Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 06:27
Static task
static1
Behavioral task
behavioral1
Sample
a432a237cd928bcbe368116f9d64c072_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a432a237cd928bcbe368116f9d64c072_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a432a237cd928bcbe368116f9d64c072_JaffaCakes118.html
-
Size
27KB
-
MD5
a432a237cd928bcbe368116f9d64c072
-
SHA1
45388fc5c0b6ffd64e96dd54fbeb7600529f632c
-
SHA256
853f0ebae7cad8bbb2a72ca5ebf078b39b18288b5da356d62a775c2f6934f3b9
-
SHA512
0d43d4cfbd77bc554e463332b59ffb19078891f37fc3f7c7026f1e2f913a3129d2485ad8aa01d9edd9a9c8ec28d29aab283710bcc6ebf8fd4dacb7ebc9fa8831
-
SSDEEP
192:uw/4b5nxGnQjxn5Q/onQiebNnrnQOkEntQ2nQTbnhnQ9e3bm6unRzQl7MB7qnYnJ:IQ/fmtGRKStWm
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{02D3EDB1-294E-11EF-8442-DE62917EBCA6} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424421918" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2752 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2752 iexplore.exe 2752 iexplore.exe 1816 IEXPLORE.EXE 1816 IEXPLORE.EXE 1816 IEXPLORE.EXE 1816 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2752 wrote to memory of 1816 2752 iexplore.exe 28 PID 2752 wrote to memory of 1816 2752 iexplore.exe 28 PID 2752 wrote to memory of 1816 2752 iexplore.exe 28 PID 2752 wrote to memory of 1816 2752 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a432a237cd928bcbe368116f9d64c072_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2752 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2752 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1816
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54c6042e801ef16515ad449b66fe09923
SHA170415169053f5c6e747c3624fd9a6de92b576f47
SHA256bb44080a888c6c14f7ee20b73d8b61d1abc69c58e9960fba66dd1ce2e00bc714
SHA51246301c97da150bbe14176848ed4b4428bda06c02df99e92888c44028e42326681dac69a1e6ad654ee7b2a0081cd7a889c6bf9876469ef8fee1ed6b5d60cde686
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dc2edc2c2bf6d5a76e99c7f2afef6926
SHA1f3a9463725f22891a5523df651e5a5c8d37f7ed8
SHA2567c2a7c2c27f8e7afb558d7892f12bde5bb9d5cf666a324ff4dbe22d1def92395
SHA5122e132f45b23e892cc00b9cdf2d7489ff78ec3bf75797959c4063acae5f59d71c078f9ee743e99b6752a052d147d3f8cfdbb9bfd8612e08c907d8694d17484c1e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD585244d878f18d954e04f97bbaed76239
SHA1b3d8fc05f19edee0954edceba991df0bccb11f39
SHA256669885b4ad9f2686246dcbf4b9deed642ffd8a4b2a9e2f2625717619602de138
SHA5122e18e9cd4e591332d41fe6504c00fe72588420b35dd8435460f80a5354441ff21dac13308f0a6fc7b04885c20525f25b647f7953f579d730f870005f3c27e66c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD510d1aaf7bafcfb8d704bb2061fa24eb9
SHA1c5721d159bd2d759d9abde0c926188a9d0dcf5e4
SHA2569749e07d1a145096a08842f666bf2fc11d152fc20ee09d52129d23de2b805196
SHA512072a2529332d6fc875fe4637d4c1f7db90649c852118fbdf6037c1eda5107492ec3a1b2e10f40aa7e896603cf2fd66938db0b5c15c3045b0ae6e694846ec73ff
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5395c579c88e20a199a1c4f4b3c0104bb
SHA10cfc2aef58628edba3ec08e1fb1adf42afdac645
SHA2568a376af5b5be9ff329ebeb6e643b3e0450c0b2a1505b8cc9550013e923d7f733
SHA512b9c679353e1b72e1fe80ac4b2956f89d2d023316788cc9cd456e301fef4ea3d8c5efe97aff23944f196930286a81710391f8d59cbc0d7079dfb7a99e1ba1dadc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52d211c2b4df60961f078b08154cbb489
SHA110d1cfc937205a7f316b704063a56d44820af426
SHA256daa9168bbdde3c3be935ac95a00e13fd78f29d5124bfe2aecd218c2f0be44df9
SHA512c12cd748ed1dbe2b5b53025c53586d949d790fd4a068014f36f98fc91177e52b8eaef8450d009c7bcdda191ab46b8b933fefcabe48565e6170dd65036430d99f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b24939726b5d7b6680602caa58d37048
SHA1ff1389366e14f1cd1a1605880c4b0a58e12bdf3b
SHA25619bfb946dae4c2ac1162a5cab4ebe1c2d9127fd3a22f1d2b7ce596a80b8c0409
SHA5127a2031e5fb1fea9561a59d7fa10b4254eff079a542f576bb5adbb07c220ce6c2581c40d4d75ead775d92eef40a355bd4f3ef63c878a83a34e85d932871f8a89f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5464d8d7b4dbad9128965524caaf2def4
SHA1d08dc908426f710f785167f4c37aa245c476d289
SHA256adbdda123992e18e4312efa644d9678c821b26049e6b67bcd0cf215bbf72f889
SHA512c11f07926fdd59207c0b1efa9cf2eaf8ef73a8cd1f0431d8d8b3f39041145a3b4359850fd6da589518388761aa530ffec481301e0c322a5a432ab0350770e82c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55fe1fca6c05e8a6ebde851c92cfd5d2a
SHA19bf47108422a3b646ce8b2ba692f8d5fd6a1f7ed
SHA2568ffdd06415bcbc286fc234f1cf03cfb51f08f7bef596ae67eaf4210280385ab5
SHA512e2a9ac41d87a0ebc44e85533fd8857b3f8180370177c7a32fa16690a2eec69425a174f9fc7d89faea203a3ea9417411ba87c56c25172a0b3f7fc9cdf30a45cf0
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b