Analysis
-
max time kernel
134s -
max time network
140s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 08:51
Static task
static1
Behavioral task
behavioral1
Sample
912ef5ca39ed35ec3947b71230aea16a_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
912ef5ca39ed35ec3947b71230aea16a_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
912ef5ca39ed35ec3947b71230aea16a_JaffaCakes118.html
-
Size
139KB
-
MD5
912ef5ca39ed35ec3947b71230aea16a
-
SHA1
5ab0b3ef3f3681bd0f2496b389ba5e40e2564b8a
-
SHA256
6192d22e75a304c50903063ccabb005ccf79ea0cf9b7fc5a510401645d19f639
-
SHA512
df15b49dc146f94cbc1af45b3360174f450fb9cf1385af316d215dc6fe62d02e26c64fa20e5a13cdade49ad7a6b403428e60359ceec58d7da4d8a75c36dd9d7b
-
SSDEEP
1536:Si5bXomMCfaUSyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJruH:SGJsyfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a230000000002000000000010660000000100002000000064627b9832a6468856b8b3da718efda4465d959fc974ba7f9d0e9b65be27175e000000000e80000000020000200000002b5af56eaaebba88e8b4f6436faa0ecd126faaa963004a20ed5509ccce6e774120000000d7fff0a24c5ba20dcb32773ff4134c3cdf64d40d2d15e23b721b509a93d2d152400000004fee4ed12e26223da904b25bf2cc4572a15c12f65c6f6d74ce058d22cb17863dbf187148984140c2a2633b88428da4cb842828153712d30033d8e0c585877220 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3058cc6293b5da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000b37e9d10429b1c212cfa6b9a2ff58cbf0e58bc649627a3f9b6382a0cfd31906d000000000e800000000200002000000074135b5cb0ce0adae97cdb487cf596240b00a3a0d21c92d8d47265238239a95390000000e31729017f9dbdc9ae21bf3dc3d77ad6a6391bc94cf3615acd8332593fd2e2d5af2e183e4794dec4b47bfbb056b3c02c4426ad9f69107eb0fd23e4b9f5a40ca387a69fadb07798e350c296ca016e56db97ef00fe0644c9232c4e5acec7511d53dec81a9bae6fe5871b32fdd01f493ea99f3c887e53c3f3248c4a378ba09eb7302c5d7b9144b3e97edbc8cd1790551d1b400000000bc1adf59c25bff717293b81a06c4469ea7d55aafd44f1e856ececc94e00344c8af1ff5f92d32f3934b5fa7e2f5143f4a5c7523f4de5a954949ee799bf74c19f iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{74F6CB81-2186-11EF-B21B-FA9381F5F0AB} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423566552" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2460 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2460 iexplore.exe 2460 iexplore.exe 1308 IEXPLORE.EXE 1308 IEXPLORE.EXE 1308 IEXPLORE.EXE 1308 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2460 wrote to memory of 1308 2460 iexplore.exe 28 PID 2460 wrote to memory of 1308 2460 iexplore.exe 28 PID 2460 wrote to memory of 1308 2460 iexplore.exe 28 PID 2460 wrote to memory of 1308 2460 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\912ef5ca39ed35ec3947b71230aea16a_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2460 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2460 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1308
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5edd759a9f1ae7b7e2ae813fad833fb01
SHA199a889c5f3d953966ff7d6fb6eec20e2b5fdb910
SHA2563f51ea7a9b51b1866192faf34eddede9eed8db7b38b5882283487fda7eb6959d
SHA5126cf4c8aeb1dee4f67e63df746cdc4ef86957c32d60e1744cfb9a6c5b7899c4688dd523bcb23bf0ed0b0b6f978381827ebab0433c4a6ffe5cbcbdcb95525a860f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD515212ca85e0b1a3737f56e2d208c3c4b
SHA154ce5daf3f25cc700d058e6b818da7acd2bfb927
SHA25671a78050d3224bea01727e4d12a1208ae38833e8ab79da7d695610d7bad0f0c6
SHA512074c29d48062231931a0f577e849348bf352fd1aa30d7e1f398f689e92c0b8da64ad022c02603e1a48c04abbe5c0f96d453f74057790d3324304c824f1b1d892
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e25b46656deb1b38df49c4288432e427
SHA18a0024a2e338215a992d0f3a1b60496df3c19ea9
SHA2569c2de7d91bba0455feee536f6d1140827f6f7d40141bbd7518a599b0bbf08a81
SHA5121c13d03ef763d2240e8fdc474a2b0b6af3579fc08c86b5d7a3b39ec34522b278435ad5d6300202ea546d86062ee276f54080741a847effa64677439e2bdb3de8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59c042d439b7d9c77c1e96bda49d67b7b
SHA1b2ac860bef011a76dccfeb665ed8557d8d681ee7
SHA256b6ea786691f2f3fd607d90249aefa24134e1b14d265ddfad98608f35dfc6febc
SHA5121dae6a77d29ab45359a1f7fe645c457eb5ddd3a105280672cc61459ce9b287e2671db6d53b6afc571c3df3575f4abc44f1c76fdcaf2ec057d41df993a7b57a86
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c233f1fe0eab688db956c6854e83883c
SHA11b756253b7206eacd23270c3705d4e0b8d1968d5
SHA256e807f7125cb9fab1a2b2a96ee225318b4973be5df05f4eb66524a7fd700cb7fb
SHA5128e7d627e86ce597cb3563621314830bf0d1b57772bdfd603dad909522fab69e2143540bc1e04c1a4c12fabb90fa6af5b30df9655172912814d7f9fa3da44efd4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD542659bb759ea86c8165ea38a83951a30
SHA1361b2f6e7a176bd6d1371cfa2c08d28293097349
SHA256895b6e18652e37866b645995d0061bda7fab7bcee29824f089fb81ab9d29db03
SHA512b141910527ba56dc3a1d65827f09248d5ac526206e44fc9d8bec7236aaba9eb7f150faed8d6eb0380632c6a952f8fa6f520786dab45e052a2e9a6e055d999bfa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ef6d4df4ffe776f541fba766e51d6bff
SHA1b0a6e540c2b5978adece03caa230c269cd5f60a0
SHA256735edea88f15c22ef52ae1533c5747e577fa9d8c4525ac6a98428b6f0fe1b608
SHA512d0ca6669d74ec5a4acdc07d1a0b7b1c7581e431edfa80f86f1b9727554cdcafe35d24992f0b9434ef1de14efdd62449abb018aac60d2938566c0ef771b24bafc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56fb3ea5b29229710289361bc3b82eb5e
SHA1b0a74122c4c7bc7ecf12aa1943f200da85533b2d
SHA256985dc93d8af74e80d572b34c1194dae374564bace8405087480dc7a45fe90006
SHA51200fb6ac7a6de8fdd8eaae977e95be9a15dcf414e97303eeea4f6c7b6225b143cdbc7d6cd84257c7ccf79028ad917541e6b2556ce64e9306f9f0ac6d542811acc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50a5d69c8fd3be3683c62b1b52fb758ef
SHA16a6f5cc95a42c7e547c1e540d8fc0775a07350cb
SHA25622dc511bee6ff258bd00b0bc6bcc2d2c9252fff11cb0beab4e2e2c15d3ad49f5
SHA5123f544b27a6d84e3075a5e8a2c2ac783bbdce2cd87c9a2f6a3da0fe9ee4478f48f5677edd5c8b64f2ec555417bcac67c963109e8e90ebb42bda2893abb8f40757
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58ca52fc9168a03b4e70b54b25655bae1
SHA1826927d2352bde1070125922d5794ec7269e8420
SHA256c425e523153337f01f48d1ab0226da376e735e9285c7f03a99871cb027b41234
SHA5121556671d610ae4b352f151306c9aadd1c6a53ac5d73823b8c071ad071c9e3300ba59d5db5886404e8e524594ab72202f99ef7f8218dde6faed9525fd7f615100
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b