Analysis
-
max time kernel
150s -
max time network
145s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 23:02
Static task
static1
Behavioral task
behavioral1
Sample
a2d55729ed59a5cd39cc4927899d0589_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a2d55729ed59a5cd39cc4927899d0589_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a2d55729ed59a5cd39cc4927899d0589_JaffaCakes118.html
-
Size
27KB
-
MD5
a2d55729ed59a5cd39cc4927899d0589
-
SHA1
e15694f2fa5e1131e0ed3f658ad86e994e7111b9
-
SHA256
440844019270c71ab27a2984296f7b3271d60f53a7ff181dd5a3288c42b32b09
-
SHA512
8d7184370b066ab511706a8e5aa3ad6113423ec67abb9da0bfeb4ea87c248685ca18d94cc733c2d0e27c002ffa98423f9f8924935e08aee2c2fce9c3fca63f65
-
SSDEEP
768:mvlIYbYu9ETtT/+t+a/U4t+pXn4u3rc3Db5s8B0GNGIH9n0XI5eADgk5DsY6or4d:mvlIYbYu9ETtT/+t+a/U4t+pXn4u3rcg
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DEFAA071-290F-11EF-9BF5-F6C75F509EE4} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424395230" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2944 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2944 iexplore.exe 2944 iexplore.exe 2620 IEXPLORE.EXE 2620 IEXPLORE.EXE 2620 IEXPLORE.EXE 2620 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2944 wrote to memory of 2620 2944 iexplore.exe 28 PID 2944 wrote to memory of 2620 2944 iexplore.exe 28 PID 2944 wrote to memory of 2620 2944 iexplore.exe 28 PID 2944 wrote to memory of 2620 2944 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a2d55729ed59a5cd39cc4927899d0589_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2944 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2944 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2620
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5340649d04248204b68b42034a60d2999
SHA14c8dd471ba3836d42c0f67e7b38670ef468e26ce
SHA25622662c98b15ad10aff9b36bcdd8bc90f50cb2a254cff45950a97365b88b52b5e
SHA5126f0033c37367d5826148075363a9b77a4becf4023cd218f2dff4d5e27850465b2a9f05406a804d48d54b46e87928c43e2ad0a3f4e228e33dbf95ed15505108c7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58e2ec0b61a1089e54c54d21a0a037075
SHA1bb17b24b4c1b20cae3981c2ea74332eeeaec467c
SHA256dbb53ec1d01d6d72ee8b174246cb8a7c436f27750056a8c626edf9bcfdd88c12
SHA5122c168c0b7837259e0acc8657b69eea33845b526037da2eb0e19d8fb5666923671628d162414204fd68924a7976d58c1b5369b5de8e393401825e01c130672745
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c5ecb16b11ccf98fca2f2abe95aa14ab
SHA1d04dc43e758c63ebd40fb43b7cf6ac3b27fb0e28
SHA256a8b61c516fdde47709454a231275322d82f2f176f681715168efb878b43994b6
SHA512ba7548c58d63c66c3360e5de5d0a6dfb4c5dec07bf78a8637a877585a4e67519321e4b0437fe595b186d97c67a7c6d3af8c4c3d00a1c927f45bab7585dccb5cd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53ae853cebfe06edb4ef328d0ba998cd3
SHA1773faf1ac41c41fbfd011d8a01bd08f6678da8c5
SHA256afda7f99b2f258054f83f6eed8fff763b40fbd442eb67a93397028892a962d72
SHA512d22d094c743aab3df50ceccb46ad19f0c0863a55352848b583254f5b9104a0195df1767a557e52675f9aca9c758ff0432bc4fc5f68722b023cbcdad27241d485
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5aa429edbae2601da6661b93027df77f5
SHA1ae23c11b5fa69c3b72d186b15e5c0a2de8bab2d3
SHA256f5005f17d7f0fec93d584a149e94b14a1a4b284e9fe94f8de80b01c6f87f3506
SHA512774fc91aa160acb875ce65f2a1f1b68729ab76c2c98f0d808acc94476485bcc100ea56d2537032606a31b9f19ca6218def3175b2ba97201b3c896325108a98dd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD587e266447c1be00438ebb105c0ee337b
SHA1255e2df729709dca310dc1c85fa3d8f72b97141f
SHA256640d4c0df1cc6ef2e0ad2a70a9c2385652ca29692856af36ba23deb7a1388eb7
SHA5124e6c8ad4fea085ea1427b1182877d6ebff026fe8295540d5656f023b5a2b82faaa7e5b7d7bc172f38a461eac4913a426c6aeb0197d29e3d9551f886089a34229
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ae0b681d97c70eb1efa1d22cfe77e639
SHA111b46698e2e144cba9c3d15027682fdcecd71e3d
SHA256c975ce09c47ce3623f1b30bc467ce6c976add70fff9c629af8c96d3371287ccf
SHA512908135bfa9bb2f4026a73a4a3db41418ef8b5ff96f909f3b4628637d2f12259f68ffa9798414ab1e55c43d9fc02712fc4362621fee2f0d58306cb98442b1848b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b26c17ffb258223c057d99f5dc34360a
SHA1031572a2fb5776d0ee8b57c43c0236647c4bd7e1
SHA256f0f1c4effc9ad1823ce5659b4ff24f0bf5619c6f2f47f67e0e29173abaf9905e
SHA5125586db43dea455b27b53d043dbefefecbeea8722dd1cf80979b1ff87d4c7c2c17c76d26ac63cd8723bc773f431f293ded9a2f83eb211bcc81dd638e84ee40fdc
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b