Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
13/06/2024, 02:58
Static task
static1
Behavioral task
behavioral1
Sample
a39b23aa80742cc69220633a349140fa_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a39b23aa80742cc69220633a349140fa_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a39b23aa80742cc69220633a349140fa_JaffaCakes118.html
-
Size
22KB
-
MD5
a39b23aa80742cc69220633a349140fa
-
SHA1
e80810c6bf1aa5c625d29e4e4c0418f3e03fe81f
-
SHA256
16e2718fdf1c4426590b2a69057e32e92da412caed8cacf9c1c0bde640cba81f
-
SHA512
160911ffeb1fcd57b5801a99e7aa3c132542d1784725edc4735053c48377df8aeab59e6a1c70ccc1c65a92de852e1853e64ecf4c457d5daf554ab6d6bdbff4e2
-
SSDEEP
384:8dhAWGFBMfBMFBMJBMYBMtBMBHyQkJJOUcbteG2zdctb:vfCfCFCJCYCtCBiYteGjd
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C809EF31-2930-11EF-8FBA-CEEE273A2359} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424409364" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1876 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1876 iexplore.exe 1876 iexplore.exe 2160 IEXPLORE.EXE 2160 IEXPLORE.EXE 2160 IEXPLORE.EXE 2160 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1876 wrote to memory of 2160 1876 iexplore.exe 28 PID 1876 wrote to memory of 2160 1876 iexplore.exe 28 PID 1876 wrote to memory of 2160 1876 iexplore.exe 28 PID 1876 wrote to memory of 2160 1876 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a39b23aa80742cc69220633a349140fa_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1876 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1876 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2160
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55b4b877790702a46bb4d0af6fa56e897
SHA15b21204dfc05e8898edd25c0d6ed9338d82b06fe
SHA256deb7475c4658130b772f7642f1e59b71955e52d3e263924ce5872d06698e4682
SHA51212310f1d44b343976a374259bb2d18979e15f83fbd9216052e5440e8ffd8f48cd3ed951083d649451537ed12f3ba1096be57e6b02062da8e10710c838a567cac
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52d798e099f6ddcb9a7f611938a18f820
SHA11a7aaa837706429db9c6df2fe4dfd2070f93306c
SHA2561f2547850fdc318cc8dd88b1a66df8f76d0c8dd11954a1fdd0a223f8dc14dce4
SHA51263b3827d1267a9ceeb50fde5575bd7005f8bc81bf15ecf3e30ae152a2655bacf64c87656dcef8d8175e79581adfe751431c195965358101e0174b5e923339247
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a66db45b068183a65a2f510bb9255334
SHA187a28c96777c7de7c8d0ab7ff8313fb0f46bb6e5
SHA256f58c9491059f0f443a5c2539e5b94b89452698a02747cf5bdbead18446f7746d
SHA512f265455e308b31201e39118335b4d21c73e12e1351397d8dd0ac6e81a7e4e73c5e40cd7daceb52fb27e5508ea9a5f0196a284860a88c9e1b164540a635de8e3e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ceb88aa9ef34fd0ec3d02165fdc58cdb
SHA11d805b398248e4afa2c3b2a3b716aa8a1505268d
SHA256667aa004d288ac0a2bd7091e275ce2e4a3f4a57da0917b42fb349f1aaf82a4bc
SHA51236c2842e6f78e6cbfd710eef82403a4a41522d8e17219dd65f4ce9548702e9474112e74d685aa94e61d7c0afc51efe810c360e0dfe6d0caa7643858804ab20cf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c367493b87b2e220af4e662d29750902
SHA1bfab684c7ba82e7e2079ba4d54f347431c23d56e
SHA2562bfa954f2808f870aa1e644a63cdd4e8640825d09980092600620d54f505c4dd
SHA5123662e065251411bd4f1c56132a127d2e6f7b4713c7bf970530e9d2ba1c08635111a2ee8a7ce30bf0fd7841342c437b2e7af0176010fffdf1659f2ceeedf87a4e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5496cc29ef80719dad75af83b811b07c0
SHA1278e8b7508e60ed83c4f17e7ca5bcb14fae42a9c
SHA2568b2a8b99e809758d6943afae68c36f90e8399f997b6c61774ced66d9d2cf14c5
SHA5124b14bbf06dbd2d2cb9f6b6c7cb029fe6ed9eeae21e1cc63daa5e446bba9a075dc668f5d997537dfaf535ccc5fbc90074801d6176a807d55a0ecccd5aabadb335
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ef437a691589fc57053c1d882b652df9
SHA131ae532d2780d443675992ae21e1672e3b2757f8
SHA2562d1f1353577499b4808530c145a376ab66a21f5201f64dca026cdf1bd2f478c6
SHA512e5ad2ae80636c0ac05c9ed648536fca773ccd3a6b68f65e2ae9c2dd93e2cf6bb7391ef68e343b128f7c4e0c26b3913755cb641073ea5e0dbb4a74cd37ec96a9f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD545b5b3bd8f8499e1344291aafc1de992
SHA1bfac2dba126c2bf0228af296bb2fa6818ec9828d
SHA2565467115effe5fb767cd62ec8936a047ad3704c2e0f4caf359fabd9ab6cdab0fa
SHA512a57e58d57bf352abbdc9722718362a8606eef8566921c460ee1b762c80cd50929e9679419e6958c19045794e644b0214f542c51a26fe90821d4949d63661b4b9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD509dcb897fabfff8c2c7285ddd22bc2ad
SHA152e69161382e34eddaeba342c0df5235a5f13083
SHA256e422a12b633fbb5d5fb5ae03c2f7b38d85e25130a83b12d2eed3feafd644f2ea
SHA512e1b9f759c954c5e767211cb63b313438f99b7fa52e53c8158c03d8eb3a8301e43ea9fab7605c3dd8378817de1aee46428cbe43d0efcef7fa3c95309a4ceee4a9
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b