Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 15:11
Static task
static1
Behavioral task
behavioral1
Sample
a11b7b7524967cfa5484234908827ae4_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a11b7b7524967cfa5484234908827ae4_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a11b7b7524967cfa5484234908827ae4_JaffaCakes118.html
-
Size
24KB
-
MD5
a11b7b7524967cfa5484234908827ae4
-
SHA1
1bc6fb685bbec936d19b504b551c7cfa9eec654b
-
SHA256
4faaa7916a19901e86d7297bc9092df53080c3ba083dcf91bfd7a6f103fb8aee
-
SHA512
791dc651d5569f0228b6fb50ded783163003c0f44564a50efe1a9ba8425a50c5ae28c61c837bde42cd23cf0335adc8b5c2b816fb3c37fcbe249fab9f7f826e36
-
SSDEEP
192:uqN7HRb5nW7unQjxn5Q/fnQieZNnWnQOkEntFYnQTbn75nQeCJVevo7NtIFo+NzE:nIQ/TygcnnB1
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{12A6C4E1-28CE-11EF-B477-E6415F422194} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424366969" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2124 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2124 iexplore.exe 2124 iexplore.exe 2352 IEXPLORE.EXE 2352 IEXPLORE.EXE 2352 IEXPLORE.EXE 2352 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2124 wrote to memory of 2352 2124 iexplore.exe 28 PID 2124 wrote to memory of 2352 2124 iexplore.exe 28 PID 2124 wrote to memory of 2352 2124 iexplore.exe 28 PID 2124 wrote to memory of 2352 2124 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a11b7b7524967cfa5484234908827ae4_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2124 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2124 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2352
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dc0fb034e4ceac4abc443b61e53b57e3
SHA174ab6e032ad341128c10b62d365146272b1e46f4
SHA256a6523a89e48ebd22e1b511e2e6ca0fcdd288d2cb47854cb656a46d505853fd08
SHA512110e911d3b26d6dc4a98e99dc662147ffb197d0d79083d69fe7373504b7880fd058c345c51969c89a8e784679a594b34d0d0e0b3467684758721eae1260aa327
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD564cdb89f953e56ade5d41eb444c37883
SHA17b05b78e8d9f382c2378c8b8891655edee564c63
SHA256de5856a57e4a980756b69066fd349e1c100fcd75a77dbeb96451834e3d0b91ea
SHA512f03703aaf0ef11bbff37c186f2645b4c76ed5ed78400350a6b0074ebd3fbec3e2663ad329abcf395e4a0c1bf0c8d799dfd365db7b239881ea835a9aeb7e1a070
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57f06e6d9a96f24b4a16c0a91c0e0f4c9
SHA1c5391d2a89004460e5819a4185f595f7ba3bf151
SHA256991295bd06452864c567bc8f60c71030477cce0a7f8f99f228760e8299f2bec6
SHA512c31c635143f2bd762eb599e7dfbfbf55dff14097de813c7de350f8fdb402478af3ec467cf9e6e9c653956e0e6264353045097e34f58dea3cf21f70c3340ebe00
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD584fa94ece536ba95f61c33984bef687f
SHA1a7b186a677602c6db9cf81e57ce745d865c8d5fd
SHA256bbf56a1881a8cf33d523e6a852637196f49e0fdec171e6a000b1d0a7a367de04
SHA512ea3d9b57c81815ef91f96a2188c0c64fbe1d7dc725b3981cadb1e85e66e40177559da008bab0df9435f117167be7fba86ec56320b3b5d0bb0dd97aa5cfcb821a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50c3bd4308d352ef35093bf8bab0e2c86
SHA1f41db67ab8264c4d75b6bc4c0b5cfe09194f8995
SHA256738a3e104eb81df26a456bc0cced57eb52490cc231f29299c0ce19bfe26bee8f
SHA512bff3959efb8c40750b3bdd53e8ab98b2865e91548f8f09d789b4bcbf53cfe348d6422e1368baf17c6b2afaba3cdf2011aa05a28afaea51f233c1ac1a25e06803
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f5a003c7c160ca60ac2122c1d4bf1acb
SHA1538f9ba0a8f6241ee71e175d7797a33f42d48d90
SHA256c1ab5343251ddaaf59d5865cb0f80716f0902ed9bb3c5371cdeae47ca894f57f
SHA51219d29aed76a701c611dd763af66cf3c0c956b953557f376de7be75ce65d49ab628172b6a45f7110dd9e7a2ac9f9f7f1f0a345ca4244c51384e638037bcf4f6d6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56a0ccb53d8934b224590a1ae6f8c5265
SHA122642629bf0735936cf098388bd0164c216dcfe4
SHA256ae800ff7d284563c8aab6976c33cdd369fb9ad7d3b9255e2a7dda893c37e5e2e
SHA512c4d280cc309c003dfdbe6ba05ac54739b7432a3d75567f8997d1c741e554a087bade705eaa505bdda8c85b384d3d9da5bf036ba9680b1ed4e979b970494e5a17
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57fcf3ec277a619ccc995ebd62c1dd6f0
SHA1006b78c25974a4be6f0021c6ebc0c1ce615f26d9
SHA256d77aac502e5cd44382a28fbfd55b12631b2fbd9e2f191d79f4411f8390c4fac9
SHA512880f14233e2465565f4c1974b185ac51b7e0da37e413670c8bda1273f23cf202ebe61be1dc3f0c97a00ed42c66bb1f8f513267a1a2ab71da0f45191e45eedd19
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56d4dc55253b417b99ec4c8ee15a37563
SHA125db43fef0abcdebb12be1ce609e9ed5f131ccb8
SHA25651748ea681c8099c86dc151582f9ac562b6d2c95a6bcac1be08b783d638d6e71
SHA512d02524e2a2c938749bb91148c8e188b445d4ef07291c4a0f245385d3b0f129660375c5783c7427d6bd6a05df8554cb7bca1e27225036f359c3db90b730ce2b96
-
Filesize
67KB
MD52d3dcf90f6c99f47e7593ea250c9e749
SHA151be82be4a272669983313565b4940d4b1385237
SHA2568714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4
SHA5129c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5
-
Filesize
160KB
MD57186ad693b8ad9444401bd9bcd2217c2
SHA15c28ca10a650f6026b0df4737078fa4197f3bac1
SHA2569a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed
SHA512135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b