Analysis
-
max time kernel
118s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
13/06/2024, 05:02
Static task
static1
Behavioral task
behavioral1
Sample
a3e7426e33eec5574bc29823769cd6e5_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
a3e7426e33eec5574bc29823769cd6e5_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a3e7426e33eec5574bc29823769cd6e5_JaffaCakes118.html
-
Size
16KB
-
MD5
a3e7426e33eec5574bc29823769cd6e5
-
SHA1
676105ba2dc4641b0deb83f5884a077732ae5fab
-
SHA256
df523a306c62918713fb815f130b315d2de1139b90ce0caa461cb6957a7b38c7
-
SHA512
45ec0f0f493b29711805816e1a3f577293c943301118041de7e4d29bc5eda0bcfb5a2cac34c12954e4c0e8482994ad034bb889444054f920c9e747dbf544a912
-
SSDEEP
384:j8GMFLiCoqqf6jIB5KnDkRgP/uGb6CatG:j8Gse9q9jIr2DcgP/uGb6CaQ
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1144 3024 WerFault.exe 28 -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424416792" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{137E4F41-2942-11EF-BE0C-E2E647A5CFB6} = "0" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2912 iexplore.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2912 iexplore.exe 2912 iexplore.exe 3024 IEXPLORE.EXE 3024 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 2912 wrote to memory of 3024 2912 iexplore.exe 28 PID 2912 wrote to memory of 3024 2912 iexplore.exe 28 PID 2912 wrote to memory of 3024 2912 iexplore.exe 28 PID 2912 wrote to memory of 3024 2912 iexplore.exe 28 PID 3024 wrote to memory of 1144 3024 IEXPLORE.EXE 30 PID 3024 wrote to memory of 1144 3024 IEXPLORE.EXE 30 PID 3024 wrote to memory of 1144 3024 IEXPLORE.EXE 30 PID 3024 wrote to memory of 1144 3024 IEXPLORE.EXE 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3e7426e33eec5574bc29823769cd6e5_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2912 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2912 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3024 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 25843⤵
- Program crash
PID:1144
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f7a73a1c65960e1078d395e3ec448e06
SHA10cb9506c7786880a0c0facdd2de1a6538a1dcc22
SHA256b0043ac719b665edde17b3e0545b1dbdbcc7ddb81c0dcf275d8b8ba6a4eb9fb1
SHA5128457077e224d15cc786303438cc015842d728c8ba216abbdc314132cc19ce7321d463bdee9679fb68ba91426f05b6747ec1dfce92278b2300843eeb7ae78fdc6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b7e139868b3ff9368c40e9e7228b1f3f
SHA13f80beb2d535d8c2ae149109958fd11ed5ea03bd
SHA25658c2c6e61dd3b58108ee9569d4a833ee364a6cdd7df2ad4a0e344ecb9b78661b
SHA512eaad8ce52db54e8758fa8b7b04b9d86ba7314047a68cf9a68ed13c26e23b2fb84a7cd7ed71c6b3661b6353f2431569882692bf798ed79d3651bbf2c315e3276a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD519a53d65ccd250d1494be5f77750a5eb
SHA18f5a33e00ec0534b6c608ac8a275611c113bed63
SHA256abce119b84aaeab010defda233c6b652121749fbdc5533f8828c819cc8cff2cf
SHA512ae2b996469a95d7e470640a5b6665721c50554041dab4b6696a0e397910059ab965584234b9edda876e4456c2d5afac7c86b904ca827f4754c29b6167cbaaf94
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ccd9796ad92a5062b3212577e8cd86d2
SHA1093943214943c2ecabae9f7a0fa0bc1deb377746
SHA256e8463ffe8ac4be10e00463cdae03685740275b6d28fb0eb7bbe4202214c56a2e
SHA512118ce80245dc2df23ec198299433c9cf94fba215c12dc3c9b6f2219e232cc53a8e3484482b1b4e986f0e9fc20a0381e82d6ed4680c5be8126b8991a959f9a643
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c43ec7d6e28a84a9275eacfe634ed712
SHA1b35d510b6178fab9173d66c704e8d376aa925ec6
SHA256d09e42a8e892b54cdff1ae0f21c867ecd6ff380be3fc4b32af6db1bca146b63c
SHA512c596b91c8774d691f7fedb461046e323c7c37081a93b29c1216a4f67afd2b9c5ab95ae384e6147a30c68cdbdec1b47ebcacc0a6ca5ffd2844c55f66ba4bfb60a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56d5ef962a8934e816b9f380d58888b6c
SHA1351bef0cc7b705e5aab3765704db4a8628ce8aa2
SHA2564422045d27189de3c8e2131522c71634757f43c6c88f5df7c2c6acede1ffa4be
SHA512133060e446b5f72627c331c041a08eba6e566ce473ddab77c0669ad76d31821d93997463e16b54b58c7979f5cc4ddfee734a6d5899abd7da9b0a9f5eb3951990
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59ecbdfbcdc1717af6707c7d24f9f32b6
SHA161f140927fd0579c2a4a2d7ff16c2b537271fe85
SHA2565218682cb22c40fac46d98a189f63ea3cf7d14ca1ceb071a39f8a975d0e66772
SHA5124f1d6c15012b90c001b74195f71cf68cd7310bbc0327f6f2a333cd32920d6b22c2b976d8bd771843ee0d8a151eb8df5849bc0cc615cd8972de3ae890a9d160d4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5201facd7fc2d116e48edbb4cc2ac1c80
SHA12fd8a09ea47d51ca3d6517b68aca5a25a8097bbd
SHA256bcbdd448aefc6e4ebf9b45c544fd71becf555927108ad9beac9c147a4b00f7b3
SHA512395bf69a6e224b02f2cda6ee26287f00f3b5226d2d0e56f819119f8519d1efb340b36c410509f5d4cf9409e18ae24ad45cbbaad1de5127289dab968ded22c2db
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b