3de0175aed0f1dcc21f5f1985587ce7296dafd9e54ce86fe69f8a12f899e6a522b0fc07ad1e8be556806f1d069243
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b2c89bdb90db12cfc1dcdb74e37ab307
SHA149cc518a58b6d2c4cf40a4dad0b7ce0073ecce25
SHA25625e140a56f65c79da94d1a227471f4ad6101e49624531c1961e5925a1e35ad02
SHA51258522d57a9cb50e4214c3ca5748a0f70ac8d0dd6b14d68d2f9dced93cbee5968f901cae15bda70776bda54bd037fb7db0d8046b1d8bda90cffe8868e44d3a259
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fa23775cafcb11f5b863f535043894fc
SHA1333abc3195c65abe6925d8cc634e472a38b18b8a
SHA25636a237da02a2bae15089514444d55a933d91dc2a54748c277606afc40161ed7d
SHA512e465cef5e96b61124304e3b7a65b413e5f5496b8ea479c8289f8d7087c849d0b83be5ac4a5b00ef40e9ee252da4cdc398c1b7833272f3816c2769f2843a27180
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51e25411a612b08e54b30359e923046a8
SHA13bddaeb72d4754e67214bb29ba32b18421618a8d
SHA2565257e49fc84b20155829e96b5b2de33ec769fba6149ad0eff4f291fa676f5689
SHA512b58fc9688c59b1e7dbefd8cd788b63a1a4b666f3a34510072a50292586df438e7c857ac059c45939620472b3931d29d0ba2708661607458dee22ff5092d5be72
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5082ebbadce5513eb0bec7acc677602a8
SHA12af2793fa4103e82750e66ee495a4f3a9d41411c
SHA256c8896282f94818566d269dfb52301cdeb9025ec1de3726f85d237fdc9fab83cf
SHA51220ef2de81a7fef75bd32d3b515c3f2ae139d86ccd25bdbe399aea069a28ace9a9e874d691681da0e1a636538d6c9cde2da402271260381f486e7430934af9377
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59be259ac01ae3faa966641023739556a
SHA1d39e32405f3a6e59111ecb39e802d70d987dad0e
SHA25631bd71f24a5090935d8a7185f72db0ef5fd0f78b5886792fc7a4f89a22e20d96
SHA512fb14fd4982cceba7f258889871b5e13c7b16dcfb42ea68bdd0cd191457ee36eb09baf515ffb5fae6f9bf899c4f5b0fc526f48989635affe7a41789b18b9ebaf6
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b