Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 10:37
Static task
static1
Behavioral task
behavioral1
Sample
917897cc5dc0bb188b1720d959d95416_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
917897cc5dc0bb188b1720d959d95416_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
917897cc5dc0bb188b1720d959d95416_JaffaCakes118.html
-
Size
23KB
-
MD5
917897cc5dc0bb188b1720d959d95416
-
SHA1
49c57dd5323bef74c18d0c9c582ab422e8caeaee
-
SHA256
b1b8ae04d4fa1691faf558a44a13210d174813107626af85ee42e7df9fc2db9a
-
SHA512
3392e420ba9458beb5067ef85a855ac081f3b3cc1ad7dbfa2850f2f239b3001a9242986c4856da4460ca579a36cef7321e67be6b38c089152afa2552d86f561e
-
SSDEEP
192:uWX0b5nKWnQjxn5Q/pnQie8NnAnQOkEntrLnQTbnxnQICnQtmwMBcqnYnQ7tneYi:bQ/oWt
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5B130E91-2195-11EF-BAE0-E64BF8A7A69F} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423572951" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1956 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1956 iexplore.exe 1956 iexplore.exe 2996 IEXPLORE.EXE 2996 IEXPLORE.EXE 2996 IEXPLORE.EXE 2996 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1956 wrote to memory of 2996 1956 iexplore.exe 28 PID 1956 wrote to memory of 2996 1956 iexplore.exe 28 PID 1956 wrote to memory of 2996 1956 iexplore.exe 28 PID 1956 wrote to memory of 2996 1956 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\917897cc5dc0bb188b1720d959d95416_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1956 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1956 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2996
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5473fbc356625044fbbda41b099dfb502
SHA16403e9e337ed9d199d06cb17765d85fc51670b33
SHA256568ecf9baed8a3400aad333a981bdff55fac4db52e5ef8a7e07f83d2d0e19cc6
SHA51232421ff91c2270cc0717e47a7e755bb442df6fb7ae0af3efb1a1e7c952a1549ff398827725f5b88a762f52991836eabcf30ec1ddb7debfc0b7f2a345c810d9da
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53d465667c7877db26034924d73c1de41
SHA1808e3d2c7c92a1c6d30fc4961e5c9fdeb119357a
SHA25647379ae8ba1d7abef0df0c2b43aed9566758e2b6bf8a2b39c225276f3e9c9d24
SHA51248f122075fefbd08fd3d259530efb998ecc3a2de213404cdce0544acf022b8a305c00d9e4f0293e4bff7a22b1cdd251ffcb17d79fb896c551972c2cf11dbc69c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50cacf3c40dfb3613e1f6954717681a9d
SHA176ee571c2eec3bd2784174fe8774b7e7692285bd
SHA256c9264dfc1173d6a49e1a8fabdbc0c741d86aa0d2b42834074a40a9afcacd32c7
SHA512cc938521400db68b7e5dc44c8fbbb3b949f6f43f75824e8d7d6f1d8a345be42ba705cefa0e1b529b9359db8f660d5bbbe751f521a90243925062bd7c54f637c0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD591ac053571d39ffb27c0128e900ffaf7
SHA17c6e10947c401e2650dc73d65c503b6e16f8bf26
SHA256dbf1855c98fdc61372df262b2ddb6606da22aabed1d5fa692e0eebf99efcce4b
SHA512de179fff1a36e2c6fc441209f4aeccc0423ef90e1c89b1afe30524911958de34ac5f47a7a0ff494f1cc60cb55af2aca1bd622715372ab360041897943c210ded
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5271f9d1550cd9d860b2905a5b8fe5a2f
SHA11befa8155b259982abe9e430582b2703ca63d4e4
SHA25650cccb44ea9491aa23b7d3dfaca6ec6d5e9f5352539420e216371ca0c14136f4
SHA51209b190762003798b9f9266120159de2d63ff107a4868f6e6d8357c93370acb43bf7bb6c5d43b8857320cea601179fea33f0b9ca7e4a3e8d745a85faedd79ce9b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50deac7055250dd33ffdd8527e13d4028
SHA1f14ad2122cfcfc57f122134b195e08f0cbdd54d5
SHA2562d8e01952d4fed6fd3c349dce01fdbfea5a9888f098fe0957120cd997c3a8ad8
SHA5121b383ab2ed68e3747faa378a07f2b15b10dc9aa17c45ac52e3b4b0cf6b7dbfcee989adf229d1e16ecdf308e96dfc83ad5976626ae07b2c2c4f70267271e5c940
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c99f3dc0eb7b46069011b9b6baa6c458
SHA19cceaa0cf0993c4bde395e8783fee2cab719059e
SHA2569438e7cab9216439326cae90711ff71777bafc0ebb16f513adae991a3bbc3247
SHA5129165556fbda3cb5bec3efa0cb13321261819d7a6134c394cbf538f1496dc51e4f95117acfbaa37bb79ae573593e828f679025ad99d7f5e41639a09b8a0720781
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD545b59b6efa97d531f9a7eba15af118d5
SHA1d222b549bd0df1d987a892dd79d540e95b0e11d9
SHA256be774b0ec228f706c089a3cc38141797d2799232d1a83bca17800f387b31a579
SHA5129ca33d27e5f2cdebf43b25f31a67488c4ddb2a6b68d083333f317d96d1c828f54a16d033b22612d92baaf02b2f5ec9ebec883ca2f1af1c1d7b89afdf82fcf29e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d8a506f90d4a84d98a963d7814ffafff
SHA1157faabab946a6f60962a60ef127275cff38605b
SHA256e55acae67ddd41fb960ce08b4c4a15b7e494ca4757ae6debd15bc863cb6cdf31
SHA512a0bd1974d5e41988a50ae91d7a972c8a677d0d8d5c070752fc4c46139b8e021de9fc881919ed88c076b896268c40ffe7f19c2daddc05eca718bfb429bd114f63
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b