Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 06:26
Static task
static1
Behavioral task
behavioral1
Sample
a43190d2401ce9936d7ac6592698d771_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a43190d2401ce9936d7ac6592698d771_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a43190d2401ce9936d7ac6592698d771_JaffaCakes118.html
-
Size
17KB
-
MD5
a43190d2401ce9936d7ac6592698d771
-
SHA1
ac308ffe5c48a650e4d7d52680f1bd0cbbcdb131
-
SHA256
6ae501373dab23e73eb0195ada99a10d75424134b35d54b515ba4d182749fa90
-
SHA512
35aa7d95f35245f3005c4c654e751dcd4a1c4ed62e7f630753f70b7de3812b44474677bc89b5c5c5743a4662fbdd1ef8e66074d8704efd6e4df07b95578db755
-
SSDEEP
192:SIM3t0I5fo9cKivXQWxZxdkVSoAIV4fzUnjBhZT82qDB8:SIMd0I5nvHhsvZIxDB8
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424421864" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E1CF6221-294D-11EF-9E55-E6415F422194} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2184 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2184 iexplore.exe 2184 iexplore.exe 2124 IEXPLORE.EXE 2124 IEXPLORE.EXE 2124 IEXPLORE.EXE 2124 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2184 wrote to memory of 2124 2184 iexplore.exe 28 PID 2184 wrote to memory of 2124 2184 iexplore.exe 28 PID 2184 wrote to memory of 2124 2184 iexplore.exe 28 PID 2184 wrote to memory of 2124 2184 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a43190d2401ce9936d7ac6592698d771_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2184 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2184 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2124
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55dc51d04982731aac41778fc93a629ac
SHA13ffb51d656c989145fa36d0ad14cb246c554bd9a
SHA2569000a0caab4d399eb7b449f0f6a66638636f8e123dae404043e9f9641ec1f3b7
SHA512e7071218e7ce5e49638a6ee1c9f75158540559a47dd9e7de4fcaec9a0ae45c63ab2fab3acd00f97dfc625a3668f4a8cc7779cbfd5f3e3207c7f015afd34a7e52
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5783cd00bc8dd58398a02997ba58e0954
SHA1f7ba2591fb74c5704c57c146edbe90b80a1a157c
SHA256fe7c43ca3e132921bf02eae76d54a6e95f92f70e1ba1421d6665f4c673c1ac73
SHA512e80d1ff482faf67670ec415b29c344dc57e7e026b5ab7289ab1e52d61685ac5bf8ec07cdb087de3645334cdc2655e7b34d73a40a0fe954a9bb7ff61cbbc08d43
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57de731439e0818bc71f3eadf8a7c9088
SHA1238d0a0cf9835fec92f6dd2a95a67eeb6f99ba97
SHA2563406dcb59310d97138ca92fa14a02ca19099fc667ad6f3cbd981910ee59a2a31
SHA5122b6820e6b5835b568045540d87745d560f4d13eb8ad7e4a498877d360b79b6049cdf975c4d0564cd41c4078672611c72cdbc637d9c9b523845318623959b0937
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56addeb9f576502f801b16739b1588fc6
SHA1c4049103fb6d1c7ea1f21ee3d10813f2b47917ac
SHA256383085f10572218b0477e077ffc9e40425bef24d6a126686f857d25ba027697f
SHA512ec5d6fa066e9f9ddc03797062f119dcf05203b51ffd441a78299ad6488729e521099f932d5631a8016fc6996071e3b637e4c2114c5c7ba41595878dfddc0948c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54bf8ecfe09b7117cd2992ce9c89e187f
SHA1e634c5f195d8d770c757d1beed7c5f68fbd74b07
SHA256e9cba87fbc6484277f8694fc780b6cac036d615ff596e51d455d510dcb13118d
SHA512759100d0e89fbf7fdd32fadc5ab6bfc984ebac965f195b32dd88f5b41be54544f91ca0d180e804ea3a312c314120183ebfa71c35605393eaa61350873c6c7917
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5619f1e2f05244d86e2dee7b05341b542
SHA14f8402fa2a57cd8dbe0f605efdd4311b9bb91872
SHA256ab5ae695eb4236f51801c5a189e614e887dab34925b2062916a7d83a4167d1ef
SHA512fa97003b5d163ecc97416c40105de0f001ccf9231c8182f266d53894b4d7a396e552844219ccd9e570f5a56b1287cb64a61cef49dda0f0298a510e43012a44a6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a1810fc7a5bd0dd6a3cde41fbad6cdbe
SHA13e6e4aa8d797d03d3f9744dc9333eac6af123154
SHA256c925269a99eaef3ee47890821fe0ce6356796786c367a654192d7f0356f49a24
SHA512e7bff0ea0bbf6ab015a88ea37173dabdf8f5f2609972a4261a67023a3df58b5e96c87e5c891eca63d6423d4070b539054525c41c6837622ed42c4deabc47d652
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD573d3f5786d880e957e45dd69bfde7059
SHA143ad6a3c524861cfdacfe691659d99fc9a816a00
SHA256781ace3b592ecb471df8c9afcb08d9922f3a981797ace61b8c35095f1070792f
SHA5127f023a6c1f7f1e68546de599b3d5dba989508628f95192d6c87e1529c4b2cbf635aa53f9602c08505bf53dd68d80aa4abb65306bf6cbb59fb16678f826069315
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58f72315ffa6d95da1a881b81be2251c7
SHA10c2bfae3baebaecb2fa6030cdce6c4893bf073e6
SHA256ff73767556bd95ee10330e374064f54abcaf013e6fd2953e998b870fc7cff4cd
SHA512e8c68207ecc65891afe2f4343f0dda3044ce90e48336620cdfab8c423875e7727850361a0904af0c7ec9a25025cea3b0fb07907e51165a52de5c0f8fba062469
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b