Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13/06/2024, 05:06
Static task
static1
Behavioral task
behavioral1
Sample
a3ead675e3e431176b41369c8b801712_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a3ead675e3e431176b41369c8b801712_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a3ead675e3e431176b41369c8b801712_JaffaCakes118.html
-
Size
73KB
-
MD5
a3ead675e3e431176b41369c8b801712
-
SHA1
3ea604cdd7a479960c2913afb7c44b0b6aa61c91
-
SHA256
74fe944cfb45aa2920d4b19c1d4318def83f0663cbbba22d33ce83a5f16a878c
-
SHA512
1b2fc31b3543dba365800c764596b8b8a18dcc1bad13f3fe2875101e50d2c51445b62a7b5dfd9a9c4735c6c5380f2cc8d4af58702940b8177f3f76240ff5c367
-
SSDEEP
1536:O6bil3cm6xnPqxHGxPMqf2FvithXHXRRby3oTgBJJpv3:O6bil0xnPqxHGVzOxHj
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424417080" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BF00FCA1-2942-11EF-B98D-FE0070C7CB2B} = "0" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2436 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2436 iexplore.exe 2436 iexplore.exe 2088 IEXPLORE.EXE 2088 IEXPLORE.EXE 2088 IEXPLORE.EXE 2088 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2436 wrote to memory of 2088 2436 iexplore.exe 28 PID 2436 wrote to memory of 2088 2436 iexplore.exe 28 PID 2436 wrote to memory of 2088 2436 iexplore.exe 28 PID 2436 wrote to memory of 2088 2436 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3ead675e3e431176b41369c8b801712_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2436 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2436 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2088
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD540362ac672807d5c84c3c9b9aecb9a02
SHA191a7a8c318a30ca7be45b49b1f511980eacbef86
SHA25691efc3d1f2dc97e6651a7bf694271ccbb73f7b5742f735d8af447ef94fd7c4b2
SHA512a21a8db54929920b9b992de2c2c858b04d555ef593b172b7a1cb8267c4e464aed5fa82d2566df78aa39efe598c0ee3f8569797275f08dc20ba76ef7f370794cb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD546e1a4e352fc6d8154578618d125c6ce
SHA16434350de33a2fab2547e1b70eb68478518adf24
SHA2560bd1a9055619ee6edc0efcc302968cdcfd769b58512f833c5d4687a186ecc36c
SHA512c37c8b5446b6733a0f54de61f10ab375efb7950d772658555bdc464be79b2a8362c4d145e57f8e2287b0678045028619091478c4416366ed4e32d098cc967f77
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD512cf21651b5432f88d6786c2ed4e2b3d
SHA1e12676d82c8c55cb1fcfd6d5c6db3865052e89f3
SHA256e4e15a3b4ee2e1144da9b56a021a63fb7d5cccc7c250ae9e42f1c3075d1e090a
SHA51232bc76aafdcc2af66f7276e5e17aa3b0d7bcb3103a07cea11de46ed7df015fbb8acb4be413edcba97ada79b1763f61a0314a63e28261c9ea532c7165da0c5cb8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50b32046d6ee8944f87f3d147eb4ceff8
SHA13fcdc58fff183f1140cd34a56129c9677a201667
SHA25611a7d5f9be42dfc49a5256dc43ed5b04611f85a9ccbf6d372a8cf488dadb4d45
SHA512761198ee0106aba15484da9dd57bb99da8a5719a976cf2a42106f2561578e0c7e8f381f7a09d84e5cafb2c569c84c770e8705ea91e54bcbf9ba029ec9db04586
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD566615b656b7a62df6b498212aaec9dfd
SHA11649c03a18aab4e3b87220628e43815a0b11e240
SHA2567fee2df9ec8aed68b026b933f304ae67fe8ed5defee89b7b4fea1bc93001f4d0
SHA512fd62dfc986abdbe6d9020cf2ef1b4658bec5b0226decd131f550684b5b4aa710f46213ceccf963388933f0855648c4a4ba2e1aa01940211c7f282654dee5712c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dc57338751be2232b8794f70f6f1baea
SHA10db9b72ba8155028ec0b30bde3cdab0f0897d1ec
SHA256ae2344157c71ffe2b398d83826248949c06e850fc64af51073c1c5d1cfacdd75
SHA51256e7f06b51c6e112f6319201d6bb9e20edabac8b9423f684ae368a1490ff777c7ce90b7817186727b2f8d709a98eba38e0172126a22a8035772ce082f4f09112
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e7fc3b660d45fa876737ed8126f1f001
SHA19dcb60128b6b2f4e849aa22d19323d079c906ba1
SHA2563bb0f92592e4cbd2b5a44bd565c9e400660e0ea6bc1c2b2ae23c2ad55938962a
SHA5123c48143005c703ca1f8aafba0281ae9958b01692d1455ddfbc61078a09b9531616986ce3fcfc68b20ee7845ecb45dbe82097e78783d695ae9e90a30d36591402
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD500d79c1b9ebb53118c9285e4020a58e5
SHA1e3fd0d029cb6c544ca19aed121103957297292d7
SHA256962e23fa5de16fb768cb096c289a2e579f574917111df4ed7d86c895b55ace5f
SHA51260c49eb299d0f6b920084dc75d079b6fdf35436c57dbfa401e51b986f5b916ea542a2be7e58fbe9d016464f9db1adb2189c1c5cea9ceac1e416cd9f8ba972428
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bb9cdf3c1bf030f4b79d3429aa833eed
SHA117b694a6b129e11fc2599d14c56916c0ad0041ae
SHA256b3486120f8fd4dd6628e2e318ebeca5bef465c3db55912b27f5b476a1d9d2b61
SHA512d99b261ed981d82221c62f68c0678770a27db4372497b6343133623d9a17ab5df6ee8fa019b0e7e214941bf8a935df83dba8d5278ea3bfee29ef7d6c5427245f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57c2656d60e6cbc065cbf11ee018530d6
SHA10f5d6e91814a8e4bffa3c51b2408d28676e850f7
SHA2562a0fc186164c7b3080e47061f23ac7bca3c576f22034fc9ade42b416c7092d27
SHA5122d7de218e9d98613ad7a91c662978d02f13f3910cb34de7f939d6f41f6cb08a2c25ed61c8d869769e4c78006c52804e212295c7c324dc053f420b00b29e19402
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5858a8f0a3dba1fd1aea3a7da9dc2a8e1
SHA1952ed64c56bec7a18027b43094605acd77228538
SHA256169d661e710d66c94080f7eab971f1b7d473226d6500b70742bf8c5e6cd58c6a
SHA512851378afb1dc5c759d6b5e2feb40376af8b14460d013ede08c0ce4b86e3df0ac91b0fc46798a47a645c0b7cc9e4f169297bb8291491df99d7e5a0a845f137bf7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD532a2f4b8b174aa854beeb279835b990b
SHA172740c9a1f6e4c275cf0226fed6f496353f7e822
SHA256c9de370d51c99c6b14d7db567c328460a87705114e44970d71a1d8a047e4630a
SHA512a4b690af7a840e5500f558d88c06cecc5616691207a3d3813cdc512b5e976458817b93bc535432657df489655cc17ae5afa3704203426e3f1c2027338579fdf8
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b