Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
03-06-2024 13:24
Static task
static1
Behavioral task
behavioral1
Sample
91f138ac6a00741e8cd7a2520c35769b_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
91f138ac6a00741e8cd7a2520c35769b_JaffaCakes118.html
Resource
win10v2004-20240226-en
General
-
Target
91f138ac6a00741e8cd7a2520c35769b_JaffaCakes118.html
-
Size
26KB
-
MD5
91f138ac6a00741e8cd7a2520c35769b
-
SHA1
bf898f7b9a7ea6fe703c7e2ee82e0a70e28ee223
-
SHA256
423d119a196ffbd6d33657571e9f88eacd3ca9abf2cbcd3df4fc61ead389a428
-
SHA512
1c0aea80e9f4618d41741717e3aba081b562d82b7a98d856a8bdad6312c53ec94df7872953f437ece25d992248b848f65315da40f97467b639382812ef45532f
-
SSDEEP
192:uq+/L0b5nimnQjxn5Q/hnQieENncnQOkEntX3nQTbnZnQuCJVevo7NtnFo+NzQ49:nsQ/Dygccu++
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423582959" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A8491CB1-21AC-11EF-B0F7-6EC840ECE01E} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2008 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2008 iexplore.exe 2008 iexplore.exe 2204 IEXPLORE.EXE 2204 IEXPLORE.EXE 2204 IEXPLORE.EXE 2204 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2008 wrote to memory of 2204 2008 iexplore.exe 28 PID 2008 wrote to memory of 2204 2008 iexplore.exe 28 PID 2008 wrote to memory of 2204 2008 iexplore.exe 28 PID 2008 wrote to memory of 2204 2008 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91f138ac6a00741e8cd7a2520c35769b_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2008 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2008 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2204
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54919ff5f6e3f52c90b67a588db21597c
SHA11ab09b8dd0f178193cb6b8c9d978295fd861c6bf
SHA256899d70e548749dbaef2ec3cdc855bec91ab3005b10dc401b6337c8abdee40215
SHA51222f7ab398e9e6a2d9adf094204d9d1d4e5a348eea7f2e81158fc12d318727bc97c992dcece621a11354446a834f2aa5075edb5c195e44d89b52ca9b34a9de967
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5698b24c16e02059bb768fe5146bcd77f
SHA1a02ed9184b90eb8f2720d98d2cab8c7eaface7d7
SHA256118f749dc8977bac4cfb9358d043ecdd2421a117ba2fa6925e49ad21d7fd1d1b
SHA512726784a01b73ed0e3c7e56f9cbaf20e6d6ea94d0520e748f7f3cacf3e186e8e7c5412988b8185169a9a7043086c991b1f35caf7fbe802fa99a4da2091a5d85d5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5096fd24d56608e110254b5046d0073d4
SHA12966c1b42d27603634808c8bf14ffd7c44e1a6a8
SHA2566356d201e2d007fe0d061c5de0f389786de886c59c13fc21ba277a4f43762f8a
SHA512483b0d1e48e1e9f35e0d45e5fb0686313d04e47f03604252c3b9a38e4d1f9f6585e84d28d06bdd6c096ed43b3887b73893cfdbe37dad1732ca2b4e11796b0385
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a5b6fc5a36d171a8751ec30485192645
SHA1f23d195140731a48475bc5f5ef8cc7d250ffa248
SHA256f996c74c4ca106c603d6466eab9dcec2a1c300a255b7acecbace363e9b608c31
SHA512f194c7c3de1eda1fa6e0ce04dc048f4d29b65160c2cf04467cb886f4a0d6e4485e9912faba3a058209b2ada16a26fd619a6ff945904e15636714ad7cce36fbed
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD599e21c870cb0cdeafb5e8b9a8a79d2a7
SHA1ec111fff81b2a2582294856d9527597ba9432804
SHA256cb9fdf982b94417de67a6f0722d740c1d2ccbeb77e840bc8ec991152283430e1
SHA51277c42fc3d0470e6dc18241dda5ec1ffdf6b679b76bf30125c03bfd82447eb107e5d76f61493d9b3140c857f9bb1bf45e6276f942e744b2f5a6d4b64354fb3dff
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a6a85d1ae43ebc2ded89952e83f37953
SHA1813aa245d1e6ab7bef892568a47d48a9f4c50030
SHA256fffebf6cd023792a8928a22999930e9fe809917fc4cd8e28e696dbaf05fe3b13
SHA51230fbcde4d05c0a7e64a4ab330b98cb8f3446f8d846a68e4d3cea7bc713555a2ad4d7ea59d4800963c5c1051fb277ddc7538975ce13b2195ce137247dcde5a4e0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d4746ad2941ee0342ce4f7d47469674e
SHA12b6456436b2089b29a8089c307373da650cd1d6c
SHA2561d7e727ca7bac644ff000822b53393d7ec2f72470153e3d3cc35a3583c4295ab
SHA512e7996a472eafc209be2aafaebb5626ef92e3e14451cf4907ad42e68310c7e35031dcde7f0cee4e59db8695702ae02fe3949a4703d1a7398303aa08f27abbed27
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58661a87e960f0e3a7daee2956856b3d0
SHA1409947244771dbadb1e9d720999b1350b40c51fe
SHA2567e2c74ac2671d198c73a2c791a5755f7deea7e3fa023617f8af2f81fbffe2096
SHA512a08fcc85d5d68dd84aeb6ec8808b5991af5f73662d9d75ad561a0914478a21abf1cff5463fc7fdfce9dd1875bad3baa6622092e99d2e97e215c25d3d368f6d5d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f56f2a02108c605cfbf50142dac180d9
SHA1918b0959eaabcc76312448df3426b2e4a804bb81
SHA25626f9341ca1b1597ceb2b5ac76ef139808dcc77134a0209be0d4320abb6f9a6f8
SHA51291693bb9b4b5922c6c1d96bfe724041effe7cd22100a3f34ba3c885b88315d26cb8937bf6f9856f300746004467a9b60131fc7d3b246f82f33f6b89dd300984e
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b