Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
03-06-2024 12:00
Static task
static1
Behavioral task
behavioral1
Sample
91b5e9efcbee76d5eb2355d54280028f_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
91b5e9efcbee76d5eb2355d54280028f_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
91b5e9efcbee76d5eb2355d54280028f_JaffaCakes118.html
-
Size
24KB
-
MD5
91b5e9efcbee76d5eb2355d54280028f
-
SHA1
4e65b96f8b18d29a3b23a8389209ad9628ec86f3
-
SHA256
1a4e7927e8a36a4d254a7a4c89a7a691c1285218b713046f308f213598a8c5f5
-
SHA512
9c9eac4772b5a44192b5a117cb76fb70fc72bacaa5bdb75f6a27a03be3245eaaaea13202cb5e2df6f966fb77f74ad8dad2911f6626e061833018ee5a2a457293
-
SSDEEP
192:uqN7HRb5nW7unQjxn5Q/fnQieZNnZnQOkEntFYnQTbn75nQeCJVevo7NtIFo+Nzy:nIQ/6ygcnnBKu
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DC1A0741-21A0-11EF-A5A1-E299A69EE862} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423577892" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2120 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2120 iexplore.exe 2120 iexplore.exe 2748 IEXPLORE.EXE 2748 IEXPLORE.EXE 2748 IEXPLORE.EXE 2748 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2120 wrote to memory of 2748 2120 iexplore.exe 28 PID 2120 wrote to memory of 2748 2120 iexplore.exe 28 PID 2120 wrote to memory of 2748 2120 iexplore.exe 28 PID 2120 wrote to memory of 2748 2120 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91b5e9efcbee76d5eb2355d54280028f_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2120 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2120 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2748
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5370613806811e4701179f1c0ba8c0d2b
SHA1d1593fcaf94743a6b881257da5f15dad33b0e039
SHA2568b8ea9623651c20b6d83605ff8cfce1e1d9eb0c5fc9e1def80d3d6df2b8a0283
SHA5128bc7fdb79626d4aa50d21efe80d01671ecd3f5e33fc69faede66ba983d8cbfcb4cbec006669e0b7d4bfb3970c7b925faab51a53dd6f8601117f514522cf6bd06
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c39ae4cac710ceea4bc57b3935b544a0
SHA183e595930a420abe9bb662a14d14ab186ff8ce6c
SHA256ae396aea0feed603f1497e971a055c5cd05690b665eaf29abe548a5029c6d92e
SHA512d8bb29ab553da20cf5945f4c893d92b75651e345ce52a32944a73838e71cda4e826193fe245dfe9fbe609154666357e9cc1aa14625a30bbff38f61bbc1897f32
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e8d0a5b421d117f546d837fe9b836e4a
SHA1afd31428b4936e77c8fd17cb3b00dd522233709f
SHA2564751c899ef57a4a094dc7be81b6884bddfa02ab1504fe2d21ae28edd6bbfe640
SHA512fba1692cdee4b84535d2e2c58953dbd31c19c302569271577824037a84f28d8c280ee5bf0160f30ff9ced77eb34b9e7b8d44d70ab0eaff8dbbe86fc73c49f7c6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56cb138d6fcbd85c3109dc68d2808ede0
SHA146a3fdc356fb094960edf0c7be14cb9ba0654a5d
SHA2564c454fa3a2deb6c930f546844e32142fafc9ce900075e4ab64f70bbe127ae19d
SHA512122c276c0d68707b9c9c587f2789b0ed89cb5a849b1e139a4ff99559b37475efd9a082b0ccff389152cb25347ebb3026d500b4025ab1ef8b61c540186f079c52
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c6eb6a369558e32840a871a3c0fc3b66
SHA19c7c7596b670546e8a151075f9ae6be3034a7f90
SHA2564d31436cf54783a4c099a3b61a108a8bcf249bcd56794e7a09ff06c411afa15c
SHA51204456ec19ec2f48d506384fd5d678c7e9d63b050af5a6e5cf7b4190e89624aca0692d9cf0b598e6cc1fbb946dc7882b8d9b0249ea1f01fe5d9656efbec7ba78f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dee1970ee3f969a0ec64a783117de695
SHA1cca523df9413138995b6bc66b95e7917f554cee3
SHA25655665aa1b6b58303f0cdcd17991824502628744186b2f4884ea8875d89e3fb2e
SHA51234c661242633cff5179185f675169327e2e3861bc2075aa8aaf6b7223fccef5208a2a33ba2e568149989e73aa34b2ffa64ac3a95433117c2de0bd97fc133e01d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c0dbc210aa19798d20a9b997b463c176
SHA1e23806162631e04a5e0cfcc78ee49208123e43be
SHA256000b6b088cbbf385932131eda4153d4dbdd98a557b5dce59e06c241cffae078d
SHA5121134f030e883a66b1a0ada9b259a9ca098cc5cde760ed661c6ec1e45aa5e8e3f2ce4dd84a8e5c038e2285f7fe7d29e162eaad0173b03fa07b73e7e8e834221a2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bfb85804d5023aed6a0ff162640db141
SHA148e3b877aaf5190901e651c250b232e156617435
SHA2563da08d6f40ea4bc08da716bdc82be5a367d1bb019774194b645a99ca36dde431
SHA512e44dee521d1d1de0f352d60407bbbade2407d28fa35c3aceed261185d2962809c2d8eb0f236630a236cfc9eb7c2ef6fe5d5be810c62f51761fe5a41a56516791
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b