Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 08:51
Static task
static1
Behavioral task
behavioral1
Sample
912f209250cc9643ccdcd1f6dcf05f52_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
912f209250cc9643ccdcd1f6dcf05f52_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
912f209250cc9643ccdcd1f6dcf05f52_JaffaCakes118.html
-
Size
18KB
-
MD5
912f209250cc9643ccdcd1f6dcf05f52
-
SHA1
718824dcebaba44e7f7911f4527e1b7e8a3c69a5
-
SHA256
3c326a3b1a250258e5023d709220223eb6db6106200562d8d8f756c5751e2f09
-
SHA512
40ee660c31690649e0d7555f3747d877d8f303f7a90b5780c283747abaf29422c6731c0d09007052d127b289af00328f3623c37ed581a61be327d3cd48a00b5c
-
SSDEEP
384:bO/Tci4o3rUynh1OIpeeVaEaXq7ZD2fA+uY+jVpzw9xv2xItsnlXG6bP:mj73Qyn2IpeeVaEaXq7ZD2f7uY+jVG9S
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8341AB61-2186-11EF-AE43-7A4B76010719} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423566576" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2072 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2072 iexplore.exe 2072 iexplore.exe 2936 IEXPLORE.EXE 2936 IEXPLORE.EXE 2936 IEXPLORE.EXE 2936 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2072 wrote to memory of 2936 2072 iexplore.exe 28 PID 2072 wrote to memory of 2936 2072 iexplore.exe 28 PID 2072 wrote to memory of 2936 2072 iexplore.exe 28 PID 2072 wrote to memory of 2936 2072 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\912f209250cc9643ccdcd1f6dcf05f52_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2072 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2072 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2936
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD552efba9f2e14f5210ec0c71a4ebcdc80
SHA10257ef3c5ae2173e3b58db730a2f640d348410dc
SHA25684e46e6b44ebb24f5992e2db19f1d77e5a601011656a9815836da6c3129dc089
SHA5123757c3bf42d281b6ef370ba442a7860505cbe4fcd4c2ee979b725de74b63d52bd02ffd32c4f1105ed6acec63ea124b5ac77e9dbb30efa707c0fa7530bfefe86a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58389b3e4f3e224efd1e056d3dfcab002
SHA14bec677e71910764557d20d79e6ced2be404e6c5
SHA256bc374b183da8cd00fa019accb572e030635794427fce65eeaadc3d7836061647
SHA5127881d46516471884749a04a87e74a4d48282ed1d7f7784b69f18976c341c3d7ff94316202ef158d4bb1c10d2a33eb34732c7d5d4a18f7f6ba72694a0955c883d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52f17513fb4a049ecf4ba4be04ad766c6
SHA14c4613a77f4a240c0c1a96fdfe99c5ec0c3d9374
SHA25688117df5f69591f7299a46530167358000bf0c32a3dbad7e766a6307affcdc7c
SHA512490c4c2e28a792d209e234cd3917bf5bce554579492ead2d5cf0753109b0d6605f52748a68c71eaa8be5115a402c9b9ff88f6c01281645f9f43e3257d9b00ceb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58a2d2b9ef7b04741cf8d05a2c0390bae
SHA1c0eebcf5cf2ce03de9eea3d9d424a4450a08e0af
SHA256080edb4d63b7582d5321f6006a30a602494501db878387ca004b51040bdcd863
SHA5128bcb1bb3771ddfcf978e3ae6fec3b9c3819b398a0599952e6a4debda7cbe5f166b897fb1c4225471453800bf6732eb3de98f797c4a3d50c1aaeddca10b712226
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d0f92a4c2c6087e694b6e87cfa0ecad3
SHA1e1d8fa383228121cfc1495a4002fb05cf4338934
SHA2568486f8b1c1d9a61dbd8643db4874dbe4195789ac15ecae0cb152a53a031c217d
SHA512cdb97066bddd2596f3835c946c3c9b6479205572c21317922873119fe1f5372428acd587b6bf77573074e0928dee57d48eb2a0baa45a5d43b8daf265daef2927
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a784f5e7411c9624c53c7dc9e37e634c
SHA12f2de9449aeeedced3be68431dbc76ad51a0e1da
SHA256cf1b442cf58e31e37fd3cae6febab029631c76319b6637684b27fb6018430892
SHA51211b0a2c8ef2d7496b13805adaf4e5f423a8febc79c80e33933d78d203ee50f3ae978630aeae8933c8f76b1b1ba59c8683c3583a7a2547a1d71272cde80382087
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD528ce082c2f8bc4fa019c290910f3a0a2
SHA1c58afbcdee17c9d584606ee7ee1cac96e3d086df
SHA2562e218e8f423b7ee313599bf25204e6d3665e3d54e7492cea91ee431788beee7e
SHA512c04aac949769d416cfc46cc405d785b908f24ad4cb89a40534cccec7e1dfed6a91808654ff207a954d24af2aa2cb43e2298fbc5ac4cc05c81cf965c7bf0c1e9b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e173a514e41235ac290da66855b02d92
SHA130016a76f00ba5cec22ead6a8fbb56082058a56d
SHA256cd25d3231fcc0fc06524ba9032d283bf6dabfcd1560b587df8b6da7918c3cec0
SHA51206c0be906c6e4f42c0484d2d006c7712a5d2f2fd014d3f3975030d5ebce2826ad844c16d2ee3820c2bf4dba6da38df9b07665033abe30d09942302f3c3eb9399
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5996a2b450b886fa30a64ee9916abbe14
SHA106d4dfa28a2bafae5f26a080732f1bcac3d5afdd
SHA256bb51d4edd55222e58a1acf3a4fef1c65158c6d538ed2eab9591948e11dfd805b
SHA5128e2241338df0702fa0ee5800bf20d0f9c34ca363f3f478a099a3007557e19b274a1a168e3fe41f0080cd1ced902f9579f36ae57e84b2df9372dfafe6e55c2dc2
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b