Analysis
-
max time kernel
129s -
max time network
143s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 15:32
Static task
static1
Behavioral task
behavioral1
Sample
a12af173d155e184c590af77054a57b3_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a12af173d155e184c590af77054a57b3_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a12af173d155e184c590af77054a57b3_JaffaCakes118.html
-
Size
23KB
-
MD5
a12af173d155e184c590af77054a57b3
-
SHA1
3c392d90b038e44f05daae04143282704d5e9dd0
-
SHA256
a22da05a22e08edb8254d33562a6e96876c3c92e3f21c9ddff2892b649a05b04
-
SHA512
308d10721ef761f679a794ce738ba5b21cf2da87958df9e7f42bc29bdc4c4df2a66b87961e78d3dcd53ae37ea948f74f4d25de1ef472418e0f926e8e08f09fb7
-
SSDEEP
192:uwPYb5nKGnQjxn5Q/xnQieENnGnQOkEntjbnQTbnxnQHGLnLnQtiqMBkqnYnQ7t/:DQ/eGT+O
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424368245" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0A8DB631-28D1-11EF-A155-FAD28091DCF5} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2040 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2040 iexplore.exe 2040 iexplore.exe 1620 IEXPLORE.EXE 1620 IEXPLORE.EXE 1620 IEXPLORE.EXE 1620 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2040 wrote to memory of 1620 2040 iexplore.exe 28 PID 2040 wrote to memory of 1620 2040 iexplore.exe 28 PID 2040 wrote to memory of 1620 2040 iexplore.exe 28 PID 2040 wrote to memory of 1620 2040 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a12af173d155e184c590af77054a57b3_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2040 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2040 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1620
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5503b9d72ecc4d21e32d1673acbc2be54
SHA14cd97c3e99c002e1dd894630f992de51ec1c4751
SHA256e229889844573222c340e0f84ef6b78ce12f847d823c5abeecc4fc30265211b8
SHA5129a98b44dd455bc284454185d1397f48afeb731f75662b33f665d0b4341b1168dbf8d39093eb691021ee8e501847125b04d275eebf53c9f68f89673182efe0378
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5516e386b8ed1738dd4d04336e1844234
SHA1a11f95ff6dff1b6c88ef1bc8765be19296857ebe
SHA256a80f32bac282634d9b466699bb3b6245f2842294dafc11323d31fa7661664cb9
SHA512cce0a8e4e2354a59a80ce2add6868db70deaa7550e43faf4201d196e75c4c36646b3379ff38075e67fc35599b91ea08850d3edeefecc90ccf74f4dc94f932d79
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59b19ccc9aff055f22f2170ac55805c59
SHA18207af131568a31f539aa647381a06c6a7874b73
SHA2567a70d4690b64532244591aa890b870989e43da5a29b3e587450a8e822465adf3
SHA512bc65f1c7ec16f420fa1861b0de2fb27576b5d2a6c1a09038a95985823831474b57bd4edc965686644540d2958e1478679028a06b138b7e543ca5bfef47cd45f2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53bbd2d07ad0301e96784ab274e45d106
SHA1b1266c260ce4156150ec4ada7fda2989bd910919
SHA2567d3ed947b16cb282e901bf14ad1cdf98946b8acd9f89ceffe3729969879a929f
SHA512e7a086a43a1b99e13b0548be87919c0edff4db75b23cc33d1c181e321135c475437f7936b6bb6b5570e55c790b94f2e2b7d14fb2f4020d4929e96244ac0c3a42
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5338215ffcff811ccb7c7927f56effb05
SHA106c384ba6bdbce0e09085474ce00c245380fe01f
SHA2565261a8c42fe0a24d06c886fce5ed2c5925b3f2c2beb521d7989b13b175169e1b
SHA51233ba10be095eb4962657f79dbbe5bbeca3d594b5f0373beb419bcfb6365db4dce751ae48ee1e293b9663cf8502595c342d2958f21f0425df09014f632b35f165
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD587dc97cb37e6f4c0cc25a9fcd6350cba
SHA11da78f717a1d04dd0a39e5f658a3840220a89735
SHA25672d0f8495631c3a7a775783c14cbd0b240774dba594348abb644425626355c24
SHA5127ff4ce4dc0e2cecb19894cbf0dc2fe13abc96eb47811787c0988b0372a3b1e83eda84cea79e7ff1e15c3faeffd04b926a8a937bf50c7685a13054ca852ad41f0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c3a8b4f9c71bc7592b7716ed061044cf
SHA1c265cdcac51bf3acd0b8af4cca90025422a8635f
SHA256b45707a995b3791fd514c0e636914152eff9383e2d40d41cb52d5546f0ca9c4f
SHA512a9e33a6b0e73f9dff87641b55a2e99396b9ab45b96796956d40901dc85e192c49fd0b35c3d9043bf0dbe982f79af90acd024519f0380d136f196629ecd81d514
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a305a8f2f6c725825242132f5a3e8ba6
SHA15a99f90326afae9d74800b518472dcd53008570b
SHA2567e2c804582685814e8f8b8d44d73625016ec789fbc360273cf1ae30bd2acde47
SHA51280c7bfb6a68422e3840c5f745e4194762e724388a56ac41e3a7e36e323e484c5680454799af62c431b204874c848072cce25256582393307e3a505f72f33337e
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b