Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 15:31
Static task
static1
Behavioral task
behavioral1
Sample
a12a5fb7bfc7a78e899fa5c7c8809580_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a12a5fb7bfc7a78e899fa5c7c8809580_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a12a5fb7bfc7a78e899fa5c7c8809580_JaffaCakes118.html
-
Size
27KB
-
MD5
a12a5fb7bfc7a78e899fa5c7c8809580
-
SHA1
b1181818ea0d1d1ba0e1ec739c004bcc0a1ad355
-
SHA256
f35b6d9014054b65107315f2b79cc065fd9a623dde4554be72b70252e58832f6
-
SHA512
585702139d6aa84a62e39d3413242bbe51148878f344810f74fad14827d80008f5dc88823071ffa9550fc2670b9a7931b5202acf098b08c4c9344e805789c257
-
SSDEEP
192:uwqg4NGYyBFqb5npJAMw9I1wIaJwuwxZVunQjxn5Q/7+nQieXhNnOx4nQOkEnttE:iQ/ro/KfwSbkN
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424368189" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E9D9DAE1-28D0-11EF-94DD-CE80800B5EC6} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2500 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2500 iexplore.exe 2500 iexplore.exe 2424 IEXPLORE.EXE 2424 IEXPLORE.EXE 2424 IEXPLORE.EXE 2424 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2500 wrote to memory of 2424 2500 iexplore.exe 28 PID 2500 wrote to memory of 2424 2500 iexplore.exe 28 PID 2500 wrote to memory of 2424 2500 iexplore.exe 28 PID 2500 wrote to memory of 2424 2500 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a12a5fb7bfc7a78e899fa5c7c8809580_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2500 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2500 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2424
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54d12ef4ab2d2bec5ae72522b866aff23
SHA1d4bb59b36c4352445d83f1459515f5d72d1855ee
SHA256601fcd8cb32bb804fe711b66c84fd44478bac074569eff56156a6b43490b7b14
SHA512645e1c58430950d0d7595cc0841872a10339c878a0f920ceb51b087a91b10c0fd5730e0320edbb11fc4af26dd101d1a36f62f0d3bcec0293c52db1345d077f03
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD508276b0e9e5f48ebb627ee98906a3515
SHA172413ddd1a72a4381e1271c40cf7d22d86a8dc5b
SHA256a5ecef81ffc2ecadacfa4ae0d0628b47f59ca87ee84a00b6038c89f06d00c430
SHA5129c22f457c965a9e16592634655293f5c4aad66f18ef80d7084ec729746a72b044f54514b089a3e0c92cfeb3611b9bff0d460985d0055eebccef5e71d5917fe62
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD569c5f1d2161c7b67707d7dae978db712
SHA166df88697ca820e3247c79ee71453ab08f9ed191
SHA2569f0dbe7adeec474262bd425b232755bd3956ee7f34dc4f15030c2e93beea0cbb
SHA512aebbfd048d68444ed8c8dd57893e16c7533ddd2d2c39e5578bd03d6bfd581a538cb1430b8ce4c49ed0982017a8c0763626e9a54b9f2cb61d994a506c2cd1fcd7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD599cfbefd7244d469ec9272d8fae975d3
SHA18cd5529f57811f6605c7b2d50dba39200f4c352b
SHA256050eb93f7851c4557c3133f1cabbf4d3f09e3c6da82097a39250b3517fd00f0a
SHA512d747dd7d7478765745a4356ea58bfc755639752984ac4ecfffe69f6d11c86ad3f19f73611b1574513fd098f6be5a49cac5ad22291347ddc409e30816b821654c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5244fa6a90689e5efed8b0d81f1d75eee
SHA12aaf81eab03d368eb31fe0684f56bbed450c60c8
SHA25649198399c952565c59b43ae5f0e954f6dec3e7a9bce6aff050bbe4dfd62c5ce1
SHA5124bd567bc6e0b8897a9666cb132d8b52e8d9533841b4c7947832302121ef9f2648046de46d177da146b8dd02f4ec472590dcc8d57b8e9746641a8f7e1dac1968d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58ec262f0a00de15b88653994b2bb9d14
SHA1157c754a797459686386477577ba82baabef771e
SHA256e39331d24966f44e8b16d44f84906f1ff284222cc7c724400d8ea968350db5b1
SHA51224c268f8c4bb348ed6f5503acf190809a31cf752a1d5573fb64b26b404e9b6221d5d64005870d92f53c4e75aa83c9e85a1ced054b7febfa6b3c8881c67352436
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD569ef2cc0922fc17ba83abe5f13d1e7e1
SHA1914c4d64dc6aa1b8a0b6e0af1570db6f256bf930
SHA25655bef446951e1528770bca98ad51abb75a083321673d36fadd4b11458394ba9d
SHA5125049f029c9f0e9a962c3d987e85c9504e5d01f5af3810b67a8c3a95250d9ba55251471589ae5a7cd888327e499dd081d1bcc2efa5dc3ab30bb4ed46e5b0da56e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD502cc18fdcdb88a9bb2d51a452c90a150
SHA130150bc89b06d517c67f189a688a7cec7e4dd1b1
SHA25666f91a82686d347092c3d0b1112f61c7670e6ea1f46e78e63a32ed3d6b1b8432
SHA51242ca91a09f9c4b99d7cd4f6a6cf14bbb77a82e7d12a5db0474d64bd8294d32ea4cbfc769fcb1659a311c2aa2e3e67d70debc9c8e22935a9fb2b8dd197a352c25
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59b2295cf9c0cc755bb8d271c84d222f6
SHA12c6029160e9d4d6d1f6bf94318a73c3305674bfb
SHA25698d9e5291b37d372691e0cf71787206950c8ddd737a75a8e44c58ded97dc9027
SHA512de8b8047810aa3dfa480fb0c9c8d01a458d0562cf580a4fbb69050d3f70e521d206b4581932c93b71558dbb3e4008f6a06b9f6ba88961b39152253bf57ed8d41
-
Filesize
67KB
MD52d3dcf90f6c99f47e7593ea250c9e749
SHA151be82be4a272669983313565b4940d4b1385237
SHA2568714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4
SHA5129c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5
-
Filesize
160KB
MD57186ad693b8ad9444401bd9bcd2217c2
SHA15c28ca10a650f6026b0df4737078fa4197f3bac1
SHA2569a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed
SHA512135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b