Analysis
-
max time kernel
148s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
03-06-2024 13:10
Static task
static1
Behavioral task
behavioral1
Sample
91e6d3ff24fd017dd03486e3e6cc3ac8_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
91e6d3ff24fd017dd03486e3e6cc3ac8_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
91e6d3ff24fd017dd03486e3e6cc3ac8_JaffaCakes118.html
-
Size
21KB
-
MD5
91e6d3ff24fd017dd03486e3e6cc3ac8
-
SHA1
036b11b0868d3658503cb3e07006df0801927950
-
SHA256
e13aa2545d890d54ac2c85aa377499f1893c7a1dcbab0fac27fe2e08dd5875d7
-
SHA512
263ba1d6a33ba417371686959ccbf52dc83b5966f566bc3bec9e4a6d9ff3283beefaf812908372a3cc4cb8fdae8a791e01003919415303a80356aeb317d5ed80
-
SSDEEP
192:SIM3t0I5fo9cOQivXQWxZxdkVSoAIC4azUnjBhuQ82qDB8:SIMd0I5nO9HNsvuTxDB8
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423582094" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A4B912A1-21AA-11EF-AB01-4E87F544447C} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2056 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2056 iexplore.exe 2056 iexplore.exe 2904 IEXPLORE.EXE 2904 IEXPLORE.EXE 2904 IEXPLORE.EXE 2904 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2056 wrote to memory of 2904 2056 iexplore.exe 28 PID 2056 wrote to memory of 2904 2056 iexplore.exe 28 PID 2056 wrote to memory of 2904 2056 iexplore.exe 28 PID 2056 wrote to memory of 2904 2056 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91e6d3ff24fd017dd03486e3e6cc3ac8_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2056 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2056 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2904
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b6e3d1b27c65392012c46e7d33ab9a4b
SHA1c5326070847f6d699b1018f1a23a061c9a680f26
SHA25676f64e4c4e301f7dd450e4222ab804a05fcb9aa2d79740e153b97586b809aabf
SHA5129658fc7cd06b01b70664e4c388a7e70c9c86adafbddcb12762dba7b1b28fa9e7fbf7028c093ee176f66d1039d04c509e7b7cdb192ce619982b1a89a1f9996199
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD568780f2f9b56ef897de78e55d1d17cb8
SHA1e926f7e22c1f6df45ba64c260649d9517e51befe
SHA25686fd7b367d43028593d3fb357af5ef5533d667b1e2477a3b897d4d89a21e5fbc
SHA512ff056db773e64b45bdef497cb11639aed1fab964b5181469a61e68cf651ec9aebddedbde1ab878edf21a6464d279dfe780f68300cdecc517ccd8b5b276c24483
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e7329de1b1d40f66ff6b8602b484c9a3
SHA1718a78b37928fe10ab6a27ba311ef6d9f352dd5a
SHA256e5ca4b852dd9b1876ab7bdf691e8741dbf1fb71db64bd27c38c6d64b2747f18a
SHA512c07927b101d74d419e0fe8f28ce844a29e57496e8de18b1fe2b213ff2a6b4cdd4855c384021ee176e5e79d01c78dc6fc646fc43de7bf4a6ffb1cc87a36d609ea
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f35dc7d65f201e30951c524a562bc386
SHA14f08ffc5b81eb046151081c050f85b54ebe01090
SHA2564e3445b9a114abb2d7a87f0c01311c20216cde3532f4593ea4c6428354c9fec7
SHA5125157cef00375c41af2e127060f5c29b02b0bd84aca4430f564e7786cbf9d0660d0de0ff571127d17050e8d953f98d9cdabf5ffaa6506c24550ca32b03a33ca45
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD536e06fa5c553e992a1712c89286e165f
SHA18037546f0f83638990d5824d526a5a79c68d04d7
SHA256d9c53f3aa0c672552a2424820aa20414b7f6b54c247d8a2d9bfffef3868a5890
SHA5120e0440e5de2bf4ef114ed0d2d4d0e3c85700fa1b7c490272080dfd88636c4e84dfb0220034634686cf8d90dea97cb9e7a212634d5a3f01fa6c9bbaf3d5e581ee
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD504678057818720e2547ebcd722644a8f
SHA1d93483c4e3c12dc52f5b77104e2c51054aa1d1d5
SHA25686ebf62ffd6e0f2847b9418e53ebfd0ca99f973bab330c1052b9ae8d35392768
SHA5129dffeaeec51e100497738287b70da78a1f0e023b21237e44e2d821656001094323424ef85393d98bc9f219764e888a3a5392d081f5b1b22864f681c54f51eab0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55bb2b66201c687543217df82c2361103
SHA19c2dd22b1a22e20d7993de90f6f61d0327153a38
SHA256311b20d7bfcc1c64b24929a7708584aab630a5b932b42679e60126b63bbf7de4
SHA5121e07335211eb9a696a1aad1fd23772fad8be15590867e47aa495818f17ec40c2897e7f725b0ae272817dc980306f8d35a04ff632113bfde352c3da2e55d65c0a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD589b68b7d4ca5aba43d785d0aaae59890
SHA170c1e65f60af2b9b4f87d7e477fb227277c49b1f
SHA256fe29d5fff2f2b4adc026654460fa0aa5f37b03cfc5f56d55e1c0b839bc1258b0
SHA5123b30231a355c57f2c9d02cf64d54dff176ddee672a9c2a288c60c5bdb91317dba23bc5b64399f83ae4a420b7139afcdbc931ef30d25f6148ae93c58e0396e395
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e6ad149798f1c7b5fcfc1ecbb7bee7ad
SHA1a51d6c53ec373a8136c3bff48b5ea328d29d3653
SHA256544b4b8ea78177f9b1fc2f2f174a9f5716c6a4ab474b3ad87ca236f9d40110ff
SHA512fdf1b395baa95d725be0720f30689ed0d653e41989b6ea873b2d190b56d9aa2317692819b0e5e782dd76011e5972f4ca98c7ec358852079d6b0333ab49a27c9f
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b