Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13/06/2024, 04:39
Static task
static1
Behavioral task
behavioral1
Sample
a3d8f20ae741a418d9ee7f3b3c033603_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a3d8f20ae741a418d9ee7f3b3c033603_JaffaCakes118.html
Resource
win10v2004-20240226-en
General
-
Target
a3d8f20ae741a418d9ee7f3b3c033603_JaffaCakes118.html
-
Size
23KB
-
MD5
a3d8f20ae741a418d9ee7f3b3c033603
-
SHA1
0bdcb6835797b70e3ab84760304de14603e05e24
-
SHA256
618b7adba9430e817f667f54a31fd46cb321177d04ecb6b8fbaafeadeef8b9d6
-
SHA512
515e0c8242a096b58f6c3899c5ab0f0ae8b62158cfcca8e82f0a5bd92f15b914efdee313b819ecc1b66323f35f8605a8f82e7ef365a06d47e5fcb12b98f141a7
-
SSDEEP
192:uW/8b5npinQjxn5Q/knQieHNnPnQOkEntg2nQTbnlnQBCnQtnwMBnqnYnQ7tncYL:EQ/x9W
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424415442" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EE183611-293E-11EF-8A4F-62EADBC3072C} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2204 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2204 iexplore.exe 2204 iexplore.exe 3068 IEXPLORE.EXE 3068 IEXPLORE.EXE 3068 IEXPLORE.EXE 3068 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2204 wrote to memory of 3068 2204 iexplore.exe 28 PID 2204 wrote to memory of 3068 2204 iexplore.exe 28 PID 2204 wrote to memory of 3068 2204 iexplore.exe 28 PID 2204 wrote to memory of 3068 2204 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3d8f20ae741a418d9ee7f3b3c033603_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2204 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2204 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3068
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5021ddf4cb44d2a452e5069087809a65c
SHA120ffc1522e227b5f39dcd8696d9c04f886885031
SHA256271f6e2d09c577d6b6b1b6abd11f8c879ded8512869e92dd0b540110e3436a80
SHA512962733d1aba7446bd8753a0de87d070785cd6cf4e50ce80d5baee1d4ab552dbfc72558c5686d88cf6ab69c7244961fc401fa92f66d141294cce8339f4d0b67eb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD528e5f4530db063a7d39641520fce382b
SHA16ffa3afeb7f7cd3708d6d060e4a79a8d508e328c
SHA2563b749ebab944ae8709f3af72a8ac38917c772e368e4b1f4a6f32596ce78c614e
SHA5127e54856a647215b0cf63e06dc28d3c0ae68f59082d829a30a98965cce194f0f53828914324d0c3d6d16a9c5abd353ad300d4d36c7c7d71821ed66efc37551635
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5223ec06db5db9cf25d4c5224c7e70e3b
SHA1d1e2e85652667a15af2ac621518af8dc14c7a607
SHA2564d7a9142cc99cdc62e0bf8a8dc887c4dc1229e9da2462d79d85e6f4ffa311e3a
SHA51284fb2f9d9bce1f8b28b84c0ccda7bf18981ae9a99a749adb2994337686003747a925c65814625dd39957e5afab20d0cdcf7d12c824bfb2556657f002aff71f7c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD531fe47d0318f139b5af4d6854fabc402
SHA10830b09077d9855f83a4b22ad8975afc24160088
SHA256c2cbb2c71168b2e9efb1ccd83d4d4fd59e49b03600a30784b258d8170b7a398c
SHA5129f3774542674d389b3d69714e64d9bf033e82b8ae8dfc335228590053093296f589bc6acd139bce51305361a3411e917603673639b08b624abf1c8ededd95377
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d3200de982068ab59425ef3f0e018ad5
SHA1754cb206df3b6e7c9556cfe96011f10137900de7
SHA256f9139e59d014fe2d207797734e758708db81117b0237f95696a3c17f6481c93f
SHA512468294b2145c8f134cc283f84a8c3a9815d7a19951c461e5ea13dc18e322c22e9e34a91794e687b60b943fa2542cfeb7eee33bd61d87c0b0102fed9bbb7ec290
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54ad21eb5eeead98d8f7dd8f3488c8da5
SHA1eae991e49921b455fc658273972e74bd620efb01
SHA2564af86d7339304722106628687b7b998f3dcfb5e58a766095513583fb80eb4eac
SHA5124ed93565f7cbb02de6425f28704062c40b5c2cb2336f7e994d68f8ceb6209dd126254fbc5e025dda53da92ed1ccb44fe86ba45f1d7d02027081b9d2cdb121392
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d8c3307b904aed32075da6a759a472f4
SHA169c510de661b7b2acda34b14614c250441232551
SHA256a77db8266a5ed2f3f0421144849d24ef0625f3237be2f1bbc64c46b6bfdf8719
SHA512781c37b9bb47852c503e09ba76d83eb28cc5d75478ae61e216a93317bd066866b3b25a946ecbe9d854de1c0fe43a7a72af95bbcc98f4f2a26abbf004e37cfb2f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD511031c8a35c91bbc1b3b44adc02cecba
SHA11855634a06eca3fda4488e2a3f57cf599a532850
SHA256a35ba3de66a5ca1e594482cfc82990560998f8f944783fecb0e42f598dcd60c1
SHA5125fd6ca009b0be24158b2fcea8791212e7ac2b3090a6cc5eb783df08a8d66e6dcd266d32c6074960b89daa11d84a65b380ec378720e3661321f9718c8de84561b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD593bb182d63dbd008801e81dd28070d12
SHA11adefeed939982be9776485d61fcf0f17373df50
SHA25657693fd03a319ccea74e9c71d7240c1b8512e523defd9750ab6feb1b62851184
SHA5128c2c64fb2dd8adffdc4bb5b9f22c7bf5fbf45aaa55daab1dab3629ce3c73954294dbced938447c9503de47bbc09c8665fce42bd66f6070a5c94d96db8135f119
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b