Analysis
-
max time kernel
132s -
max time network
145s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 01:18
Static task
static1
Behavioral task
behavioral1
Sample
a354a951ec87b96934d9d381c9a37a2f_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a354a951ec87b96934d9d381c9a37a2f_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a354a951ec87b96934d9d381c9a37a2f_JaffaCakes118.html
-
Size
47KB
-
MD5
a354a951ec87b96934d9d381c9a37a2f
-
SHA1
e6f8bbd22dc8753a7e6823b668a5dfcefd6a6f30
-
SHA256
1e2c7153997622fa5007a2044aec2fb97e2ca7010b50fb9b16665714e7ef6597
-
SHA512
7c3c599e296ff469c314b6d49446c2a297339d96a98c0f19e8f939b4d04acb5831fc71506cd347f47f4c44f1715205f326a55d1da65944d9e067b31ad919f02c
-
SSDEEP
384:IQ/nrtPDvWP3bJ3m0oaRxy2pG5+0eC5Mnc4WMF43YU5aNL6XLLJH+f:GP3b5OaRx/6+pc4PieOXHJI
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424403395" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E1488D71-2922-11EF-B98D-FE0070C7CB2B} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2208 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2208 iexplore.exe 2208 iexplore.exe 2996 IEXPLORE.EXE 2996 IEXPLORE.EXE 2996 IEXPLORE.EXE 2996 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2208 wrote to memory of 2996 2208 iexplore.exe 28 PID 2208 wrote to memory of 2996 2208 iexplore.exe 28 PID 2208 wrote to memory of 2996 2208 iexplore.exe 28 PID 2208 wrote to memory of 2996 2208 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a354a951ec87b96934d9d381c9a37a2f_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2208 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2208 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2996
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5727261f8444bed7a0f1d5bfaae81e978
SHA16d75b5c2ad289ed34339ee0c46a5e99644bee000
SHA2564771f974bcb9bca7e9f0fd9602372db6d70fefa2fce6199987ff6fc9d49d9ac3
SHA512fcb1f0549f088893d42f867774f00515b496e37892bce1c874ec81f05277586dc92c2c0a15855664665d2f4c41b5f3e2735fb8e58a220de05013cbb8aca9e159
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fee2fd641b2362d928c0628e5d8014e5
SHA10351e02d8f89277ffd7235778d367c01337f8b31
SHA2567e11ca8c44846ffcb687dd74b466e2ec65fc0ecf7f973026c228b178ccce8a3d
SHA5127241a554b161bca60f72de48bf2ff4d38e3f0668e6302f3dbf75a0aa5231d8d562f73cedba1cb4e4982e74a6578a8b3702474b98f56e21b561f3413a36ce842c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ba7c3cbc24654d5e00e3bba7ea34fdc6
SHA1fd918af9e65566e690908703f4460f4fc8ee6326
SHA256c42cdcc3beb35bc12521def527aeda8a6d0f81016edef20d38575c8b983ef96c
SHA51281a79d27f28189823ed47028f21df018061d7220d8d9bfa0cd03136464f3d87ebc92e1d2cedfa8d558398d8ec88510227604bf356677db32fde1f937e9f4acae
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5630e2c3412a3ffc302b6a621915c8c24
SHA1c76a751f724ad7a7b0fdf553c4351a1927c0e10d
SHA25660d3255dca7759ad20e8baafcb4e34b1716542629183575ae8b4a722a986ba5c
SHA512d47234243358b49ea17cdaaf5993b42a7b38450f80ccc775d402a1fe5f4b1050a3e689f5f49a92b5c3ad27d4351ffe9681f0f3362c08516c8dbcd69ee6123347
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5375d7eeb8362eb3ccb79af80ba23c7f4
SHA1d4c0f9cf82543366c7357eacdd795511dadd3f9a
SHA256464ac7fa575ffe2737f2bb34467c4bdb6db5d3309ad86a6194640a57d46f3436
SHA512f192250681056290ae77ad4ddd25e74becce1cc028142889b8789782d75ce7ed5697ee28a1ed04894703f957aa7ae7825c7cbf8b48e778d3d7be5b1d1e585388
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f6f420054e858f9f8b53d030ec18f9f2
SHA1beef69afe38c708f604484026c55a4108814f45a
SHA256be899659ec9abe7cc8991bed87689fea048aec3cca5f4d559771eff312b3b70d
SHA5123e732be58406c5ee7ab9996312ad331fe9d098fd04d51381e823c9a26ada325e4a59fe231a369cf331bdf62e26b936fe93de94d7284530ead087f6463be41985
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD572b27c025928e3e5d9ac9d8283e335ee
SHA1e11a580f3c258b8a12db6bdd0eead17cf82fbf2c
SHA25637dd75d46d66dd90efec53bbba92eb5944a7a3e69f313b3de9cea3dc4e34ef51
SHA512723bbaf2bbf005074241dcad8891ecb6b62f8c72d6e16ad0704f53739497e439acb3702f6c5d2528e4dd309f52758aa4cef5c7b03879e86f8b5c168cd5c16dd5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD511ca0b5c7c641a5d8a3eadc5e1c8a409
SHA1bf34853549adcd0015185e1ccccbfe0ebc911bde
SHA2569fcf31b3c8ff5265cd42eae69d746b5bb0f3067ab051daf12f30e9ad0ea78e8a
SHA512fc858b644fdce90c6486d3336e9eb583c5739058801aa0b066b2614c1ea1e07043c80ec94e8c396f70a571877fb07083a8eb42908f853609de87d385d06f10b1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD556f9668bde8bb3770e3fb9bae5c8c8b7
SHA118927e9081f894016eebb7eb1d82149803b21645
SHA256eb231f3fb9d413b31fdd3c521d34dbfa0a80426223ab68a09157ef12139d088e
SHA51276a04746875f966b835e360412fa3836f7c6c4ce97e564f0b050fa8c659901f60bda30e77119ea5f98c81b285b1fff1770030efcc03183cda4a8931f626ce183
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b