Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 06:25
Static task
static1
Behavioral task
behavioral1
Sample
a430bcfcad085f0fc4f94f6d98a5fd31_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a430bcfcad085f0fc4f94f6d98a5fd31_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a430bcfcad085f0fc4f94f6d98a5fd31_JaffaCakes118.html
-
Size
43KB
-
MD5
a430bcfcad085f0fc4f94f6d98a5fd31
-
SHA1
e5816a09327d1ab755c4546aec76a550a9bfe2ae
-
SHA256
5878eb9d713a684a3513326e58fb1cb288068b025d12d090c5b6d2f30809b7a8
-
SHA512
e7491252cc75909f732be3f0650a228d9bf92a12b10b7e038ab9c2e4b8870b151661e6317c19a15ac98e1e5524e6742c5bb7c273f7a9e2adacbb218ba18de699
-
SSDEEP
768:1I+vbG2+0MGi+vZGIikHhGRGXiOgOeGBGlGslstjFOs/wOenz:K+vt+0U+v5ikH/iOgOPFnYOu
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424421798" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BB189DE1-294D-11EF-B47E-DA79F2D4D836} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2392 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2392 iexplore.exe 2392 iexplore.exe 2172 IEXPLORE.EXE 2172 IEXPLORE.EXE 2172 IEXPLORE.EXE 2172 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2392 wrote to memory of 2172 2392 iexplore.exe 28 PID 2392 wrote to memory of 2172 2392 iexplore.exe 28 PID 2392 wrote to memory of 2172 2392 iexplore.exe 28 PID 2392 wrote to memory of 2172 2392 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a430bcfcad085f0fc4f94f6d98a5fd31_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2392 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2392 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2172
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dcb081ad7a59029b56d647efa53f8846
SHA175e64e0723a4813869f86c6fc25d3e4199a61a81
SHA25641ab5420bb3cfc35fcf37c6380cf998a91cd8261f7a1b83f9e191f93acda2a6a
SHA5124c83b0f1d80f9b64f8cc5c2c7d3b7a9564075720397314aef871546c6b1578cccd6a93293180024c9cda33a4cefced373563fac85cf542d95929e18b38a1bec4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fc87d0fc38a2fa764e3957b67cd232c4
SHA1d9b7747bd23e4321ce032a59c3ad0a1a52c999bf
SHA256afc12346910301f605f340810ba1b6332cce15d7d507cd1ad0bb3bda5ffbd61b
SHA512e2a9fd5bc3ff5f4438825de547dbe3d12c073fa16a734f7ac0df9dfc220b2dcd466a23df8d1a41505a869a1ea9db58b480aced6c81adc55ebed3e81fff84eb8b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d099a5a0e701edb0c5a727f678a7bbf4
SHA1777b80be19d4311eb177d34bef898a89b19597b2
SHA25666a160127e819bd02636517e2b99c8bb95f16ea772e2a1e3d8c92b9fdc91f01b
SHA5124db8ff1aabdf99691296d412e1624d34f3608c7a4684fa90f004e2647527325ce7db94f4b151108af3bc932499f429c4a743ed42181a2d7ef70ded3d73b1db0b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fd948fde857710ca82541126815565ca
SHA1d8e607711c85560a53bf0f5158e028baa7d48e6f
SHA256bd007444ca3f7f57b535da796498ff68742ae16856fa332b7351324ad414e1da
SHA512d6e1dcec99a7fc175a151a621ab7410b7f21ae3e06ae9b236d7f7f79ee313f0aa856f92a8bee32c4b6ee46b8a5eb3de01427c021f2ad8ee99a42bdf7e2e8f687
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51cb6c0b03f29ce8d052a37005524c0cb
SHA1336fbaaecbbaa960316d5142dd4a19bd60424b5e
SHA2562e1de641ff6664c581b19d15bee2ad6a201f7df6b585292474701a71d1e7b1bd
SHA512faacd00c69e90b87c8f6de480c1d7e051159b5f7efe8918e12fe09d88e9085cad18debc724f6e400d4115578cfa7b97ae1ce2cd4301cd8053341328d73e4c7b8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59579999e38a1323a1cd9ef79ab8bbe4c
SHA11861eb99a356a3d50e643d5b9717d4a5b04fbfb4
SHA256d49975b1974298d0db8201c6bbcfc5af57dff9a94d6b87197a7b9c4c0176bc97
SHA5123cd88e8b6c957d2064a466b31c51a2a538d3cc2ab5ae1f265fd8522178325ed84314d2a407c85d437b658856f6d607cecc966e753501c80a9e5e849055d98d43
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58810ba1f1a5baccf39d5db387dfa3b89
SHA1bff23d8e5d3f68e0b68c6d3173fd8745cfd7ca61
SHA25639feff3d70bf27dda81fc3a12a9fe938038ce2a277b6764b0ae9b4461652aa6f
SHA5124198bb27dc37cd536d8f93d376f0ef31922d55e44fa604ab92b38818bf0b645bd23e1711f61ee35ed400f79e1d9b552d919b5096e0a5924a0d7f52f2c6945d81
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57995626d0242ca7dcaff8bad1c6879ed
SHA13f5b88fc5f03a66f240f33179ba75f53b2d6c5a5
SHA256aa4222f5cf39edb851aeb713a12eead747b6b1f85ec9fe24a8fc77eb2152c8b8
SHA512769e1f8c14a891dc9a66487c1e5866750af57c6b5d8ed25c5d84ebcbeac7bab5b14e52a084c7c12721c70a81c636e90ac302c1b4d28b8c37eef50a2b124f6759
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a20df3e5d62c97df488b8d1857fad09d
SHA114ae0a18b911eaf1e45bc9e5269b8d2980eac9e8
SHA25658bd8fb12124ab89e3f838ef5ab4cd10be89746f21fe88fb2f285e87ea93b0ee
SHA5120428114550dc216f7a249a2cb1b59268380fa4e5589ab12305c9688b476f5be8fdb954a0a09dba8caa0a1ef5663e1689f059e989c009f3b0cd965ad97b193a28
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56f6625756f3fd4306b2fd34821d5fef6
SHA10c0907c52223c835262450b49ddc2472769fbf6c
SHA256d7ca4dde6cbce55172e28352fbf414b4643d236ddccab5d234b329a53137dd89
SHA51200696e0586ad7ff91931c12b1f9d3768e16732e9703ebefbd646523cf9c41e5e9a6f64b90da57bafbd7e562a543bf5f360671652493503e22d00e242f6345aea
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51d287e424917993fe949eca86c4697e0
SHA15fcbee9575974d924a3f61a4fc95ae96a5fcc4bb
SHA25637a8f551b70b990d704e95dd22b67c9d52ca015fc8b0600f7acb7f8f4e9f4c33
SHA512cfae48faf8ccb98eae9e591d2808e15d8937d98b8dc39ccc63386788caaa3c467dbebe11e7c11a97a0f96ce62e407f1b079c6c7798abc81fc2b037f8dfaa4b49
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b