Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 23:02
Static task
static1
Behavioral task
behavioral1
Sample
a2d5663a968eeaa2d0ddc206d7b0a3c6_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a2d5663a968eeaa2d0ddc206d7b0a3c6_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a2d5663a968eeaa2d0ddc206d7b0a3c6_JaffaCakes118.html
-
Size
27KB
-
MD5
a2d5663a968eeaa2d0ddc206d7b0a3c6
-
SHA1
3e51b07b0c4af440e9a2ccfa5fc5e78cf97a88da
-
SHA256
33690cfbae3fce1725893425426f1d8afe65d8237c259090320863cdbfd01842
-
SHA512
39b28d49c89f444fe7a93db5db88a130ec876426fb2850d5d782b33257f9a8d249ab25796ebc1bbc004f8e468efa3cbf11f8c9def6e06ba3847194619df3d0cd
-
SSDEEP
192:uw38b5nqWnQjxn5Q/pnQieUNnfnQOkEnt7jnQTbnxnQ9eeAm6uJ8yQl7MB0qnYnt:/Q/ZL4U8FS2j
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DF913351-290F-11EF-BAF4-4AADDC6219DF} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424395230" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2860 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2860 iexplore.exe 2860 iexplore.exe 2564 IEXPLORE.EXE 2564 IEXPLORE.EXE 2564 IEXPLORE.EXE 2564 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2860 wrote to memory of 2564 2860 iexplore.exe 28 PID 2860 wrote to memory of 2564 2860 iexplore.exe 28 PID 2860 wrote to memory of 2564 2860 iexplore.exe 28 PID 2860 wrote to memory of 2564 2860 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a2d5663a968eeaa2d0ddc206d7b0a3c6_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2860 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2860 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2564
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54a5340d6a0e86cb604fa2d54371810d5
SHA1768519f922f5996e9b58a81d3d14602f90e7fa3e
SHA256c562072dc5800a02c24eb3167443493f65c2de4fa089cc11f8d9d2a5e5f69879
SHA5127884c82b8927a96a3b47ead9116f388c8f18f76cfb8ae33586735b740c8eb7ebb66125cf3029b3f1e4aa48b7a215bc20606b5249f72879ec12c7a8f7c54a4b4e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a751c60faccb3372c5f4316377913405
SHA11abd779ee2771535a7ed9296f0ed0b5b4c4218f7
SHA256feb2ad95bd2630e92687c0938d70d5e051232cfee0752f5c471bf7daab93eebb
SHA512c95af6994690c7a9db6d3a7f580200eb32d989372147ea99da8c56d11a11ab297c70939f7fb0be66f0754c78c26575aae336a04513095bce997d4069b2b1c9fe
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5748a552472f3da9353b02ed5031ee4de
SHA1db33d583bd0b2dbc5d66e7c962574807df9dc552
SHA25602045070f9e8ce5801ba6e6dd3e8c145b908c3ab99e7309c657b76419caec6ff
SHA512c4f1d191f7164a046f1f43b91e1961e5ac34adb1d8b0d471d13914af609faa71f55fdb0f09166136700d2ab00f1e88d242ca07c0a3f42f54827ab019441df699
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56e475f1d6c6a2e0f422648b7fd7b9822
SHA19c4fa7587043f9ff8bff61edbe84311fd55b12df
SHA2566929b42b14f0f3e8d466178853e0e0c8c1ac82336bbb806b793997aeb2ae8f8e
SHA5122ffa6c98dad56562b9627945e90d17262cf71e4ac98fe17e489a837ca12dc911ad42a3a9c7f61ce450fd3801acd4c5e2af7a9fe18c0f4f1a3de6aac5667e191a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5267bade5e0344cdb3919c4b5c678031d
SHA1fea51f5f3d9e21432975529c3a80a8f0acacbba3
SHA256c459e6d596252f5624fdda3c7515e0ca9795edddc765e3b5ae58d7caa1bde547
SHA512a5ed510c1e3529de3f20bf9e206b9fcec7a8ed66c826a6eef718104016edfdd2a55374cf924aeae7b1b6e25121285422e0ab1456737318c06dc41de6247b772d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58e51f42ab71dca2280cf3a5a5aeac253
SHA149e1e903fa104e0124545a2e9d0e569234f769b8
SHA256cef1d050686215cc37ef11e82b0cad890484b8ed78555e1d110571827d19d31e
SHA512391ea2fcf0897e18c1f1d8875ae53bb31a03a64098e14c090915bf30db4e3d14251f7992704e11ebd13195c992aa97303e2b5839591a72f52e19cff1bf06c621
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d1c8f9fda5f26219e1a50eb7316d25cf
SHA1485d86d1a288139c74e49fd4bc1f8709af0ede90
SHA256640112ad2f62d64ab476143b076ac54349b58af2fbad9f35509ea9beae204e89
SHA512ca51a672e5b662c415b3e6d7c23d82d875ce7a06683dea9142eabb350072ad86b0d2ed3ce79fff4f513cd0c82e9ed3ee4e7060c0dd14903016b4f489b3dc0bc0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD554c247d7720649990675ee2ab1cfb9e4
SHA1c978c70bfaf0d441086023c11360304a6b0cdc47
SHA2569f80046d19328ae151fdfe9877241c26399ed4f09bfa26bf3a259617d2cfc6b3
SHA512ed3f98979a5b2e71b5fe04d70034b099a613063ab1cc13aa30b6279fdc00a2e58e5af404d41b52d0366e171fbb4510893e1b62da28772c1c8f70d58c1ffbc0eb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f00fae4f14bab8176a297203856420e7
SHA1b191ef641020426d2af5a6efee11bd30ebe37af7
SHA2563e9d70002fdc748d6db59a9bc76bdb7374be5d771ac98430d8c75c5334ad3754
SHA512d5e632142b8d72a7eb5a6dd6feabcb0e0d36dc1c864a4dc51fc9b994b1307ae9a9424f7a6b072d64e7d838221ca78fe8c83f6b63167452af8d630e2088146b7b
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b