Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
13/06/2024, 02:42
Static task
static1
Behavioral task
behavioral1
Sample
a391dc8ce9d2a980216613b07d79eb97_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
a391dc8ce9d2a980216613b07d79eb97_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a391dc8ce9d2a980216613b07d79eb97_JaffaCakes118.html
-
Size
28KB
-
MD5
a391dc8ce9d2a980216613b07d79eb97
-
SHA1
58bfd11244862366c77df1c1a5d760dcff9b2d53
-
SHA256
a5fc930170271efc9cd716c8fae55271e4d1bfb9f59e97e4d226f1c0d9a88b65
-
SHA512
915df74b062b8cff25ceb969854ecbf1d54d8e06023eb11b374e70d35f62b5db05d802a593b61951b08d53264cce242ed60488215e6969f14549463bc596497c
-
SSDEEP
192:uwD0b5nvkJInQjxn5Q/bnQie6Nn8nQOkEntB1nQTbnZnQ9eoCm64h4StjQl7MBa8:3Q/whqk4ScSb
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424408409" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8EDB93A1-292E-11EF-8CD1-FA3492730900} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2172 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2172 iexplore.exe 2172 iexplore.exe 2356 IEXPLORE.EXE 2356 IEXPLORE.EXE 2356 IEXPLORE.EXE 2356 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2172 wrote to memory of 2356 2172 iexplore.exe 28 PID 2172 wrote to memory of 2356 2172 iexplore.exe 28 PID 2172 wrote to memory of 2356 2172 iexplore.exe 28 PID 2172 wrote to memory of 2356 2172 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a391dc8ce9d2a980216613b07d79eb97_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2172 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2172 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2356
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5e302514ecee058016f48f7812035e0c1
SHA16b50334e450e88b93b3e196530d6b96a25eaa14b
SHA256706a0f2687861deaf793f3acb2d12269174b4294aa90f3f4f08fccd389b4533f
SHA512d67b53cedede136480b6284f05d6ea92cbd3ee888de5b6dfebee652df180d615c4bcc90e7983f09556c901946be0f393e9b429c772826ecfd83c206bbf6e2262
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD58220736a3952d8cc07d40f7e14631c29
SHA136886a99fb531aee35b7e1c642c601860a5818e5
SHA25625e89cf1db25e064766e9312f1525497edd9461d98c0d245cd5f285ac4d02b77
SHA5122f57cb451f20c21cda725663eff1ae975610bca0e98eeac68f5b9c24379b47dce955232856748c506147ccc0fbcfbe59358f217dd547a44a4998634acc1045e0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD51a1d7f7db22a9e17b412ac12d87cca60
SHA11b8e1cbbaf8e65d30b64296bd6685374c4bc0d93
SHA2569c467c4a7f4f9905ecdf76a803076aef1cdf7323e791711bb8a14e01931844c4
SHA5120b6224e7d4cb4252b75c36bf511cb17e23c92d16f6410a59703bcbc6cfe75ec943cf1308ec811ca808e407df50c20d32fbad280284bb81ce1052d90e6e546c5e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD522bda1ed9c5b52b7765260ade6cc4561
SHA144ef4ecea1abf544bc8bf87a0389a1929fce5452
SHA256e89d233b37522e10e258544531976d73210b8aa14402cc990dcfdb6f7a711407
SHA512197545d6b2cc9bdd397defca626747a37bdf585171d9a054e1db4666c4e907c51afd2c0683dd607e925f0f827924fe0aa408057663a38b6135a51cf62b8468dc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD560a9beed98a191a5e9278c89e00b6567
SHA1024a8f8957a940546e4d3357ecfe82750394ca18
SHA2560bfefd60dcb634396f9c844db491872f92d5612fd349f9a9a9e156502aebc869
SHA51244adc9f2c8de48b3c979f2991abd233c2fea1dee794ad305baf2d53dcb2ac90eca4b85c42ea0650ad1ea9b61e672dc30979a3af8d40bbfd2729c4e77271b3115
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD597fa70ce71147c93e0bd0f1b4063bba2
SHA16014342e51180a4286f0729533fcf4053b06249b
SHA2565200a83af8c143bd76191ae901ad81735b1bfa86333efd811377aef5c400daf8
SHA5123760ef3a6bbc4660078aaa29da7f575710353d3af47eda2223a8b6de451b8f559190266a7f7a2b43299b8c1d2991db0326d1ca3af5964aff594393ad8c8b9dff
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD54454adf70d50eb109c06b1b7034303ee
SHA1ff9f574b6c3fad7ca6a3f4a029c3afdd6325e334
SHA2569153ba6855153e3deff019ace6604938e550ecb7c56da634d9cbd54534dd5dc9
SHA512cf3a0936186b3a4c2b2c668d05df06bddcd95f0125f934b3dd115252acf3a7bb51ced509bce1f84cd1353d883e1d2dfd42aa82dddfeb62b24d5ee341fe85b3a8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD574b733db6c1322f9b27305ac18636ba6
SHA1230dc3d02a4f0aefb20c6a360b430c9bf3142413
SHA25625324744de13806362b17e48ebf83177a5d5c742c583b8c8e04b96679c3e52b7
SHA51293316a522a5a2dd6629715b712fa1832b81f574de866cbb16bf60a8cebc99b9f6cedea594aee479e91f6b3ff030e5aed789a29a9080c9a97a036d432d1c4a6ff
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b