Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 21:31
Static task
static1
Behavioral task
behavioral1
Sample
a6a84b567523214ca60f2310bc195652_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
a6a84b567523214ca60f2310bc195652_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a6a84b567523214ca60f2310bc195652_JaffaCakes118.html
-
Size
21KB
-
MD5
a6a84b567523214ca60f2310bc195652
-
SHA1
13d7169fe8d7188ec9f631fc7d929765c4e5d3dc
-
SHA256
c7c6fd902d98091f25a0c99077d5e5c5e19642c358c3ba0e1749765aa56b7661
-
SHA512
a324e89166c2b680bf3c47d51946653f04479ba3aaf82cc5b7cf47d57bc4f326b46ef1abf1dcef38f845a63ed32ba9d50ddaa5a0033fc6c4605f14ed4f7dc1e7
-
SSDEEP
192:SIM3t0I5fo9cOQivXQWxZxdkVSoAIV4BzUnjBhvB82qDB8:SIMd0I5nO9HZsvvKxDB8
Malware Config
Signatures
-
Processes:
IEXPLORE.EXEiexplore.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4FF3DDC1-29CC-11EF-AA09-E6B549E8BD88} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424476164" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
iexplore.exepid process 2392 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
iexplore.exeIEXPLORE.EXEpid process 2392 iexplore.exe 2392 iexplore.exe 3012 IEXPLORE.EXE 3012 IEXPLORE.EXE 3012 IEXPLORE.EXE 3012 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
iexplore.exedescription pid process target process PID 2392 wrote to memory of 3012 2392 iexplore.exe IEXPLORE.EXE PID 2392 wrote to memory of 3012 2392 iexplore.exe IEXPLORE.EXE PID 2392 wrote to memory of 3012 2392 iexplore.exe IEXPLORE.EXE PID 2392 wrote to memory of 3012 2392 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a6a84b567523214ca60f2310bc195652_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2392 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2392 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3012
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD5fcad6c78c4f27cfbd6b45178ce99380d
SHA1fcd7260af3c733381e0a6a1d43d7cb79f95ab062
SHA25632f6a4f3b58d1b83e8c2adc56cc66144cf0070ae0a8ee669e2cbac067299aa38
SHA512f2424958ec81428ff8e3eeeceb0e3d497a8801b72a56859c145c1359d41adb29639b575f82592d6ee0e65c18118e58e225202816c2f6c5129691bd7c847bcb8c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56127d1a1de6bba57f981d3afdf6bc95b
SHA16b32843b27ab1f2c0f836295c03df87ea18d9e0d
SHA256fd305fb3461645d489b31041ec956c54734ee1be6e7f0b2de412548b05cc773f
SHA5125da922e85ece869117c7e922d42b37a858bca12afcf5af30716075391e1c5eaf0dcf5494fc6dfbfc1f743a2528985003033a0bfcd480ea16bdcd9714e68f23bb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD531e74e423df80ac0838de6403e6e2bcf
SHA163478cc931f0c048d2cdbefeace496c544b5a184
SHA2567c3a9a2e19a716ea7d428a56a8fe47bd5195f5d5ccb46f28008eeeb9b6f73b7c
SHA512c1a8522e1ee36b59d497928c3be3ad6a24233d476a7f562967af1c2f0f8950da7d4d492d5b1f62398a7d57bf7dbec90e75bb5a5c6c6f247cbf92481d47897986
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59d4988565b202e195776a00c3f0db727
SHA144193f28fe80f3f56565cfdc47ddca1f8414cc31
SHA25646a9bfc79e405ccc514a465a854952818921d3613879c59e957bfb83e9c69cfb
SHA5122724928d0d2062b48e1f075506ec79d5359931a8e59f195fe88b0a5d2bf0c5223cc75afed9bc16bfbca7253448e649ac5784126a212d797c2bdeaa17a1120960
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD527e95119dd7ebecbc299fe9f1fdb8921
SHA1ca42a70d26d510e071bb480b42ef404802e8af64
SHA256dabd930df692f66e19b5f7b7cb0829cbdbb92a387add6c1f34dca7d8933a0b7a
SHA5122068d5a613dc7c36849aae210e0ad5bc6a0f3cc1529b9fa87bd7384b62959c1f1f2d0e5339e18ba77e9566b21943c5119338cfa97d50e4756b7b2456cf8f6f27
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b72637aa42db63399c553749a896578e
SHA1dee70e7d74201a295f1dd7471d70e6a9b9828aca
SHA2566346e394eee906129a25140e556d9ebcc93389570a2ff747b66aeb5a4da27f4d
SHA512095ac9a36c18f68ff3749dcffe1d54838f5f5388200b46d1c033b3e96641dee29c9e612ef38211cc19c8069bc1545a447b476dfcd65415de61a000ec86f46ed4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56778dd3c95420fd792f546fc9e5ebde0
SHA130024d8a99beecf5f1b403c68f798814c00c354f
SHA25649529330adc71db003c9832623d142c65e3a4171b9e6b8d59b54af49bdd7562f
SHA512b2383487df48b981c69be372acea9420c6dae305838d5b0083e24bf0c5365efeccd788c17e28eb768ea5087af6ac85dfb2efa8438a839dadca18e1810c385091
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50f5de0da6b79acf96fd6caa11853d20d
SHA1e9e5cf6181f809962d9d297ab7bac9b291ca8ac1
SHA2562153996ed7cd3838daa90c69eb78d02b96d147248644636256a7379cfd0baf26
SHA5124555888cac595efc1ea28ba172091f49743afb8335583dde2c6fdb97b6c8a655516a9492dceb2407aea978ed44d272754058660cb9e6575e7888ddff87039337
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5725dc3082256b8b13c8aab285d61f10b
SHA1890fda4a64851bb306cdcba03265bee270df7e80
SHA25657d820739903954aa7d87c40b6c836a13a3ef6ed8ee0f0e2189f61bc8fcefb48
SHA512442933b8b246f0d5b86f1a7e57711ca38e2adae01e63af9d9e4ca617500daf8da4a3138741b4e4bf6fa7c965b19d9c181fa1d46f62a4243cdfcdeeb5d3f97866
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5888d5a8cb8a64f9a958a766bd564b8d9
SHA1a7077392bff3f332fd2bc0142f8aa5583c746cd7
SHA256cf13c767c056cbbc42a4616740664667357342d7330f00846f586bf39aa3d663
SHA512a3b6855be589332c011fa3e6d1fa7aa0ca22a6b55bb28e977ac957a4472e3c7269b1c5ea5d2967a4a68ea10f1a05c66beb7256cd0b2603c69448dae58d7551bf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD55ace04097218cc7d4bef89b8bcbaaee9
SHA166e7909d5d260dcbed861ee01095bbecdb1497f9
SHA256c32b107b008a4e3f55a51e7b2b4be015ce40317793632d0a707cbb198d4a80f0
SHA5120d4b9b0e60fcf745d35268905b8fc7cceda17ad589c88b82ba5e8c5dab8fb2c80e5c23c4afb19ba996f60af8f508e7f18af8ceeea5aea99d1e8d67d8ff25677d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b