Analysis
-
max time kernel
150s -
max time network
143s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 06:28
Static task
static1
Behavioral task
behavioral1
Sample
a43336aa7d07a4bad74aad391f27af7a_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a43336aa7d07a4bad74aad391f27af7a_JaffaCakes118.html
Resource
win10v2004-20240226-en
General
-
Target
a43336aa7d07a4bad74aad391f27af7a_JaffaCakes118.html
-
Size
22KB
-
MD5
a43336aa7d07a4bad74aad391f27af7a
-
SHA1
ea22db6a6fb9df9caf21bdf8c2c5adb9512527dd
-
SHA256
0235e7bdd3db325038f402a9d5486b9ff842f46926ce0b7efd7e5714251330a9
-
SHA512
075391721684304882d816bfe62f313db7c282c969b013e6116020e3824632d366c8ee1eb155a5a575a84f866b6164da2e6578ae70a1ac9aac56107b4e61f5a6
-
SSDEEP
192:uwHub5nvENnnQjxn5Q/TnQieCNnxnQOkEntBpnQTbnxnQmSpxN5xHMBiqnYnQ7tf:QQ/U2xU/0u
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424421968" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{20067A11-294E-11EF-AA16-D671A15513D2} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 836 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 836 iexplore.exe 836 iexplore.exe 2016 IEXPLORE.EXE 2016 IEXPLORE.EXE 2016 IEXPLORE.EXE 2016 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 836 wrote to memory of 2016 836 iexplore.exe 28 PID 836 wrote to memory of 2016 836 iexplore.exe 28 PID 836 wrote to memory of 2016 836 iexplore.exe 28 PID 836 wrote to memory of 2016 836 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a43336aa7d07a4bad74aad391f27af7a_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:836 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:836 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2016
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD584c3baa1db654a2fa0ba731e298f2024
SHA199018a32220eb63813d55a6be88e4b9fc27774c7
SHA25652f1c6c9f745e7c70a078a933729ee432559481e27599b127bf6fc6c4042f068
SHA512267aed175ae73130429ea335d9ddb658ecf64f93e52d3e2e66ef1ae9b2f146b5c22107cfa74f77776f628d0d0631e7d07e043ddcc104d5d0a775f609221f472a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b40c42acaa4466b7e311b8a5a11b6872
SHA173859980c38802706ff6145e35d20422cb1a04eb
SHA2565b84e4db13aa023e364a12430ea6415219702d14f77e498ed3b6b4a389b4fe5c
SHA5127cf808184d1eabd0186ff6176e9f6e6f19b2587a6a2e0540289cbc7a6299412566a7abb402575a9c420e251f3ca573d74722cbea4449c785e51ffbd558a3d924
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD518de073dec958f3ec0cc9633474f1177
SHA1ebc448180e9f31242d3aacdb948fd6a4aff4d1a0
SHA25677983e7848c7b9e3016f1eedf611096cf7ba111b2ccb2c2ae3dc0c92760d712d
SHA512cacef74117dc5cc6a071164b5bb21e904ad577f79b10ba4eb2cd175092d1b14346b2037d8301efca31599040513be14b97fe442576dd5dfd0de043ea240d1cb3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b8fedb2a2f62e8dacaf1ab348aef92f9
SHA19f366ad2b1885fef9457869ae669fec6d624b1cd
SHA256897cbb02a7bfadec583cd8315337057e756c6cefe93fcbde5029710c33cf0380
SHA51233bd5bf85df7d2a39f4900793f27a9f9af52593e1135a0833311fb765a9ee2d8740737d239974592fd4337ed1e74753bf3925a1b1c8e78640df43fdd7f3a7f87
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD515f238b49071fe1264fb64febdf1b556
SHA1f0ab027ca89b77e7ea7a980ad24657c49e0590ba
SHA256e569da97d8e8ab639d8445b36dd50e3d0ac2ce0c2db25b0fef2a1b15012cf459
SHA512d272985323ee3b74f2cdf0b6c9b3e8e2643c95adfc59acc0d82f0a69a228041e9ab79011b31abc31523597afb4ea64ea2d6014ccb273e9b26b78836507fb406b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58ff812775df79c557712fc083fe06cc1
SHA1788fa0d7b2e6b5f4b99748a572fa6a84d9137059
SHA25670e26fe77c684695266989188218737240e6a6da6cb97b1d12316ee1da214c11
SHA5125f1e34659e7e799d72c19293f5b455d19c1b022bbd2c1bf37881d7f8ab3b301ff5d8f9523a7785367f43282fbc1b3e66c56a2e4d254e1b3940e9e10191172e34
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cf7b812bbdbd5770fabea944bf27b595
SHA1ac1d2f4c3c36f8bd313ae30b834dee7ecf7b612a
SHA256013e9c1e655ecef763faf33b6605203ff7ec1a25acaed3698d8245e7c6d7c227
SHA512dec60dc723e918d62d77b79875cd721b5edac52bd4f5ae14cf9c52b6226fea7def6b2d6df4dc0a4d072097218a6cc0c4497fda3f21954a1c6be6457b50fcbcb7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d3cb3be9aeba648b765855d54d7b0fce
SHA1dfffe40ba6eac04d8678a5f298cd100b7b92ffcd
SHA256231f3666c4cc6ab3f01a965c42479d25fb1faf4904c744cb35c904ed0d7a1295
SHA51211c956487fa3354d93f87ce198ac237ff42cb2b69b4738ede716acdf599fd9102b8dfaaf26ead442fa05e908337934cbe229c6810c6ff280cd06fca446184d32
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5314f2481d0169d70212020943eda6278
SHA13b30c658f7310f5b626938c37ab133a729c731cc
SHA256f47369c8a192fce2c9a8d6d133a2d84ff10b7e2b3e58e92568e2e23039627d93
SHA5122300469a9717e13fc7de5a6e3c5f1701837165774cd16f18670af22154be1a79a9ceeac3e156abcab8b7e317671bb1042f8ca5c76ee74674a666bbb1ec45466c
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b