Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 22:07
Static task
static1
Behavioral task
behavioral1
Sample
a29e6a647b2d670075d21314ac33dc32_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a29e6a647b2d670075d21314ac33dc32_JaffaCakes118.html
Resource
win10v2004-20240226-en
General
-
Target
a29e6a647b2d670075d21314ac33dc32_JaffaCakes118.html
-
Size
27KB
-
MD5
a29e6a647b2d670075d21314ac33dc32
-
SHA1
06fd23f0b22459546e5d2fd6386ca9964f24c3c2
-
SHA256
1c57226808d3fdbe5d566fec9a3c1285e17a1edfcb89303f66ba6499dfb5ed07
-
SHA512
c9b43be382b8d84f79aa26ef0d150e953d7c75d93de442422a4842cd91eb45f63c8643d8b11aa4722af04385a9777add86d27abd99eefeec8788a1d76cdc33cc
-
SSDEEP
192:uw7sb5n1tInQjxn5Q/knQie3Nn2hynQOkEntkWnQTbnFnQ9ePsam6lHhDQl7MBXE:4VQ/ghWqllhaStWX
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1EA742D1-2908-11EF-B991-7EEA931DE775} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424391900" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2160 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2160 iexplore.exe 2160 iexplore.exe 2956 IEXPLORE.EXE 2956 IEXPLORE.EXE 2956 IEXPLORE.EXE 2956 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2160 wrote to memory of 2956 2160 iexplore.exe 28 PID 2160 wrote to memory of 2956 2160 iexplore.exe 28 PID 2160 wrote to memory of 2956 2160 iexplore.exe 28 PID 2160 wrote to memory of 2956 2160 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a29e6a647b2d670075d21314ac33dc32_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2160 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2160 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2956
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50b9972bc0ce4a626281f30faa8128e65
SHA1717f499d702c3ac2c96f5c2cbad31cb80b0ee60e
SHA256c41ad7e91463312d92b951e46021276d655000431a1d276e451f99706908e55c
SHA512f4f4939ea251fd3c1d3020e0fb2e04930f3dd796d417bea00b717d461e334af4d5071406551ebe7edb21762831891cadf905dc1cf746d76e853ba07e1d2dd207
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5075158b842e072d34695f73786a216d4
SHA1abd21d759aa0c3be97bdd0cce88f0f84f2b458b8
SHA256f6aca796e04b93df4c01d8bf650548e264b8f02f0f0d91c504f5f3814c002402
SHA512ca3c4b5839cd0deb73d703d5259c3867465dac1e6899f46e17929c706c19a1d130e70b962f95cde34d4f38cbddbb447dc35ba1760acd2454e0b92a488054f237
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55db88c17debe61ceb2d64500ebd1173f
SHA1ab319c976976b1377289f862103240ad9ff06f44
SHA256d1f2cbac6d06909cd734d93dca0445f6c68a46c837d5ae1eb8870bd5e6c50f02
SHA51248868d65f893e3f9a583cf2390002d398a7f734cdc07f2d8eb41d479ca0e7ae3a2ef279fe151c7abd499cce4298652e5efae6caa901dfb862c5cb4ffbb176fa9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54c1d43d8b5f7caf5cc36e9a8b38180ed
SHA194fcc5e32b0745e363741fec2eefe84673f1b932
SHA256220e9e7aa4d41fa711c0b0c2f0654589458b8fa7fb789e1fa4b3633bac0a90e0
SHA512eb6ad247541239be54ab4a24ce1df3c06a1d6c0a93dfb729fb7905e2699c01d3805cd2634c488a1ace70e034d08ba8c99ce03eb4ca1447b6f85dac45627c88b6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD547b9d636ba8021495ab547cf10b67bd4
SHA138685c24ef71af74f1ccc2b79fd546fa4acf46f9
SHA25626dca610bd4473f75040d5dfce59d44b183034f2177f66ac1646a3f575da22cc
SHA512b3a33ad538f23247b8a98a73bc53fe84eb421cebe0a64539b29f43ec8f2926a7021b445941d0cf3bbda695f18b8c0654c7dbf34a6d2ecdce56a0eb92f69dc234
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55cf517d6dd8f5524705ad7bc48abb88b
SHA16f367bb442cd4f469a2f0cf654438fe71190dd91
SHA2560fa4779ec0f1844dc958a3e8c4ebd78ddf233a79ed3a69aed16f6e04e45ab0d8
SHA5121999fa7fe855e10e02a4d560e2b959bcd1b462565c2aa8afcf1f7d5535e8b4257d03c5183330168cd627a9d6f323d9a7439594c5d16c4a4d66fd2ac0d98a9797
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD575c9f6ce07952160b39e3c1fb70f6435
SHA1d86908cf6062365f439fa8e3e4a58bb36ef9614e
SHA2567c2b4d59ef2085133664ca484d63796bee9d9e74d450e9dbaf86f9f3f971ff33
SHA512fa91baa115b87a8da678c5c338db9929599ff42ff22fe328fcf5a87913ec1503003b9f7c0ab6940b8086508fbf0d452205e9cab9bdfeb44bb5eaf3e214e4952f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD547b1b4b4a039ee506b070a89596005aa
SHA15832db4019bf74ff8014831140e543790365959d
SHA256d2232cefa5b193e171e0d1730aca0c9ada65c8c13829ebb9fded12265f8a242c
SHA51249ee88a6c4162a0b52b6aea3000270ed8c2d749182beb9ebf2a9dd312d36934acb23c8fd9b2a89c6261cd4ecca7473a5abe30ddcdfb689daec2957eccd3452d3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5962b8fdbb190be506e1ad81edbadb33b
SHA1e2c235654b5ca5d115b47290b344ed88ac7500aa
SHA256b4f96b584bdb714f8ce50a0960a367bdd6a70aec5a072daebf9740a22837e814
SHA512d24c69c911d6b7f3e57466e93ad208a606dc937584720dc0ebe59fdc9f3ac736f88d5fe6024e25093dd5b153931c4946c776966f3e04d455057b7ec647ca6694
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b