Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 10:34
Static task
static1
Behavioral task
behavioral1
Sample
917636c5389fbe5d03bf5345355ef19d_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
917636c5389fbe5d03bf5345355ef19d_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
917636c5389fbe5d03bf5345355ef19d_JaffaCakes118.html
-
Size
23KB
-
MD5
917636c5389fbe5d03bf5345355ef19d
-
SHA1
dc2bbb4a51791e8c94180553f74dee2be9d1b28c
-
SHA256
e40f6e3cb0898a57e10ee8f8eb5464b46aa5cafd1cb2120611152ae2a511d6a6
-
SHA512
4e21f19fe35970ae984a055bc1027c07b1de9c19aaa29b2cd3e831b23b21a9a6f5b37190e58aa0dd82feda760bc890e9461ebdc23d65aad89713db8ef138c345
-
SSDEEP
192:uW/8b5nDGnQjxn5Q/qnQieJNn2HInQOkEntuknQTbn5nQnCnQtdwMBpqnYnQ7tnQ:yQ/0HCrT
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423572710" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CB6808E1-2194-11EF-8C93-DEECE6B0C1A4} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2980 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2980 iexplore.exe 2980 iexplore.exe 1200 IEXPLORE.EXE 1200 IEXPLORE.EXE 1200 IEXPLORE.EXE 1200 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2980 wrote to memory of 1200 2980 iexplore.exe 28 PID 2980 wrote to memory of 1200 2980 iexplore.exe 28 PID 2980 wrote to memory of 1200 2980 iexplore.exe 28 PID 2980 wrote to memory of 1200 2980 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\917636c5389fbe5d03bf5345355ef19d_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2980 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2980 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1200
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a92dd92874209e8804fea095d6460ee0
SHA1ab72cce3b635e01bcbe15c9dedf5814c8376eda3
SHA256415fac46f9b34a2790b5b6ec7ba9433bace38c405a8703d244d240a3fcbd634b
SHA512672e51a8342de68a266e51498561d4783b1a256fc92575b857bd2a307d4af95b63c07217854ac62cab5fc0deb95b36782ca07b1012baf20bf9de5a0a9e5861ca
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cc7937e28a07297434ed647880b386a4
SHA1e12b93d9242b35dfbfdab32b34f402dafb380e29
SHA256387c9ca307c02e4b3a39030c0e570dd36d8fe5121b3dbd4dd229ebea820b2796
SHA512628e8dfba327bf8a0420b3acaf14159c84e215fc85a2cfa8d04f7fc943f5a049353a3818d5332094106901c582b7ce679e7ab24bb7359ccc350dd86586fc4811
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59c00da5d5769d364b23bf2caecea245c
SHA1d4f76013bbe2e8091e230d8f96ec6a0e38ddcb77
SHA256cc5391122663b27369f4aa76ffbf8ecd606e38edfc1810d10e4629358e35c9c1
SHA51211429fb2317f22ecea6633101e1656ae902019d82ae140c823e4b75700b3fb3ef115a1cb969652a687a3f2cb39a66f43348e259746e5dc1bf87b37f8b30917ea
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52394dc40b1b1fc2283b8f8fdc154ea19
SHA1dca558bfb65ff97d9a7cdd3898e49cd8a09705c4
SHA25631283cddf7f39c93225485b2c0d2387528faae73e64a2f7fc9d7e412f1237aa4
SHA512de53d56923304945911227f326229f597dea97f0f38a47621024391706e4368ea0d77e080f52af6fa8da331584a3cabaf1ad037c2e13854ac3002f645ec4446c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5506457433e79c6bcedd502438c5aa851
SHA19bafbf2a356b1127f49151064ad895cdb3e3f12f
SHA2562214e28c6ec976fe56cb7d4e1276c20a19f5d764cd326a18554dbb934d251943
SHA5127da040a4833dde90679ae5f5c096f61d00626e79db1151bffbaf6d3e2bf3ce3b409e3ed1ddf27266e32963efafb81b57bc65e80d45be26c50ea523245ebfc56b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5779eb6e8f15f93059398ce766eba2d12
SHA1c1fb705e62dfa03dc7d06aa43cf6d9ec2972c418
SHA25677ca9974d32e2472e5c032f63c5304e17a7c20ce1f4e2a679437d1ef6077ddb6
SHA51296d383daa616e6e2e344b6d0e674d314e8b3ecb3a96e4f6500cf8532e4fe2beda763d2319f3102d5726912a84534af1f086697b984810a1228b74e851beda403
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD599724ef5644c287e7baca76332413269
SHA18c0cacc4ac5be392637d5204ac7630ae85a4d750
SHA2563415633cac9ce544a211788594224adbd5fbb7446856620c1c429c21f8067f55
SHA51211e30ef8856925f3827db0408bbafb4ac315ced3bfd52d9ff144ac6e45a271f27b60818903b71e551f9514bea3523b41efab5076642c3eaa3d78b3653ece633e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b3242d97ddb2fbc959c6991a8586ce71
SHA1c3a4c8ee873afac8890e86f506deb0009779b66a
SHA25660abc9bfde11ad3c9f6744bf8951cbaa86e45c9141ec437cfe8af494adec464b
SHA51247742518fb2a60110d1e9ba45cc465515e802461206281962219efc3f734508fcda05c494bbee2671345d74d47c4b025e12c08a1b28d3e920d5100507d32f3ee
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fe265a2f34f1b1f11003157cfe87afb1
SHA1c9044c3bada9b48ef7ebd140db0a3250b6e180d3
SHA256dea5735fe00e0645cb5ce5799ef18f97ef5adc6c03ed1239c1460b48c9a8151b
SHA512ca493c6978827b27f17604c4042c7ab7b60ce15f055f5f4ebf4de975667d4880b37fe466597e28a6dad6aeaced34cf5ea74a7a84d8abde62898da57a95a482bc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51239e1c9c8532fe845057568dff121a1
SHA15e539cd2d6b6d84a9cfbed2a4564701ddced26eb
SHA256074c8d838088251fc530aa5aaf9f0628a459aeaa3377bd68e77ecb94097ed31e
SHA512f774ad15db82df165e36823930111bd0b4bb7c454c2b51d8de27cd120a2a86ed997af8a47c7b9cd6c76321580cfb2c75fa60626479973a6dc3658892d8ccaa2c
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b