Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 15:38
Static task
static1
Behavioral task
behavioral1
Sample
a12e6234aee82b3d85d45ef6840ac844_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a12e6234aee82b3d85d45ef6840ac844_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a12e6234aee82b3d85d45ef6840ac844_JaffaCakes118.html
-
Size
23KB
-
MD5
a12e6234aee82b3d85d45ef6840ac844
-
SHA1
7e093a86968c56a1b169ecb47848a93a59a74884
-
SHA256
ccc5647b58a00d438eb8e73d945226216df4e043bd050c2a03ddada1002d5af1
-
SHA512
f8fd5efa5d42be0f60ffb2c3313a2e988395bbbc5adf177999eec27059fc91c2f826982280318d7d295333b4dd43c58b53b42d7c805188d42e9eaf50eeb1f823
-
SSDEEP
192:uW38b5nvGnQjxn5Q/enQiedNn9nQOkEntKQnQTbnxnQbCnQtpwMB9qnYnQ7tnUYS:GQ/LfH
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D7159331-28D1-11EF-A8CB-6EAD7206CC74} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424368587" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2352 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2352 iexplore.exe 2352 iexplore.exe 1156 IEXPLORE.EXE 1156 IEXPLORE.EXE 1156 IEXPLORE.EXE 1156 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2352 wrote to memory of 1156 2352 iexplore.exe 28 PID 2352 wrote to memory of 1156 2352 iexplore.exe 28 PID 2352 wrote to memory of 1156 2352 iexplore.exe 28 PID 2352 wrote to memory of 1156 2352 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a12e6234aee82b3d85d45ef6840ac844_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2352 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2352 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1156
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ac44a3c085a908f1bbbac0023f5b2763
SHA1a20985052b5eea2f74af7392eaaf9550a22571c2
SHA256f473c055edf2e1f14ec360777c1d68f1600b921816aaab58133a4d382ff89116
SHA5129c5cf5aa79f80e5cd7fe06ee4d2f7817609f15a8cc3103fef6e0eb301b73aeeb790562ea455ab1446e8c08abaefd82291506eef05e06d9dc903e01f3dfa4ede9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55f464c67ede37355813b446d29911576
SHA1c106b7479887d2f28b66f4575d7a686a82a89bb6
SHA256c9a9a08a34620d3df13d5459e6c200a5786af01dd772188d0d8864e068498b4b
SHA51266312e82329450f712245a6bb6b52651ef823c265bb4922371d955e4d6aa90e0de245d28f0f349ce912ec6bedea6e70dc33cc0a77b49129686e95302dd4eaf95
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c7ace537b033ed17438f5ad4af1c3f5d
SHA1cfc190d8424bdd3556e783493a370aeff93d4a67
SHA256e7cdde4e06dad9e4f414637baacb5aab8cdd0231fa3b6b5ab500194684c40313
SHA512649f31a2c5d28d46a2a50831b3bd39007d2acbe6fb22923369bec19497610445a6752f66383cd02c10cf81bcb4885fe2f5fb0901c444798ef599c5b018318ae9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51578238d1fe7769d10c16a3dc3d5044d
SHA15456744e90147a67510a4d6f680fa3630b8f10ad
SHA256b5ed6a7bb6363271f35c96114aed293579caf1a0effc7fdc0b46bc8174a022de
SHA512820db5c1e37b31804e433a1ae91fddad6698172fd89ded1a2a3b90bbd28b2ed0ac149952d49ceccebe048a335ecbf7fcb53a4722894fcf809aefa5a32759716b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53b5b312d1e5eb28aa69fbde363fac50f
SHA139607c546b85aa8ba7de2210df0e0965dbefd67b
SHA2561991288ceabb25a1fab593e94c054016c3519db5299e128afea31db3d65e8272
SHA512ca797e62dc9a6775ef8e9fc23523b06d6c5c06276f9864e62889a5e4b4f128c11ee288e836e982d482e61936878cd2e5efc56a3adfd36c13bb1f47ba3870f860
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD588b096153e541b819b6099201cf02db9
SHA1504c8c1a4c1c56194c9d26f5045539e15af4ebd9
SHA2569b96324fafd3db1553e8b65ef353750d15c7195cfdc180b58ced3762c17c4755
SHA512c31247a84460adcb349f67647bdf1ee42705594eb13d334f216ce4c59ead5f4f7ee4a23d35b0e76a8305cd3bcc676c6fbb14740057065db281610463212c221f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD571e10f5c85df71bfa5e9217d616a2cbb
SHA1f341819869300adba01937b4f810e17f10376ad7
SHA2560b7293005d8611ccc59dd3eaeb32b087cfce9fa77c0b2090f075bec9a1a4354e
SHA512302840bc0e48fb191f04b833dca99e5baea5bfa71d44c064415a8b1dd4e92ca3326f7c5f7abcb2a722c28416487b81fd1fadefc07b344f6ae9fbfece3272f559
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a238ee3935f976ca1164ca4c63b8424c
SHA1cb88aa482a52ac9d9bbee8cddda323b38f70c4a1
SHA256ea8a13e1917a0d6a73965fe51930928e9562b8b72cc50daf07c5f42d10aa92ab
SHA512bff23ce44ad9be1d42fcb8799afb0a57d8ac3e22177dc0577c92cf4fb86a05de6d3f9ff733c296511edb6cb5a8d121bdd20557138d4019ec347512c54167112d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5232f3ab12e6064c37b1a04441886b560
SHA1e99e95131af184762bc2ce49a2583a789cef4b11
SHA256bb7d313e6fd16e969dbd5a71844a13775627593ecb2922a74dae171ed605d66e
SHA512b41b1b75fa8533c863991cd290dc246e32daaee2ea7407cac7f7de4affbff6f9e5a4c1bbbad59aa1f15e8ae6fb126d2da1c60f6a8f4fc8a6a9f5f39c7efd591a
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b