Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 18:43
Static task
static1
Behavioral task
behavioral1
Sample
a1cd1a6e70b93e635d1b00bf21eaff2d_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a1cd1a6e70b93e635d1b00bf21eaff2d_JaffaCakes118.html
Resource
win10v2004-20240226-en
General
-
Target
a1cd1a6e70b93e635d1b00bf21eaff2d_JaffaCakes118.html
-
Size
35KB
-
MD5
a1cd1a6e70b93e635d1b00bf21eaff2d
-
SHA1
fc861c8c1cc934beb37068903d81b445fa0f7c98
-
SHA256
a981c9366d9911fd02b839af640c3799a21c302a11c32325a447a83e0b58129f
-
SHA512
a0f82e21e6297a4e676622507cd603de4dc9267423d922a27494e58ae3d109b68ed9d619b6155c79108d326ee2cba8eee6200cb5190e7a55ade4a1e0ce4b1e11
-
SSDEEP
192:uw/fb5nhsxnQjxn5Q/InQiejNnynQOkEnt4unQTbnxnQOgCcwqY3cwqY/cwqYQ3x:oyQ/L+bl53JJYpfgO+b1R
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A2A3F371-28EB-11EF-86AF-C63262D56B5F} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424379665" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2372 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2372 iexplore.exe 2372 iexplore.exe 1896 IEXPLORE.EXE 1896 IEXPLORE.EXE 1896 IEXPLORE.EXE 1896 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2372 wrote to memory of 1896 2372 iexplore.exe 28 PID 2372 wrote to memory of 1896 2372 iexplore.exe 28 PID 2372 wrote to memory of 1896 2372 iexplore.exe 28 PID 2372 wrote to memory of 1896 2372 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1cd1a6e70b93e635d1b00bf21eaff2d_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2372 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2372 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1896
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55bc10a1bc32269863bb6128c34919f1b
SHA161176b8028a2d6e3741b01ebe134097113d12a9a
SHA256419e242af13156f40a3a5f063418842f63e6c490ed452fc9431a48ca0fb121d6
SHA51233554c5841080e2d86586cb6cb3845150bbfabd97b40c28fa93a59e2def88dd911d83a1f1dc286891d33ae87df9972ba6eab28307b2c078ba47fc57dce035ba0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52365767895e4cd1d3545c7b1c10b8fa4
SHA126ed9a4577416226ba0349a1b0a97376f7ebe32d
SHA256686417c627ca28a8847dedfa59faf1ce1c61605c49bf2476ca22392fa27cc200
SHA512d53fe39c1388ad68900c89ba531147fe462bc1796e7d2a2069c150e98cd50e819c6f8353b93615c6d0d0152dd05dd11f3014d64f9061579ff7e875d11f92bd17
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52589be58a7f4da07b2e75c13632da865
SHA1ce81255f90d27223b3d49797dca54fdb40f9d0f8
SHA256bf3352ca8968d817ae7b4ec03776433e42c6bf87f699dcf04d0436d227c093cb
SHA51212f0e7f96da1ed89d700a47239f74da488fb8153cdf8fb48010d33247bd8d5aab494f8cce4347e542a2a6c35427a4b30af27f08444d11d8eb02d4a52affa800c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cfe9b1dd5f5fbee8745ef9fb7b38935f
SHA15dc4e18dcfd0bf78e50710e9a44d100ab8803fc8
SHA256fce6c1d073791d81706137bc16589ea1b5ebdb53626568154d1054bcaaae6f8c
SHA51251629fe17f68c5bcce5354f26b7cc66487a6228d7222bad469dd6626e9f10ddf6ddaf8879b3c1b159cd4ce202647bf224d7a446a713b800ef7b2c5f591a396dc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a14e0dc0b676b2bdbb0f3098ff26e1bc
SHA1c6dc8a9e85a9e88de72de6c9e0fcece4befc2b94
SHA2566dceac90f4e66650a011db27609538bdd60304786777e5ab22949304ad22558e
SHA5122b86109ff9808117b07bb4e1a84d8772be7100f54d4a4ffcff2cf84ba4f6e65841aadbd0c8ebb36e8115358c1b5b8e8bc5afa47c3dbdecf75b7f35cd68a70243
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57cbffa8f52c3b8a534733a56efd11db1
SHA12faaa2d0914dca9b032cbe016eae3d3f95eed1ce
SHA25619510ce4e550076c11e29f6b2f41733f7ecc68545d5c39efaa5749b0a20c6df7
SHA512e7ac4a079fc7f835d925798f93e25c2c16e733f58b21448c850eb7bdb886e87ed11df510f7c3df7070192cb2c16ef00c4c3350f256311830b349d38561a52080
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5afbd772088b77e38f846e1403d546573
SHA1b2a531bac62950b16ddb54f552d5fb83566cad06
SHA2560811463f82f300c2dbb3701a3a452d945b0175fcd4a808b99574422c7c1be55f
SHA5128966c203e6c591c1c6db90daf88f2114a99f01310c2b542d2fcbb52f6b82799859fb87a9f29f09d4a259a283f559b01e0c1a1b8d6edf255032655bba3c75a46d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c0fd693ec444c9ca236afd525c921466
SHA1879e0422e6a7a12bb08d95cfb3ea85f2ca6f28af
SHA256ae569ccbf551a8f1b9a359c62af45ce5b1c86d636fabcb63188d316dc9926793
SHA512427dbcb805a0a8f08544a4d41917ba4c30b8700609279a8a2d95c096969d6701748b561e4fc73c30f9a71659e5ba3925c099a959e1ff56786bc477ddce671f80
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5648f8a0d939cd6ef2c4316370c591385
SHA14b69670e8838a4b7a77e8e5b05dccf032d1b4ed8
SHA256c4cb18b49d012710bee452af4162aba7b03151a78e483da453ca2cc54a71ec38
SHA5121ce90393270063fe80cd4bbb5c2c3425da3ffdd778b13028387f17802dd22e4ef7e62b91b49486b9e9115b7ad84b6793743b9039fa223235054a4491fbd41fdd
-
Filesize
67KB
MD52d3dcf90f6c99f47e7593ea250c9e749
SHA151be82be4a272669983313565b4940d4b1385237
SHA2568714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4
SHA5129c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5
-
Filesize
160KB
MD57186ad693b8ad9444401bd9bcd2217c2
SHA15c28ca10a650f6026b0df4737078fa4197f3bac1
SHA2569a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed
SHA512135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b