Analysis
-
max time kernel
134s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
03-06-2024 13:18
Static task
static1
Behavioral task
behavioral1
Sample
91ecbaca7904162dc6dcea8829df168c_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
91ecbaca7904162dc6dcea8829df168c_JaffaCakes118.html
Resource
win10v2004-20240226-en
General
-
Target
91ecbaca7904162dc6dcea8829df168c_JaffaCakes118.html
-
Size
27KB
-
MD5
91ecbaca7904162dc6dcea8829df168c
-
SHA1
20d5d87ce36cc681b8f44ccdf8f2bcd398eab5da
-
SHA256
62b8843ca2fc1621e982507cfaa281a2c91fbf02f9cbdc9c30ede9115ba05112
-
SHA512
f12c2a0a0cd96a79558416793dcba73bec186134359de7d2847055110ef7a5059ce7c66451d564382fb30a997b02172cffe8b01598ad55d508077f5a4114f2d0
-
SSDEEP
384:WBDuaFyELCxzNlM/445+qYQ/xMz2H2WqARZHJ81VNP6K3O2H2KNnFK5OnsOVSNqj:vSs8SLhV
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423582581" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C69F0FE1-21AB-11EF-A6D5-5A791E92BC44} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2236 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2236 iexplore.exe 2236 iexplore.exe 2240 IEXPLORE.EXE 2240 IEXPLORE.EXE 2240 IEXPLORE.EXE 2240 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2236 wrote to memory of 2240 2236 iexplore.exe 28 PID 2236 wrote to memory of 2240 2236 iexplore.exe 28 PID 2236 wrote to memory of 2240 2236 iexplore.exe 28 PID 2236 wrote to memory of 2240 2236 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91ecbaca7904162dc6dcea8829df168c_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2236 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2236 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2240
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5640dbe850de4fc26814eda0d804ffff9
SHA16cd221dbde547ff0e22048a007f012fde26961b4
SHA2560f0b92876989351553c4bd77f77e468c9f9602fc0558c831d65eadeaf99498b1
SHA51246e5cd2dd97fbe622fa7d934c952b2a6a4ee8bfa8f131d751a7bc005940a3418919b11803871097d510f55c4437863e26fcd70f026025d09c6e7b76cb9034023
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5545c2829541f306695f5733e28373761
SHA145b7d133bfd2f77adc5b9a4b85081175efb167b6
SHA256d69406ccd4246bbd69889561c01eb7f355060f5888dbd8932e813f53d2d460db
SHA51289e8ce297da7174e3378abff026ec24b44d9915fa4035765c93235b36840b4acbc013e814298bb2a9b7b26088628a32f02fa03bd78f56e1b074c8eb7c40bf21a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD590261927cfc9ab5ae15e1abd67c285f2
SHA1e33228ae9d74a5dd427526112e504b271bcb6857
SHA25658511f1e67898147be429d7440b782d3f2c951b80ea53a673dd838fec60178eb
SHA5125257a7109b59d7d21ae39c9f8544dd5ee69937a92d48df21f8f9b19e722ac2e78eb1aba2359975c3d24b61b6878e8bc9be8d7db52463d4a47e4a930f90eb337d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b61578a866c63a1e4ec845e750a5e2aa
SHA10841bec89486ee93c3bb087d275c667aa2baab74
SHA25616aff5b1e70d86ab7dce605d563235d4d87d2ed15b6c2b5ec2b3c5e9c8f0b37c
SHA5124e3c0fe03c29787351a64840fb219424dcc79a2d7c63c53ca31825d037c262de3aba43ca1706a4330b005943a1278b37db6a39cdc6d2e5d0d2ec360a4df1a0e7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5539e878414a75569ff0f2168f0fe817f
SHA1bb88ea3af63538416191e61eafbf496dd30f19fc
SHA2560fc5d080f080d9eb2114bcc899a48608d2ba67a0ecdbc8a4739362bb865b5827
SHA512fff097cdd677768aaa16d037b55c790da0fdecb4adad5de09105738dbaca9646735b33042801a31e1f2aff377e98bfd3906de5e2110fbc56354c12f8ce31839f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c5f76dba6504f7fc28d116b9959c656f
SHA1b2578fbb5a4fc441f26aa10bda8346b7799ed3f0
SHA2564954f72637ee62f14a36398f6e47dcaf2016cae3db894a15aae0c6f69743ffdc
SHA5123803469d3ccae7edb3810fb3dda2ed4b6dfb099cb367ac617f54a0e6973e2237267f44c15b0034afa6af72b37133581fc42744b88fd3743f74d369b6efeb5946
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d73fde96dd3d7c4cb95ece28218f6bf4
SHA1659a324c160861eea3628aaed94d30e4534a0d32
SHA256f416792966c8deb480c5b342186159a304092484e857c281023e6abcc39b973b
SHA51255bd72ace4df51ea2354d11dbd98d5598eae40d188fc3386ef318885c80cd9b05e8c4fc8cb0f27f4b88fe962999240308da287b9f46e30a94dc15e422d1d3ec8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56181ac6307e3f13bd952f241abfb8d03
SHA1d510db8584dec098075e75abe54eaa5939fb6cb4
SHA256d44573b4aebbb2c38918f6e3ec22d12b34323a7f47581d83b2414427581f382b
SHA51255e08b866b044ff8a546fe1713ccb21d120d6628dd69d81721c73c7772cb309a71658e9cab492f52c488c19825fe21e4fb30d3a728e225761225d169e86f6990
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53c9e3a23fc72df97170018d31f53283e
SHA195a7b1f342b5439903c24b28e55dbc51c4867cc5
SHA2563161b8732e46e7583c21a854f372fadd0b855ce5f718cc4c686544896e1789bd
SHA512514da9567f24cadf984a851e917e4a44e6852c13f3c87cf301e471f5ae6791edc7951461160034b9737569420b28b1e3eacd89a1d7df945d9ca77bc294d62f05
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b