Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 21:33
Static task
static1
Behavioral task
behavioral1
Sample
a6ab7d55b660e9e1b68afc83ffcfeed5_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a6ab7d55b660e9e1b68afc83ffcfeed5_JaffaCakes118.html
Resource
win10v2004-20240226-en
General
-
Target
a6ab7d55b660e9e1b68afc83ffcfeed5_JaffaCakes118.html
-
Size
23KB
-
MD5
a6ab7d55b660e9e1b68afc83ffcfeed5
-
SHA1
b9d132c1a5ab457e806d96908a782a6ec8c5840d
-
SHA256
1959f0264c3f4d5075e29fe92ce49bae81774163cba4959303518bcbd78ee202
-
SHA512
96e77f6356176db865e3199fecefe029e932c6275c3823ad83a0e8c1e2494298cefc160f9ff1efb87161a0f42ed8c8920e07688a00dfc71a4ac07983fd02484c
-
SSDEEP
192:uWvob5nW6mnQjxn5Q/cnQievNnunQOkEnt8anQTbnZnQVCnQtPwMBPqnYnQ7tnEc:tuQ/Ohc
Malware Config
Signatures
-
Processes:
iexplore.exeIEXPLORE.EXEdescription ioc process Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424476299" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A0729611-29CC-11EF-AAA1-627D7EE66EFE} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
iexplore.exepid process 2368 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
iexplore.exeIEXPLORE.EXEpid process 2368 iexplore.exe 2368 iexplore.exe 2340 IEXPLORE.EXE 2340 IEXPLORE.EXE 2340 IEXPLORE.EXE 2340 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
iexplore.exedescription pid process target process PID 2368 wrote to memory of 2340 2368 iexplore.exe IEXPLORE.EXE PID 2368 wrote to memory of 2340 2368 iexplore.exe IEXPLORE.EXE PID 2368 wrote to memory of 2340 2368 iexplore.exe IEXPLORE.EXE PID 2368 wrote to memory of 2340 2368 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a6ab7d55b660e9e1b68afc83ffcfeed5_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2368 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2368 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2340
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5107aeeae7a3be83a95c059eca66699aa
SHA137da495550cd60cb4cd238451fdd2976499a2999
SHA2567fc36b4981d06b62b269f33571c9dbdbc1b8bb8db379d5327da815d66dffe730
SHA5122848d7473c1573bd777b03195935eeb3a56d02ec3c0dcf341912e8fb12a8b952bc024e8b1812e11eb69be37ca938cb12fd769eeb92c23c31d16ede7a7a2b859b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56e781ca2dfc33e4629cfc662e2e22f8f
SHA16b0bf21b3b2be2c3f409790754dbe3719eba995c
SHA2560eb81240e60dc09f38bde07c690bff0fb74516fa90dc951c908562a8017199b1
SHA5120ceb5347943a6692fcd93089e72c9d6c8df07bd8f9827227c0615d11678dd36c16c86dabf1c988e3a734dd38a8a1c50e41959d3f001633e7556cf6e307c20c28
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58e960d7befae78ab177cc9b5499033d5
SHA18fc66dc6c5b008aa22bb0ac7ccdda64bcddd1bed
SHA2569a1f7e2046e98e7c3974900b9d986e4f6047c3f28d9a80fdc85bda1f40055c13
SHA5128412e0a297cbab19e03637609a4d50108b45807b4970019133cc071907eed8900484ccd71e0890e71dc1e360f3bb17166738cd38fc38326ba554790312febfd4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD509246fc211fbd77dd8be742463da392c
SHA1d43930f7fb5ffec9aa6137c1a6aaae84ddd4e8ba
SHA25652459d2feda738a363c55023afc4bdaff9705bf30f39fa3588e5285ab81fc930
SHA512750e9aa0f2949e2ec31433b158476d6dee36377133bf05cbd9ced5537d52c7b2e267f6c8065edcaec5f75ce18f31f8269db6a2b3b6784466c3e54f384c70827d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD581386c5219ce4423a50ec1f86e4dd81a
SHA146d14cd13e5cce13055b0d9655394703dc200e98
SHA25657448e158c5913c847dd9ba4153e899d77536534fbef7c1fd39d486ef856ca02
SHA512b31fe4e89a3b99ab545a0719f7a2df7616b3c917d3368fbf5fd0a3c2707cb327b9d2e03cd8e3bea2bf700c2b9f8ba1619222258a61974d6a9c6950dfa3dd30fa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59af9c7caa1a757a378ed2209a335954e
SHA1a506462d15cadae9f64b32a4fb6075c720db4a96
SHA25630fbb78bc888073bb6e43320943415f1ab128f7b35dd20cd2b10a6f535fb1024
SHA5126d4caf22d8fba8502c1c3918a0c4e97bc133f6ec52516979c2e4c877f53358a630714ae4eb587ab99c3a6a26bbf8826c0107c58e58d9776a7543d4508b166fd7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59016d8b431c926850370d33383561d4d
SHA1aba5b80a728e83e7f5e09aa71fea9252767ac5e4
SHA256691e79b3f39c82e041ac87b6ec92d6b4f867d0bb5622afd190a8d7636e7a9bdd
SHA512b13279c4bcf6800200fe83c1c19c9764f4390bc56a01e774bad719700ffdd4aaa45452594a0fe99595f8f2750fe8494f0d9bef5955223c096d79ae21ff9aab89
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ceeac40d9b4cac428f89788daac6be05
SHA1b9fe09a7f021f2ef56dac8dd489abe489041fe28
SHA256e2811bd16f53ba84238d94c316e7bd561cfee613060e4b8766b229830c30d24e
SHA5126c50925fedffa1252ffd5a8b76d3b4860057975bc70cf22e026358e8df3621b6539034809f98940216aa3ef0216e47a064a9f7e08e87a7e124a1653837ff6ac3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD514aefbdf88bf06447073155b0a42f22c
SHA13c3b9ee98cac299b69146ca759bf9ee7c5d6ec0c
SHA25617a0372abd65aee09cc9989fe10f7d04548f4ce9a424829fcd8888843f03fa48
SHA512f1475a4732707ed06f3f7a541b5b1a4d8d84e28cb64441666a24918497cc87d8e3a2ae9653d33d27a0c966bb2d8fd87af92d6dd175a1ceb3d3b5ddb7ccf81184
-
Filesize
67KB
MD52d3dcf90f6c99f47e7593ea250c9e749
SHA151be82be4a272669983313565b4940d4b1385237
SHA2568714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4
SHA5129c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5
-
Filesize
160KB
MD57186ad693b8ad9444401bd9bcd2217c2
SHA15c28ca10a650f6026b0df4737078fa4197f3bac1
SHA2569a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed
SHA512135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b