Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 16:33
Static task
static1
Behavioral task
behavioral1
Sample
a158db602e2350088ab08b3cc4f41497_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a158db602e2350088ab08b3cc4f41497_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a158db602e2350088ab08b3cc4f41497_JaffaCakes118.html
-
Size
36KB
-
MD5
a158db602e2350088ab08b3cc4f41497
-
SHA1
ff66c28e012fdd459474ca1f6d2916a6def30aeb
-
SHA256
96f44db72f9a7346fa27b5f8c4ddc1a4d813a55c233e11b4e90cea9509940955
-
SHA512
1b4fe18fc25b31a10e4597d810c0f3094dbaab41847c7b4730deed8738729c5e6d79494355c3b4eb7f8ab9de05b7d28abc3ef67f217ad6ba3320988c32efe7c7
-
SSDEEP
768:NtHSIVkEKWCRFAhnmJKKkgNb7OVVAHBSjVjiT:NtHSIVkEKlRqhmJKKkgNb7OVVAHBSjVw
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424371877" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7F604AB1-28D9-11EF-AAE0-7E2A7D203091} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2268 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2268 iexplore.exe 2268 iexplore.exe 2948 IEXPLORE.EXE 2948 IEXPLORE.EXE 2948 IEXPLORE.EXE 2948 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2268 wrote to memory of 2948 2268 iexplore.exe 28 PID 2268 wrote to memory of 2948 2268 iexplore.exe 28 PID 2268 wrote to memory of 2948 2268 iexplore.exe 28 PID 2268 wrote to memory of 2948 2268 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a158db602e2350088ab08b3cc4f41497_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2268 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2268 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2948
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD532ec7b56954ce59078289fb977dd455a
SHA1241ad003304e9b26f0f1a426835bfd73da7bc863
SHA2565243a9214f2dbd0f5783dda17c1fc8ab2b19e73c1322c2fd401761d311717d29
SHA512a4d40cf38c7edbfed87d11e4b90eda01bb859bd272f250a4a35f5802902139e2cf426374a2c13a7335e61f22d85a720fdbd5341237a9c5a4f5dca10abd63c5c9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bb175ee9e95face1a99cc9453317e9d0
SHA170f42cd792c69a087b50313298e94dc5cae7a45e
SHA256f5ccc8cb6d7356c9e43e5140732c3966d11461ebd089c162112541356409003e
SHA5126677cb750305a1df946dee27fcf339c9e116f6675622c47bf3073070ee61122f603c5e6b60e72fc77d721e0a005ee9aae5301be7d598888fc297caf868d18c07
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bd06f1bfc02d8cfb61b6eec0e360c66e
SHA1caf4f844f406f47f7cdd453335d4b7390f9326b5
SHA2568c9dc1be1f2ba36874e01a26838203152be6dbe585cea4b3d1591006d2c30640
SHA5127edf3ab7e657247ed2c615242f35ca75bc9e2e32e57fcf34a0254b7e60fecec281a6154c7caf1e8f60839d795b8d7f1f4b7e6e0d762a2c89f0aaa00785e080ec
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57662bf9f7e41a3a5e4b2680ef29a851d
SHA1123a7aa8727278601e0488117fb157a2c9203207
SHA25643ed9cd25c0754377b2596d9262cd29a40bf1a132157dba7624819c189b10810
SHA51222bf84b17bf6cfab1bf9d82d16ea94da510f6ae10f7248249beff08e7778a7bfabe99733e3e64525db75d0962ccf91c98cfa22dcdbaea257970d731f264d1150
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a5acc5a1a3987759ebfdb816ff7c1c82
SHA125d33e3bd4fbb6bce6acffe1df56724b9f2979cc
SHA256d256f0de1cc9913719a46784fdc96184d444a40a1995994f24c3203df5f0f640
SHA512b65fa1fd732d249d28ee587e0d69798b88d0931e16637322892a0dd11498b6809d108912342ef2a1dbd708d26e9cc5e53013f9ae6a7e6bab674664687e424bb2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD598eebf920eb785c42032aa85a3c57a0b
SHA1e08595edbebe092eeaf5a7eb2706cc963e9f0417
SHA2564ace467594bbc15799ae6f89db6189977cce6f23df9c8e3b263c8ff5ba81240c
SHA512c8089e631a0f8c14b778a2f6246138705e0c090bd0d7d5b6ee35a668935d86232e616a6b4a3e2ab482336328ad3a1d50de4caac9f526b456eb00c27c3ea93a24
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a31f2945b053084462a12449bba686e4
SHA122ec79e3646aca5a61a855d63f1086d674020804
SHA256fce2b26aab9d3be8fd7e5b32ed3e8aa2d2191e27b4d46015f9c42ff9d8036341
SHA5125203de43a8ce1fc935f9c4c3cd69eba2bccf6318605ca965f98ea38fa269a699c407c0ba6303870ac2908389b8fae647e2cb1f7b58ba6247d93f7587c51bc89e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a136cc7c8361f4e8c3fa96cd6c2dab71
SHA117690b1758a03ce26ae80da31dd108dda60d7f97
SHA256655c345976679f8241f6d8e723e5eed1720bb492a28ecbe9b667eb791da9c06c
SHA512e29c8eabccacf31e6970168da70f43e0b47e1c643d82e54330a0907bcc63393792243ac9a88d2abadae7cbcc42fcaa49c7a62017ba56064dda62fe0c55d4ee6f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56ef7d7cffe193a2f09692943fbe788f8
SHA109cd04c5f440e9e1695a6837863a6655341cfe43
SHA2566b458c50a4de2a173b584fef0f218a87cc924ab6067de5c965ebf0a4283f729c
SHA512d242323589bd10737fab49a1149cab9d6d31b2e59b8cf7560d330e765493d7ba955daafe63b937ce1faeffdfff332909f5f0171e4cf650db3904282661439fe0
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b