Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
04-06-2024 05:12
Static task
static1
Behavioral task
behavioral1
Sample
93b57132fa5aaec293baca7e8a2eea89_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
93b57132fa5aaec293baca7e8a2eea89_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
93b57132fa5aaec293baca7e8a2eea89_JaffaCakes118.html
-
Size
28KB
-
MD5
93b57132fa5aaec293baca7e8a2eea89
-
SHA1
179ecf4478b4490ade92020ab9bd7d3085821bea
-
SHA256
f0be3dbdef52c2930e338ad2a4aee8f70465a0c1157cc746f29a267dd771d053
-
SHA512
b6c07b9ea7bb221d4f08cad0f2fd7a491f5cca82bcba043ddb410fbb706150e0af089bea278d741b1ad580590bc5f59ba48a8036c40f0243f9eed7c4dbf94bb8
-
SSDEEP
192:uwr8b5nOhYOnQjxn5Q/YnQieTNn88nQOkEntISnQTbn9nQ9ej/m6sv/zIBI5Ql7i:2Q/yM+hO/zIB9Sj
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{13D37DC1-2231-11EF-AB14-E299A69EE862} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423639833" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2612 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2612 iexplore.exe 2612 iexplore.exe 2332 IEXPLORE.EXE 2332 IEXPLORE.EXE 2332 IEXPLORE.EXE 2332 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2612 wrote to memory of 2332 2612 iexplore.exe 28 PID 2612 wrote to memory of 2332 2612 iexplore.exe 28 PID 2612 wrote to memory of 2332 2612 iexplore.exe 28 PID 2612 wrote to memory of 2332 2612 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\93b57132fa5aaec293baca7e8a2eea89_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2612 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2612 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2332
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59763db6f9137ffe21248a3da7239d6fb
SHA18be2cf914bbfa774792437813ee9bbeadd93c7ab
SHA2560c8c2a55e7906a9ddecc2ca67b6a67fadb24d42f88b6f4e86bdf457acba47237
SHA5124e109a080e2f3435c2fa17b1874dcb07b52fbdc58a400e40fed7ddd3f99dcab1a2b31e6b54875c32d831aa66d3634e25b5718e60a244521faeee13db7a01c973
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD535aa3d6c15961cb6a1eb1174f6ee7aeb
SHA1f78b0256bfcda9c4a705a4ee8d0cfef68cccf08f
SHA256b34c09afd250dd6b584c50575e644440d6a59c7765da74bf9600b1fab3b66e95
SHA5121b13252896790dc671ba6d2ad341ad058b4755f832d8f6701d3c9f15d8097c2a25b64df044dae192689272994c501ed6ede76f1f22211cb5f6931cb71867c89e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b8a56e1bb01d8658672663a3eb558649
SHA103214e7afda86429550e8dc96634555de4f5f0c2
SHA256e311bdcab852d97e5fd21ac3ba550e255113e08e9a9109fa6c1d465c68f5e8b4
SHA5120976a15ec9be8476872d438ddff549e4a6d16a293f9ec144a441b791b9a0460f8ef1b41eeee6786545acf43e955634ada04a8bf9ea1539b53afae55b6cdd7cf1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f7b4e84235c15e74f37ee1f22cdb9546
SHA16c09bb85e9ab9db3648e8724490a0ea319bc4180
SHA25612d5ea0ffd0d02cd516bef466b49b353b6024f8042fa6de47cd33d75690e285a
SHA512d21a17bc63653f5a938a47cc1ac810ab7012b7661a16184579645aaf464a19a3ce864c6fedc1ad67f9db95b88e42d0ece9801cab6115a7a63e73d6c18537f684
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bbc6d90e65cde8a46c10b9b317f5f09c
SHA13fc7c3263b8e5761725ecf3f2b3afed2e7af3a1d
SHA256d9113eae57a24e7e911a262e662aed5f2c56342d5bd243311a1ef76927948636
SHA5120386fc94586a487aa51a53e7d4f78f8e3e5bb22166185a7e3b3bc0125fa479be3c8a9b1b04acc8bf0071441d81ee3fe1c0833c0655fef138333fe4eef3ef2895
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5236adf4ab7ec478e7070b7fadabdd3cd
SHA1c4e5f41127302580bd0ac8aa3e7eed6a450e7318
SHA256391f945b796d1fbf9059e4d3f6d14e4d87755f90bba0761df89b094865710543
SHA5127162de958f6cd75f9f285e406b10175a65dee8e544dafef9351881cae932baace27d1a6d270058d4d42699d2dc30bd6a5ff068f21ad58ceb42eb0ffb89d7bb89
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD586beb00069311b60cb24c3abca3f72f2
SHA18144f85b15a45c532157a4dc22ffdc0bf4d8e66f
SHA256ca4927a1f9ed710ee271baafa6603e584f2fcfc8d913445ef16f6d889ba249a0
SHA512da5d18e06094d2eaf3f004a7230a3e0881d5bdb5cc5423122540a6ee9258623a31997afd355af439db9d2644b31c26877171a02b1839e7d831cbbe6a78edca5d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52485393cdbf2b53fce3e6f9af99df162
SHA1968de2682737484cedfc7f62b738b10277a17d7d
SHA25660e44e029df5f8e24ec999236ff1ea332a74ac0eaa6b39321b1ecdcd1d22b083
SHA5121fb6a0bbda83dda5f397308539f16caef081bbf600962b98ef2421a978d18c5a370dd1b1db62c47d7843bdc532d1b48b65637303d1051c8ddffc77f916da53d7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56c6c32ed92415bb0468293a0ccead65c
SHA153e9597055eaa9255cf17c852033b9237f9e7e9b
SHA256ff05909ed8553419cb0da72bb44e7fa80cc7de2de56264b2b5023290189c3f58
SHA512158058c9828df500bf941b81b96fb47036bd1204ae9a727ed08ea4c6d72ae812473ed8a42f64d9e3ad2b1b184b0b74724e8d7199303f8ac0fd9f584185dc04e1
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b