Analysis
-
max time kernel
151s -
max time network
157s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
11-06-2024 21:38
Static task
static1
Behavioral task
behavioral1
Sample
9f9d7eb42f5e9173a056de18f2123df0_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9f9d7eb42f5e9173a056de18f2123df0_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
9f9d7eb42f5e9173a056de18f2123df0_JaffaCakes118.html
-
Size
37KB
-
MD5
9f9d7eb42f5e9173a056de18f2123df0
-
SHA1
a3644d6afd9c3dda7747e8d83aaa3d5fc753d51c
-
SHA256
b5a5fa06daf3d9c1606835ea746ef11e97d549520f5a4324dcfc0a97b35e02fa
-
SHA512
626ac21a27c4d9d2deefd50d152412b499b9da8cf2da9a3868e707c1476d2d154ff9b387ddff6c6f35f089dc5f3d75f548b823ad56ecbb24f82699edc6041f6d
-
SSDEEP
384:DQ/ZAZkrGtEGxd5mPR7Lbe0UmL7upG27KW:AWNiR7Pe0UmsG0R
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424303813" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{02559F51-283B-11EF-9C59-EAAAC4CFEF2E} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1084 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1084 iexplore.exe 1084 iexplore.exe 2300 IEXPLORE.EXE 2300 IEXPLORE.EXE 2300 IEXPLORE.EXE 2300 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1084 wrote to memory of 2300 1084 iexplore.exe 28 PID 1084 wrote to memory of 2300 1084 iexplore.exe 28 PID 1084 wrote to memory of 2300 1084 iexplore.exe 28 PID 1084 wrote to memory of 2300 1084 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9f9d7eb42f5e9173a056de18f2123df0_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1084 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1084 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2300
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5928b6a0d5d869126282eee40afd3ac00
SHA10a0faefdbf7ca5efe83deecee4f927af873c3257
SHA2567df9fe763f0c57218cd77cd1973a12afc77248964f6ade215ab425819605ff97
SHA5127f76631eb5b8c0dd48a52739a35e528552f985f7b45fec882b9c71c78af8f5186802d7ace5139bb96b5a8087f0673f4c103f5f6fe3640c7299a24e788ea2a054
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50d7b7dcb506bcab8d9f5b6b03e927f38
SHA1e412b75a3ce489a44849e4b724cd8080a246e62e
SHA2564cab7e05fdd57bf93df5f0157efb4e371e27a4b6cf2b6ac4373097d2bf9bbf00
SHA51259892cc153a389816a7d925a145033104203833e8d18ba220b443f0c07ed52e676e44df10f413a09ecec2ca7dd67e3a720b8cf5c0b8a209502fb4a48ccdda44f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55eb66b88f4eee855d289163eadcf8630
SHA1e689d741baa0bd0fa0989fe15f9921a5689bf8ab
SHA256b625080007a1d6ea9e561065089eef7d32d93248e9e867d9f4f97e9b15cd987e
SHA512eaba8394ca55be4b998f7ae16df2cd81c57e23f0637a0c5142797d807cf4c844f062f449adb720f9036eb34b739a1420fde738e85e44d9fc7f566ec340d0fd50
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c8f7a744674085d62d4390c6db195aab
SHA1e917f46fc1b36e0f95c29cf7ef7f3c12e01f820f
SHA2568c3ee60e042dc2cf23c86dd3af62675d07d9b1eb585879bea2fc224a5ce1ea55
SHA5129d225fb7fd6626b0505290457126bc8e5d05f101eb10bec1630ba5340fc2a7040c723aa4fae95444baa2eed3668828642c26886b13d650eb76f5e91aba30c263
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b46348fd68ffe8626f6a10c4f76e0034
SHA1a6d31c005dde40bfbd30c0da203a3abc11961c1b
SHA2565dae7e0cd2c9f5c869bd344501171cf00956d094be47507eee95eb7c9aaf5ae2
SHA512fce583b67f27eb62252b2cb7b371d4dd1bdefe6220840548ee1e393b2ab13d47a3533a86ecb87d40bc46c7406efcfb943696cd1bcb679e400ba4e5d19026b58e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57beb65bff61c6cef688841b1cab13daf
SHA1fbae77fe7fc1e3d52f26ca90f95dff58192c766d
SHA2564263d42193508e0558ca04abe065d2f8a2ccd4b3d12c8bbbdf38fcc048636f20
SHA51229dfe63aa96bf25f497c0446bb4c8b8fcc6f84d584808f4a39b068bc496b9f352590eb4f47b4e21780fa54b073cc3232b7d1a0648b1dea97036a079565bcb8c0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b961718f7e669d2f9b42eca2306c7822
SHA11e1cc8a2f474bd3caa7dc2f7548314d4c61f58e5
SHA256ab23a8b67b3c85a57ff3e1f59edc61424c34923a37432c19cf950e8233310bce
SHA512ebf865cd491928b1e6c824e87a10518513058b8cb7be05721227640ffe525893a28eec084ee36d81d95d34f393644835381680bff82f71e3bda8e063fd06b438
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b