Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
03-06-2024 12:56
Static task
static1
Behavioral task
behavioral1
Sample
91ddaba7b4b55dfa3843d534c0417b5a_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
91ddaba7b4b55dfa3843d534c0417b5a_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
91ddaba7b4b55dfa3843d534c0417b5a_JaffaCakes118.html
-
Size
16KB
-
MD5
91ddaba7b4b55dfa3843d534c0417b5a
-
SHA1
1904f0c716b8aa9b2eff66508d4f797a01fee7a1
-
SHA256
25799857809a5075b66cc72d221b54127cce8ef7caae99535baeed0e3f3b003a
-
SHA512
ecddde43f21c2e99c3a32b6943f9d34272367d57422f5ffd7916b8d1316463659b320e279e671810ba1c6c58350707c3639362a916ed9659931967e93a27deb4
-
SSDEEP
384:X28H4dG3/i123OJ+HSBUSq9HI0/e2BMKDJ+lP0Du3BCa3bSD+8:Z4dP639o022CVb353eX
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B733CB71-21A8-11EF-BA8B-4EB079F7C2BA} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423581267" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 848 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 848 iexplore.exe 848 iexplore.exe 1780 IEXPLORE.EXE 1780 IEXPLORE.EXE 1780 IEXPLORE.EXE 1780 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 848 wrote to memory of 1780 848 iexplore.exe 28 PID 848 wrote to memory of 1780 848 iexplore.exe 28 PID 848 wrote to memory of 1780 848 iexplore.exe 28 PID 848 wrote to memory of 1780 848 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91ddaba7b4b55dfa3843d534c0417b5a_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:848 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:848 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1780
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5af09b2460f5081a3a9ed94b305f081c0
SHA19da3ce440cc46dbdd184e3714c72f1f1711c90c9
SHA256466417c1df73ff0a7c135db402b4e6023adc5ad4a5d433b3b6418796e6c1517a
SHA512caa070599cea6d3fd41b54bf9c6308a7c1a8df71419f97917f034c8d2d9bf33407f97b7c7cc2995513bd8559785b0d11f457db46b5284f0172d2770d0175ff7f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55bb814f7d4ff4e4b39b648c8ac32a71a
SHA191ef3f9fd9bc8b38d399f611bc5bdace06b1c0e4
SHA2564f71714285a9d7aa4d6b6e75975bcc2cfc4fb52fdee934d9013efcd587a039f8
SHA51239e3cf567af1724a3f68061973b6e5ae7cee6070bbf08f80a11c366fedc60e991df338a2fc5f706fa70bd05e0b13d41e9fc6822117f4ecd2946f574c4d722905
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dca933f3eeb191d139287218f8c0e1af
SHA1598ca2cfe1b3012806d83a8c3081f2c523fff7e4
SHA2567103d98bab26a41ec22d6e8622c1970600ee250b531f5f3d60c01e359f7a4810
SHA512d11f84546f279a66f2179aa16f1fc614f5d3ab705b666f8b31671d42a206446bdde5c37d5ca51fc5601b60a69e8b3452e30e47988e86fd8934f53fd6e854622b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5aef71cac657fa8cee6233f6d5ee3447e
SHA167da315b384ff178760478c981602f8e35cfef2f
SHA256663bab0bcea2820e1245470c35a2bea42c6e27d3c9cdad70d25d4ccc8dceaf00
SHA512eda0be01c5a1db0352e2c4488de37e8933829f75ea0e6daf80be10b5e5c24ec3fe8ce6043bacccc98ef9d689a3d5b480abebebcf1cbd00fd025b83547e037855
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54543016398cf3f1836c2081acd8ecad1
SHA10b60928adc0f267ab7a72660a1374ccbe206b3c8
SHA256d0566058e5ca5f1491d25d924ad09baf0f25122dbb41fb47b4225cf2cc020403
SHA5123bca86345cd7df1e198725503e57e4c5e7834bf7a025e1bc751ccffdcb224d5aea92af3b1ace2c65416e1418f3a77bb43b1cccc9753b639cd44106bbe8db7268
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD551570d2448247ab365c088615c002e93
SHA12c2f9f4f9d082ba35d3585c1d08b3cf04cabe093
SHA256d9b0f8b89f594b3deab0a9d43f09d4fde36b67cd1f43bb11ee7577c073bd8f25
SHA51277fa71b139049d659e21e2b9a5938c1ef384c0b7e00441f110c6b99974abec6c512b5393a90d177a63f4e5459681f3d0a645c6b32e7bde9082b2bc17c022b2d0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bfd734e3c780a779b346258b462741f3
SHA1ea387572b8e86b87617d0a79c4b475ec21c093fd
SHA2569b64dc3772fbe6ba6b20d57e08878af3828606ec14481b1b2a067250db3bcecb
SHA51275278bdbe99d6017d3220de1da1c457f578c19be28efc2c98fc355222ad2819affe3af7362582eaf15b4d87803d02972db0730d84fe65211cccd442eacc3c8cb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55732ecf8cd1885d9c2dcd78e19ac7b3f
SHA1e83b7fa0407c9cb1ecd0d4850e98756cf12eb091
SHA25694e8054d33f87a06e20eceedb2ce6c4f5b4c11f9fb1f0219707ae52f04b3b2da
SHA512d10db2277f31aaf4249d4f79075b125f325f8eca5015f4afe70684ff7c87e8a2799f8f5f98e8ecdba82c22b596d5b61d45c207d1404cf2a0a31068d4b346ab33
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51370c4631c2bcc3f9b5e362cae051c66
SHA10813df3e4b1496f07467e796825af31fbb496fe0
SHA2565384b87776b05c114276a56e2afa41ac1f3421fd027d817ddf9617da23615a38
SHA5128698fc31be3dbb7514aa2b07fe51b6c721ada91af23db2e6dff230394313a2e4b4085485e6a3e0ef4d4ce99af384a73501c6fa1f9e390f6d940d30d7e69c1509
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b