Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 10:05
Static task
static1
Behavioral task
behavioral1
Sample
a4ff5fb7ad5b99ff158eba0354188fe6_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
a4ff5fb7ad5b99ff158eba0354188fe6_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a4ff5fb7ad5b99ff158eba0354188fe6_JaffaCakes118.html
-
Size
23KB
-
MD5
a4ff5fb7ad5b99ff158eba0354188fe6
-
SHA1
3dabdcfec38add27f74e010efec1934f7c7d3c8b
-
SHA256
c559f64a964d3fda2b426d8c00f0a7ce69899f2314ae8bd7cf5ceb27e9777751
-
SHA512
649a4e70288c12b8a7f6259086daa6c4faa1abe0c715a74c3e4823d3ad7bbe9ea7f55882dddb7fc7d693ab1a7878ea9883d8acb76e02307e4ef5d45cf9837045
-
SSDEEP
192:uwrub5n7qnQjxn5Q/anQieBNn7nQOkEnt2AnQTbn1nQKdjtvMBhqnYnQ7tnYYCnZ:cQ/IinL
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{84CA06B1-296C-11EF-BB01-66D147C423DC} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435021" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1800 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1800 iexplore.exe 1800 iexplore.exe 2332 IEXPLORE.EXE 2332 IEXPLORE.EXE 2332 IEXPLORE.EXE 2332 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1800 wrote to memory of 2332 1800 iexplore.exe 28 PID 1800 wrote to memory of 2332 1800 iexplore.exe 28 PID 1800 wrote to memory of 2332 1800 iexplore.exe 28 PID 1800 wrote to memory of 2332 1800 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4ff5fb7ad5b99ff158eba0354188fe6_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1800 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1800 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2332
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD551a755a186ea9ab4d640375905921562
SHA1ef21ce471268d68b474125d24c1b2a79e7008325
SHA2562e465149be3650dffe2c77054ef84d90a5253c325045e2aa788b1143f6506e22
SHA5122bcc99de264d6cd90133ef099a1e22a993c304b1a52372ad41d389d658898ef4525e8e01a17ff6a035f8dc5371337004e710c3dc2d8aa8c1b5b474c508ba294d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bd10466d60862151ac7c00930c7c7b9d
SHA1c28fd6028852be4a56a78e62937904726a17d6eb
SHA256aa95a7a82500c04472b360c916c8e71e51ab4962a458aff57bbfb073f49cf2cf
SHA5122a520a43f004cd1063c8ffdfc223cd5ce5c1d80360ef36c4c40b18ab0b1563b132e14b0040244f476cc85c050d6fbf97d2c888d2697dfdb6d70fa39367e9ed9e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57ca70f60637d52adc9c55e743aa57fbb
SHA12d1f849fa6c7a52c66fc41d4423f22c5221b2b31
SHA25616b65512743104a808d38594e011679af535723c6b72111505ea826e8c57346d
SHA512a2e130b0627676d7a8fb34c6c8f57279584f5a75de612ef991585b73708b146cf37e1a2d5e1a095bf18843c30c64a73b853dae4fc1f19ad120276c5d10be6e05
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD548ad323f902e24ed3919cc739e6aaaaa
SHA193d539068fc0f4a7127680f51f754237ce7eab12
SHA256ec590bc5f55386146d61013b9b47056282bde81335b0029b97d9138b3edd3fa3
SHA5126134f7de5df0dd047d074799ff0dab4aa539dcb0e5f46be15a5984a0c0343a57387a1940fb8d10f129a75012a6c1067d5fbc5c281bbf2e81a7dffc805db5478a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5263f67d14cdb19588d28a25d33f699c7
SHA15ced51c4e6aab41563ddd84cd3d84886228ad216
SHA2561fa3f01965a4e348f76de96a93abd20f16ba5e99ac0e20bb18262f5704c97ef3
SHA51251fa54c88bbf5e7e452c447386415929e51f2beaa9234cf63674f0f924558c9908f9947a7e95b9387fa490abd12217d82ac48bced36b7c1fbf6b9709c6b0c93b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56e675ee99399993d8da0711a1b4fd6da
SHA13359b7fbc7b8dede03c570cb06f6451736faf41c
SHA256f11ef6fab848d566b781f8f4a75511af3938934624b5d33ba8819584cedb179b
SHA5128b2c5c0dac64ec027672bbc3e95347c5556a5af90976c776cfa70f66b75102bbbc8ef8f7ceee3683616f2f90a8b5e62f30457ee748b8502b19761656d6200f92
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f1724f1c2d7d807007f370b96676f3d4
SHA1ddabb27ddc903b22aa69961db52eb844ca5c1c9b
SHA2560b4a7aef57d99d3fa3163d5d13ac9d2eaa472a93395cd5fe0191f5b39ac67d2d
SHA5123bd5d62bf11d526684abcda553feec27ce14dcf011eac407bd2edc50d4470ba63bb2db8ea83187562c09575155d544b6ee4f3a905e5801ce8dcc90043e1c9c55
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53bba66ff6df401c046c53f84bcc7a164
SHA106fd6f790b01d70c12c7bfced60470ec86aa8197
SHA256f7f3a79415c25f49e6dc7fce0b47bcce7c63d1f4780332557defb58f3878ad5a
SHA5124344dde69c2f66f237b03518ad9277360502541d8644e43ae3f2da257da40c94a0fd8012f76a2845df5de8f941f1370e9afba35cc4ff763cae9169879e3f8149
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD531296a8d74513dbebce8b3bde34bd681
SHA1dc6896639e06b12e56713cba9077121987bac7c2
SHA256d50b19a43a238bf4dd362792a2fb7fc743254f93bb2079780cd479f45eb44c5c
SHA51223a831ff61154f5622984f8ebbc3f296722755224d236a4c61ec4272a7a7d80dd3fd081911caf93e35f36cbeedf3f18735fee1e9c722d797c6c328ed7c175d18
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b