Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 06:18
Static task
static1
Behavioral task
behavioral1
Sample
a42b20c50b25512793776ab2c4424bb6_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a42b20c50b25512793776ab2c4424bb6_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a42b20c50b25512793776ab2c4424bb6_JaffaCakes118.html
-
Size
26KB
-
MD5
a42b20c50b25512793776ab2c4424bb6
-
SHA1
e585a88a6414df6567ab714f41c4f78aa5be69ac
-
SHA256
1e492f534bd681907e9d8ab292bee739b002d1a1495b9659ac791501ec37ff60
-
SHA512
2ce1cf4779a0e7f6bb39233dd4bacbc58915fb3f07425f01e1ff9affb6e02b45a758c44543cb1b4e7a94c0d55db387a36f4c096b5387bf4587b5698a43bbd13f
-
SSDEEP
192:uq971GwtbBtb5nPSnQjxn5Q/WnQielNnSnQOkEntuonQTbn1nQ1CJVevo7NtQFov:nHGobBvQ/Uygcfj7v
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D094A2F1-294C-11EF-9BF5-F6C75F509EE4} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424421405" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1968 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1968 iexplore.exe 1968 iexplore.exe 2152 IEXPLORE.EXE 2152 IEXPLORE.EXE 2152 IEXPLORE.EXE 2152 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1968 wrote to memory of 2152 1968 iexplore.exe 28 PID 1968 wrote to memory of 2152 1968 iexplore.exe 28 PID 1968 wrote to memory of 2152 1968 iexplore.exe 28 PID 1968 wrote to memory of 2152 1968 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a42b20c50b25512793776ab2c4424bb6_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1968 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1968 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2152
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51831e25bf2340fd05dd1198e7df61084
SHA1a00629111f5a3590dcc627f1a6c5d3a90fec0e39
SHA256de500d8c54cc864e89ac4621996b1555e00542338fbd08f15dccdae13bdc2a79
SHA512c6a972cde0bb9835df6c0a3672c605fe9df82b464ac4dee959d19672ccc41d917eb7df90c2da8934cf87da1625ec830c85452da0fdf3ae9199cca27c1708dde7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD562275dea28674bc0cb3a1ac31007241a
SHA1ab9129a5893538ecdbd2bcde173238ea0e0ff2bb
SHA25642e3bdfc91129110824d239197877c38b3bce8cfa679148fa2d19d0d45427fcb
SHA512b808a40921711b6b01eb22e7ed8374a056e1040be90486791ea61268da4f8a0a3a5ac7d1aa8109adf1188ccd4fc985094f722fb05a425dd96ffe3872766a891a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c18b3651afa9c35af83fd3323bfa0c58
SHA190f6daba9db0140c676da17fb3fb5c100b51290d
SHA2567bd36fe6faad5adcd20bcc2eda8f8fa1b818506feef994ac774b8aadddf01372
SHA5128cf7a8c88eeed8ed78414f50ca518e0bcdcd2556345fc2f37350fd4381a62e3ddbdb3dc18075af40595ab1be78c04c9838bc42ac110c919f09940a28991b2f47
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD555a87057526c87b4592bb33a97660e40
SHA12a70e61d4923878e7ed47ec0c53b812197173949
SHA256ec800206c3319e938d0ee0ae322a87597a1c9fc32ba9d9649a564cfeb46041c2
SHA51226e036ca7c55753f6c1523393e6bc71406249ae36a67f97cf6214a5e8c16a18f4afd527d689592695803ac9f86f5c7b327e94bf00b6c99dd6f9f029d12daa72e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50ce0c7c2700d303b06c9a15e41392190
SHA1b1e9523f43ed38bca9fc0b61ea666385a48566f4
SHA256d90671dd60e4b416576336cbd3627d06666470c24553467cbdc9fe76ee49f00b
SHA51293f4853cd75ab9312a1174def1960f4275e56c07f7f887075ddbee8f3a441816d87b745c1597d35339edf58e125da1fa69b60a7516ab68db3c039a15ad14ac82
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD550e7b86616d188375658be1b3b144976
SHA1edd02efbd7666ff4bf539c811f08cbc106044968
SHA256b4307714166f6f817fd3ac0acb42f53d872e18085dcfa0ae47d5f4059648c048
SHA51204d29738373e8d876ef5b0e6aaf16530d9ed9b1532ef29fb12d26d4967b71f45902871bfa5ba681a825416dc4674b58b89e9271c272b82271dfc8ffeca576c2e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55fe70098215ef66523db8b9e78f5de12
SHA1e629fb4c5dd70bda1a93d64a9c40e37e26d2415c
SHA256fb4dc0b997b9ac90018b2e2860b890b66902c1289a6581768e841c994d8d24e0
SHA5122c2c14dd45acb2d3256126b901c80f9ba91cf4cd031fffc1f9a56c3b8ca8aed19ad1a6c4d4826ac5ae96191150e335ba407dfc609d051ee700c04ddf2a0cb26f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b95152fa8d89a2e58fb1e7b4ac75c0f9
SHA1d7c6c4b642a7ef72ffac757e79e46bca62cd18b1
SHA256d0e19bb2e409d1aebb39c9b00bd66343e4d71bdef44f924aed15aefe0b02927d
SHA5127dea47c21ff14d2d39216eb33205fe58e30581564e3c4055ff984f893412a40cb4e08850168a92b3fdd7e24a847a1738a8a0b0b92748ba3354e65792b9a09168
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a30721fabb43ad4287b805d015f27588
SHA12e9d9e4cc8f8d660e292cbd83c02db937bc54468
SHA256f728844be8736f6ac6d39e92b4f8cd283d4eb11b49fb48bddb04ba29763c67f3
SHA51232a11da31a9b054cfd3c2b5c92115ff2bde989d8d2d660679dfb816109aad443c9c8b63fd45564bb9f5deed94e24109773d5f2b45fd899a360937977b6008582
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b