Analysis
-
max time kernel
150s -
max time network
156s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 06:17
Static task
static1
Behavioral task
behavioral1
Sample
a4299010a718760bed056b20394c91b4_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a4299010a718760bed056b20394c91b4_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a4299010a718760bed056b20394c91b4_JaffaCakes118.html
-
Size
27KB
-
MD5
a4299010a718760bed056b20394c91b4
-
SHA1
ac9e0a3fcf10d7fd0593b27810745e191400c21d
-
SHA256
717b24246586fef822244f81b828ca5fe855f4a4b75b85509b04116587205656
-
SHA512
41a2f698a4cc2a93dcd3a14cfd1e12d40b46c73ba3525d314906ac4b6ac4bccabff4d5339d9b6cefcd2fdf7d40cf4e351a4734a313fed50d60236b8f56ab981c
-
SSDEEP
192:uwTsb5nvinQjxn5Q/2nQietNnunQOkEntOwnQTbnVnQ9e1tm6uz/RQl7MBNqnYn5:WQ/0EXK/4SrzF
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A0565B11-294C-11EF-9E46-6ACBDECABE1A} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424421324" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1696 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1696 iexplore.exe 1696 iexplore.exe 936 IEXPLORE.EXE 936 IEXPLORE.EXE 936 IEXPLORE.EXE 936 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1696 wrote to memory of 936 1696 iexplore.exe 28 PID 1696 wrote to memory of 936 1696 iexplore.exe 28 PID 1696 wrote to memory of 936 1696 iexplore.exe 28 PID 1696 wrote to memory of 936 1696 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4299010a718760bed056b20394c91b4_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1696 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1696 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:936
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dfb5aaeb123afe21d1afa1a3811bf2ed
SHA1bfc60f403c41ff66876bd2c1d3090351c393a8e2
SHA25656e4773888cb269a6226f7d5a1ab9e3e7cba66300eb0d573fc0efff7d85b0d46
SHA5127526f6ac6d54d85e5b41cb78754fe52f9aed86483095d9a8fe984de0ac39f29a4eba8fbb70fd000124ab95f7b8a179307bbbe54f51e1a975894020ea1c02bfea
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f745629f8fe95b7481ccde01ec429cdd
SHA13c77f2e2b828e232bb7d4394fd6ad5f91f6d74fe
SHA2569f0d4a1f43b84aae636666c3a7309e94c5de6111fc4cc7b53a09e4755bdfa355
SHA51235f887c9522d1b9ee4d03d5b948c326195a00edbe3c688d9468eb0e5bcfcf73d5d845de92333ff5d3cf6163bf0fe8f42f46f53d73eb61e93a00a4ae0619a8451
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD518cbaa5026e562c370a5ca156a914335
SHA1b5e9b0e01b725e977e806c96d1754ba0371be4c4
SHA25670be4857f333a8cb7b58979691a09c9cf6747157d94530e4ae8b10273ca11c64
SHA51221deb9e28a55caf460816f2b00d87467a517a02ee79198fbf6a2c6e6a986b8ec73d468e07e6707225fb4c9660c4f978654334f12fda310f92a672e99445c5aaa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51798e48f2bbf44f98a7a53e67cea775d
SHA1e8c72b61a813510b652fe1ba69e76c47222d3730
SHA25644f2eff42a5b93789d083d5f0dd4c9241226ec8377558036d993f1fc89f7cc9e
SHA51289b4714ce235b20cfba9aa92917a744b767c8106474c9d2b5aff51568018894fe2cb61c6b02aba8937ad0fc90c8ec99883d5d44ae0e8aae57ebbf929dcbdc760
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55933627202865b734fe610718d259cf4
SHA127f8716f2601e155b29bcb4304eb39023e96c342
SHA256736153bf6e2a4a4cf075653091465b97c6404c378690ea9331fd0c6831646b69
SHA512a9cedbf9dde631e17259a60fc2fb8ed209621e929efe3c2a4b5d5716f5d77cf0de19525e536a6e933698a399c1682f6981bc3399afd7352eda31635c93c97abd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD521c939d561f8026cd28c674aa9dc9048
SHA1dad74b8cb62ee65ed72e2a5d6120b2e8a9df410b
SHA25601aa9e1b1c5b972b3f9ae502aeae34ab738f449e8b823eff13ea9766fed55165
SHA512fbde3456fe621b470f33e95c6e074b88382bf9ef11f47a90745899dc62a9938b6e8aecd874a5bc7bda62c5528e8b6e72290dccd63489f0f91fabfc554d676a09
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59cf8437a1a64962dd75107e075dc18e4
SHA13d4c16cb428ac909e518c4fa17c691a9898f49d9
SHA2565ce2f864bcafbf93a8cc23a680a6a03dc669fa310593c2e6d3b827f237195379
SHA512658b9b21ee08b87353b9db73a265099ea7bc7a6a2685f038f492e3d0676cedab75b0f7943aa2629a09e54faccdd9b9d03a75039ca8b7aacbd1e2844057f96601
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50f9d57951015098b76e72645639e0c0c
SHA16d61a0b0dac37ea037b6ac9d71c01e40f1bb074e
SHA25672f926fb1bc67039a10c10ee924d62e8aff535ed172f727d0785de749e91b99b
SHA512aba9f55f35d5678b25e56f919327b4eec3e411b62008d3d238d725bbc205077dda65c696952ec89f565e9b07a24711ce0ead7cfc753369e2fb6080c9db655e60
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5269a96d2ff65f49122e2849d39d53d32
SHA1c2d68d86babfb3f72d22c320fac169fc8f524352
SHA2569541e526df3b03680c8b8b3872b26b524990ea3f47bcdc2179b6c73ffc9f19d5
SHA512e8867f2c28f3b04e0c591ff695d833af2ca89e8fe2e6ae07f8e527a6257f066f1960d54fb1fa48e52504f88d76f193de5865ace190af811148145b4db872303c
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b