Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 06:28
Static task
static1
Behavioral task
behavioral1
Sample
a433626b866007a09e0a0d539c63cd6c_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a433626b866007a09e0a0d539c63cd6c_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a433626b866007a09e0a0d539c63cd6c_JaffaCakes118.html
-
Size
36KB
-
MD5
a433626b866007a09e0a0d539c63cd6c
-
SHA1
180b113bba7ed93098a48d50c5b34b1bc3e26153
-
SHA256
7fbcbc37eb80ccb16750e79af46e85ee75fbef154dbf3f7bdf310ae9f7653e20
-
SHA512
e1a1fa0c72305366f53ad55664f3751d60bae3af1256352d061cf02b0f800d4ffb35ca6719a792a6e4387615ee63f6008978315cec539768613f3cdcc8a7a25d
-
SSDEEP
384:wQ/t+B+Iuy89ZNnauV6SB7gqgEs17tPwvBxOo:mY5F5s17t4pxx
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424421976" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{24A29771-294E-11EF-AC4C-424EC277AA72} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2852 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2852 iexplore.exe 2852 iexplore.exe 3008 IEXPLORE.EXE 3008 IEXPLORE.EXE 3008 IEXPLORE.EXE 3008 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2852 wrote to memory of 3008 2852 iexplore.exe 28 PID 2852 wrote to memory of 3008 2852 iexplore.exe 28 PID 2852 wrote to memory of 3008 2852 iexplore.exe 28 PID 2852 wrote to memory of 3008 2852 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a433626b866007a09e0a0d539c63cd6c_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2852 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2852 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3008
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5557219c338038580e387238f9a909f05
SHA1fb2684580a8924aa13421fae15a3edf48b11bf15
SHA2563be6229c248ca405f79c22774d3ad61d9665fdac15a04f088a5fee8e8ce65448
SHA5126a0cb7c6ba4229df943e176a7cac11245a8006962dd0ce247cb4b7527bed065a1116bdc7ca0cca8b037f5cbd57f82a6051080b2ef8f5e891cce85cea4f5f93c4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c99ca2b38752d433bcdd15f3784c88c5
SHA103e7d45fa19178ffa062c9cb304db00302253a0b
SHA256f52a5a638a846c1b66aaaad39d9922bbf92a1a704d84f625967c5ceadd8641e7
SHA512e2c99ed75984d33c9339c9cfd583fce2c12790ad2a1347104f1277bfb9c81593d770b43cdfc376d15743ebabdc0df737efc9e0be20841dceaac12e5b76046fc7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5903e979b7a740f0259cb192a262c9596
SHA1d75b6c58f7a517e78ac9119c0bbf7dc32a4de963
SHA256dfe35c5447ad604ba3b681c5080e59efb11cae224100ef286cd5eaa802a7a396
SHA5128421018c737b3c06457a74d92a45e0819fff5942cd7922e3b558db2614d3e60c3964b83c22c11a83dac660440cd6a0a330880ec865bd825d02845855e1a5665a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD563847d615635582da3d0f6ef5d3606cd
SHA1c0a0ee4f27c5f2e9dca034d0e7931bb76eaa581b
SHA256fd367e59bd472427fe2dec5d6e3c263cba835abfc2a02e1508eb50d4229320cd
SHA51221bdbe69ee6d01ebc0228f76f2ac1997e03e852d4c8ee028bcfd229b00b2a5b538fa4f78e37336f0e58fad414417fee88b51f64aa5349a61f30f1ea160dbd54a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fad65a54dadae2cd5867ad06d2d58da2
SHA111a9dbdf84a2fc2a8745405b962d4f09caeebb3a
SHA256f1280d5816580fe60bae077a99334eaaa0e27c0995b1295e000711461918c594
SHA512b04de60415b6375278faee337d09eee561fdc017d4b7d80934fd9185868c0bbbb1f19c893a1f7e63ca6a0de1754aedfa7bacc90809cea5361bc3fde1697fac02
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59f2b7b8242f7fdd3e7887b77d79cbea1
SHA1e6584db9834d187a166fce72309887346c256e22
SHA256d263fdbb4fdcd068c400188c76d55b84ac35df395b5585561d775e64924d35da
SHA512741e73029cc05419e923d186e91419038a9c8289c388456d98503183f0492483c4d13073c97cbe14de0b0af2935e7316846a61e2b980bccfc53b140f6950ed1e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5187b4dbe851fef07f59b0b58cca7008f
SHA15f223d626e3f5d4ded0ec5067369bab264a390ca
SHA2563fb1a0f5afa600de4a3b951b9d764e4f7cc519a7cbb36ff08a869550642866b1
SHA5122ecdc4124e0251c292d0c7107f9a737c6f3f904cddc54462bef42c69cc5b28e4c6b8724e429deeb8f464500ca97bdb8bd56cc2e057bb34814972a5f2942e2db4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a345e9a789afff017741ae9243bea42c
SHA1aa1b4f9c182f94f7cdbbe90c414eaea0ec27876a
SHA25633bf95c996f5cf9419a05d1734dff857a991c89685124bb4e79d1a78efacf4dd
SHA512a09afac3b1b088e9ae35be2be29af820e76be224d6150061ee23036676b35b888cb99fb1903d064d12e20a760f0b0ec9b20ff2bfa1f9816df5ed0664a2c8297e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e928c0c438d48b95bfaed3441272a52f
SHA17fe805a375445ccb1998e473ebb571315323aef8
SHA256568cc84f547dd2beb8850b08f95af306806c11eed8c29202f69acc6327c6ddf6
SHA51244e0cd1f76ac5ac69b81d10600ea4b3da981c428496f0fffc8d79b40bf00fc1085b66c0fd1e7c8eb7ad7ed476ac0e37aa362abc9d301213e0fe0c8c5c09a4f1d
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b