Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
13/06/2024, 05:07
Static task
static1
Behavioral task
behavioral1
Sample
a3eb6b44e5f96d5bbf58640783098766_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
a3eb6b44e5f96d5bbf58640783098766_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a3eb6b44e5f96d5bbf58640783098766_JaffaCakes118.html
-
Size
23KB
-
MD5
a3eb6b44e5f96d5bbf58640783098766
-
SHA1
54879cc21aa4465e31adbb0f3d8d60312e8e3435
-
SHA256
3e74f5c20c6188519d885b38a40c7db96bf4d1bb340b13f8e0f01b2b5d46329a
-
SHA512
8d566127501a124bd23efeb9d01f15ce84a93adf1851b8c6bd704e71c2c9056d8f93016f2da1d63149237fb052121299b7aa39fca08ad8f5f85a8d21e98acd5f
-
SSDEEP
192:uWrYb5nP6nQjxn5Q/WnQielNnCnQOkEntS0nQTbnlnQzCnQtRwMBFqnYnQ7tnYYr:uQ/KDM
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D9637911-2942-11EF-AC1E-72D103486AAB} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424417125" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2268 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2268 iexplore.exe 2268 iexplore.exe 1712 IEXPLORE.EXE 1712 IEXPLORE.EXE 1712 IEXPLORE.EXE 1712 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2268 wrote to memory of 1712 2268 iexplore.exe 28 PID 2268 wrote to memory of 1712 2268 iexplore.exe 28 PID 2268 wrote to memory of 1712 2268 iexplore.exe 28 PID 2268 wrote to memory of 1712 2268 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3eb6b44e5f96d5bbf58640783098766_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2268 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2268 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1712
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD5cb16525316abe31d8897e7d6309a0526
SHA137edefb070aa9df6540603a1c3f1bedeefd5dfeb
SHA2567919a7caae49b991b7f338c423bb94d2b4a8da6d5e2b9c9e90ace11f7a2f980e
SHA512c84990e2c67938ac507846afde6c4f2c6e9e13e0453f47010ccb48694ec1ce7b3d678e78bf2748a5866b90c83f3a46201cf99cc50070f0c1ad93e0fb752ecdbe
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD589611a29f488d1b906f91aac429f280d
SHA1580df3b062a3d0e08a026e2c088ee5c121b74a8e
SHA2568e24fe68775b19726cdbe6cf508441dc5adaf42405a4652b06a6e85ccfcf1f99
SHA5129b133342dd225e3e5f45fbb185c6e2662660e2abe9dd5e374c8ff59f3bfd98438e7e8021be97de15cde305de52fcaa72d3eedb964aaaae77ffed5f9e8b3fc9db
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD548054a83fe3b24d23b1f73275f0596f0
SHA144a74a05a0dc06e7ffea8791d0f7722fc59e606e
SHA25696ae46e4f2315910d60972e4db87c60ccc04b58aead5395ed71fe5af5776a4d8
SHA512ad39956ddfc07c60d850261cb69ca7b113bfb65a7592e8f8dd91d16631392ee0e49b83038f626bb18fcece462fd643a20af8921b0514da9442293aa9c7c5898c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54aef2dfec82d2e3709433cbb9a74ce47
SHA19ae5a114f8e3ad784cf5556a4fe071c0dd81a284
SHA256f04baaf01d967b2c3b6b4070f3a3aa64670c9f9e7a9b5c3326572ddc537c5249
SHA5120eb1a9dd2052061db997eaeac4e62ba3eb0f854ea8d80e0de19cfde55b28fac34f0854e8c26760fe71b5f316d978cf263d771a77d0e8669455f6eb99f5ff7475
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD581d8a45a145d16d2a5321ad6a225a19d
SHA1ae5e50cab32aa44ed4ee5d754407157b0e04905d
SHA256a2fe1aeba56de4f0628a946758c4bde6a25d47112afdcde1b250d444d906fc1c
SHA512b34a22d691355422e9d4b3afbda086e633ff1baea3b465e97d7ea3944fd40c0d78eb648840a05c93bd55b760433b7f9d627d260ca4ea3e72a9997fa221814c96
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54e01335275745d081d5872f332216923
SHA1b64a6a4ad56844407d904d8f83f684c05629c419
SHA2560ac8e8df54a5480cf0ef2c3eaca22d9488d7c628c046722bf0431d6f824897b7
SHA51260d93cde2b179b19e54d664941089bef0650be50c36d3e2b13cc78479701171da1806948ba5d4c6a029bf65cbb5041de2e1d18d98def87864372d68c488eb70f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cf87856fb9de9ff7510bbc6a8b1ff3d5
SHA141cf9cca55e95f4fde3703dd995447d1ad471156
SHA256bedd05a4c9885061cfbac9c326ee9c343bf7a9da7baa82a67b2b3e063fa0c40c
SHA5120f124d29f9786f31df8d1036381112a09573aba96ce33d0516f28dca81b35c6219655fa2ddd361f98f0c4bd18eb92b7d5ec621665f04ac6e334f6fefc565ec3f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD592dfef7ce0eac7449f4536e09c970ae0
SHA1b78e117cf45ede77b691e2a7181f46d1e40f5385
SHA256acf0846886e44e6fdb8a8888e3ff4b795fc6020e10d879e5b00f8cb5826e3618
SHA5120d066bf06c3702a73e433c1a14fabe77585002824d5c4795f6aa6268862765994e7402dff30761bf0c57e4f5a9a1513a90f4e0806d5df3384d1b2c9780fb9375
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57bd93cddf701aa737e518c6b86179b57
SHA1b575525186ff79a15374cfdcbd7b1179aa450976
SHA2567a83764c54f928eb64df186e94dbf39582316caaf85efab9e6d02a49359027b5
SHA512c357f901b9f1c2c8be776342cd4f5740aa70fa869ab7ef6704efcc6dd70cde538a734b0a71594c41056ca2d9a294d415848170ea4daac7a6bb0bc2e462b76dd9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a89f4d3e6b693c79616e41c0ea99a655
SHA1ec38022506d93b51a113c00e39091d5f3df0349d
SHA256d2d3e04f8b983586995d93b93a59d2cdab358fbf374c9a075d501665a03e5dad
SHA512c38156bbc5af53eab86a2b2d960c026dc8514d3d8764057db7cfc04a4d6f8bf4cf5e5208289f3c08ca38f1680ebe263fbb8e71abb891f57123244c5461934fcc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD598547a99869a896c5b5c443f45da2e6c
SHA1b27f6f60e159938a7c3436712a8e2b8354b74f0e
SHA256b1abb2b1d2715b7db964e950a5232c2c0352774a5a831864eef7acf488946cc1
SHA512e1eb8a30d7474fbba7ae6dcc5542fc98ec47b685a7735e44b7e84016a936eedc4bbe1b2782f2bdce40aad818109c3fa6b88e84b91a96d30b2546ba018c94e07a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD58336e6116f6ad9c3d98078f49e1a5d98
SHA138746e2fa12f52cb7f1a9041ff3798ec596a7f10
SHA256373ca5df38698c9cb65f073dad4328f837631239e4f418a9f8c1683ac67e54d8
SHA512de68acbeb01febd4d89e14a7716aa1acfe419bb95ff8cc79294cbc99f79e47640c69ace46be8ca490e9561f3c98146b78ce6ef2870b0c9bc555aceee38484a09
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b