Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13/06/2024, 03:37
Static task
static1
Behavioral task
behavioral1
Sample
a3b31089c66421c54bc9a439b5869ea1_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a3b31089c66421c54bc9a439b5869ea1_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a3b31089c66421c54bc9a439b5869ea1_JaffaCakes118.html
-
Size
19KB
-
MD5
a3b31089c66421c54bc9a439b5869ea1
-
SHA1
e545e44d48c592ffb4c0a9eaa9cc497f8ec5a82c
-
SHA256
ef99b103337aaf79bad887352e085f86e15196e5d8cde6eb0eeda46c29c73565
-
SHA512
675370400b6cb4a16b31642065a9f1fc2a524aed78522a8135923b92f08ffcff81f60a3083996933e2698387b0e8a1f6e84136e70bd90cc85791164244229170
-
SSDEEP
192:SIM3t0I5fo9cKivXQWxZxdkVSoAIy4QzUnjBhEO82qDB8:SIMd0I5nvHDsvE9xDB8
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{543A1C51-2936-11EF-BE23-DE271FC37611} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424411749" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2752 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2752 iexplore.exe 2752 iexplore.exe 2324 IEXPLORE.EXE 2324 IEXPLORE.EXE 2324 IEXPLORE.EXE 2324 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2752 wrote to memory of 2324 2752 iexplore.exe 28 PID 2752 wrote to memory of 2324 2752 iexplore.exe 28 PID 2752 wrote to memory of 2324 2752 iexplore.exe 28 PID 2752 wrote to memory of 2324 2752 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3b31089c66421c54bc9a439b5869ea1_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2752 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2752 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2324
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e79414c1e0d7c4a1978f0b7bbb309d5a
SHA19ed8553dfad1433afa09d16a83a67f2c5f7b806e
SHA256829ab1d4761b1d75cbc229f5d8dbedf49936883cb7691045736e3c580a26bbbb
SHA512b163d0ca3983e7c9703d0b46275be245c18fd723e98b56ea939b248369b632edf72aba615644a3b4e7fb535f7c7983d3d2a14cd83aae86e159cbf77ff712427c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5076d2f042f3b9036b6b3ec6056b9dc43
SHA136dfadd7db50354d46cc1dc8e88248bda41addd0
SHA25633a4d4335419a62dac1a885c4a10d7836bd1fcd4b5831ab00307a58ee1849bba
SHA512a3e7c7e21c43f30fd57fe2cdc669d4a6913b8c14390c60d99de822d2e543d769a21d50ec53ddcd48584ce495b5438e9deaa6e22c7fc33482b048dc2e3a1aa253
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54790b5b4e3b5712749e320f846740545
SHA1a98d6aa77919b898e7612307c41f967fef5e2961
SHA256f7025a63dba0db192b4fa18af90e1f191d423bed6c541c4f1fcff8c1b0ef3c87
SHA512e079c4f07cb4e9cba514b10b3b96d188082c8fe0af1b05b98f464b9b5bdb3b155916129c083c8e1931df38fb6e89c86e444c0c12d07d90fa1f54948cdb4275c5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD582efb742e7ee7f6d20999e898ef295f0
SHA133116862eba68dde99ddbf9f51609ffadd9bc2cf
SHA256c139a8b3b83a515ed68c813e8d15da38b103ee516e2232fefb15e73280c37ad9
SHA512dfbad1f8fc95b836deafbcbc3cc45c892584a38102246554fb49fdb58dbc540646c68d8b6f0304a4b4536eb068d245b6aaee035b1ce69ab388ce02eef006899e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55d350ac64aac25f9acca1c52d97d4cc2
SHA1ab82ac1233847dcd3f5632e034255f15cb2142b3
SHA256ab9b708effe62852c42fabcc71ff73f854986dc65c87fb07c2b0fc922fc520a9
SHA51216f05c381da6fc7e8498cd84381ccf12de4aef14de5c23ca56b1bb8e510e9ef604138021b96429d72c5831529b7945b7b711c4b58c454d3f654a7ae85a72d378
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5714985582f36f02ed87afef726605b03
SHA10e4b092b8969a0f855b0cffb744c09543712fc79
SHA256209eb3661a8345398fdb62fd16593e83a0d5e3b889100a714ca93d1e93231394
SHA512f5113402d2c78428331dfa7c928d3207659b141b87174965ed219906096f62f957aa5736fcb6c08cd45172ae221575adf49314765737789b92615ef7c1cf2bb4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57e0cb1eedd543047d656c867782c1904
SHA177b5d3c472ac6ba30658fee38068980bd0ac608a
SHA2562ce86ed47862c3322fd351ac42c3398ac9628bbac163dd26eea08d8f4e0f88dd
SHA512bd19b5bae4db7508d07380f1fea03c86dfd874f0b53183ae3194cbbabf29d89ed88c4427e66a683ee6d903b26b049ac4ac319882424ea5b17bc383b580c6c973
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53663fd21cf82a8386b352cba75e30001
SHA10e52c8263e14f3c27932f13eb3b3a7cca8688650
SHA256abfa3e810d98d175e7eb2bc5b2ff3d542dea85034516707e918fbd83bc9cb0e7
SHA512a122a4db3077bdbefddcd02d23a6b2eb9942cbe7ef069b315bea052cae7ded4b60e743c61435d4b732ac09ac8650dc1ac6a9099e638609909fb58425efad3c98
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a1b9902a6d35d9c659590d5d7b3b95fb
SHA15b8603ad8ba4604bf0cd8b1a33e84b3c7e884ef7
SHA256b9c3c80892d9018fa1905b3616ee15ca52ec10203992ada9a7b465211c499746
SHA512c2a6801405f30be8f00d7ee2d15bb4b809e8342dca36a925ce4e57b28c333214d88a83b884926e5a603e615ae501bddc8364337e7c60e1e78e0e057c68740288
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b