Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 16:32
Static task
static1
Behavioral task
behavioral1
Sample
a157afd9477765678f9f22a429b92af5_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a157afd9477765678f9f22a429b92af5_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a157afd9477765678f9f22a429b92af5_JaffaCakes118.html
-
Size
144KB
-
MD5
a157afd9477765678f9f22a429b92af5
-
SHA1
e9a57d6c3d6b74cfa49050655b6684baeda86c5f
-
SHA256
d49cb61a30dc2093703e049a29117d4bb2f5785856719412c9aba7f3b61c4677
-
SHA512
aef647cf5fabba2c5260542a3df3369a4d0c69526ba67734d6371687fadb4fb88c26727455b05db066594a11d2572ca796469934cb054a09c3a40b5207ad44b7
-
SSDEEP
3072:SqTi/ix7dyfkMY+BES09JXAnyrZalI+YQ:SqTi/ix7osMYod+X3oI+YQ
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{50F07971-28D9-11EF-8721-FEBBC6272832} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424371798" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1752 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1752 iexplore.exe 1752 iexplore.exe 2140 IEXPLORE.EXE 2140 IEXPLORE.EXE 2140 IEXPLORE.EXE 2140 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1752 wrote to memory of 2140 1752 iexplore.exe 28 PID 1752 wrote to memory of 2140 1752 iexplore.exe 28 PID 1752 wrote to memory of 2140 1752 iexplore.exe 28 PID 1752 wrote to memory of 2140 1752 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a157afd9477765678f9f22a429b92af5_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1752 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1752 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2140
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59461982000239a00cf33d743c7c285a3
SHA1c33474308f994bda1f17a8d6d517ef865d612cdb
SHA256c1c40f7f08fcd31e119a2bf8b9ebba3de37a8c6207bc0835609467e260802406
SHA5121bfe648867e82a4e4a4f514cb8254469a90d96f5bac3150f02233f2f3108f066faf598de17ea92743208fc4e635f3cbb3b4740df805bf69e0920f581523d04ba
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ddc76c2bc9d8b18075fa87bcf10e24c1
SHA1e1b097071fe2e05cbcc4b66d229232b0fd6afaf9
SHA256e06e170507d72eaaeca8b13eec541c4c5ffb84c8a5ba60a119b3dbde74dad81f
SHA5122a3d4430d1a3491b86210578c07da147f583e82c957ec912390a430c336746bf4b357eea0322d4c772e49d7e020ffe23604c643527270f2a3f2b72b0cec219bf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5926e3d5b2098a36a76e341dcc4fdb87b
SHA1459630d24a24e73af5bc2043bbeb63ebc1861482
SHA2569cd78c2d417193d105426d70f4a8fc41a9aa071db62062deb7a020561b2f43f1
SHA51262a7b683d265f595c7b385eae8bc8d943959101f5f36e3d46015443d179df71bea7136f23bd4992e6c294a5b25b779956773461039e2790ce1970815e624ddfb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5de615f2b8b62d2ee056eb0840e86ba26
SHA1a114490b893b525869c8dbddddb95777a0daee4d
SHA256ef8953f971d3f45d97a8f0c2ba9f0b210de9d7d6a845f83b6397f20cbc209d3d
SHA51223087ff6ce85dab3b4255f4205e179105878f52a083d7afc706dd63181941797fc317efe1de352527f66e56ffd008afad05209eb1b05ffb78708d329bc1246ab
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50af773d5497a87d9763d6ab3e09b6399
SHA1d9f831076105cc3775d126e78a769e1fa3a1ffea
SHA256cfc191991f740401ba823fbdb34c44069e74b3ac6feb978be949e4f41dab5638
SHA51259f198db1c60b2d64d608e77a03fa68c2928931099891a60a1f4b604984b18de2f825bfa7310ac3b197391d35d9b132779f444b0de152d64875bb45efabae014
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51748562b6769aa45215cb27e4f8b0b36
SHA1f972ff08316ac51cfc12c85d2ac579fedcb37ee7
SHA256ddd2dcefa693ff80a2a3276df8c5dc15614503912270ff01fd342f8ef497cdee
SHA5124f22cf04f03816cf2fb327178c00f97a50850b2d7928c584a5426d4ec816ce908def4abadc603f28f02e84e938b9f39e48f3c0879389b1cd8cb61a1b6550ae00
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b419682dbab0d2c45930c455d7a6c7fb
SHA12fade4fcacd5c5eb726fedbb6fbf26e6fd094e34
SHA256398e126b10037e234845915e11bddc5c5d121012e6c522f0de2013ceabe2efc7
SHA5129996ecb56466f47044952eb72a5e86d90263eb24c58b5efa2602ac1d35383090618e8e224766a5093af51798dfa61708efd071241017b576ae28899de157029e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cb1a0d9735e238c2a9fb0b0eb1ce2274
SHA1c2ae979ab31bc5ec5e9436a4e4b15eaf91f4b138
SHA256630c95eafe2cfa0deadfdbec353a9b145c8dacbef4864fa0f159d0e627880c4f
SHA512a5115e1f2dd8cc581629d7180f863737da9621a5f0a7eed8aa6a298ed35d838f3e7dcc99a321ea785032c45e9253bb95d56ef60dcce7795e36af92b65ebc1bed
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b7cafbc0ebabf28a4a759a6c074e395e
SHA12f7954842096eeb8ba3d2e60a4c65eb08ebd4aea
SHA2569c4fee4ebe5440748738b4aa48470fb1954f978b7253d2b967a41326bce1a0bd
SHA512eca586c4b20f44df8030b8edb8f110fa58649d767061f3f0be1bbcf2063589d035a2bd3f02c807f447603ee272bd9b427e2f1b318d8a6a78faa94ddaa4135814
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b