Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 07:37
Static task
static1
Behavioral task
behavioral1
Sample
a475db7a09f9c54b69daab7f7abec3d6_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a475db7a09f9c54b69daab7f7abec3d6_JaffaCakes118.html
Resource
win10v2004-20240226-en
General
-
Target
a475db7a09f9c54b69daab7f7abec3d6_JaffaCakes118.html
-
Size
23KB
-
MD5
a475db7a09f9c54b69daab7f7abec3d6
-
SHA1
a11a890f39a927f6b9836d3a749f66969bce5a7e
-
SHA256
3e1068ea69c2a5d8acd95e9b7ca2386ec8c6e1937cecde1a42364101606a3ae1
-
SHA512
3f6203506428842c377b32dda2a8db8c00cf1f4019fa8cedae158c531e9338708d4f82e7d559c0c3e89e173b253adb58bf80fcb39db35a05625777484743273e
-
SSDEEP
192:uwH8b5nu2nQjxn5Q/1nQieINnQnQOkEntLznQTbnxnQHGLnLnQt2qMBoqnYnQ7tV:bQ/0GvyG
Malware Config
Signatures
-
description ioc Process Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424426144" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D8F1A781-2957-11EF-917B-C299D158824A} = "0" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2932 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2932 iexplore.exe 2932 iexplore.exe 3044 IEXPLORE.EXE 3044 IEXPLORE.EXE 3044 IEXPLORE.EXE 3044 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2932 wrote to memory of 3044 2932 iexplore.exe 28 PID 2932 wrote to memory of 3044 2932 iexplore.exe 28 PID 2932 wrote to memory of 3044 2932 iexplore.exe 28 PID 2932 wrote to memory of 3044 2932 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a475db7a09f9c54b69daab7f7abec3d6_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2932 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2932 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3044
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f9ab3a6fa5f35e6393ed03f00fa830ea
SHA1ebb82d72121434850acb08539b2ad6344389561d
SHA256900984c33a6614e1dd953474a3abc869e59a2f2a418406b29a098c4dd10b844f
SHA512e955c4a8f1bedb5c32830312d4ac005d9c250fbb43412b04f43ddb4c57c00706f65dce96df90ec53b3bf3cd90dc6fbadf631180869814491eb5dd8766cfc61f9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50d0fa350290879ace616069dfc9ae92d
SHA1a239d9868f94603129e681099b33bd03060eba73
SHA2561d60ae5a690e4e910d73bd30e2cb08141cf48e7a95ac14f0e7ce6d31332e415f
SHA5122b3845e09863795ab89f0044cf78c7086c85956c228350a856c91678e5a0be12141252d57b99929443ac5eec5c0696041ebc6574a6054649b96aa458ec3a197f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a17fdf0cfc687610f3ff2c54007387d5
SHA1b3a2aff440f00f93126fbb4177c883614ed12f8f
SHA256ae2633eafab63c58dcc355025c2ada492ec3573973f0f962d6717b287e1ac0fb
SHA51201b33fa374721d151797bbcad3943e191d720d3cbae0dc31ec9d1946d836ec5503d6c547062b7014534734e1a6788cad13bd024290a97fd413b6de4259bb7600
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54a39821e492deb22e5cee1f8311f4495
SHA125aaec526fdb1cbf8bf5dd2cf043cc14aa5081de
SHA256093fc5202b91505d5363a548d6affe49baef534ff3df3ff0e46544b0604b7a87
SHA512f914c852baeaba87b6a68f186f12e912146295a985cf7b6ceb337d6636276e7ef0402e55af900bf005bc67ddd1789bf963727add8f988b635087d0019763396b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD573ed99a25b82e365c2a32b2d9da3d651
SHA1ffe4a1880904cd2a53886346ec06fac907c9bdd0
SHA2561098749b80aefe7b327508d736b4c48110a4704c486b200e671970a14a5aa2a2
SHA51220b225cd67382c74bc7cb2086da79293b1556f61d9c0502121a037d0ff9dad38d7394c0d514fe2434611b3504583af762dbfa35bc5696ca584e1828f46b24441
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e0524f8c197eff4f4b7843d032b2855d
SHA165227b4004e72430a48ee55494dc4b2c0762c955
SHA256a97bc3ba7c6f6d645551b8afb280b466275a90f1a2e66c94c6849309bf453ebf
SHA51216e4726c0812ea7db23dd79b551539fdcf6302543cb122ac8ae25eeb6a8b56cecb149a27cef1accc751a0e2b2c9b7cc335d6943db14a031bc5862465fd3db737
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5888f37565a4ee363b972e2353d3032f2
SHA1a6be6a001ac9a3a0cbe45749749d425419c32f0f
SHA2561a00d84c7b46e7f48785614657e0c0410a381453257571599ef8e12ba30221cf
SHA5125bc4f32bf381dbcbfd7cf263e7c6c0e8fe8ccbaf3f737375640f369a8a648502bef9abc855909803d0fa277279fc49fe08bb6f162ec70fc9631d06cf533310a6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b90f1819fa68a9630cc0cd800ca3fecf
SHA104e5c39966f5107e83844c35ab6e0f17c91c30c9
SHA256a46648405b4eb1ff1034158b2e9df8659a7e3b13a1df233e57e2ba7beae9ae9b
SHA512ecbade9212a11230ed4c6bba1c6b2322031dcc259d50a8037e167e50a26ff88689c91d14d73500d3d537a7d012d44d9c2ab334ded7ee43f122a095e8c8cd4c9f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55c75234b10c96e8368f088be8c9bc8b3
SHA17de458b654e842e565a566bc5388744e48d9802b
SHA2567cb722d15c6fd825229dff10581a53848c04feb971ef2b5d249fe7fd99541483
SHA512b8a00385b40be80f20773056b908324c53f3690b3c5f4fea1f4f21aefc611af226e82f0daf71b7934a080ea50e8e1b32eb8a36681d6189e5247e72bf1b83ab66
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b