Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 10:35
Static task
static1
Behavioral task
behavioral1
Sample
9176e10bd0916d5046c2d90d7bb5233e_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9176e10bd0916d5046c2d90d7bb5233e_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
9176e10bd0916d5046c2d90d7bb5233e_JaffaCakes118.html
-
Size
30KB
-
MD5
9176e10bd0916d5046c2d90d7bb5233e
-
SHA1
188a306f72f100bafa374895de1eabeae0b29d14
-
SHA256
7318d0e3f01371db28eb5f92e9a8ffabc934fc77943e418322564b4a75e5ccb3
-
SHA512
0e232ddc43d60edc11e454b3bf8fd1fb069c8e4cd802f07e88722b99bc2349ea6bd7163b9e64258feaac930e7d43d62dd7ebd7b9be126711a69dfa53ba7335aa
-
SSDEEP
192:uWXbn0gJKJpUEsb5nyoPLfvUhnpyTUgknQjxn5Q/fnQieEnNnNhCnQOkEntx1Xn5:rQ/iQWOcca5zARvfdOOy
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F2B8DAA1-2194-11EF-8A7C-66DD11CD6629} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423572776" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2232 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2232 iexplore.exe 2232 iexplore.exe 2508 IEXPLORE.EXE 2508 IEXPLORE.EXE 2508 IEXPLORE.EXE 2508 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2232 wrote to memory of 2508 2232 iexplore.exe 28 PID 2232 wrote to memory of 2508 2232 iexplore.exe 28 PID 2232 wrote to memory of 2508 2232 iexplore.exe 28 PID 2232 wrote to memory of 2508 2232 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9176e10bd0916d5046c2d90d7bb5233e_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2232 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2232 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2508
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c1240e92438e9167a8736f08788f855b
SHA15fe563e2cd0fd4450459c13546a0623a008f2f73
SHA2567b6272a2089091a412493c96337d138bd235228eca946e05557219635d9f032e
SHA5123ebf3141ca4ad359270332841dda46de7e75725cf2f74deb0c7e33b736969131220d293b9eaeecab3c6875a8c464ba634d76e56b4f67cd8a90b83a25ab5f4938
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5708ce9710291dd7d373fc3e240ff93fd
SHA188c159c806c3bd0bc2489ce61b75037b7f67548a
SHA256f5490cfba844ce02c16ee6d5387fb9602c5ac5aeadc292b066559907e761a336
SHA5120f391ecb61809c7fd541059dc6e43f57a556ebff8a91dad855c60670a73f213af5fa5e6800a83cd11a74aec3915ba6634624f7a7affebeb7a9784daac236f92d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD573f7ccff2ac045df5481430f64737f47
SHA19b4c2e1cf930dbe413682cc409f7f9576dc56c23
SHA256e9a32d0bc08a57cf7b3381ad2841b5bf55ed33428fe7f2043c4ff18d73a025af
SHA5123c56a3ab19ca562c7f965b09a335606829198d06cd0edb4f7dcfd24e576a789b212d027443269e871a93c77e0a30729c6a557a864f278a3d8ed0f60416f0da67
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD566df7e6f2e0d1f679577f73781ca0f3a
SHA12dfb1ed26a213407fd5a9df696868e81b1e871c5
SHA25613fa7eca08084b6214bae9165054fe360e00a9a60dd2fa9d1cdf0ec67c1665ef
SHA5126dca87cfdc5b987ccf2d295930e8d3f1de41ff58ad3a56fd0ffb34f2e082f3497971e2325f57e8a3000c82026f2b3b99ca332ef237a8ccfe77c84c1b1d819790
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59f9c1225a67e6906c216c036af159029
SHA113516fda3b515cf140430ddf90248f18d51141d8
SHA2562c2cdcf0ab29840b0e7d3de06cb44f191825b1551b81fbddb855d259ffdd998a
SHA51211ccdcb7022354fa5a081e4e88a6fbbc27397301d8b86ffbbf9d4adf848b1d3884e5aa95f71037a8ac5b02e86fcf323cd47d330bd556f4ea81b3fdb2d7472315
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53aaa8ba3733506fe21252d443ac6c1c2
SHA12fbc9b9609c8163abeba521f0a77a53caa99bd75
SHA2561bc6321d90268446aa09db9f7c4f859c1abfd93783baa46d922403405af51582
SHA51286f39cd2f93bdabb333324af934f301b34de90daf8c8255e6de2bab5fa61bf03b2b1c33cbecc1c624a0adfb37a2f4da429f926dd6c4776eb5d7bee0b771546f5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD546199c82edc8c2d80dc8c63833533bc7
SHA11fa43ceef1c6850758e034e77c3ae477cc506cc1
SHA256de18a8915a181e0fd2bd29de58f1afc49ef1cd8e767c65a1839812a825e41948
SHA5127e2acc78730c50a9154770e48a65bdcd407f42b1e7cde9cee07cf53c32db70e29855fde8e988cb97d64198791151560bc0ef8374c70045239eb0ec1dd13cfd93
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5659d7575557a7d79ff4dd67de31d9877
SHA1c4ddd41fd75bd9b992c0669535dc504123c7af6a
SHA2560bd379da2339c415ae3ae082b6623cef057ed7f2392be6d7ca4559bd5e0363b2
SHA51222d76ede0a119374dea6c8a07e08d92cc9df8b20ec079fda9ec0cd33b2c8deb119507c412dae88533e6f39d52278b5be04f6545dc529a352637c6ab75f96d386
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d1156d4ea2002dd9dcb3962390f7ca05
SHA1dd8a5489fdd854cf2bb4fa5c632866c1d5282d48
SHA2566a33869d650d7c9a386ca648f871d0a03a4a6a2f747339c80229d1e4f89f5270
SHA512337bdf0e910e0047f0d4370e6b1a7c81ac85aacdb530756ed555bf9356e53478171cbc5b78e9e1909986e4e150d8b11933cc08bca55699fc3b7249c9c8ca0bc3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b6c5af49ba5ee827621bc050bec65c8c
SHA16ea67b6f1c72c0aaf8b52e0b49bb7b53a46a8e70
SHA256db688806c59a25f743d3449bfdfbbd986c6cb8f667998391ffa7c7a91b9a2bba
SHA51206192a67f0923325ce2ae4bf1fb60665ba19636f028d271f7c0e51db4131b5316a250842ae92d7f3d2833bc040af2c7130ad8857f4b968c9e2683b7b16da8ff9
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b