Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 15:33
Static task
static1
Behavioral task
behavioral1
Sample
a12aff3a328681f2f26b387af8c8440a_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a12aff3a328681f2f26b387af8c8440a_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a12aff3a328681f2f26b387af8c8440a_JaffaCakes118.html
-
Size
19KB
-
MD5
a12aff3a328681f2f26b387af8c8440a
-
SHA1
d7fbfdcfba280ee681e8ff4f25887f3283c1fcbe
-
SHA256
1c508d817b3033a21a654ddbd9f39422681cedeec714928c335f072614e427de
-
SHA512
83b1d6a3ea011a342ca117a123d61ab82c705bb1a9f1db8853a3021bfa7dce705c306d6b570dc4343f95154d7aea24c1c196c7212c7544140ee9815fd2257200
-
SSDEEP
192:SIM3t0I5fo9cOQivXQWxZxdkVSoAIM4yzUnjBhuw82qDB8:SIMd0I5nO9HrsvuzxDB8
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{12173F21-28D1-11EF-B848-DEDD52EED8E0} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424368257" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2072 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2072 iexplore.exe 2072 iexplore.exe 3032 IEXPLORE.EXE 3032 IEXPLORE.EXE 3032 IEXPLORE.EXE 3032 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2072 wrote to memory of 3032 2072 iexplore.exe 28 PID 2072 wrote to memory of 3032 2072 iexplore.exe 28 PID 2072 wrote to memory of 3032 2072 iexplore.exe 28 PID 2072 wrote to memory of 3032 2072 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a12aff3a328681f2f26b387af8c8440a_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2072 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2072 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3032
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cd49013829d2641ec8cfda88d1a2e178
SHA146dd2887e3a7b14766620174468fc01374c7d8f0
SHA25695d290a8193f3f93b9d747464189204eb29adda68a254bc75496ed0ac1de0b97
SHA51237d84a5bf770429fb7c149e89db6fc8ff7d3656d26b7acc72b7ed2226e3eb3479defad8fcae789e2f0ae9dcf9507c187fddfc55f0b19fd3cc607178d236c118f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51b190f2f8289f88d22e922d03bdfe648
SHA14413674290d4772e7d799d3cd362509793ffdc87
SHA2562593ae3f0a330510775d39cbc22f8e9ed1c44890f526b0c9cc36530c652baa10
SHA512ba9c6972975a0e54f2dc936762db9efddc83c6a09cd55f0e86fc734e03844dfa24ae9c91a91249ab46c1597af1a04f46985a7e36dc300fea41fc106f5cd6f791
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD563161ff622893f05590e90738cee20e0
SHA16d260b30f1e34d051885d977bb293913dcef0efe
SHA2566d1f1bed674f774acb9caf020845bfc299c233a92453aad01b2edaff8b11a673
SHA512f524024789323072b1ab19e2ed82c21b4a23740f669fa72a1bbaed2533a12a02d975bcb6663f5e5d19d802813c5e646ed0013d34c8aa16fe55eead32b4762be8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55b163aa0b1d1c4cbd27be8382990e572
SHA1bc38ba4d837f66233432fc0ebfd69bbac5c3a772
SHA2566d121d86136a545861b600ed3c7071fb301fe66c0433a93513b825f68998b8ef
SHA5121bb63913d42f3bc43086389f5dc94599b5a483e6b4eed617c37ed3ec1da00add117605a3723539b64a57a26c253f020a688889554a0b9a11ee683e2e7be8f3e9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51c93d93a8fc4155e4eac343206f15459
SHA16fee08632954d14ebe32929684fb02ea0189737b
SHA256c8bb9563e7137b21515a642018304a3acf28db1007a34bf4f5cf6e45a5a75b25
SHA512bf87ece3f3aa65c8362477661135ed40e827c96e565c53f306cf790e3d093b912f2381902f61ce8c7f14b5528376f34a8b35cff1357f8fa48f5b415fcd028b58
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e47d6eeaea6e55fc76083d56ad7f48ba
SHA1e68ad68949a4586753ce777ae0aa703dc77c2d3d
SHA256f6e492befeafdca1e2937234c9055b2a5ce0a1a237ed88afdfc75b1cee0867be
SHA512b41e5bc7d7277208fbf407c0472c0062c06910c60864e2471cf70b02ba957a5dfca826dbb94c0bd2d8d65f065da6451267a07ff4d11f0eb641a8e4f6f836e583
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bf1a512c83f0689a6ac90f8ff5731a19
SHA194e9db640b67ea562d2d9c17146bd7005c885791
SHA256806bcdc7ab1e6573c3eaa10a05e35d0d8388dc4b0bf78da4bdce3bdc5da9d328
SHA5124fcbdcfd2574533282342d6faae7f703dd26df1886c75a5fbdfd06ca99cb0718565f466778ef18a2d473519d450ed2a02ca4f144f6cfc3f635c302116c289a2c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58b36959497d203590f801987ecea8cde
SHA196d6e9d64083c9891fb5dcc65d286182ec9ca79b
SHA256353761df93409482a47f462f95e50a9b1dabd6cfc785eb95f14335e6d5d7c883
SHA51243780d4e5875b6e5c96aa7f66b03409dfe5b94767815589c8bb95a8c74aaff32e824b58825e34af0220a3d7c17855a461dd1add48b0c6e5d65ce1b5872a8b0e3
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b