Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 06:18
Static task
static1
Behavioral task
behavioral1
Sample
a42a59579c80b4cfdbad7423ff9cb3fc_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a42a59579c80b4cfdbad7423ff9cb3fc_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a42a59579c80b4cfdbad7423ff9cb3fc_JaffaCakes118.html
-
Size
23KB
-
MD5
a42a59579c80b4cfdbad7423ff9cb3fc
-
SHA1
e9a7943349c03551a0619e67feb25f7e8558da3a
-
SHA256
b12d1a0c4326df73e6c8339a6b6c1dd06f93f18890a7a91a097e0c8cda9886b8
-
SHA512
2f7bf17281dbcbbb8121dc520cb01342eab861dd5c522ed5f2b2d547652ef83d8a9bf5d44ad72e9a4c95f6a657498ba8ee64c018b6f56a0202a7d2e248493d6b
-
SSDEEP
192:NbaZmoo1VkrqY2xb5nOZMp9A1MdMF+kwnQjLntQ/lE5nQiezYnPCCnQOkrntfEJY:OdogvQ/lbQOT
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BB9C2AD1-294C-11EF-9267-5267BFD3BAD1} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424421369" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2940 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2940 iexplore.exe 2940 iexplore.exe 1032 IEXPLORE.EXE 1032 IEXPLORE.EXE 1032 IEXPLORE.EXE 1032 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2940 wrote to memory of 1032 2940 iexplore.exe 28 PID 2940 wrote to memory of 1032 2940 iexplore.exe 28 PID 2940 wrote to memory of 1032 2940 iexplore.exe 28 PID 2940 wrote to memory of 1032 2940 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a42a59579c80b4cfdbad7423ff9cb3fc_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2940 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2940 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1032
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5051d8cf76c9e462bbb1ab8f458a3a797
SHA1f305ca0eb01f1a20589af6bccd93743ae72f2e4c
SHA2562488a73a04a601348ad095f2e7bd61db0919f6c7f6ce436a1145e4c70a22ba9a
SHA5127e2400cfc94c233fc5c9541e9b03f5eb1ffb7d460f3047f09166ef8d64bc844f043cd3e61383f698922ec4b0d5f18a9535652b41182c46ba68138bb75b261d84
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c4c35872270b69e7a054be129c8579be
SHA1b1e44fb04dc5195dd3fa68450713532e6faa829a
SHA2566551e192e3ab6ff25326455c3bab472784445f12c79cbb34bef8af763abcc85a
SHA5121c6305aecea413bbc663c46d0db17bdb1a62d059722732e496d80cf0dda9df034f3f5763fa1ec6ad637d127c6bb894045c6c214fe5d4690cbc137ec90abcd5ee
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50a5122ab622d1f5186a14d56570f9bc9
SHA1d4059c0d5ad89197b25e64442d6af5ff007df05c
SHA2565642a264a431594844bb9b981bbcf280fbc8421c1625e16ea88fe3001a9a8cc6
SHA51272bc6b4c901a89bea1fc3eb4dc7d60d44f184466be3bb639f4c44aa711d4af7382503a877f0917a30f9cc6f889a351763c0fd0930afce85cd24acf752b21bb02
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e322545ae168ec27494afddd0d2b0a69
SHA19d0077bd50c6e950cb4184a35c451916e7ea962d
SHA256cfd2fc0d9564aa1dfab717d4bb05eb8300baeab185ce1a899b9e57f24fd81d88
SHA51239485978c5dfe5e0837dd0f3285d3a6292da54c8ed5415829e201ee90031c02b02d8c1736ae617a320e0d84fc432cb8cba048f174c0b9c06355a23d616806867
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5df4dc9d82598514fbf35d2ed6cce7b28
SHA19c1854c7bcb108043d15cd4b2af91bc869919f51
SHA256df3eece20a98217b0ee12a7d5ba6e1d54fd63aec5c64c454dd958bafca8ecd88
SHA512a749726620a3287476fe538871917006144f86c5afb91fcfa68c68ccbbf4dd91f5cf26cd2347e5617ae79d8ff19f5ed53e296f425187d416cff86f5cd47c8485
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55e41b8f4c5abc8209c68dcce53ac8a03
SHA1ff0917ddcaa4765d662e7ad2119607c95fe18e2a
SHA256e6f7cc088a6442356d934d0894f26a61733e1a4a35dd3cade8eb9e134eeb9d96
SHA51235acc34535d14fc67a4b9f0c6b73e149a1b1caf45ff5d2f604ea2237526a739509cd6705ed5fe0ca2fd33cbf656b7e4fcfbb337c2da4bfa1495673c2149b2df6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e306b8eede5bf099f7c326f0fbc3436c
SHA1dfcf01c9a963e6df4c132e75a8c65570d27b4bc6
SHA2561fab902668b4a332981a006103cc13319f4c95d8560e0c648ccdc4eafb22be0b
SHA51208ee6ef4d25d7c5f082d46054a43dc9468eef023231f8d8ca91ac618de71cc4ec811a98905727ae120b085b1083b1309f6b81f1e43c3a26bcc49bc4cf30a5874
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5aa2118c0a345493241c9e4d46095b62a
SHA144e3a38dbce39dda3b79ce6ba581944d689d7c5f
SHA256163ee340139384888a9daf9cd0b09293d3062947c806b909f792c034d4a3150a
SHA5124e457c8e3823970a90e7ec4681f3c2c6bf3895b293c3d7b21c44f1d79372b412a73ee76ee5c3ae4593de280dcdf11085ab98a815f082b14391b207d0b54a9f4b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bd125cd91a6d98f27dc42d9ce5f0dc6f
SHA117d96023b192a722d937cd81c999a79df7f61318
SHA256c8aa9d4b3ecfe232af7150e60193368b5f3daccdbb54bbfb30961fa5bc75a48a
SHA51216f16fa53cb76220933b25304415eec4bfd6ad3fbf5199e1cb6679e426d41306b9669deb28bfd4c92cc773af6da643ceba158468550fad0eb2f9a501bbc5502f
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b