Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 22:06
Static task
static1
Behavioral task
behavioral1
Sample
a29dd97770e7ed2c14368b8707a045e5_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a29dd97770e7ed2c14368b8707a045e5_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a29dd97770e7ed2c14368b8707a045e5_JaffaCakes118.html
-
Size
23KB
-
MD5
a29dd97770e7ed2c14368b8707a045e5
-
SHA1
33e38daa3fdb20c29403943d0548eddc75fce996
-
SHA256
4434761a2986ff006b4263ae88744443084e9768d8d0396be4aae8335d6a031c
-
SHA512
691650b8670866bf22622b6bb30e17fcb91413430d47edfc4f0bbde601624936f8d5cba305c6e361c20f081c3b8e626c08b85345f914acf8c6cf84f7258ab250
-
SSDEEP
192:uWPIb5nbGnQjxn5Q/qnQie5NnOnQOkEntSwnQTbnxnQTCnQtdwMBZqnYnQ7tn4YS:+Q/6bL
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{05B4E891-2908-11EF-A13C-DEB4B2C1951C} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424391858" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2844 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2844 iexplore.exe 2844 iexplore.exe 2988 IEXPLORE.EXE 2988 IEXPLORE.EXE 2988 IEXPLORE.EXE 2988 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2844 wrote to memory of 2988 2844 iexplore.exe 28 PID 2844 wrote to memory of 2988 2844 iexplore.exe 28 PID 2844 wrote to memory of 2988 2844 iexplore.exe 28 PID 2844 wrote to memory of 2988 2844 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a29dd97770e7ed2c14368b8707a045e5_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2844 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2844 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2988
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5669c2558b83cdc533f59fc94fd4ee059
SHA137af0cfed94491ec9b5d62cd9e2a55d61591a9a0
SHA256c139073186504ade9f4edd086df6a929d6f939819a4ae33f396eb077f4db2d65
SHA512e5f0c060636b9508438840093dc612923fad16986796a83d5cd7a954f6f0a6befc1533ab988132ad625b97233eb0e5c8846782ea69aab12976b64a3ed63f7cee
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56526805da7513ccc170051548fe43275
SHA14e6e9a9e9d7e4a3d7a1c47b8d6a315a0ef1e69f4
SHA2568fdde4b7ba54c09deb1b8502ad9ca82c62102e7353d02f6e2db5b8d03687dfd0
SHA512316eb89dfe288c4c15d416c0ee6dabe213e6164f8837903c7cdd94e8970937e29c2682c626efe654359d0a79e2f81f5edfc26772e491ed2ab86b7c9705289dec
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5da91f88c17a0d9db88bc2e079c3b4b6a
SHA1dec4757ebbc26534c9c48d59ede84220343f86bf
SHA256e46897119d933b0e9376e50015e825928d74f2bc2eebb4f818eec9051f64c582
SHA51214fd30767b3936685b276044180dfb202dbdcd6dd89b322c4f533a548795aa8e276869947fff4b49162c4786634d18f26c91edc653fa08986fc0977a441b928b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5517d0fe4f3996a6bf060c6ae404c1e71
SHA13d34bebee59c416003f50f1ce4ca248d0548b608
SHA2564bf03ebdbfc5aa6066e232c146cc1f71a8def0f3b416ce70860f16367cf844ad
SHA51262208073a4f36e8cb4d3c7c226808bb9c9e1e04d4b19c83f8a4bf3f7ea84bdfd1a25b4db6315177f73f5917ba183a7517edfa451cf0bab75caaa9ce7e0ff2f08
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52d9bce2c68deb2b2d9c13b0d2658a6e3
SHA152ccf214043fd2bf67f10018db026b60cd17c2f9
SHA25600da5b6ce371a9172b6b96c6a9e34df85a8d51bfbca538d801a56d9187d68d3e
SHA512624fb83baea38e3efab3d39d7e7ad18294f2fbe04a559a36d4af941eaa6085372099d89a56a4586f3b377c7cd05ba930c1a0bebc4ae0d753360b43e4be002a7b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ea38ef49a38dff0b089823d9d9e441c5
SHA1940ba7260890bbca3200579e94243c86e3596c4b
SHA256f02e82f5303305fb584a1e96cbfdf686fcb41b64e5f38ebe1325e44c3582cc0d
SHA512534c9be0854047c8cf770e26269ad22579ffc34d3073dd38e0a082b24449be6de2ef127c0952cc61f91d9f41434cb8953673cae354606d7a4ee67e99d48a65a3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57d03ef7f53492a7a1a9c1e11313b8ce3
SHA12c1c9e25e86dd5e49f2d20a69b54503fc1e3b620
SHA25630e469251e027c98f2c1da94f1533d2a947cc44eb831ab5f4f3182b36169cb7f
SHA512c2094404ab2cd04e0a7eb74bcf7cb3f911084a263a46aa339c4fabbcf8fe6e6c2eeb13686485a157973520457a3b168294bb019273f3299a2b15188662ee7d43
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57f0c10ce91ebe4ac9a872f520e7720b6
SHA11e1f8d07bbb4655a9df61b5d82e4361cb5506fe2
SHA2569e24e637174faeb3d69a98efb419a3b37581ef5419c84a1509d2fadd2a7f5c18
SHA5125bfee874b7e59eff468a8013ee36435559655474c87ad369751bb972c78335abe9ef37d6754739451674bd03a1c0da8eea64acf0b7292dde7e5491815249d9ac
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b806cbb6ca47a695e83d3ee60bbb1507
SHA19dab621795675a3b61d14dc8bc2f85460d357944
SHA256187515474ceaa1e2b82a78967f3169dae34fb7f29087393f75fa2a4f8bde8881
SHA512db604cfb77fc622bb3a11ddbd01e18a8b7b093599ef8b7fe5f7ae4068e6029423fe467ac1fa9f0d746e207362c7ec68a9653ebe324554d490ae35fad957a8b65
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b