Analysis
-
max time kernel
134s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 16:33
Static task
static1
Behavioral task
behavioral1
Sample
a1590faeb96379db0ee6fca5bf541293_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a1590faeb96379db0ee6fca5bf541293_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a1590faeb96379db0ee6fca5bf541293_JaffaCakes118.html
-
Size
941B
-
MD5
a1590faeb96379db0ee6fca5bf541293
-
SHA1
20df3a9e0d878d1d8b90bbde38cf7eee7164c930
-
SHA256
e4df672e2d2475d3573cf15942af57e3cc93e428c3e5a7348fad63bd3a3c90f2
-
SHA512
8ef00fad28e572f1c1349e5202ed8e4a45b9c19a050b31faaa59d1a92502a498f387a325fe7900c11bcbf15d91cb1103cd68f397d083ba0366b1175a79049177
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{82640D01-28D9-11EF-86DB-FA8378BF1C4A} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424371881" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2388 iexplore.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2388 iexplore.exe 2388 iexplore.exe 1216 IEXPLORE.EXE 1216 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2388 wrote to memory of 1216 2388 iexplore.exe 28 PID 2388 wrote to memory of 1216 2388 iexplore.exe 28 PID 2388 wrote to memory of 1216 2388 iexplore.exe 28 PID 2388 wrote to memory of 1216 2388 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1590faeb96379db0ee6fca5bf541293_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2388 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2388 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1216
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f330b4cd83787babb3b39c97e47e3955
SHA1492f94bac0e55df2b43f42a8759ae34a034e9a1a
SHA256b02d61ad7623aec0a0db35c69a0695ebd01691b58453b5b52e262c004ea42c44
SHA5128675be890f4e8eea55e13447aa1a838e44508a7cbc6bcfc26c3df1edadf75e2cff2f8412694bd5d4221aad26ec5c92c2178a034ac36a0319f078c85a3cf0fb29
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e40f9b5bf419ffafb79eb40e61f4a274
SHA1d8db39ebda4a18f7f7a5443f9104f61738daf1cc
SHA2560bda962aa0cb888b564bbaecd423ff1a12a48eb72eff9ba088725276405c4a47
SHA512701c7584314af0baa2b78c57df67fc2efbe8dc9ed607dcc904f9c36128b821441c2d143f2718cda88413cf73247bfee2a1da6cd5ad691778babce40c073bd7c6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52bb726b4bde5f7e032d895e637259487
SHA1d4d2cb1be5bd1a07bbba6bb33f33a856d64e1e06
SHA256b8c03b0006511f68152279897d79f6f9c60a9a459ce5226cff32f755d4bf4e3f
SHA5128624c2b79ecfa855b6f3846470d2f9951242242cc75ccade575d786137c522d713a11e9c5d4d4e5a282273bc02111eb9c67e54bf34c4795c28ec3c7cec2c0129
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56728a031061da2c5ad772a21955f66ca
SHA18985381599c4b09835cfb4759666a1e5d20bdf22
SHA256719ac3ceb81bd24dd5e76935efefca304f0f105d3a9f16df20d0404b71640c76
SHA5124de5dbc69fb1abf2df5daa809e5c5cf7cbebe601e7b50dc1ded14b584553930f8667e302b58b266f37e5ddb43c3c4269783106afb9edf337ec0d39bf65340bf3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5524fb0ab5cd6e72c81bc8c681810d995
SHA10acf4fc9956eefcad2e8cb034eba31c971e20180
SHA256c589eb703ddaaf767abce3d13ca80e32448a210e2c593ade36af5c9b5632e672
SHA51216fb712bf52061c00c39579835ae91294916b9cf983d11647d6fbf03f5423239a980103694c5cee6a3cabf0334a9957668c749a09d521b17b69cb524e9b82972
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cd7a886387a74c1bf092d7cde0b8f1b6
SHA1f460c5ab5d1537c2fd04c7bc170a1451ee19da04
SHA25669fb77ef6b95ed95358a47de2cbc59a76f1cfb1022e7b40a8d47d73267502f57
SHA5123b353d1491e9cd403d4cfca9e8e0f69a81917b182545e498a91ca326c70061ad1e2424120d9ff8ca99ad8bd99f23931473b121b93f3a7b89f57f83b9def3ee7d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cd8b386f4367a99b4f517b5d2535e852
SHA1ad07a03605ea427ae907c5d8e937fe9a002a9fa1
SHA25611bc5367dbdd3632b58c5afc2591cb959395e8435219ea4ed555089309b7a47a
SHA512620dfb7242c675ef228e2442af8e04e77e3d1636aa8b23c8fb4116b784c38379561b2ac378e5752f324f66943db32678bcaf22131e2e94b8a6ea28f8e0914eda
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD542ebdeca7ae7756e4b87b3293ecf608f
SHA1fe34bec4db4b8e071dc115967b0ba7275e4e0770
SHA2567cd74e0f2a78556068c15798d7ad41a5e4dfb08c447f3e12a2ef21bd2d4ccf37
SHA512071d0a7c2eccee964ae121c53dcbf262d9e13f4223ae17146fb0f0d240f358076f4f59631863836dd6ac924c2cee1bd7803bbe62e91d5f00a2b59e0fa72c38ee
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD510501620b26e4485d3c8e9601433401a
SHA1651e7df2d9cf5b5ffa2bb3af8d4291026e91de9b
SHA256544835f87fd2f0a63aec2c78e710ddb5a2f7657cd56ee4afaa294d1e34ddc79d
SHA512aa9333c43a23ef6c8be0f482e26d6fcbd3bde7aea1b9b5708de794d79c2158b35cdde7176635beaf00d0b2b6a6189384a2eee7604918cd8a6ef9aa58441ad38f
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b