Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13/06/2024, 02:18
Static task
static1
Behavioral task
behavioral1
Sample
a383383c63b15cd48f7051e7877a1638_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a383383c63b15cd48f7051e7877a1638_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a383383c63b15cd48f7051e7877a1638_JaffaCakes118.html
-
Size
30KB
-
MD5
a383383c63b15cd48f7051e7877a1638
-
SHA1
01d2b4fc833b6b19a95aaf312e5680a248d7c482
-
SHA256
f502c8b6397871ddf97c91fe6b87c0ecfbbd6d98db8df3451ab702bac344b02c
-
SHA512
be4b9245748c38bfec24a29f0f50fda233947809c79eddfd269f282a91c3d482ec56cccdfe6bdc12b1b2215cc89e6fc7be5a62f8343d08eefe4ddd8251d6c5c6
-
SSDEEP
192:uW7rb5nN2nQjxn5Q/9LnQiekNnqnQOkEntr3vnQTbnxnQEAMCU0A/DSQBAXJ1+my:rQ/9UHu0U+YAXL+mPrbZRF5H5EOYCdO
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2B9E2621-292B-11EF-A13C-DEB4B2C1951C} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424406954" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2848 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2848 iexplore.exe 2848 iexplore.exe 2988 IEXPLORE.EXE 2988 IEXPLORE.EXE 2988 IEXPLORE.EXE 2988 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2848 wrote to memory of 2988 2848 iexplore.exe 28 PID 2848 wrote to memory of 2988 2848 iexplore.exe 28 PID 2848 wrote to memory of 2988 2848 iexplore.exe 28 PID 2848 wrote to memory of 2988 2848 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a383383c63b15cd48f7051e7877a1638_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2848 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2848 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2988
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d41bd2f2272f86a220ab2a7c5d7d67d4
SHA180aa2b88eec76e5c2d481ea0537f2c95ed959b4a
SHA2564774aa5ab737f1c1838dc2d6cbcdeb5ca8bb8df1868dcbe3c78eceab01f8ddf9
SHA5129c0085ffa742764c67e559e23ad45f19fdc0f17c9df0bd4f840cc8c0ba4395b7a720cc96e3416b365bcd641dc40278fa5491904c04bcd707f133e86503db53be
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD577088879137f9f34f551328768a75fa7
SHA1d81f0b2b9bffe012921284c07ffa7d35962c5ae2
SHA2560b554ec90a64308f9475bdde82fc5a945004c7d7510fe6731fa4f25bf1841341
SHA512440a380e4b7dcbd198be3fef6c6ce9ad7112c93449a5e64bff846fb5a9652f1409f32213d37bffd2492c06751675e4e982ae9f1ab42ef7c1cd01ba117484a311
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b307c9210c50a96087750ab38a0fb9d5
SHA13f5637249d1489bf813dfc8c56878d1151804493
SHA256ae89bf4c2e29ad4a765f20e086130f79d86656885bb9fd95433260b695b68df6
SHA5124823854cb0e06c5d31384d70e957c0c11389a3d5a885e80b0cbfd569542fb1cbfae1d9e4e622c05a7cbeca9e857455552719b39efa86c9f653b1e5e0abab9291
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50526cef819c0ab550ee852d4bc984d6b
SHA1ef9dcccffeecd49d962589b220cdf0f63f895979
SHA25623a62474325c4d060ccc48fc79f7c55ca1a06ed25f44429aecc3759bc7f90f51
SHA51238aae2d49afc17865f26bc029e795f7d56eb0f6ac4e1567fab0211aa62345a3e4caa472b743b1af5636d7ceed49b6bfc1f15134e1d5bf715cdc32e73a21255a3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD515daa92cb03a21801f5b00ea12d62a17
SHA1dc60f07820def0d2f5db40acecac2f9a81f65cf8
SHA256d7c8ef3bef6529988741fa33587c07691e0d52998cc81271d59c6e05ebebdf0c
SHA5120bf20d7141f163e3b3a89d52a51c1f336c59ac5cbe3aac9e84aa5484f53c9ff86bfafaa8784c199ebaa5507f3aadd6dc9b70a5199a0150f41191f789a20e719c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e4f8828e2d7f2626dd68716c1b9144b4
SHA1d97e48b584e803b894bfc02126262e8251ebc05c
SHA25697e29f548916508e79ba7f930051d0fa97e8d7314382c628f8380549112ce255
SHA512c9408f2f62963f930a0a3a402e0d192af9bc8e5993c100fc54663b6b910beb02636c96d9810b45fdd3ee5bbfbcad087fb9bd8cc74d6e87ad291ef024f2f577be
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5800fd6c5bbed080f386025ee9ecdd255
SHA1139a48695af789123fdb2be6be464e316013306b
SHA25680399e5cbdfc210d686914b90daf90912bd6645e9a296ee8cdff99521f9dba40
SHA512d22ed9a6735b5dcc878f70e1ebe80655741bfd00030e74bb38b1a8dcc325aae872ca86837e2374001db1a2b3c58e3ddc6a4168beb254bac7c7a27d52358385b1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD579989083f5f79a96278c93a233135769
SHA1029830d2f2dcf878f33f99297126bc8553559e10
SHA25640e20de0afecd731b14d9c17399f6be240e9f6343f03ab6d12fe80df342aa141
SHA5120ca9f3f354ca382e32b61b0e644d03453671c3053de63a695660f126785816e037eeb5cb9637979bc66c293a3d7edf789209529dcc161cacc4f9bcbf57c97d19
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD510aa923d4a570b791d4456093c9ec324
SHA17191f5560ce6c4472431fe7f5ebaf8f853ad1904
SHA256af06a6cc274220a6c374e1ae6ab6161a1b3f12620ac72ddea126d5dd87e8405f
SHA512a28c5cb578c36777d2ee151af81c6e05d1a9ea5cb04db5af7f981722ad0250123673bf7a0793ff34adb2f2d9675f906b53b0af5fa459cecf53710f16a4cf5223
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b