Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 07:38
Static task
static1
Behavioral task
behavioral1
Sample
a4765911eb1602de686e1d22972b518a_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a4765911eb1602de686e1d22972b518a_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a4765911eb1602de686e1d22972b518a_JaffaCakes118.html
-
Size
31KB
-
MD5
a4765911eb1602de686e1d22972b518a
-
SHA1
7bb62a67e6c6946578a2390921c15f9f176608aa
-
SHA256
9230778272b8f344970ab1011f92e85ea1bf09ef767053a023e328ed2c4526a3
-
SHA512
4c1e25f3807c4d9818ae98e3e825fe215bd5c1344eedd7c25f3c73c33ffef6614ed84ac60063f0e183a00221b43ddc4c60751cf4051e4a41661c9e0bc1f69858
-
SSDEEP
192:uwH5Cb5ngl3GnQjxn5Q/mnQie1NnVSInQOkEntm0nQTbnRnQmSwxXFZ2z221WVQ1:bQ/7CHxXFZp211fpCc
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F18BB831-2957-11EF-BEBB-767D26DA5D32} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424426184" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3040 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 3040 iexplore.exe 3040 iexplore.exe 1680 IEXPLORE.EXE 1680 IEXPLORE.EXE 1680 IEXPLORE.EXE 1680 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3040 wrote to memory of 1680 3040 iexplore.exe 28 PID 3040 wrote to memory of 1680 3040 iexplore.exe 28 PID 3040 wrote to memory of 1680 3040 iexplore.exe 28 PID 3040 wrote to memory of 1680 3040 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4765911eb1602de686e1d22972b518a_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3040 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3040 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1680
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e87a609d66c1e8d89b321d655d9cd3b3
SHA17e7f473d9106c5585faca4d99fc458dec716dd70
SHA25667646241892744341c65ecea5748ca508cf7f62d47659cd498f5dc10616330d8
SHA5127875bdbc672103160d872706e4e15a00cc57f75adab71c970bc78543b9b7a1266ee688fc1d9be8c729c30e7e8e75c1eec6332d2451fbbeb5dd60553e9421a5b2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a7a3a180da564f25f3b3d9bdb04efe53
SHA1600cc5c3fe605c4b2df361d1361e0d206b427d6a
SHA2561e710bb605983222ee5c49eeca7970f5202cef171cd97b1a0b16b5a781a33f1c
SHA512a658dde89fc28e6e0478d6410dea156fc96da1b9a2c10f894c41998c093d190a6dc265e1cb6b2fc05e16eaedf64a90b68e343f42c5589845020c7eece9168579
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57dfb0f3ce56362acd4df84be385cc7c8
SHA1bd47f5df88f5d1702219336a1e99e3f651f9e3aa
SHA256358c387fdd12930e095ef4df293fa16ceaaa544b566afd2e738e36d2608a6f22
SHA51205a4f66c8ca740310649d1cedcbb5109fb4a6d101047462ca2b1bc850e9f714a82e48af173759781f15c0b8cff00cfa157a09454558e86402cf94a7b22730ac0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53ca2c7bd268eeaa2cdf2d5e8fdd76392
SHA1a6afb2d81456b0276d61dedc083acccbf8595440
SHA256cae0a168cb72edd90b6592eb776d720e8237749f1530fe2316ceb1a9623946cc
SHA512eabcf6b6a421e6939fd81779913800b85adb8793b89d6fcb534723bb1a2f79ddfc85daa6d4363a0cb3bf7fe57ed6e3470d31e248681f394bfee8729feb941b2b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a85d69e642381597adf5e3cf396cf497
SHA10fed7b83c1914471acbcf402d322cfcf0b73da33
SHA25608c218ddd0edfca307ab89398ee21573d8594465b4611b3f471e1bbc8f50c2fd
SHA5124f6654a83945c7cd0f2421191340110aeb0a203d776962a07780c5b1210bcf557b632687a20112d45609cd4e54692681ffddb14bb9536a8067fccbbde8553154
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5194e72bff8492823ea08c97161a53859
SHA1a7df256a6e214bf761314b0247a04caf749a41a3
SHA25684990215fb4579cc15724dd9bc7e94a3d822d26d025fe91acf06f98e071e5deb
SHA5121f41190889e66b80589c5c9aa9c93461e86eb9570f1974c4250fb492449c85ec3398b3c515418ec7b2d570d7c7a9b12ebf52dbedb34ab15de6f519c985631f83
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5df836203d79ae497ac1946d11428d4e9
SHA1b7bee7a05353e2356a06e113e5a83c0705174636
SHA25640be9b27f11c274674be7edf3aa5e8534a44577eda597749ab09b680d003989e
SHA512d83c25833a44f042408f771b0f0963a500297a5dc5da56c2a206e0a708183b1d6db30353f6665ec82db780c09e0bc8264a8e8cf2b25fbaeeaaa5a851fe6314c4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD506f92ff8021392c900690a243aab1458
SHA1267e663fc8c1594f23faa991b926571ff5ab482f
SHA256f66f81262af384dc06e8924dd20447bdb4e8a67ea7be436434e9659eb946ac34
SHA5129a8926c6a15fe401d39e931607d09999e00bacb04fb5dd65c3465c8b2e10612257be5433bd16bf83e73bbb5787ce12193d027281876d48da5527ec8675e8f014
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ddb35797ddb21a91c39982f908a50051
SHA1f0888a121d2b1c7f1a634bb0a1b7516bbde37cfd
SHA256cecbc983a4cc84315a46884d4c8294e604fc20cd4ff721c296a123cca45a3d2c
SHA512e3cb7d5e020a703a9ffddadf073b1041a5bbe50dad91a6c18f50fa17f9a39d68c1dc9d157cde955e8120a7e313e343dc8ce8e2dd26a4f72eecd7c30aa4597a98
-
Filesize
67KB
MD52d3dcf90f6c99f47e7593ea250c9e749
SHA151be82be4a272669983313565b4940d4b1385237
SHA2568714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4
SHA5129c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5
-
Filesize
160KB
MD57186ad693b8ad9444401bd9bcd2217c2
SHA15c28ca10a650f6026b0df4737078fa4197f3bac1
SHA2569a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed
SHA512135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b