Analysis
-
max time kernel
48s -
max time network
132s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 22:55
Static task
static1
Behavioral task
behavioral1
Sample
a2cde38ccfeac67bfc50a70421d648de_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a2cde38ccfeac67bfc50a70421d648de_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a2cde38ccfeac67bfc50a70421d648de_JaffaCakes118.html
-
Size
974B
-
MD5
a2cde38ccfeac67bfc50a70421d648de
-
SHA1
59bc82475bba5075e6e1d7daa7ac99fc105bfa1c
-
SHA256
36982604ad970fe6a6192c67f5d48103d2a88e79ebb1d477659bcfb2a2485d29
-
SHA512
255c35ba3bce1eb20b625d888c5c3a8693e6dbd2268a1064ece5379d898f001d58a0bc33f1ce8c53d4f02d616fc091f1a2bf3d4c20ddf609b82c558dd0c04574
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D654EE91-290E-11EF-8875-5E4DB530A215} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2060 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2060 iexplore.exe 2060 iexplore.exe 2968 IEXPLORE.EXE 2968 IEXPLORE.EXE 2968 IEXPLORE.EXE 2968 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2060 wrote to memory of 2968 2060 iexplore.exe 28 PID 2060 wrote to memory of 2968 2060 iexplore.exe 28 PID 2060 wrote to memory of 2968 2060 iexplore.exe 28 PID 2060 wrote to memory of 2968 2060 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a2cde38ccfeac67bfc50a70421d648de_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2060 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2060 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2968
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54ec3af67230cbf8e7de6bf3dbc1a22e2
SHA1b3e0e789ea53a08da1b5e8610b78c7303d4434a5
SHA2569932974ef7ea45e45d5acb5bdd726063ea5bf60e135be68cda74d8b2f3c2ace1
SHA512e916fdddba8467dace91e3547cecb9fe2e852ad88b0aca965d9327b2db02905bd025a445eb52213c3a0522ae864ab177fb0d12e85a38718241259c7e2666b349
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD593940041782fc70eac3dfb3dbe41e9ec
SHA1a23bdd1cac221649c88dcaee67c19bdc043854e9
SHA2565d5e9b1e6435e53e73de87b7f9faa823f528a867062d80598a5bdc233cde6194
SHA512702a97e2df0355ab459e5a9fd0c18ae395d06f50b7d052426bbd02b509fb43230dc6b6a7182b139c417429edca1d9ab7abbbd4c41f0babbe74656d61fda119cb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f68330f80afd0d059f692898059c75f9
SHA182872abd72b5b2e9cf701c7d33bf4b2a5e68f8dc
SHA256598b97fdf7dbec6e2bd0ef9c94a08e5ae823ac88b09e5dc9c2e251ae0d65f521
SHA512159b1e0143aa19eeea90894f47566f9a07b5db3c7d56fa11ebd9b72760727367d5077940a68a41907f28a59f995128b360b0e2c9607a8f55d2f2e55a50f6b4cf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a5494b5c512b656344a207d6cc605444
SHA197cb5688a12149175c3271e3b52742eb67f77057
SHA25692f86fc9567e68474fcde95df69c533781f31d075d440260c7582945dbf5d253
SHA512263ebcb0f397d879cdef77ad0e092cd38057a6dc7206bfb465a9d9a86818e62d5b9e89e9c8a83c7d34fa50345d6550210d273bf9022576fc20ade6270d32d098
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5024aa3023f2b6910576d481514ee7c7e
SHA1eec858799183f8588e0c367ad4d00aa0fb15355f
SHA25633411c66f2d65dbe4e5dc6b549e04160307bcfcd905a42f499c0a18fa3502083
SHA512229302cd39f2873df784ff12e7e967df521d5a4cedccc2943caa3ac535a6062417a3661c4f9bd42dfa05bca869be56dac406cd754c9b4317619d2f0924fbae8f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a0b6e8e8cda1f9553cadab678dd7add0
SHA1bc4e5ab23148ce839307fc5b2e4c67981fa07b24
SHA2563b3e9e4341baadaad3be6767909e5affa6974ea1b52914f69fe74d77f627384e
SHA51298ab727de9ea672f965e94a5f93523c91458601fa2df09e6920edf74224bfcdb201ada94e5dc541d6f50714790402a1f63505b0eb8760f63685862790a8601c6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d46b85432b2876a4bad9d54319032d6b
SHA1a7faafa4b465f7af7581921819f42840ec86644c
SHA2561a14f16b9d4e32a61e65fdcf4a8c2da700a8e6d19a93d94c026cc2cbef988af3
SHA5121ca28b03153b60d681724b990d2edd8a8ae8aca1392fdef777c720bf479e0ddd737368ae98c3fafb5ff98a388667cc799193c532fcc42700db05ed1e92eb3dd4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51698e0d96693f1070e7c21dbce08dc3c
SHA195a1281138003402bc7780036919d86acd65e8d6
SHA256a24ccbcd43f8dcf51eaa92521c01ba2d077712d1e2228cf833dffedd6e23a5a8
SHA512085f7a8331c2c27b798eaa6ba5d46495a175052a45e60dd864fd81ab5bff70d4425be87c849a7e4eaa9c13b8d209672a20fe9b618970509795c5cbc78b1b83aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f87b3cc1ac87a7280f9af662619dd40a
SHA17a30a266a5253286b9a7872d50eb6681cac5c29a
SHA256ece8720d179c08d36cca6c8dc0c639a2858da31ecb87ea4177ca3485d3c8ece4
SHA51296e99313282f6b3ec6cf00981cb9331705ff0fbb513172c07d3cd26125235517dde234b39566d6b4eb8deb9162e1462c2ec60930003536b6582af448e837371a
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b