Analysis
-
max time kernel
150s -
max time network
142s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13/06/2024, 05:06
Static task
static1
Behavioral task
behavioral1
Sample
a3eaea01d9d7acaeb671bbcd1f221059_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a3eaea01d9d7acaeb671bbcd1f221059_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a3eaea01d9d7acaeb671bbcd1f221059_JaffaCakes118.html
-
Size
23KB
-
MD5
a3eaea01d9d7acaeb671bbcd1f221059
-
SHA1
c17b3903e55bb62154250df5ffccaa15b69da1d5
-
SHA256
c8f208bbc67f3283f5cf11dcce4d05c0c6225e6ae31810a2d7864dc8d9092090
-
SHA512
6cec93af928ffb23d493b620bbe36cdebecd02f0651b62a2f85d87f428004f23a28e801884db08f0b1b92531353d5cb5910f5c44879b672c3bc71fe49648b3b9
-
SSDEEP
192:uWjkb5nK+nQjxn5Q/lnQie4NnWnQOkEntTfnQTbnhnQCCnQtKwMBYqnYnQ7tnWYg:DQ/4qJ
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424417086" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C2190A41-2942-11EF-A8D3-D2DB9F9EC2A6} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1732 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1732 iexplore.exe 1732 iexplore.exe 2832 IEXPLORE.EXE 2832 IEXPLORE.EXE 2832 IEXPLORE.EXE 2832 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1732 wrote to memory of 2832 1732 iexplore.exe 28 PID 1732 wrote to memory of 2832 1732 iexplore.exe 28 PID 1732 wrote to memory of 2832 1732 iexplore.exe 28 PID 1732 wrote to memory of 2832 1732 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3eaea01d9d7acaeb671bbcd1f221059_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1732 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1732 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2832
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5382ff2a5465740e96dd616aaf89f4cf1
SHA13e725f87b7797eda553a1846e25ce4fcfb5da1b3
SHA25681c13c1d85ac8c6dfb957128f2db4356b918a98556e40b549431ae92b96924fc
SHA51206a0152aaf63d1e35bb31c6206f148c48889fca334d404c516d8e51f7cadb93df19601b1984da5bbf557cd8e9b3d41625afb1afd1e7d4bc27ff377c993e20589
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e226af3c379bb7b060f4f17b06bfcb67
SHA1524b21c6d71897e5cfcc3327f2f0c026f0ca0985
SHA25654585a719a9b0d5a2d96d68e5f249db752f26dbe8ed715b30a640b1cc2a98396
SHA512d4bee1e6ad2862ebe520f64a6e6b6e48ffadfdfc2b184244f8c4cd29a8f106c272e84184690bc2e639356d6655733e1cb44d1ca45958202ee7d1ea5959c10479
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5542547fef1214c20066818cf1f40341e
SHA1513caa3257660286b71af8f01405a5ab00d7d6f5
SHA256932056e1092d67c2d7b1d98cd7b6f21c8f6170afd242afc023246caba136b028
SHA512651810b293505feea54254ec445482294038d5cdb467781ffc73cbcd49d833b1de2398d5504b5dfa4e2f8b94108760e58099baf105d6d370cce0925b196f0954
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e12ccdada12824a362fb31f04590d36c
SHA16abacbf9d8371d6cd89d5b57a1330390716078b0
SHA256b9dbae857342f853193bc43c8a3bb88d702ceee6b53b8fc960f85fcbbdca03b1
SHA512515216ffd36de31bd5be4bb13f7f248aed30e32f060acfaa4c88de9fcd1706dd7f2bd559dd97f53070c909ff772b02c7e3415d6a43542720976b6b25fcfee975
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e2ee4d0d0fb9535646123a4a8f00616e
SHA1b929ecf0623ccbc7751e19b0a173d32b341f90f7
SHA256d9375222d90350e3c7b588d8183ff30e3aad5851574f601aea4adba612bf729d
SHA5129d939a2c37100eaf3b51f95a6af7a79325300e34235a1fea9b47d224a51098a3ee85ba4a30ec1396adb559d770b90017324235ab52218dfceaf3667bcf60f2dc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52811549f19d3f87151516ce2a6150cdf
SHA186a817d182c72d0344f64cab17eaa1f00b8977fd
SHA25690887e95cb6562584e406bfbe9f3d46bf0ad249e2996c3a7a25b0ab362825e1a
SHA5124555f48bf8be10981de9df739c3d23669ef7692a61a101cab5caa29c364ad1669280089e34a640ad3c5a5e3c2938f30488d5bfe69ba396a527b60f8d84529b92
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c2432f0b2647e73ed89fa0a4d3ea76b2
SHA18e94996ff7e75c0d52c13cdfbdfad4bc26d02e02
SHA2567ee212d1c465ec61a0390a6d6322e5d9d6a31bbd2512067386c8c1af1b485e5a
SHA512954259f83959e1d1334389191aaa079ea38f0d4debcb296682f5bc7d77b6d7c3b9b20aca7b79a9363cb487c1a0aee9c3664d803bae235a03f6dd7e2aede074f1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d85cab950968fdbc48c9b44bd4d621cf
SHA1ef1a5bf847b0d5f39c40891fb98fb72d9829b640
SHA256d5038fc157a17660e00fdc69188a1b42525df25cb17a903bce574769ac7acfc2
SHA51243c372cb3336bde05cb5568feef6b8aff3e91b3a65004c668cbfd1dc9fb6cbf485aa2cccdde5ebc05537435eafd98244b932e2caffa026be05b3b15a7a68ffd3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD570337ec407a5dd981933c3e1b75abaa9
SHA15a3960d5b47c49aed8fcc6ac0d26934e6b4b61de
SHA2565979047d69b7cf3ebfe0aea7b8dc640f920189babd9edad40d7c395b7e98e499
SHA5129e18c82514181733c3bc18fdd517d8ad2224538bb5ad0836ae23f84ac0b920816b17e0cfac01c928f54565fe3d45bb3db874075b2c7f80f0021c1092b0f2bae9
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b