Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 18:19
Static task
static1
Behavioral task
behavioral1
Sample
a1b478c8e8bddb8d9e7d57d144a7b1d1_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a1b478c8e8bddb8d9e7d57d144a7b1d1_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a1b478c8e8bddb8d9e7d57d144a7b1d1_JaffaCakes118.html
-
Size
22KB
-
MD5
a1b478c8e8bddb8d9e7d57d144a7b1d1
-
SHA1
5173c9cd7d739c13a3f011dcf2fa06e94b027563
-
SHA256
b58558a98ed99cfabbe3d25461f661736728eeb2fa20645f1b5b3c12d50a558b
-
SHA512
e4ca83f2aae4de073360dbfd63006f4974d65308e622b57762a412d5de4efe478ad865c9d75a9a78395acb91d544a6c2a3518499d222a7b3ab2ca3f9c3921d65
-
SSDEEP
192:SIM3t0I5fo9cKivXQWxZxdkVSoAI64uzUnjBh+w82qDB8:SIMd0I5nvHJsv+zxDB8
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4395F701-28E8-11EF-B5E8-DE62917EBCA6} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424378218" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2196 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2196 iexplore.exe 2196 iexplore.exe 2804 IEXPLORE.EXE 2804 IEXPLORE.EXE 2804 IEXPLORE.EXE 2804 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2196 wrote to memory of 2804 2196 iexplore.exe 28 PID 2196 wrote to memory of 2804 2196 iexplore.exe 28 PID 2196 wrote to memory of 2804 2196 iexplore.exe 28 PID 2196 wrote to memory of 2804 2196 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1b478c8e8bddb8d9e7d57d144a7b1d1_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2196 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2196 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2804
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cce0943c1fa03bd30986239695d186f5
SHA10d75da4f5fc8e2957b0166bb484183565f888bb3
SHA256d5d3900e3bf485b94afd94d33600ac27abe619b2f710a265903e2b8d0019bb52
SHA512a7eaacb16432ba1406d2b3e7ef1ab6eee1b10ffdf7242804132db648d2132a9f62878e923ee610cd860bacbc645f136499dd91a7d46e96021e0c85b463b81721
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD548bdf42bb4b04183d51c969ea395ec92
SHA1e9b21cd9330aab44ca804a285a9d0982ddd9ae5d
SHA2562c02b7efa43f315762743c335a6893b91545f1541308abd28f6dcce4578a4a59
SHA5121b371f3796a538715a80cee241dcbc65d0b983c2ba4ac756c277a30acf01a56083e881ee51e33f0f4bcb8dbae6ad28112ea65e934fb4f9459376fc410c70b899
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57a8e9f0cc973c25b0c725e8572ae886d
SHA1d4b72cd6798511c7679465502b313925ffd13e9d
SHA256c851a30e6eb59791db3af22d8dd46b1ff1bbfa71826516dbbff7d9694953fe7c
SHA512e5ba8e22a5e1e0e9b33f36c06294ac7ba6282e8329a40c668870380a437577f76145bd3126e10de9bf36f8e29e4fdf5764cbe80c01e4af791ff2ebfcfce4f0da
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57675772c000e0c89f996bc86ee6a3502
SHA1c12d3318dbe7c33467f34a06f41ea6c5ee0b4202
SHA25632c49ebf4aaa366e71cd9ab3f2b21b77113b7f15aaa77dcbdfbf76ad6d8b288b
SHA512ebf7a93c0f6f65c40bb85e9fe1adbec3b3d8e34078e38b30aa991b0f24da65462e1ef431254b651c0e95127d4b32bf0bdc871b02aade3d9677400b45c993cc97
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e0bb59abe000a12d94cce0d8a6e0bba8
SHA16223ab1bb36d41d3c95b277cf88d28981b6c04c0
SHA256c0143136765f8c1bd75737045ee97968fff6e3d6ccbbf46baa9ada28c1bcc942
SHA512a8fc014a7ebe6bd7d373c3eef029009a0bd9eda86591644adf7c40f8127509de8a433b74eb464409e3e86af70c5abf0d084db23ee91bcba527eae4fed5075ba9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56423e3c88cce1aac52df12228e3e04ee
SHA143a20ccc07238394edaf6b5209af1af1527f22d0
SHA256b830197d61053a2a5ea0f08a1561251e4f38cc35c7299e79dd86b906e8d27d1e
SHA5121751db6435d7e928e01bb935d4da16690b49b8c450adffa781a391fe89df195358ebb381b23556ed3c583a3e4c4671a1300c2536e7141cc3cbca06828ee862f9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD583d716e0d9a8e87681265d6050a7864c
SHA1eb679661993d212e37243fd850f0c5af6c06e31d
SHA256927b9e5e6ecef2d3c3e03ad62fa9e62da6cbf5c07848848b1cc282df1eb82a08
SHA512888eb8dd61e1d05ba1abd0b00d6fac148e521db825eef6008084835096d193785dad7f97ebdabdfcd1f6e59cce959448d605b2e02f995198a5f24d4698faae6a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d285b828023716e88cffd20b7acd7362
SHA18f969ca1adb0496325a068dd32aa97e46bdc0948
SHA256b5654ad32efaf322abd3680bbe3887239cb0db8099b22654f3e71eea036ee4b4
SHA512be78488a55539f7a3ce650bb7f81c11033de05f714705272575ee29682329df6f9da956b0d82f9a94f642cc26c665186655bd3fc0e51e0447608371a4f7131a1
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b