Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 23:45
Static task
static1
Behavioral task
behavioral1
Sample
a2fd79523ef83ed515e426e21233baff_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a2fd79523ef83ed515e426e21233baff_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a2fd79523ef83ed515e426e21233baff_JaffaCakes118.html
-
Size
34KB
-
MD5
a2fd79523ef83ed515e426e21233baff
-
SHA1
fd368c5faf52bbf415c55e257eea1c2f5353b1a0
-
SHA256
d61dfd77a0730071499d602eb0da911a8e03da20a62d629f7ad71b98f3898b29
-
SHA512
17d46b78437ab6984c79c5aeb8b2bf03a5d6b75074886ca6267b4ca1c088bf932eae1c1d48dd66c241bd4e64e4122e20747c1f88f784f949dcc969aa0953d455
-
SSDEEP
192:uwb5b5nzynQjxn5Q/SnQiexNnfnQOkEnt+4nQTbndnQOgwcwqYRcwqYlcwqYQtLe:nQ/oslb5tLfmvR2kATXM
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424397810" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E14DFF61-2915-11EF-A85D-46C1B5BE3FA8} = "0" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2432 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2432 iexplore.exe 2432 iexplore.exe 1088 IEXPLORE.EXE 1088 IEXPLORE.EXE 1088 IEXPLORE.EXE 1088 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2432 wrote to memory of 1088 2432 iexplore.exe 28 PID 2432 wrote to memory of 1088 2432 iexplore.exe 28 PID 2432 wrote to memory of 1088 2432 iexplore.exe 28 PID 2432 wrote to memory of 1088 2432 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a2fd79523ef83ed515e426e21233baff_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2432 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2432 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1088
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD567c80e1861e53ece63b5477b9ce8187f
SHA1bb1121d596ba15a383aab4d46997da30289a3da1
SHA256874586606dfddbf4fab25f60cd83ea40305ea2b88b3403837943b58dc276ac3a
SHA5120f846060a1d32dd3ddf14df86abecfa40b098a23d90fffc03e06b75530e13e88d641a198b70fe4d064fbb172534b37c58aaae221875b0c53bc55fe69c6c8c69c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD510d0512d5bc31dd813d7138e119bebb2
SHA176c237aad9b58ef2cb033b867cf330f77f8fb673
SHA25620273a1e61efc21ce8b9e5fa32bed471fb22c597a4f033d3a85c7b2b4948d36b
SHA512809cbed5eefd60b828082abc908fccdbd586313acd8ce91072d20c18c7b18be62260fc5182d3397c43fb7e47da01626e8ddc823ebb6871cf40cad0e318e1e6f9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD554a7b449ea811f7ce8e75c84305fd651
SHA1d3c90b4b41ded386fe75f726041e536685c5ae2b
SHA2562367568646dd90252741f1ffc0806caecac38f1ca5c9d9f10d1a8ff97e349e8b
SHA512c9e4aceb84be49f4d07c094d7cc521ece92a647df2dc11b4f7b88a703a82e09710c0f6495d0bbca67260fd1c508abc7de6762789dc80b64a1815d8918d776774
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD561a14a0110ff0c5ad9ada3507b50bf03
SHA17507129ea07005b0f1771f8fb7e11bccc938cd2b
SHA25651a156e86c80f6458204f4768e8d6304e7467543d2824d4359621a7cdeedc29d
SHA5122b65a592e21691bf47dbbb4eaea9ab53750a7117341384b3ed9a67eed05b7a288d3110209fee1bccab9c18525b73bd232ef5a3d990882031e74818259491dc36
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d6e33daefb70ce7f58c3b1d524d022bc
SHA157cf017e2a80c12b869d12a50d753b8b36705779
SHA25622735dc5d0163c6fde96bd187b6e1c0fb76cb88434ebbb118c372fb9b17860fd
SHA5123bedd6718333ab4a0f8299ebe8575f9b7dedeb9457a72e31cbed723f292f3b4c01b47d90503975fcc96b3b990bc082528bf36fcf1dd1280d927340ed0a488a94
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5588d4468b4633d20c7a88343e1311bce
SHA167890b0b97dcfddedf12903868c9d9602fdd57fe
SHA2562eaec678e5786c7a5af773e8bb2be813577b2ffa07424216d846beb854f15ad6
SHA5126c80e8d0d05fc4ca930197803f394c2631144bbbbeef8e7d2b5f3d94c1348a860dc4c12705070548ba3390e589da10b1605e2c8dd6b8f740c70e52ab326be4ac
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fa3497d3bfc480d8b792111a3d74efb2
SHA1fbf2bdf67caf46dad481c9481da4cfb3f78f76e3
SHA256f5350884bee5898c2c0136e8430e4881170698b5c0040816e1a24b428057cd27
SHA512c0a5ab09084e0e241f6257a621057fee2cac0c3b608bd255b316d4f372a4bb2f81ca35ac2b4d33b7cd240593e806add4d518575f629103afb26fe621b63ea5f4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59de4dc6eaa37a6c30788e4c44226ddef
SHA1e5a31411e861d725c5d6952f88205efd035e0a00
SHA2569977eebf3c0c9003ac1337cb08736626a9f6f92a330fbee025a09fb85df033ab
SHA5121c7a8930aa2abca56264c25e65422387be2d902074b76e53879c6ff3cbe86c619c5c73c7a262779860aec61c0c287da9d4229e430047404ce4ff8a742317ec9d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5daba46098776b091df68aeef9913f826
SHA151ccca60abf891f50470cee0377567fae962cde5
SHA25633f329ec8abc0e93de46ab2c53e1040d09b096b2cbe2a9ab55f5ff8be433cb17
SHA5126d32e73208c384c47481a29e1815001bc3c41fa1a8e7e35a6fbd5330f243fec7e586c94cf613a73243da74f4f305e6b3ec7209a7060f869ddc3f6274618c19da
-
Filesize
67KB
MD52d3dcf90f6c99f47e7593ea250c9e749
SHA151be82be4a272669983313565b4940d4b1385237
SHA2568714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4
SHA5129c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5
-
Filesize
160KB
MD57186ad693b8ad9444401bd9bcd2217c2
SHA15c28ca10a650f6026b0df4737078fa4197f3bac1
SHA2569a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed
SHA512135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b