Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
13/06/2024, 00:20
Static task
static1
Behavioral task
behavioral1
Sample
a31d469acea47cf903e7819eb32b1792_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
a31d469acea47cf903e7819eb32b1792_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a31d469acea47cf903e7819eb32b1792_JaffaCakes118.html
-
Size
27KB
-
MD5
a31d469acea47cf903e7819eb32b1792
-
SHA1
6be48a27110643bb9adfa803c28811f44a2e3e38
-
SHA256
d402e5e72b8e32c706f0de4b520f862e2d67fd7505e831665981cc6a74bc8951
-
SHA512
516841677a505e9dccbe142a2764d9bb37d66c63ba215e2459e736eb80bb3ea6b162d85543650309978a4b572a6b923abffba88ca17dd68b5a1e9629f48e2c05
-
SSDEEP
192:uw/Ib5nlOnQjxn5Q/cnQie/NnSnQOkEntMKnQTbnJnQ9eL3m6sflPQl7MBfqnYnD:0Q/gyp8lOSB7
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B3209C11-291A-11EF-9FEE-EA42E82B8F01} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424399880" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2908 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2908 iexplore.exe 2908 iexplore.exe 3024 IEXPLORE.EXE 3024 IEXPLORE.EXE 3024 IEXPLORE.EXE 3024 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2908 wrote to memory of 3024 2908 iexplore.exe 28 PID 2908 wrote to memory of 3024 2908 iexplore.exe 28 PID 2908 wrote to memory of 3024 2908 iexplore.exe 28 PID 2908 wrote to memory of 3024 2908 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a31d469acea47cf903e7819eb32b1792_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2908 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2908 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3024
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5492dc3e86ae4ccf6d216af1f6a85dc11
SHA1e9fb2a06e7439266f530925b97d914a79330f291
SHA2567c42cda15d2df51aca4e83a88916523925a1e5fb0af053524b09463d1f820bba
SHA51296107d9ca05c1738bbe449558e150d347142cbee9a99e721df97c9b50e801e3e3941d0677e9cef92fcfe770cd0cbfa7d9092d2e9ffca0154662e5e7f522264ae
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f22155127320fd2c53093a839525363f
SHA17e0dad9f1a420bba317801a435bcde7d1ff3e863
SHA2567468e85fb682fa7017c725b3f1d41154012a7963b8418e5f16706b8165a13761
SHA51279b454b983f6f45d7f14232c5131d96d69c5e4de7d3f91ca22b09e814c2059425f40ed5e48fab6a0b239462b7e5f572e687208be6b53d49f8ab77e1c7b82b933
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5306645a43ebf45d8f8be932c6a6235f8
SHA176c8eb3a3c847c86a60d0fea5ccfd920e4f3dbf9
SHA256da3dba62183fb7eaa0b7ce553a60ee9a7b9de0acd6f502eab90914386d50e815
SHA5126e8f28167fcfdf48e15bef4003c59d76c5053fd1d209ee04c805672e77b2da65ac1f31c10d5039c74a72a7e34b20118d88212ab9a310231e014b29d65f907d8c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51586ea6c3ad7a925eb4ecde8eec4dfc6
SHA1ee4f12ae4df764b716f58138496e78d9f6ba3cc9
SHA256ee73934c8dc0a07d19c6daef28f50c40311bebec7f7ecc97e7223d071f45f682
SHA51293d551068d5190ee6050b57c3be9c03b87e3b64aa4d883011fd5126e1634271bfce21388cdaa3db3262a0872426b5074910b6f93c6ea1b3935ef3fdc0da353f5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ea70ce50529cb5c481c597a36ed70e35
SHA1dd3be80ef5e5bb4a7b512787f80eed318229a825
SHA25676ea6c2815441bf55f3060440c4176926efdea92120143b94a49d75645ff9663
SHA5126256fdde6d3e0227ef911567f98db7d9c871b157660ef8a4789a7a0a7a17cc38068bb61bbd12d56879d09ea415204fc3f5c1d7ed4b0a03f9107c1bdfd859a270
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59a841bf24529e0476c3ec593b23b0573
SHA1c726a52105f9b5d0a0748845d10fc6a997845dc4
SHA2567651908041fb5b030085e745126ae593fab913a4c2dbead3351f32f1fd48c416
SHA5124adf7802fdde1620ea57da4fce858d8be3d308e78d66f1a1c4aa32bb689ee31b05fd3c26bbc5d4f66d740ce125c209262a9c203a827a63922508cce7a2c1e78e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a1afa02ab7193df51f3d36d7a8700211
SHA18b8b06c611866dc1cec025ac9126d80d0daba23c
SHA2566e1032b129fcb6c2201732ce38a4a5d4e8a1125aac5d0c9a0e923cc143cc2010
SHA51240a245005023561bfc6416f67a0e76c3d6923f52c818136bd43317b0f28b5a4c525d8d405fd04dcac70874da8447a3418039d5905b701622e1138ab8f1232a76
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57746487f9cae33506804b693b8ca0e40
SHA17262a62a9c24ffecf5c42808fd8d1ada4ee23e5e
SHA2569c2f7949ab08de031599c73a579ea49c9e3c8a5e9def11f0a1218a09721a02ca
SHA5120f8244519fe387842d33b43896df379282c70c3108986a75fefd9cdd8137ebca13cbe56ebbbeddeb0a4d65b0f5421db70c5e6b6ffbd82699281191ba27928883
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD503f8d558d8302620b1ffddbc13da4fbc
SHA10dafe9b085c7cd4c29c1a88107decb74eabd89c9
SHA2565e403332015103314635e46f99ead53126dc03dd30edb671969c6ca1803ea363
SHA512c6bdc57ba5392b56bdd132f235c689048e441af3b394a7c6842123c18bf24ccefd7eabfd09771727e03bd64113112b75e45e41857f95faa5c19c39bf651dd141
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b