Analysis
-
max time kernel
77s -
max time network
142s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
05-06-2024 14:57
Static task
static1
Behavioral task
behavioral1
Sample
9873d6c29783f4e6b56b702a25a26cdc_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
9873d6c29783f4e6b56b702a25a26cdc_JaffaCakes118.html
Resource
win10v2004-20240226-en
General
-
Target
9873d6c29783f4e6b56b702a25a26cdc_JaffaCakes118.html
-
Size
15KB
-
MD5
9873d6c29783f4e6b56b702a25a26cdc
-
SHA1
5944882494b66c5ada31e58c69f2e0d92e5a54c3
-
SHA256
6b34eaffc5884cf5fcd6cede7ced881757329b4a6480af061bff3351db76bc24
-
SHA512
3a5baee04beeff5ef4b0ff9e814a539857f12b984f1a44370c1f798d15b5d87d4b6abe39da19f343c07d2a4fb55d63a69638d75afd9fc27655ec8d839f9eef1d
-
SSDEEP
384:9+X6Bl2ihokt9Szold/jIBwDRWPBMU3dwV2/pf5yGavns/oWRB5:2uz6kt9SElVjI3CO//pfNoWRB5
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423761329" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F51A7571-234B-11EF-B73D-E693E3B3207D} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2156 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2156 iexplore.exe 2156 iexplore.exe 2928 IEXPLORE.EXE 2928 IEXPLORE.EXE 2928 IEXPLORE.EXE 2928 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2156 wrote to memory of 2928 2156 iexplore.exe 28 PID 2156 wrote to memory of 2928 2156 iexplore.exe 28 PID 2156 wrote to memory of 2928 2156 iexplore.exe 28 PID 2156 wrote to memory of 2928 2156 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9873d6c29783f4e6b56b702a25a26cdc_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2156 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2156 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2928
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD532628aa8c4c0c3c6432fa521cf95932b
SHA187c7bef52afd1c026fbf9074ebd92b7b1e0a70af
SHA256c80b672f7f0fc310b8d97f137474f93783a99e5b962d045b05e1c8f6c85851ac
SHA512199633a1d35bbfa30cf61aeac9a7af09495656214c86ec7b1cef99d6088027d20c88201d8f191df55249c74b6b2e3b982bdb2c4d6b3a11708baf32850c1fb75c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c22d7af5fae7b7e1f1614dc012893315
SHA1675ebdd8bfb2f3de9f7f912f5e8c17668a02b0ae
SHA2560434f960641d054215466559c4ab9d190189a4cc25af51298669974889841c9a
SHA51241b790b191aabc240f916dffbacda07e2010b38ed21ae979ee35a79084da6f5209efe4a2ff4e65dd9898b8fa62907e4825bc624d46a434da9851205331bc12e6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5801217c95eae4137c68d7da61f9e6f19
SHA174cc54393356d3a9ea6806adbad1f0b8af536401
SHA2562a93d707ba04ae17c68ea6c1b569b0102c8b5c1dd5bca138d2bcfa5c7673347c
SHA5120c0318b3e5db015cca2b610378c39c426db3b44e93d3b6c05b73bda08d3f2bb71bed619ee0a385e34d88cbd719be258a8d64e9c9b8b081d47f1ffefaa4aa0356
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d963a5b6c8d0c4a4a3f14c4b53fe3683
SHA15a3b1666aa726628e67b19c9ecb47b0a9367228e
SHA256001ea57707fdf81c07c46bd5bd24151868d6e001449d6fc2771d6ef07695e4df
SHA512bb0e2311692fda57ae14d179d924d8f888a0a9fe73f8b2b1a9743cb1bddd5bcc3b1a7d5e0a142c1f00a3f96630426ae3413b3eec0b75545f9be5b876ad31bfbe
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59e7c847ff9dadfcb6618c89d99538371
SHA1ae2a16cccbba1678073061f9b4e8d4f0a440c3bf
SHA25680ec2a2a49acd2820d5cf2eedf17adde66ac7a9c98d0eb2fdbc0d83e4e709005
SHA512fb0ffd00ccbc8d020fc3ef5b0a1f55928fb9b63161308a8a96a5ad9345771fb3a7c76affb6ed0e528e9e3e704f3c3818de26659a49e63c2f40a1d158eb1ff53d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD589bfe4cffa8cc1eebb619e6502b65af1
SHA1404b373b1224f5b9c5d26aa2d6e6c4da86a6b790
SHA256f85c5ffd3ecb9aac81a272e6be52153c0d44ff0060501ef0f681e1512cbda356
SHA512c9a59a940f86400b3ab6f4ac7ad07fd3662f7ca310c5845922d603922e662e593a0b3ead6146dcc035949aa991f408f3ddedbcf33c71ff20fb331fbc06dd476d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58f2fca74e96b9e93ef5455dd686aa89e
SHA1b0e6e35407acdcce599f2e956e3702e70aeafc94
SHA256a15ee156525a4154da032be4ba187ae99a28545665e4b9aa5f1e5a0cbf452060
SHA5124d9f29326f796c9dd07fdc9adff1019e807a8abbd8694973945777a68dad94befdfcace0dbfe19ebe90b94694cdd65fff12defa6beaaa1f7a51c9091f838e868
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51feb936c4662fd581a04d9a84bf208d4
SHA1686cd4be7ec2b03dd4941261829523eb6db165a5
SHA25671f548fa41ac50804d9fa488f54c5f859d61b6f8971a23028f970972adb23a47
SHA5124dc40b206470a4342dcf6a2d6c13ddfc7bc8d66f1aa98aa89702921c1e38e752875b6ca397cbdd6b80d9beea2fd8a0705fad7765147027d48931c58d09127228
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD530b2505f604df5ae77ee7932b7fcea7d
SHA17139fcddaff8ec4bc5ea296d77b3924a79a02514
SHA2567b2d0c3c4aac6d66976471271801c2450e2fac4b60478a110300129b39c8aa67
SHA512f6f5277f0232642f6af9601d89dbcd6178a2074ff4e9d577ecdf4eb2e73615b697542c6228a7a0c428575442213c83995c694abe5ecc6bff279c3835b6c1e79c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50e8f71c0db7be20d21ed167154b2dda5
SHA14d995853acc2686ee09a3f21edce5a7faa9270f0
SHA2563da92822cc585333282f076114e26821ba4660142d5a725aec81e3f5dcbc38a6
SHA512479d60e1a98abb1dceddfbb170c595088de9f8908ce3c633d14d59795e8605b81ee09faa0b8a6e28c8fa8f2ef84b68e1dce2836767bb2a946cf082ab5675e155
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b55c28f94379b4389b13fa645626b039
SHA1c9cf41b4daabfa95e80c3795093a417edf6661cc
SHA256fe2026fc8ad5ec91b68ab2e75211686f2c57e408b3f308cbe2230db8c1e1c5ad
SHA512c21d721f6cbf15c9043e4dacd316d8f0fdf02c493618795ed3ae3e553481fff857cab620efc370f9aa2b18365158ff43bc8d4e5c18903759001e0f14005e7985
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c125c25676a009170e924ab1910822e1
SHA109dbbf8f8fcd5144088e20bbd8553fb82eb5094f
SHA2561d044c51ca751bedc35b42715ca08271f564802c942b0e968bb8676ddd68437e
SHA512911bef9ae8f0b82e4ff3b8a273d3f33e2430c83511e80a2589ed27f60a0f77e58d8be14fcdc0993c809ceaca8cf6966b78d2eb1f488e496e352eb886f3af52ba
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58ed1449e30d39ab2ddc73046e773f18d
SHA15abcc8944f38e15bdd7273999d8ed6fa3338ba30
SHA256c1b8707bddd31057bbbc10e8d2ff54f32e7c92a3e0a9d8c8b2f121853cfbdb1f
SHA5129c80837426f44a7f76f6a2c07bd62f867bfa7c0f7cc82dfa79733000ffcd9b7b2e83a4c809d2485deb4b334e8fc18459e43e83761f9c2b855195cb7c9b583e2b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b0892884bd9ada7beba25159d28e9657
SHA1ceba1a32f6f1d80c6d456d22dc771a7c4a9ec8a1
SHA256942de227aa24265a29c741978bb05d4f8db35fd2b58174c61cbdbf8214dc04f3
SHA512f4e6f69f511e21f7ab65abc12cbb124c43b5d6fe48af22c7c54a76b2368ba6918221bac0d59c4d6013858a95f1abfff81f4ad9ce56ace9c9220ea024af3d9c9b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54a201a94c49f9554b31213cd37286dbb
SHA1535f9c979f1eedd426cf0c75703fe4f5e2c2201d
SHA256fa40629810c72c317dc8376271cabe34003949246f93c5a37b1d5e6da7ec218d
SHA5122aa69625c3f39d86311134e9ee1ea433e146581751ad3bcfdb0ff0a18540c01d816de8c7146a983665a5c5d7a7db8612bb17838db29ca676dc5190725be162ce
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD570cf3fbac5b482b32db0925852568cd5
SHA156c492864d07e7aee6e2ccb90a1b5e5a03a1dbc5
SHA25620ad96dd471a28a0ae11614258ab58679886e4e1a7bbd35943515e4f7a9a4122
SHA51201b38816a7fa406da9719ea8a7a8ab1d94b7325d9b5aa92a1feefab041f70abd7d336b27024c8b7aaed2b55987cdc1274a165b5a0d6613f7d94fe629a9d59713
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b