Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
03-06-2024 13:10
Static task
static1
Behavioral task
behavioral1
Sample
91e6d4d47d330697cafcb37fff930ba8_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
91e6d4d47d330697cafcb37fff930ba8_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
91e6d4d47d330697cafcb37fff930ba8_JaffaCakes118.html
-
Size
30KB
-
MD5
91e6d4d47d330697cafcb37fff930ba8
-
SHA1
d4a638cf0b2319ae2342196f41b742a3da773d43
-
SHA256
f24399039422c3406f867e983e438fae4c389f6e5a7931f223bf98e01e5513c0
-
SHA512
b2e848c7c717f852a868538ba72dd473627599c69bf9a85dc8566c128b722f2174b3c97a55403b353d202e387420fcc4cc6a11f958dcef6e27e599dfb4cebf5a
-
SSDEEP
768:D5JymeR1NBS/PYpOKXi3GrWw3AxYpJxc7dnk7udv5f04A:D5JymeR1NBS/PYpOKXi3GrWw3AAc7dnY
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A7A72A11-21AA-11EF-8A73-D2C28B9FE739} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423582100" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3028 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 3028 iexplore.exe 3028 iexplore.exe 2436 IEXPLORE.EXE 2436 IEXPLORE.EXE 2436 IEXPLORE.EXE 2436 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3028 wrote to memory of 2436 3028 iexplore.exe 28 PID 3028 wrote to memory of 2436 3028 iexplore.exe 28 PID 3028 wrote to memory of 2436 3028 iexplore.exe 28 PID 3028 wrote to memory of 2436 3028 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91e6d4d47d330697cafcb37fff930ba8_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3028 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3028 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2436
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD571689a57e0aa02ae0b97e58b0ac178da
SHA127a819597dfa795c9eee23e8497eb39bd5a0d1a7
SHA256e4268a254c3215d8d71b97de7b1fad109e851bf4367b67910bdb7df6b17dae94
SHA512faa99a89f97b11ddec0afe22dd69928bc6c16e84e131925b653bd26dadc0dfb76f59200681686c7410f29f8211187346e48f98e7b943f6bada20c4442056c553
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD597e902addee2163d6bc7eaf1d6fe4b06
SHA1e940ae3e00fa0ef1381475596960a257271135b7
SHA256bc0e63b4f760599ed5662204405984db187a6f6eacc818de9df177cd5a5acff4
SHA512847d6dcfb05b189eaf03aae1bc4b48a98c127eea894ce39da2f419776198c11cb41b3804741ab91b50631a1b7676a1ab3f5c38be69d85d23aced013e64339466
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50e990d2a29ff6b06f7a1ed6f8d9f61bc
SHA1abe47c0beb60470c1bf3eb3f937820611547810e
SHA256d5cea8c99fd77d025df9b0fda84a1dc229aa3a749c23d3b26dd32b4b00f372f8
SHA5121a0b20c1d20bb912c6c304da87cf8598593c28b2a5a4767a33e69a9cb3139dc3668f75972be29890ae8592f43257e96cc0c76ff105d541acf585e4349c605c4d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c31a8503fcf59a7d6af558b24c5f716d
SHA1f8a08d7bc4785dc1791cece30697578264c4afec
SHA256f54f144e8a6e53d176fa6368a963c5b42638076e189696d66c08dec7cf85594d
SHA512e26e5759d474409c1fe9d8931a8f94e4a3e221ede1012564509164ca27e329e1ca1627e43cf7360718f86baa505e6caf5652532731e5282cf9e7a3a9d4e6d02d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cf5f02a227472c557f3ca6fad9e0d9c9
SHA192b601e915c8a4b98e46df4c11e7a3a385cdd804
SHA256c9622f46dc8461d7172db3851666613920d4850a0172c87216586cc95082719d
SHA51258a3c10cff1af62f436872cd2726131c0cf9749ec429664ad94f61794e3516834a89388e79cee6229cb84d65d0cb67274d1e10167506a4420f69a2f689ccfab8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD556c644d1e78a7a716d85de2b1f4cd106
SHA1e48a2b5e8fcf017bce25d4d3c5554c264a762206
SHA256712ad755306e3771aa20cb1f175dd16ac1099204644f01832d451d07a0dba5e2
SHA512a33748e0607deb01bcc8fb836effc6a9b81abcf74891c963ee1d211cd7fbe50eb8bd8b0f0af51e33856fadc7522c6ff5cd11a99b68ef393012a193c6da3b8439
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5effbf1db0a18d861bba909bf4da8db54
SHA10d404211bd8b8951b6a22412c70f5299e46a402d
SHA256c00be08fb80d5d5f66b62444553dc588058f32576eb557f1d7ebaa7e7321344c
SHA5129df093016fc5fafef0d884ee558257798ebf4ebd723f392b30769c59c0cfffe1c3d412a963eb4f36f1e542f725567437a8bf15ee88bc7bc44b0706cce8a6c557
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD550acf336bea1180371101bdd74038859
SHA18c6523ef2a53e4216e4fe4ea124be3418d0430e1
SHA256ced771a835c677d1a56a5ca3f343127a03c5e004d49efbcd24e32232597cf28d
SHA512ed25dc1b57715c74f90434f39b0aa5e33ff340f6a59890928a8b0b0d58cad438213435edb72449cd48639919066168e61b6b278aabf774092d3b1a7e2aad293e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD592c18215dda280d1614e153edca98f47
SHA15b269c224ada45bb2fd28fe6266e6c1e0bf3ba3f
SHA25614e14e32b23302eeb5d12523b0ca8f8f747f689fc929d5419484fe34baaadb6e
SHA5129d4bd1bff74a8bbf0ed64fc73e9c827453d99c9d26b1ab2c3db97b1a72d38781060bbbd3aa6882204015d09ba579d0f0c5c2785751665b3ee74cdc78e4966335
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD580658cf30204b8fddb25b2aa32831fe6
SHA1a9728f4bd5da9e981a14d2c8fcda75801ce844a2
SHA25607b013239356797a5ec04324693ac26af9a09c8926ac8dd95988e93b1b3b14c3
SHA512a9a186e4dc0b5e14ab5d8f555b3e01eebab16295e95df67f6c416521f3bedea25478ec4b112c97db1ad14b6db1da04497814049ef2a12a5e90e6a61cf31c9a31
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD568f4287750ddee0700206a2f15be90ce
SHA1ef4360e7d31d6f1e6db710575828ec5eef5faaac
SHA25654e7647b0e3a961fb1930b7d9c64a5eef47f945ebb32c78a684d613b8c09e780
SHA512e9f27bf6aafb219dab90a984d6c7ec1ac7bf761013f405f1b333b5539c0cbc0165dbaf1f9d1b89cc200f9d0c049520ee024211d5694ecf84808782e650241ced
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b