Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 17:10
Static task
static1
Behavioral task
behavioral1
Sample
a172e1a95e6f89239a7d73dcaba21e49_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a172e1a95e6f89239a7d73dcaba21e49_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a172e1a95e6f89239a7d73dcaba21e49_JaffaCakes118.html
-
Size
23KB
-
MD5
a172e1a95e6f89239a7d73dcaba21e49
-
SHA1
23ec8cec733b15e77d76ad08e03ca1a992dccc2e
-
SHA256
2fe0b6d09405de9b2b40ae3aed19235b0dce85c93eced9c68b014f36d6f6f304
-
SHA512
a06cc123869586b7e9ddb361b696ddd38fc4aef4f3d2be2d60c6b989f9692f5b58a2f55d73c1d897471daa5d5552a5b669d49c1219c040209c66f552365d1e78
-
SSDEEP
192:uwTtb5no6nQjxn5Q/nnQieuNninQOkEntZVnQTbndnQ6v06J4RnQNjMBOqnYnQ72:IQ/Jv06kEn
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424374104" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AEAE2DA1-28DE-11EF-8B35-D2952450F783} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2260 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2260 iexplore.exe 2260 iexplore.exe 3064 IEXPLORE.EXE 3064 IEXPLORE.EXE 3064 IEXPLORE.EXE 3064 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2260 wrote to memory of 3064 2260 iexplore.exe 28 PID 2260 wrote to memory of 3064 2260 iexplore.exe 28 PID 2260 wrote to memory of 3064 2260 iexplore.exe 28 PID 2260 wrote to memory of 3064 2260 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a172e1a95e6f89239a7d73dcaba21e49_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2260 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2260 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3064
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a2791cd495923b899ac9a04b03a69d27
SHA139478a6ecb2bce4be1ddf1a82ed914f99eb12a7b
SHA2562e24c789dc0aaa253ee3b01d7d23d4c466a9c1719e7dd7515255ed91fd7f26fd
SHA512c8beedcbbb3335ff39057be43feb8f151b61e6296d4be4340c7c13ae3de5a0ce7f937254fdbc6fae88332f13334afa4862dfe95fdeeeb093659b1a9b434dcdfb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD536ca1b9d42370d58aa2274df12cf48c6
SHA195708afc620fa636a7ea24c8299b8884918fada2
SHA256474b64d97a3aebcc469a06fe3a79e6964e053a049eaddbf5ab8c182c1a95537d
SHA512b247cbbeecb0af61cfc6e36e501d7706e2129a0eef18bf2e989c84055f090c8309a328c209af9deb4dc61e2867aca8aa7aa643c46c87919221ce3da702681c5c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5821a96c96d1a6394a0dc5c1139fed1b1
SHA129ba1b9cb17542d143a7e412374a5458fc4c789b
SHA256cd12635e4dca9c80407e4049a9c66253ba22911e62266e658c67b2c1f217ce48
SHA51244272fa8df961be47a40508ae729fa5fd5eac972b2fa01da9b9b0194198c3afde81b8161240612cde0bf29a4daaeb0c133c962ac4798bc7ec1dc9746eaffcf86
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD563154f9f52c092f2c5f515b76d8f4ceb
SHA1ccf7dd225b6e2aa549d4a2bee674ff19a91046cf
SHA2565b935171ee9204d313caa390bbfe8e791eec633cf66844fb6cc47a5907d5d4c7
SHA51228f67fae865f7c29c73bf69561b30bc7ca27a8e596e902b338a4754074685d850b32ce0176fab87f057afdce01b16b9cbf51dcfa448ddd988ddc53dd11106cf6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD580fb886030f94e40c0ed1b7a04afe75b
SHA1a1ba0314df2349df33371fd2facfccfca998e86c
SHA25684c64dbbfb266e4fe78d16ba7c996ecc05b9c292f3a46a3e2bcb8b17c6cb0c3e
SHA512efd62b32cc80da5e281364f0d3546b0bd675fcd0faf7fc99f16668823114a30518e5ded600bdf29149479b0063a7b29c52a7d8d4c27367be30b9d75629841c20
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d2816f78cab802e28409207024c1e125
SHA1cb15610621cd60bcaef2d0843d9c79a2d87171ec
SHA2561997d867fd2d8647c0cbf1157ae93fb3fadea76022c1e18df0984ec52f66c622
SHA512fee8e44a4232f85724f6809f2079e8be51a9f2431b2b46ab0f95a114379ea0f6e6b45254bf88450ef650fccb6dd529c8a6e93cbea910ce227e7b3c8012d5b29d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57a069e1c5324f646bf969c33d7e7b0f5
SHA14e577e62442d992d5ef47c848caecf16bb443aa3
SHA25610a1ecb35bcd9f5fbe59a89e47a9a5c579d5b5d072be899e002dc2d4de2bbd42
SHA5120846d63dadef5ab0bba45acf5889c6694648055ebf0a1e535b39064d588f15e1ffacab1dcb03a7ec03b3e79a6b0e842baac7b90ab5f1d2ad698a39ac4d4ae63e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a860eead40daf7769517b0daf21e5c10
SHA14ed1bebb0ffd581b594be23c0f98602064a3de01
SHA2565216fd3f75b0d5ed54d1b4f7dbba69fe1b3e2a6e0fc59492268cb7be7661aac2
SHA512fccb1ee071fd089421d1152ad5d708fa4e9f0f133374dbcebb40c99297c279e85dffc9d2bc4bd56a491fa9060593ab1414bf4c9631a1b070f60f2f32bc8bbf26
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e37535cf8d0c67b41fcdfcabcb9c19d9
SHA1d15b5c818df09d136626ec2e36729f06ee8a4764
SHA256ee42d7571c704c40908cad1ad8c5ccdf75ae5cd394e81c4cd75785a9344dddfe
SHA5122533f1dde2518c8afcd0aa1ead0b51ab3e82c5e27d942116a67ff829bff1711567b01a0dd59ab5563c91eff2fcd5794f44674dce03a036d551f1d2bc631bafce
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b