Analysis
-
max time kernel
150s -
max time network
144s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
03-06-2024 13:22
Static task
static1
Behavioral task
behavioral1
Sample
91efaabf5647bb4778d79a899a925548_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
91efaabf5647bb4778d79a899a925548_JaffaCakes118.html
Resource
win10v2004-20240226-en
General
-
Target
91efaabf5647bb4778d79a899a925548_JaffaCakes118.html
-
Size
36KB
-
MD5
91efaabf5647bb4778d79a899a925548
-
SHA1
1566ebeb4d76572bd12644a5df2ad6f6e129165c
-
SHA256
0f8b3d3a8185d85e66b79b3a0e5aa427e238c0aafe2cfd85acf3760afb44224c
-
SHA512
be24b3660ac7821d1876f6664342a8360992a4e665aa65a3f68c1341302d3d37c232ba34158bcb8606a62770c3e3d21b04e31708b2aa0c4ed0774e8661a7099e
-
SSDEEP
768:6VfewxgUyCCB5Axfm12uI09zl2PJNXYmLJfyi:6VfewxgUyxBOxO12uI09zl2PJNXYmLJp
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423582796" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{46749E11-21AC-11EF-84CA-6E6327E9C5D7} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 640 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 640 iexplore.exe 640 iexplore.exe 2860 IEXPLORE.EXE 2860 IEXPLORE.EXE 2860 IEXPLORE.EXE 2860 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 640 wrote to memory of 2860 640 iexplore.exe 28 PID 640 wrote to memory of 2860 640 iexplore.exe 28 PID 640 wrote to memory of 2860 640 iexplore.exe 28 PID 640 wrote to memory of 2860 640 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91efaabf5647bb4778d79a899a925548_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:640 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:640 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2860
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f2bad80699458545bb6bec961cc3d33d
SHA1407bd0b3bf2e6bb032e6f3a90686df55d6d522cd
SHA256886b17d4b77dba598685c7749fff9e4529eccd7e5870774f62dfcc098daecaf7
SHA5121097540ff39f5a2e50a66a425aeba323ffa02e4dde213f5b5811b3a9c8a3cef913daa59c96328a56885579477a5feadc7389580fa0b995b23f5c8c1eb0a39ebc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD569a6380b4a59a6158a6f9f252e6a3613
SHA155da03a8f36f42f560200ca81d0ff58c5dc1dad2
SHA256869fd893969beaaa2b5bb471ba8fe05c637c2e682a39b4b209f1842c31ca02fa
SHA512bcee5c2de7b301eb77b821e23afc44cf5a622e289875b80b6ecbed545730860699dd0b77cf97f982b33d509d22fcf09c2b29b6a5d4d51d7771e479ae04348f1a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5540e6e837c6bea659dbad6e2f04fae86
SHA18e6cc6ee8b85b09743778f78e1d351e3633591ad
SHA256513a6a4b1c298bc7c2dab97d408ca6035473744760d4b0a57efab66024ebe794
SHA512af1e4b3e0c5808205704a878b252657a098edf0bbd73c0532dc2c938794ae61fdcb8d966e88041496e04205f9f1eda7fb6fa3468a28c8138e58886b793fadabe
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55e8713c0f48425521f2b83b2c3492411
SHA1f947d159837390c2abbec1d3719ce9d44956f5b8
SHA2561f9b63d8f6f1bb4fc83b86df57dc06f0f5b1484d372aa871807820fffec89bc2
SHA5121b6076fc24099c2df629ebfd7b94b2ad8871680434022806c3f3c500d75da0397c36d136a210441e19309897b84627db220ddcf8d9bfed19447aa1462332ef18
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d2aa73e433abe35a2721fc7a4af5a341
SHA1a9af8c49248727a261f1966bb62e9eed547143aa
SHA256156ad730199f0867a934b32a5bedcf500acc9a005ddcd050d248b706d1a1f879
SHA512e5a69cf4f5ac618397830065f2f113fbdfce501430baba8e9e967219973ee86e25b10c57c01f7bc8a6ba6a4e94e31a3bbf26f4d45a048fd82631db9f91c77d8e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD563cadab9e18f8c76efadcdb035d4611c
SHA1b92e30829c52f467768907da50dd1dc74b32db50
SHA25636c894daa3460f8810d2eec2c72a4ee781f6e4489ff61c7b81a2f92e083d6e1e
SHA512a1fd959a70210c9ee3bd8a8de7de79dc5db5e197be4426e735d64aac8c88ee62287ba48a6df37b075c80bd686d01b74f000c0916fcf0217ad6c1c961e8009b31
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD525b5ec48f0b568f4fd9e40ada3a64eaa
SHA1537945ebaf7636daa5d66b15486f952dd1db767e
SHA2561814fe019a234498d253b8c4a1d24fb8f7831cf293a3d8c23e6040e226a389d6
SHA512540de7603a2f46ff8d5e0c017da277df7f0f5fadfbde42ee414a3e73e22941e9b42d8b4954d7cf77e876cd0dabbcc0c76d31ed238868d4917305e43651feb449
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f1a17a57f05f22e11f4efd45a84a58bd
SHA1def4e427e37c24849655e4761a1a327669f8742e
SHA25666ce978a655eae368d56f40a22b846ba3b20cb4dd676ae27fc2ba6e5828d73d5
SHA512da394c2a863729d1d51185cdd442d8a593186a1a47bec97f6e01895e0ecc7448832eab3650d75de9c4e9581e99c8c890a46ff6fb756a26a6dcc41a4e3a268a10
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD560bb9175ebae57ba6f54129fd88ebb35
SHA1926fe88b611624e420ad30a72d4424242ad88037
SHA256bb6e967071e76612b09f0a73eb58bb71e0d8029c9d8492f08d80cc80454862e4
SHA5127c0463d94260988179b840c0899785743a903901d6c87dd0e80dd162607fd6381558af678d1bd622c44c1a300548445e6985d2fb9c7f5a376564d22099161c17
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b