Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 18:18
Static task
static1
Behavioral task
behavioral1
Sample
a1b4594e1211ebc834379e7525d7d391_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a1b4594e1211ebc834379e7525d7d391_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a1b4594e1211ebc834379e7525d7d391_JaffaCakes118.html
-
Size
27KB
-
MD5
a1b4594e1211ebc834379e7525d7d391
-
SHA1
344fd8a2452de4ec9ca684d3ccdcddb54f2a2952
-
SHA256
95c9af73558c6e1232442e0755397edf5cc80fbf01afe311069aa36f8e3269c3
-
SHA512
28474a359c922cc03397c87503b2caef5ce3a83479c2a98e27ce5f90017f5eef4b9634475392ba87c45ad6ff38e7d126bf6df4177ecf217d0277116c7ffc9035
-
SSDEEP
192:uwHQb5nSWnQjxn5Q/JnQiesNndnQOkEntH/nQTbnJnQ9e+Um6lhUaQl7MBMqnYnN:bQ/b3sfU9SWX
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3BDC6531-28E8-11EF-B9E1-7E2A7D203091} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424378205" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2488 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2488 iexplore.exe 2488 iexplore.exe 3004 IEXPLORE.EXE 3004 IEXPLORE.EXE 3004 IEXPLORE.EXE 3004 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2488 wrote to memory of 3004 2488 iexplore.exe 28 PID 2488 wrote to memory of 3004 2488 iexplore.exe 28 PID 2488 wrote to memory of 3004 2488 iexplore.exe 28 PID 2488 wrote to memory of 3004 2488 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1b4594e1211ebc834379e7525d7d391_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2488 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2488 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3004
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52d790c8508f7cf174a5ab1c48a140de3
SHA1c8849f7dcee723142005b3f199d6fefc72789f05
SHA25677fc729c8581df4b63316e5573ab1a49838eb71b6d87da0f88e445aee3ff476a
SHA51224d108e4cf51f0c05545a3b0d83cbf0e11d07acb9667fa0711547f27db51651319209dbfb844a0270e3e774e29fab4e31cb41a098a0cd9447b86dedc5bcb7115
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53c87b419ad0982f75ef79c127e3faafa
SHA176c5a6899c126518db95269e10d5c99797214ce4
SHA2569853114aa509c86d38b35f93b389e4600f10629a1e54215f223d9dc78ec7ee84
SHA5120fc5a91a243736627fc97bc9c7169060e9f5d0e042c283942c92e6169e2eb81870f03629360e0ca2c4ef0ead732e154af1235d41ead35a9bce3863028307e2ee
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56f746d91bd4fd6e0b194f6fb7837393e
SHA1bb2f2be4e7529ba5a5eaf013f6f28f52077fc206
SHA256b7cb1a5475b0568a6f5aca6edf8c47ddadb77509d2cf10ff7810fd7d865a2b82
SHA51298987ca912c9344df46a9c64c374dfe83c2460088d01d03f3c104e9cd7cf6a47eb0f9215f3f29542c4c2077844b759564c008465c372fe6f863cfd47ca11c8b0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5400972e15fe45eee7455e3c45d4a9988
SHA1eb110389a3a50de1dab20f088785f1b496f20681
SHA256666b2ac7cc62e480c4c73b42bd87f75481d65ba49beab0537518016bb1e2fdd9
SHA51268446a892929b0d6689939c5d82a70ff20fc2d034362331811b1f131090ceb169203b853f13b80a8e5e6f901d3f009444509d863c01a19eaa28642ef29b6d3df
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5498133e2083ea746705a59d0ff0a2418
SHA18a8c2235373b6020cd18afdba8b7d482f9ee7d9a
SHA256c197a98f1ceb4147483e8bea5089670cd2653039b9b2b5a4239aff61283dc2bb
SHA51236f688b36c80e184c37450a8d84809220db6c5dee6cb15239ece77fb9143743b51303567f91414018870e37360e51f204c91708a1e8274a68f5994d75b194d3d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD508914e0afd1ee0d0926b1085a4fc2272
SHA16cfce1200d55c2875dcd2676b587bb00c43fd256
SHA256172e84eebae4574b75e49a4a068a421958ee8269b684aef243240208b71091a4
SHA5128ea586f4ca0d3d82b6a829181b5daa8be05fc5585c87cc8759fea41c86b66eae1233bc8229bfdc018139063490d782536f9f1c238bc16e5b50e8d6bf808c9e53
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cf94f668d3e9e1f9d7aadb413d167fc5
SHA1912f9f1ea5305560fb300b6de5ba5f2d7ebdee47
SHA256006671a7d6e65bb5ab271f422951c46bd189a41d06b0be25f808f8b7dfe59653
SHA512accc6fff0007fe7da651e14d63e25eda491e518e1cff34f1cdba2153f6352b72f3946db8857c385fac7fc9431ea6b9e68fba9ce062211de470b5872eb9f544e5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD508ca68b02d238362a7efc548184e47ca
SHA1d670a5ca3b3d50a05f85ecda73276b0d4079a43b
SHA256b649a7c603d589828565935988b845730bcd3a004bf856f842762a71583c0fd1
SHA512939131f07b9e2f05cb1d3506e209eefd048a2cbbeca9e5e65e74b2317533e19d72d5233ab6fa5c29b9df0c6b2758a042552d603fcfb7507d8372667b182f4218
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5288b66d4f3109f068668471f4c2fa276
SHA15c2bad9b097e897c0d82fd164715f0e0b2e7f325
SHA256ae2110072eb1c34872daca5da1a08fee9578018ea8719259f6d9bfb8fedca442
SHA512589a025040a9fcee59781323dc6c927714cca55422a0ba1d82ab2becb2c584d0c479bcfe3792c003dd3fb8d51f01bf83ac4ca59e6a6fc4eff6fb3a629f69c207
-
Filesize
67KB
MD52d3dcf90f6c99f47e7593ea250c9e749
SHA151be82be4a272669983313565b4940d4b1385237
SHA2568714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4
SHA5129c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5
-
Filesize
160KB
MD57186ad693b8ad9444401bd9bcd2217c2
SHA15c28ca10a650f6026b0df4737078fa4197f3bac1
SHA2569a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed
SHA512135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b