Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13/06/2024, 04:36
Static task
static1
Behavioral task
behavioral1
Sample
a3d69c212c75c2d92daf8745795c84a0_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a3d69c212c75c2d92daf8745795c84a0_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a3d69c212c75c2d92daf8745795c84a0_JaffaCakes118.html
-
Size
27KB
-
MD5
a3d69c212c75c2d92daf8745795c84a0
-
SHA1
75eb50fcf1c48970a8b58abcb992a06a90330903
-
SHA256
fb0a98f13b6b7502c69070209a901db454c352bf63789ffbff59c7df2e6bd5b4
-
SHA512
a76b7518d3f7122a383e42dfabe35bcc6a06e96be7a84d5915970ae43391943cfa9398fda4df40d67eaf763da81f21ffb8bd7a5cad8f18b7de1e21ed5618eae0
-
SSDEEP
192:uqCXXUb5nq+nQjxn5Q/JnQie8Nn2MtnQOkEnt77nQTbnxnQWCJVevo7NtbFo+Nze:nEQ/wM2ygcgW2R
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7CF68A91-293E-11EF-9586-DE271FC37611} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424415250" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1156 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1156 iexplore.exe 1156 iexplore.exe 2916 IEXPLORE.EXE 2916 IEXPLORE.EXE 2916 IEXPLORE.EXE 2916 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1156 wrote to memory of 2916 1156 iexplore.exe 28 PID 1156 wrote to memory of 2916 1156 iexplore.exe 28 PID 1156 wrote to memory of 2916 1156 iexplore.exe 28 PID 1156 wrote to memory of 2916 1156 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3d69c212c75c2d92daf8745795c84a0_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1156 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1156 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2916
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54cc1b278c1b5716b53029f581e2deb95
SHA14611dff73a228aa87cb740edc3dc3637f77fee04
SHA2561133857013aa84092cadbaed7348a4023223880ae6627d1eb4ec68e59e6f9296
SHA51255cf90fb57f237c7fef4ebb5f805933f7f3b5add3067dd276113125c9f42a5320e61b5529831767edd5c3f84d2376243f0d20ec1a94424bcddc243cf99a8d037
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a57ba0b3cc791165a32b68f5ce6d5c9f
SHA1ddc970d6609efb7748673eea272826f6d0ba3b87
SHA256de88a7a564fc84adcb1a8d3da6f45b03e42e52cb6fdcf975aa2b7b4f9e38c75a
SHA5123c3f342e7fd6b68b42a3e8789a67b946110d4dcb98b6146e47ac300cb097ef2b65597f9156878ef377f7257fe4e547345a330f48712673093d08d3824e5a37e1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5936ee29d969752fa8caf08bf2e6e5b5b
SHA140fd640ee764978ecdd5584f9666eae5953e250f
SHA2569d2d76a419bb0c71fe8be40ea984e96884d35a8e78a7c4f7985113238276eb98
SHA5124e6b8d262bce5a195960c27ce4d03415990c13e05a2c3594206897c61ce1efdeb9317eafce14b511d120f6b79e6e3a52aa499e9962d24a63b38a9435c36b2dd9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ddab27254143893eabde098a77366816
SHA1e150621efc15ceb876b4dfed3b71d384f42d9c01
SHA25685eb5333bb1649ab88366d93ec77bd3040b7767e032d5634b20754491481d047
SHA51269e5d9479eafd5b661920b2e67a734fc25c8998a73511d2bb9498c94cf9259fafdbb18e45c8b94756d44489f626519eb99a7487394fc63c5a9b199a1d880c827
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cd32f83e87b65c42d5117e68651081f7
SHA159d4848e94fc520f902827ca535585d95f0c01ec
SHA25666301234ebc43264049549163cb8f117a27b7b1392f3d7b013ff6c71ebd01134
SHA5124df276309a94f95d80e4b8a82e7697f55da49dee7458f9c8217907d7504cadcf948c37bdce3875c6b3d21a989e4ad04daedaf5324b1a048a196b4e619c121010
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fa98eff660262313bb4fbc423af5829f
SHA14b8898212d8f95f50d32e7f6821e4988b59671c9
SHA2568f06c4411f6ea3108bb94ef0fdceccd54e8cd5324af88e9f6b405b8fff908daa
SHA512f798a25d84ddf0d0e12b3cf1f3e71726cc20c631411f341350a4d78873b0ca6171063280ad507768d09e9ac8dc44e8ec73265206c626769f66bd3e97360ac17c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f47a4889d6e86af8fc2d3bbdd35c02ab
SHA1d5ca005ccab9804b34e4261547e49665483dc3fb
SHA2565dcb3723c9f6eb70df2aa30901c0aa36923eef4b5736cec8cfc1f317fc743267
SHA5129ff3f8d9808efb8f258a1c58926976bd28b72ff77f65a284c3ad890c4c8135fc90f13b6870898ed71d6e26b29bd62bbb5c973da0eae01a8ea93e8b563107a099
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD536f88c6ad10d34c4433df7a49831769a
SHA143ffaf8804c7e0bfcea1ed2321d0f782fa549cc0
SHA25601c8e5dfd93ac630e11ee6b3c9df6c4547db5381b82b84e8cb36859fb84948bc
SHA512e3dbb896394e1ed6f990644d7c8fd54af0ec39764c3ffd31aa667c35976c4a87419ecbaf4faa28646af80bce8bb53765ab4bd18a401561f8688e8a6868293e86
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e168bae14dccf05e847e7d003b4b125b
SHA15649f64745e24b34afd46cdc329a036a4643879f
SHA2568cd36936ebeb28d87e25a754a41bf70c11a35dccd513b4723ed52792d35c9774
SHA5121961a53cdccea5ac07e8312ee44c80355b426f355f112fbb951c6bb574f721ad256eac7919c8d94fd8027030b554de34a25f191327f0773d94376d210e13b59a
-
Filesize
67KB
MD52d3dcf90f6c99f47e7593ea250c9e749
SHA151be82be4a272669983313565b4940d4b1385237
SHA2568714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4
SHA5129c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5
-
Filesize
160KB
MD57186ad693b8ad9444401bd9bcd2217c2
SHA15c28ca10a650f6026b0df4737078fa4197f3bac1
SHA2569a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed
SHA512135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b