Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 22:59
Static task
static1
Behavioral task
behavioral1
Sample
a2d20ecf6b2b1f0acd4bdaf2210d6bd0_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a2d20ecf6b2b1f0acd4bdaf2210d6bd0_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a2d20ecf6b2b1f0acd4bdaf2210d6bd0_JaffaCakes118.html
-
Size
31KB
-
MD5
a2d20ecf6b2b1f0acd4bdaf2210d6bd0
-
SHA1
684070aca314d85a2921d671584383e6aa53e160
-
SHA256
3a2d23d498ca45bb241d0c7103f35daf9c04a81c9fb457393e99e4f02a8831c8
-
SHA512
a376d10493d06d36e3fc1f53d1bb64762ccdd23b405318b982dda20ed5ca18d467d08948e9082c7364ae7794937b04946acf15407ec6d65232f0c8a6961f0c25
-
SSDEEP
192:uwffb5njanQjxn5Q/nnQieuNnknQOkEntxBnQTbnNnQmSHlxV4I/33tnm/G0RLfT:9Q/ZulxV4I/3dmeW7m/KmhWp+pFqeFO
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5F69BC61-290F-11EF-A38F-E61A8C993A67} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424395015" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1176 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1176 iexplore.exe 1176 iexplore.exe 1312 IEXPLORE.EXE 1312 IEXPLORE.EXE 1312 IEXPLORE.EXE 1312 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1176 wrote to memory of 1312 1176 iexplore.exe 28 PID 1176 wrote to memory of 1312 1176 iexplore.exe 28 PID 1176 wrote to memory of 1312 1176 iexplore.exe 28 PID 1176 wrote to memory of 1312 1176 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a2d20ecf6b2b1f0acd4bdaf2210d6bd0_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1176 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1176 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1312
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5151525125ed30f1449287a17c89d06d7
SHA1f704894969a5c0aaaa773afdfd7bec743426fd92
SHA256658f7894e415b782c963aa77ffb858e06da38dd84845910d977750db91c9ca61
SHA512f2116d12601cae1cfcda31ec901603b267c551e8664bd04bfe5c77dfe8f635825c21be8569fe41f9764b0a21f9426603b245ac1d8b0ea35fdd72dc023dbd2102
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ccbfeb63071852004ba1ca608e8a60a1
SHA1fc8ec15c44a49affe9aaa64bc59c246d436b34d1
SHA256ee6e96e0acc60b9149f35bc772421af0a1d90eb87c265019a4f0174a5d197392
SHA5128aca7a98cd826d09a7ac271b7254d35c2cc2a98587d974f4c64ce46ecfe4d2c2fd272888177268a14ea83ce3d0cb18942eeb7f25be617749e226c0d139aa7afd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bbc9cc34364c947fd5917d9d66662725
SHA163aaa507240eea050d540757cddf16ad4a6b7e45
SHA256e3e3e715897e27041113c9377550d3bd3e0b7d9937482a84d5c1d82c703d89e4
SHA512c6b45a57bd88cf8732993819fcbc23305fc1d402791cc960890908eaff62db95ecaa0780acc2d18653a4173598ffdb5202978971eb3574c626b9cee33f4d983f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b194130d8b9b130f80c8bbe8b1b4a356
SHA13aa406477ea43d4e052889449870d37db2544820
SHA2564ec801513566dcc7a586b300a0303bbc37dca34ea40abd9b9da80fc50719475c
SHA5123b25facc7ae9ba0041417a364b7243463ef37e417df1ea7076293cc188267278066d8bdc85bb247ef86e9a269c9265d9e838173bc3ebed73b4eace8a17ac1bb0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cef0a6026f809fbab2f8bc43756dd018
SHA148430404e01ae78e0979828541066f7851614d4a
SHA256545a210447483ea62ab2d8c34597d026e1110ce50745d89876d11e32246d1440
SHA512124d4d3aca9166ace101f0281d0f110086af262de0d451644f6168c7d51731d968b113b1d316cf0afb1eda32e5f3b673dd003155f88e170460c73ac873383f83
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5311c9cb2f336f311ef8e7b734365ec56
SHA16041e6a11bf6e1cb62326e412176313a2a5ce06a
SHA256481a33fba775e17fb5001d8d13ecab909aefe6dce600347dd459d7837bebbf44
SHA512287960700b35244d6ea8b8ce4522e89fbb18d264fe2d3aa208c1e61344f7a6b952346b2f616b664d14ffe787493a3279f90b51e8edc107703c3b591ae897ddea
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55668a979412772bd1ec8363de1d14c45
SHA17c1df0c1e17b58f3308fe4a1c2cea9626a374288
SHA2564db8bfe86531945d69edeb05b605544360ae110b5b95bbb56e1715dd7123c239
SHA512181e16679580341710ca4845cfca70f5ef0db4cd6d30ca0fa17298f1cb798277ad6c77e2056ccfe0134e07216efdb13303355ba13332a018f221f84330ae631c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f52afba50ba93a3e6ad3bc045dd556e8
SHA1ad685558bd76c41952494dd55e0061bf1534c84d
SHA2566e63c14a4648d6d07037f4cdb8183c940d32968f69193b3dea89d86b3a2e9706
SHA5129d7d4e8ca761b801979cbe2580beced0b80c652fd6582587d4a0fb92aef8101f872c31f795f1607466428396f5d10d5ea74b7cbf0dcac66617513bc3bde73644
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b