Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
03-06-2024 12:00
Static task
static1
Behavioral task
behavioral1
Sample
91b5b15952446b78a489a645d37c11c6_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
91b5b15952446b78a489a645d37c11c6_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
91b5b15952446b78a489a645d37c11c6_JaffaCakes118.html
-
Size
23KB
-
MD5
91b5b15952446b78a489a645d37c11c6
-
SHA1
3bf22ecd48ff4aebff0bcbc765bce7d9bc663b5d
-
SHA256
ce375d8e6c4ef0cdd610408c8c6a4f57287da36b85232d4b3ad91644b6acb8f1
-
SHA512
6ca5096f7fe1c9c1ca01f5f7c2d6e84adfd9959565313f34a571581c4394b534afbd94f315c2754b29f60f0f398c499c221fa092cb07adfd069eaf4940146048
-
SSDEEP
192:uwa1j+94M5CwBb5njC1jhJYeKEUde6oWnQjxn5Q/dFnQieJkNnAaCnQOkEntX5ML:YQ/dbMA
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D0C97BA1-21A0-11EF-B904-5A22F41CCA2C} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423577873" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2432 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2432 iexplore.exe 2432 iexplore.exe 2628 IEXPLORE.EXE 2628 IEXPLORE.EXE 2628 IEXPLORE.EXE 2628 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2432 wrote to memory of 2628 2432 iexplore.exe 28 PID 2432 wrote to memory of 2628 2432 iexplore.exe 28 PID 2432 wrote to memory of 2628 2432 iexplore.exe 28 PID 2432 wrote to memory of 2628 2432 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91b5b15952446b78a489a645d37c11c6_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2432 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2432 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2628
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59210597f3079bca775893f211a9b71be
SHA1afefc380e48bf77f8484c7d9daf7ceae2d1e1821
SHA25690f8389f9e8240218cd0d5ac2e6e6860a409f2e979ed098668001e79cc519549
SHA512cd404ce12c4f6f4d7e4c96f7c93f0ca8fdd84051ab42c66418b41bc453474ac84128a93c48b8b2af4ec026474c2295f8444dfc2a04608ae77db85b96eb772440
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59dae8f1933574270061e69a79fe24d24
SHA1a1888e0dd49c5c878f20bb44a941d83a96e5cf4c
SHA25600846814f07320380ca533019a00409939ccec31ad2e12e1b4e05ef657123890
SHA51215d678c721a6572de599c0b8e19ab3603617250b8b497f09b4677997447b18fca029305450bf352c12cb581fdceb5ded6444c5f465debac87e32158e70ccbeee
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD589e008cef3d3188857708368ddbb9197
SHA14133e8ebad0a9f45f9ea54ce5a2e4b572f2b75e2
SHA256d2745c3845640844238ea50e7b66dd7b93f083ab1db790e2142b37293e194957
SHA512655f4434aa6681ebd2a004a6fbc5a93842e3ee5b565b247e502ba5a88f6f169d737c34d3f2f4872801590e6d157d12cf918e49eb6a6fd42003f416594715fe61
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56390f334bbd91a76dbcfd8a57591d1d5
SHA1a362c68486cbcce0a2237b838ffef905225656f9
SHA2569997c239b285d1c499055f3168e415f258219efcc0f81ec9735b538e6cf3e8ea
SHA5122817b44bbddf2e3176634e8e92ec517bc03b20f746bcca00fdf8ca5d5ad77f9d7afe1555f39ad1a4f248f4c67f729e10971886ec5901ebbf5eac904c0da316a4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51b5b573a7c768a30b39c646fe9bddfdd
SHA11aefd9a7a583b4c192a23afb9275f71e787cbb07
SHA2569200a04236f02dc72359ae1148ead85ed1d5361e3f4ecbed942fe82acba2fe43
SHA5127d0d99117eacda544c32c6491e91dfb0ec6c657eb9e6f91211925bea73ed0536a9a76b5207bee5575fe53a7de56782f46c4f45c6c2d014ed22153ac81916f6f2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD540cec453d2dcc0f047fb033c18bdcddb
SHA144ed462442e7e283a1a9656362331de0a2c4ceab
SHA256f7702eae49ce5ba24389f07a4c48b6ccbc7438482a642f0b364960e35f0dfa24
SHA512b9d88087e5ae309ef9c1d7dfee800079a580b7ff0c1b8dedecc98171cb1fa21b2081ddc69ca584b97bcc779815b84a33149570b1c7efd624cc06802907d24246
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55f3a0f0ba52df7bc64006100cb8eed80
SHA1c8ff597b8d18ee8869eb46b36a3f4dbd2f08f38e
SHA256eacf977558cf53d2310e4c069e98dd0145bbbc75d92b373ae599b9503626c7be
SHA5121da5570372968fcf2bb0772ac3617c299b1266379e9cb396d2f434d04198d778c901300c4b7d809682b269105a4fc471ea0d2928fa19544d44cb361375d43b0f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5680e569fc166a455ef929119eb347c66
SHA10a6cfe7c91e5b204a4172a4e2451df50e3d28dff
SHA256efe0022175dfcab070c26e6cc4b41e651d5d274282343410227265e8e76639f3
SHA51223a3d643029d37553b707fe03b3ca03564a4fcab8bb889722a2fa436f46c9b55951e8a2083e7c0025040fb6a8894f8dd9c6eb9216466ec5f434c78b071020981
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56a8d682225281313d6858887e1e1e07b
SHA1081856e20661e9f7d835ec8f224f097388a7fcf5
SHA25673317d46fa2af313a5ee40a01e6804d9438a583e9878574321ed20704f6703f4
SHA512d3b99049865b5f664e25d9f43958d9f44b073126d928356243581c1176348ea1843a7d398f33384e447aaecc7d8b23d08ca2beadda5ffac7a91fc5a935a07f54
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b