Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 16:32
Static task
static1
Behavioral task
behavioral1
Sample
a158243ed7b4216dae8f6ae15fec7d96_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a158243ed7b4216dae8f6ae15fec7d96_JaffaCakes118.html
Resource
win10v2004-20240226-en
General
-
Target
a158243ed7b4216dae8f6ae15fec7d96_JaffaCakes118.html
-
Size
19KB
-
MD5
a158243ed7b4216dae8f6ae15fec7d96
-
SHA1
cf3fcbe8137a2f43ef88a761970c11c87d63440d
-
SHA256
8605a70e8a117f4791bc172530aedc1fc96f4b4c04d12793442f611c701fc948
-
SHA512
b07159360dffcb2a3cec239ffb689a6428e8ca0a3ad090881cc418a815cb414b34af63d189820aa480d90b79daad104a1bb037ffdbfcb1be1fc9b44c8b4abf00
-
SSDEEP
192:uwD2b5nqlk9nQjxn5Q/snQiePNn2L8nQOkEntc2nQTbnNnQmSgHMBvqnYnQ52NnY:PQ/QLpq9N4
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424371824" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6076E691-28D9-11EF-AFF9-DA79F2D4D836} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2300 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2300 iexplore.exe 2300 iexplore.exe 2448 IEXPLORE.EXE 2448 IEXPLORE.EXE 2448 IEXPLORE.EXE 2448 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2300 wrote to memory of 2448 2300 iexplore.exe 28 PID 2300 wrote to memory of 2448 2300 iexplore.exe 28 PID 2300 wrote to memory of 2448 2300 iexplore.exe 28 PID 2300 wrote to memory of 2448 2300 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a158243ed7b4216dae8f6ae15fec7d96_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2300 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2300 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2448
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c5ff24ed6042db9d519b7957821cfa0e
SHA13e94963856426bfe7d5e8d9e8f63d90daf2b2c92
SHA25604546b85e645e2be61cb41c3a80cb4fa50774f19c4fd672695ede4b95ca1d993
SHA512e3d589d89693e4d851624fd62e7d8043898960a53d6b580893e29338e0697db9e99a1607cb3e1b4384aeef3be404913f77dcaec49d8c0055c54e54ca1d5cadaf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fcef096aa4edeffe1af5678b57909511
SHA1eb1d2fb8e955cbfb75d8e4cbe582e2e66017f0fa
SHA2561e2c1db04925b76204a657c25eeabe4bab335bb670e7e6560f739753c907a6d1
SHA512b6fde8c5b81d063be11cede71c1aba07e775a67ffdc8fee8df74c86688aed00dc79e47ff2f4bc6c799eba3bcc80d3ff19d172c45be111e15007b81847589c1f9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5418447557eb7e94311a88e4e63b12006
SHA1abe17bbd7b5b2a94ffd16870f13f2d89d19e0b0e
SHA256388663e5d4bb447bb4ecd03b2c9a60e71fcca0206ae1f955d9788ba03406fdcc
SHA51253aacf32f6a5d50dd7ac35cc5c126e5cbec1b9e2c07c12562734b825152eb022a749103d4ef8725d03069fa165ddb7d67230874f983a7c404c1f5486a215bdfb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54acdd1ff0fa84b56d79ae2dddba491ab
SHA161683e61c2ebbce56439abcedfc5f18828b34473
SHA2560141036eeda1504cf6d5d9327f5e6a1ad8a8cef84949edef4d8185d8b5ffadda
SHA51275a5eeada72d691e161bd05f766ebe3cb2f8ac739d17da98f3e29d261d0ceb9197e5155a5f62b302d4acbb7bdd27e52dd4ff30f0c21ee93a2bce5ba6e02dbcce
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD514ce05d41ee289b1d78447d79a82880d
SHA102e99f83835c8e73ba8003ce1ec57e286edfef79
SHA2563b05d9db026bb1cce252cdb771631c9308fe7b0824fd7ba0bd19e91b007f2a6c
SHA51239510b93ade61eff229e29b26c5f0a4bb16677dfd6c5f0d305fa8cdb68deea7772583134f082ee24662a84687fc8e4dd2294bf97ab4cd53c189fb01625c14e12
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57f116d813a89d900c4a9afc89dfd8cab
SHA14c6eb8c1671e1aa59551ed8015d865d845461b20
SHA256308b1c016bb9e61591f90512df555b2cb91e1e9f098b86e5e53645fa5cd1c78c
SHA512c0b1917342938e8d43a61280254ef233ce8324958e7861c00f903137d07242b33811989237a2549c7e005eac1c5a81123537ce1556418c39d166721d39066d33
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f5deb3ad02cd2091bf3dff26be9dafde
SHA12171077d9789dd5ff91947611595d0e85ea83be3
SHA2563100a12ecb0066cf38ec7dee1f3b6c451845ffe065e80b3195f39bca206fd2eb
SHA512aab72e4b47cebd759e61c6d8baf7a51807bc6416afe844f4ab02423a4a97083bf0c4a8fbfa55d87b779e727e5b09d5ac0959b5e716ae6a67b9579c8116dfb3e8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f58666d12f33625cf50c470ef67eb377
SHA137403b6210f5d10e5775a85beff7da48ea9fdbf6
SHA2563522b91d19ce1bcf4ab38dc4f53ffb350f602f724060a13ebe40abb0281ab4d3
SHA5126d94b3063bf90433462ddc762d6027a8589220fb983beecb69258f85da72a3ef40d21525167919c8fd52907d90c3786417ee5db2f7d944eabe0c52720e5bbba3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD534c4eb3790da843b78ba47da34234c24
SHA1b6adb9a6a35ef395574edcfd8d7589ffbdbe0257
SHA25665399f0f6f13997de38aea0a5bcf0fcaa930cd2d0193088cd9d7536af27f5b17
SHA5127bdbc103f4de5f59ab4b0bf079a5d94bbf7f3ba3239fc257dea18541e090df622195934fa2689dd332392354178de41b6b0f00f2b3ee346fa818a32c718b27b8
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b