Analysis
-
max time kernel
149s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
13/06/2024, 04:33
Static task
static1
Behavioral task
behavioral1
Sample
a3d4c2ab3239fec0fdafe77e1cd528a5_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a3d4c2ab3239fec0fdafe77e1cd528a5_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a3d4c2ab3239fec0fdafe77e1cd528a5_JaffaCakes118.html
-
Size
19KB
-
MD5
a3d4c2ab3239fec0fdafe77e1cd528a5
-
SHA1
4b085aa058b12858ad82ab4dece3caa461c7d528
-
SHA256
8183bd2d08fa1b0fc624139cadae186eede50be41a9c1ec000e97f034db85b32
-
SHA512
e9b179fcae715d66ca2e931ed835448b1efba039c5183f09f75307c781fe984c7f82461427a13902165d0ff5948b6687d202a04ffc592ba5c41e923699d59cfa
-
SSDEEP
192:SIM3t0I5fo9cKivXQWxZxdkVSoAI/R1BNV4033/3F01KOzUnjBhMykc82qDB8:SIMd0I5nvHBsv/axDB8
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424415058" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{09FBBA11-293E-11EF-A30C-E60682B688C9} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2168 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2168 iexplore.exe 2168 iexplore.exe 2536 IEXPLORE.EXE 2536 IEXPLORE.EXE 2536 IEXPLORE.EXE 2536 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2168 wrote to memory of 2536 2168 iexplore.exe 28 PID 2168 wrote to memory of 2536 2168 iexplore.exe 28 PID 2168 wrote to memory of 2536 2168 iexplore.exe 28 PID 2168 wrote to memory of 2536 2168 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3d4c2ab3239fec0fdafe77e1cd528a5_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2168 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2168 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2536
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54088e4932e1bf0ea78f802f396e81365
SHA13e693314a81666eaaf9e3293bc241cbbcafde779
SHA256aa97520979f686db44011e92ea65d45133dc73a4487aed4269e01661723e55bc
SHA512453c153717ba29ae04d8d1e192dccb5c308e1cb3584dce820b02234be253e95e664ddcff127ecd7f42dbf8dcb921c1310713d9c832efa7966664107a94f6faac
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD560df2aefe84e8a20bce2566aee7591ee
SHA138d3c07bdc88e334504eb3fd70ea8dd960eff8e6
SHA2565360229c4f538071dd3c54972e40464a8b03cf38b9ae106bb927be2395523f95
SHA512fcf651d2ffcfcf537ba1a64e5a0a8d049acd5da8a0b427123ed36ea23b7ca92c325d6c3a2ed1be41ffa736dce888a640cdd9f8db830f95aeb904242f0a449c2b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57dc838f582d495b4382ba1568db7db15
SHA14e22e984d88fa265bbccbe22fd9c20cdf84a05d5
SHA2560e126da88299257bc478be84141953ec8a950adb4607dbe26341c65e68935b69
SHA51299738d9f25e9df87e37238daa98582237bb635d54d258c39d4114e23c15fccfdbc6cfa2f5a0fec92ecb3152160e8796d9924854997986d24466db3ac64f50c5e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e1589a69a6091871b847cd8fadbcf306
SHA1139694eebd30f982a07d33b314e423b71a4d1258
SHA256a7ddca95297083278adde091604192d228608bad39d469aed2fc2b7cd612f04d
SHA51240e1777bf004e315499e41860fbf37b8ad1f9b140476b2eacca39437097b632a624494cce862fb372c658198e80c2c31718426f2791cd5f6520348387bdd64f1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5602e0a37c6679497a4fdaba52f7ad348
SHA18e9b96c24fcf0414da30e7c51820409c9fb06ceb
SHA2569416dac18174da48bf3880ffc493cf932050a7782b104ac4b1ea30cc1dc42ec8
SHA512719cca688c6ceebd94141cf5737fc4cd04ebd8f3cf358ccb5f13aa42cf0d638fd95c8fc24c39be2b44028a7f211ca03864ddf5569dd5e934633ab204a798335b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD558725157c1adc5ece6ac064e20f9efd1
SHA17a85d4cefe122af65021b6eff5030d3e02bd9081
SHA256af918642496654be285a2d7ab9adc84d1210d9f86aca621b99e56c1968fc5715
SHA512b4814c2c28c4c8b5d5b076242d7a769b194834f834795eda283a3623c36b12ff4adfdf4d7670ed7f9e369a26445d8d7e81d608caa9dbaf36fce966a0d98751ba
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c5efecdef99f502b5aa1769c1f58da30
SHA1ad50e08b03377a2654d4dbc821183dff911d4c84
SHA25679bee675b272361b990c9fc8398cd857c1e18e24c5ecbc5aa8a22969f15a6d1d
SHA512056d13b81bb74d8ef4b8e3c127427f03dd638b24b132756dfab54fd7d1c5ea4ef4e38fc71fb18c9f76be10f213807c97aa8a35354c897b4817207076936582c0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD578f1291e968919d581e2a32101590970
SHA1ae2dd762b1acb435a32fd3ae2639c61cd9488cea
SHA256e4462d15d0f9e73877e19e47e3ff712acb9727a83d1573d753f7dc801345b0f0
SHA512b81e55003864aa36a9dbc984b285d8bbbb244d6079e32484189e9d061c429b3f3e72194e183aebbc96ff28f0655058bc71c3d917eab68a3e9320f0e57556e710
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD596c76ffbffcb1d61340c28ee29dde5a2
SHA1a9c9a2fbcfd021bfc7b25164b57d0095400901db
SHA256de01a5b2a1d257fa1442d37b07fa7295063f76b3b5b47f712078dd0e3527a0b1
SHA5125cb46e732be8a5bf7ce05a8fbfb0f124794eddac9d7ec26fc9675c3eb0901844f57725feaade4313cbdf600341df863503c32b2598f317cca23ca23057742a2d
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b