Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 23:03
Static task
static1
Behavioral task
behavioral1
Sample
a2d5fb2bdaa1951b7b943976aa264282_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a2d5fb2bdaa1951b7b943976aa264282_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a2d5fb2bdaa1951b7b943976aa264282_JaffaCakes118.html
-
Size
27KB
-
MD5
a2d5fb2bdaa1951b7b943976aa264282
-
SHA1
2958ae3094444b31e7695f3ea962222606f23c92
-
SHA256
2987f1e4a9aaa5dbbaf4fb20d26a13b9950e81d5bb2fb1b820cafc32eb14dc1d
-
SHA512
4f32d23c00f7fca11fd7c8431593544aa2c1d4894ae0936ce6aa9124287c1ac2b0f164660f6ba2964d795b3094e751809a35ad63f9244bc8178d2a007ae4400f
-
SSDEEP
192:uwzcb5ncmnQjxn5Q/3nQieGNnRnQOkEntFhnQTbnRnQ9ek2m6lBqEQl7MBmqnYnP:xQ/j1efqvSorZ
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424395272" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F899A5D1-290F-11EF-B9E1-7E2A7D203091} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2488 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2488 iexplore.exe 2488 iexplore.exe 2424 IEXPLORE.EXE 2424 IEXPLORE.EXE 2424 IEXPLORE.EXE 2424 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2488 wrote to memory of 2424 2488 iexplore.exe 28 PID 2488 wrote to memory of 2424 2488 iexplore.exe 28 PID 2488 wrote to memory of 2424 2488 iexplore.exe 28 PID 2488 wrote to memory of 2424 2488 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a2d5fb2bdaa1951b7b943976aa264282_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2488 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2488 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2424
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5333f7dcb257996cf70b9878e0a503436
SHA12fe2773648a877acab1c190feb2472a1027bfd8f
SHA256c5277050a24f75fe7163da78b410bcf18ac799c75de199810f8d3f5758d46f7d
SHA512b2107b036e2b236b8c84bb6fc6df4a0d573f11ad46eb952d1417383c7f605c97c3af7b9717aec5c346b86e3ae5ead0b82a69ef5521ac75192599099c41a1d9fa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51a56d648ab6ba61fd10210b248717e6e
SHA183a9f7d0d13669a01721c068a78384d8f21d9331
SHA256d15ef491e18fca04329e8225d83f69a6c11af819546727d2edae7689cbbdaddf
SHA512a099675e6faceacb3c902ae5c813254a056cad6ec1a23879fca4914825f9225297b2ca012cb80d1d370d6ca39160dfab1357ae29926efe17df49c2e1bf32112a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD578012b64b98016581e29a5a3bd1baa4f
SHA1b4780ac1992eafbf257320104f5ebcd5cdb3f969
SHA256253c2683a850e0849486bb93490cb6012003214b4d6ffee05bfc9426c529872d
SHA512900ba8d06234b2dfbc9dffa739817cb98771095eb8a48fb7698e87712c29032bcefa4ab82320796457965ad2b4edb696921216051300339af1b3fe5b453b5fd7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD530aaf912126a5bab67f895bf02acc572
SHA195a421e04d275e20d3d49c751c9e4421aa5ecb52
SHA256b6ac94972cd15d27cb07d276f44581d268266a04bd0c55a7c9cd9d8fb9ee04ea
SHA5127aaabac8cd43a467da1c21624bb679a4898cc67405d2816b9da1b9d8faf8224112905a6b2fe5799c7e5db48e78cd3a8680498bd5cd85cb0c54f2272f173a0e6e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e62a0d3eaf367fb6ffb19bee8c899251
SHA1f73058a4810e642f756cd084decb347a000e36be
SHA256c12c8cd5290b588ae7b544838842e2fc34dab624f59b99769edc72523684f5d4
SHA512be3773480a527a3655e4b65011889b858eaae6b3d6f3ea35eced95a5dccc1eee2692ab4015c7ec102ca9c3762a4175769ed92cf26d8d077e769125cead4ffc5d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5edc87dc03485676e1ee6704fe85507fd
SHA1356ae437da9d2b0b0bdbb3b2633e4203c808802f
SHA256021221a4a8cf400ceec49c8e412d115cc1ebada50546d1498efc2bf87e5cf24e
SHA512e6f7c20cfe6e637202c6de484036b180065ea279838922a368b321ea412e3b24965cb0ea12c8d5107a485d4438c74e4261fb74d4aec2f24535376bbb73efed41
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ea650a61100201cc44c7a463fc020c16
SHA1c6bc5ab28331667c5e092559b67e76b51a51bfc9
SHA25611f94ff93e2e84104c1a5366fffc654435811c35d204fd3bbca2646ee29f1ff5
SHA512b9bb15b11232cf40d5d3e54868efde3b94135741245f4ac9f54549d30091fbdbad9fe4fc83b5838098c8c09522d4425da4d5e669877317e68687252bb3cc04da
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56397e693c2d40082f4038c4bc248cb23
SHA17ee448e7db9858733edab135b4afb300c526164b
SHA25652dd9633387a9ec7d518e9dc27d7409582decff4b8db3047e91e0bfc251a39de
SHA512c3229f6c931c76b490bbb1cce077f3cffe5592fea2e4042b0d5e275a96725aaa1d16a13069ae5cf6b1c03106f5e59b138a1712800aa87576f4e0f54916e55451
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fa45b782d2fa033ec87ae755fc86bd8a
SHA190481be0e1513e10baad5548e2d142e2b6c202fb
SHA25614b315712065bfcc2f86bb781268d0488fb16745e3adc4471b0a98f174fc3d02
SHA512e2d80614823500a8b479a593f9b1cd4c2034d5e67bd182a7ae11090ff63336fac954664c4ec2fe3a1f507976b552b4d25e441a0cb8959f7060afbce9ac819fc4
-
Filesize
67KB
MD52d3dcf90f6c99f47e7593ea250c9e749
SHA151be82be4a272669983313565b4940d4b1385237
SHA2568714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4
SHA5129c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5
-
Filesize
160KB
MD57186ad693b8ad9444401bd9bcd2217c2
SHA15c28ca10a650f6026b0df4737078fa4197f3bac1
SHA2569a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed
SHA512135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b