Analysis
-
max time kernel
148s -
max time network
138s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
03-06-2024 13:07
Static task
static1
Behavioral task
behavioral1
Sample
91e48006017689ad5e3989031d1645d3_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
91e48006017689ad5e3989031d1645d3_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
91e48006017689ad5e3989031d1645d3_JaffaCakes118.html
-
Size
214KB
-
MD5
91e48006017689ad5e3989031d1645d3
-
SHA1
8c4a31dd5e6ec2c322f3376ad34e34be6ced1aaa
-
SHA256
f8744c19909331d9f8d8c49160f1d2a31e0aee6c03f781517fbd5a853013c46a
-
SHA512
8cedf9bf6108e37c09bef4cdb74987ce306cce81a87a4f8e67e65aef5ea01d7ca1d735cca36cc8388bc98d2848ceb83d4c3ca09d9865be00b0bef61e975615b3
-
SSDEEP
3072:NrhB9CyHxX7Be7iAvtLPbAwuBNKifXTJb:xz9VxLY7iAVLTBQJlb
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3FFFC391-21AA-11EF-9907-E698D2733004} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423581925" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2016 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2016 iexplore.exe 2016 iexplore.exe 3012 IEXPLORE.EXE 3012 IEXPLORE.EXE 3012 IEXPLORE.EXE 3012 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2016 wrote to memory of 3012 2016 iexplore.exe 28 PID 2016 wrote to memory of 3012 2016 iexplore.exe 28 PID 2016 wrote to memory of 3012 2016 iexplore.exe 28 PID 2016 wrote to memory of 3012 2016 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91e48006017689ad5e3989031d1645d3_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2016 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2016 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3012
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d87bae7f550556476ca8380e3489797e
SHA1989b01007179017ff785cf72005b712479b72ea7
SHA256dfb4b8b9211ca333f02018d924cb72e7ccb71373516124086e9e56318731dffc
SHA512737b6898b809ed743c6b5c946ab9a31ab3a4fe158be15e030cf39b842cd7d5b3c00b936b0750b2f27f85e0b302df3bd595ba4957c4327ace1b3b1ff84d1c8adb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57310ade577e01d3a02ea376905f892e3
SHA13220cd047fcea4272c76feabaa6f304a5fc6f091
SHA2569d498baa990f1af2b5a647058e68212fffb833aa6211c659630b82d019d47cd8
SHA512380fe7b4acd94bfba0699d1167613271e57fb43840264f3a8c709d00713c2edc0d65de5698ea9b87afd7beeb305e0cb54efdec978ba2cdcd1cb63e894aa09b1e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54385a8dd41699114dd84a79793d39055
SHA10288cddedcfd370c580a966a11bff5b94197681e
SHA256404a0ab2b8b4952bc042909c903cbdf04f76ac9081fe2e7a4f8551b5cb83c754
SHA512a69f00aa2efad3a32d2c61899929201e1c751425d3dd30a7c5bca35b32fd05f0e0aafef9d02aeb6ea7bfa1dbab65e63c8ade9616a0aa823e7c768f2d7a635900
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD592fe2f67ee9d7af37eb5c9212bde13d2
SHA15cf652b911cd20ea16e264419dc8f2992694585f
SHA2565507df5bf6e4683a94f21769f603bd8de0138e3eee806f9c0476a8385e66c6d5
SHA512a72ccf8ba5b5bd0e460dfe18be34a8be6ae15489c78285a51cd5be4c7d7e0cd43ab5be188ed0b5a0da81f94ca12ff9f739940026de4a954d373c847abc17828b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cc9d3848d07de52d5ac2ce0fc592e405
SHA18cca658a72c6820eaf0cdef262185dfdef2c9f0b
SHA256a09364c4bb6d716ba67d52954927e7328ef503333157458e943c9dd721eca43d
SHA512776ed79486444ed3f4f09c88ce4f0ebd11932ea3c9e06a55023a6f2c98f10d6bb8cc5a55e0f611d74cba431ad855a1f171521071f8ae0bf6e889f527b89723cb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5038525373b29f92d7d71e3554215ad9c
SHA183eefb8ee2b580e4103471ee9ae26d6ce733fedb
SHA2562d4a42214498a247fc25c93922adf2e8c3684d401c21623e572dafd56465c7d9
SHA512bbcca35b86edbb5fd1b46907f8718e6d11bd97315e2ad2d268fc96d4d78f33a374cad768d912f34e96a8bf46afbb7f171f3ab70c6fd06b05aa68297632799b9d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58862ae24bbaf1788ec31eab1a97703bc
SHA1e5b351000919cff1d758afecead81388129f754a
SHA256a238ea9703c498ea3dbed66921d896425171a9b40e92ef219179c7157b9de905
SHA512e6188488f95689df96766dee437f7669d9d48baf9d568a8752c5262e3a2a9e1467361078c548a3ef66328d6e398044a3e27f2fc836013f32337cbdc683cc7e33
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5077f16e9fea5df8299de6f922d6c12aa
SHA1d5654204707da8c1920fe07918fdd28cf06ba4b4
SHA256aa7e5f05f61b76ef021c720de46ed777a1d6c1d9aec29b3b7471d0f9d03d9232
SHA5127139868fce8fb8e01563bd63d1c1cfeaa27ce3afc8e97ef2789d5a4dcac0c1afef162670c5765ffec5b9758d7b8d60d76d70fa41d0c6e5a5a64f8b3f96e50da3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c32b80fd7ea10f81474cd5f1a835ae6c
SHA140dd2a4866ec249d597cd7e3a4e0b55c2966d8a6
SHA2564bc42be1feb22d18eb87a6f9fa17f6870b03a45bdb43b9075ed09e948b1eeadf
SHA5126f83270d29009758fc28c36b351f777b48606136200e3db1d16c3b641f657eb961b4fcc5cf8fe87288ecbb580fec9b375c3fc2cf696c4afab978cc708421d814
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cf2a935ada94d1220c40f2ed9bebc2b9
SHA14ef17ffd8b1e85db7e5f3c18ef29c21b1330b656
SHA25633dc3437296aa6a570f18b144a22f85c5a44a5f057caa8687a1739ab88d3849b
SHA512d671502ad59e9ce8bf5b48f75a587bf089c8b2266b8406088ee6e7873476dd19fa4ca022ae1fb9b91b4bf961204762a4ec64487aaa3123744307db821d209f19
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b