Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 07:32
Static task
static1
Behavioral task
behavioral1
Sample
a4708def756dec83b3d6c8468cb887b2_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a4708def756dec83b3d6c8468cb887b2_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a4708def756dec83b3d6c8468cb887b2_JaffaCakes118.html
-
Size
27KB
-
MD5
a4708def756dec83b3d6c8468cb887b2
-
SHA1
e490aadea7cbe53f8bb68a1c58f036bbd068d10f
-
SHA256
98195426cda27c5ab10a00f84e23e196be28ef35d10b6132a5568607b179a533
-
SHA512
6ef77d86e1787c72cca5fc7c4b748ddd72eb9cfa3dc75a75152ad906f35c8b4653da4a732ceb07257446880dcb64b75cd0f39363e8c01aa49fef1c35515742df
-
SSDEEP
384:G4YVLu5VWRwUMAFO5joBt7Q/j1N3yZ7mWJCcWPs6h9idm0mnsQe1Gj2h5KSH5yWn:/qTs9e
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424425800" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0C7EF861-2957-11EF-917B-C299D158824A} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1916 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1916 iexplore.exe 1916 iexplore.exe 2748 IEXPLORE.EXE 2748 IEXPLORE.EXE 2748 IEXPLORE.EXE 2748 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1916 wrote to memory of 2748 1916 iexplore.exe 28 PID 1916 wrote to memory of 2748 1916 iexplore.exe 28 PID 1916 wrote to memory of 2748 1916 iexplore.exe 28 PID 1916 wrote to memory of 2748 1916 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4708def756dec83b3d6c8468cb887b2_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1916 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1916 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2748
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD506d274212d14634cffee1fb781448eb9
SHA1cdcc2416e8879209a3a9cf18628e5b58896b67ba
SHA256dbb6380db17139955e7aa2f5919b3b9bd4571b0dfbd59dc9a05b38b84c36455b
SHA5127c15004c35100c5f5f475dbf61b591eeeb334bff7070638e525ecfb840e5f2666d4c901dead988946abfea3347f8e33f86af2a9cc1f285570776df0c56178ff6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c010fd5b37a791e70fb2d03088e00402
SHA148a3491493e0f3f79cade96f3688371eda3da43a
SHA2567adf67a2fb657bfec6a944e75fb1f8c43d3da7996fb9e2c3169e75032f8d885a
SHA5122ffd4329d2006493df95555f0e2acf365171950a70b892a4e38466558c884e90ef12c9d2076325d63e8a5da9f03460609ed4603ade91f2cb095ad998c972893c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e8ca559f2839ee89dde17447d8672e14
SHA17cdd09c3bbb50ed97ebf4fdaa757b724bc480667
SHA256cc047581bcd62ea48ec7005f106b67421f2269b23eadc7c906a7271cad6e1406
SHA51237848b9821647c22bfaa827d474ac9a655f5f8e3b5a0f5ac3e24ec65f9106e76651b4691fa40061ef6a2788191b30b6c9f310b7237142d1d3e73d0e3a44e52c8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5900efba25b29511de5990e7a84d2efcf
SHA1541aad0e34a5b093b31c82e883de2d3c72c62d9e
SHA25698c424abc49ff7d6774136049794b05a9e5b4c7b1d54b5f5c66fbfa6cbe64899
SHA512a00642f00a2520790ae8aa4e49121ce680cf6f0acf3a32f321e0f5c8608168c73f71ef52785be69437071b97ba67c7f403e2ec480b84a8ad052303770d013795
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD556dd006eb8797b193d227cf10256e0c4
SHA1cb33fe40d3220bce0c7ca0348d0d5d8366adc528
SHA256041792176b87e61fb961044ef3d3a2ed3cfd2bdad653e92829454292f7e2e101
SHA512009bd9632a5dfb7c78646360a7adea95db8a64cc19356959cd09af2e17b7b9676e8a1f50bf1350c7534a32b868c415e5e03b180800a7982646007a68f382fb0b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f256197cc4d99705c14f707b67489667
SHA1fb19a29669369df56598de281a6f1540199333d2
SHA2566b874e78009ae0f98d441843730c5b6db289fcec59422e34b19c555810c4667a
SHA5120a8ae17085fcd2f43b2645c0a52287527a8a4c452f95e786965db279913fc673e224443abd9ba9b15a5507b262992ded9bd63e5e95c3aee288e468fc709452db
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51e59c05a71d93713e78872b1cc79d246
SHA1eaa7ac5599b919074d96c736312b25a3a74ec280
SHA25652c1d5f2714c463211707bc27a25209810824c0cece2d977b1fe5cc9d92466ba
SHA51230cd7bbfbb4223b6f30a3e51bc2c3b559e0314d433b97db8516c8c115b2100d984dda3da21db13136041faa88448392500e566a35d168da1264ddad63f4de384
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5537a565d4791a71fb017abcbdf7c8173
SHA111f891429ff769243302d75484210e95bc2685dd
SHA256c5ec7f3c6a022cf040c2afda76d90cf4c2309f09238ef942d48a2b81d7d69dac
SHA51222bb47d0d5bf134750cda01bd085e655042ff0d2a31c54a1e705a282cdf8fcb0dd3160e282d75033eb0737e21cbb0a200bafe10884d7e5b28fd451d1823ba7a5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c3500465965bcc99874cd24326a78b8b
SHA19c4113ef2f396bd257dd36486fa3317bfe95e9fe
SHA256a48bce57c45a4c8cb45eac97a9f8b8d47d29fab2db3c3681d4a517eebb757f81
SHA512db799a77b5ef3506bcdd622055b4bc42e975d5bcec471fb83d9b4d51777030512c3152ab020469cc395a0a34efaeb61f118782a9e7d9ef772b8cd318ed569085
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b