Analysis
-
max time kernel
133s -
max time network
142s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 10:14
Static task
static1
Behavioral task
behavioral1
Sample
a507490fec46cea8cbce71b01097cc0c_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
a507490fec46cea8cbce71b01097cc0c_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a507490fec46cea8cbce71b01097cc0c_JaffaCakes118.html
-
Size
29KB
-
MD5
a507490fec46cea8cbce71b01097cc0c
-
SHA1
3da35d23f2882fa4c396be342a216aa7de8a190e
-
SHA256
1d14c911c5029b1b367a1ea976988704f1536f650942a10b2010e243b5da5c81
-
SHA512
fcbc1e60755dbd93f86520e0ebe764fccc21abf1e720c91dc8dabd293e8b661c39bf77c2676dbd25754c6192e9bc44a11cea120a13a516572f420a99ed0d5cbe
-
SSDEEP
384:ndjp0/eEiiCdrkzfVLeLiSO2ujfVLeLiSO2BYrh1+e2c6PVxaCwp/q0fxh5pAM1Q:hp02EEC2uF2BM+FSfPst
Malware Config
Signatures
-
description ioc Process Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435522" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AF6AF861-296D-11EF-9E06-5628A0CAC84B} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2200 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2200 iexplore.exe 2200 iexplore.exe 3016 IEXPLORE.EXE 3016 IEXPLORE.EXE 3016 IEXPLORE.EXE 3016 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2200 wrote to memory of 3016 2200 iexplore.exe 28 PID 2200 wrote to memory of 3016 2200 iexplore.exe 28 PID 2200 wrote to memory of 3016 2200 iexplore.exe 28 PID 2200 wrote to memory of 3016 2200 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a507490fec46cea8cbce71b01097cc0c_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2200 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2200 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3016
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD58a842fb36223c983254a535709d56b82
SHA182956c1d39bf33de0f16e894189cf25dfc357ce1
SHA25602ed3df39d0109040ff49ca4313af4673f996807664131b6ccdbf31c14dc16de
SHA512e5c88fa7f198902c7022cd3800f4a39b46b712b739eb5258292c477ca406b6bf674ccad6e28fc002e93e4277a084ef3f88d62825d212aa5e47f7f930eb4a0a16
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57f5928bf351321710b8e45143aa05af7
SHA1ca91c59555b05d7489b2f27f622f012b6f926a92
SHA256fe6c1cb1578592ff55392c46870fd24e8806a2d78b64e895c4bba24b4e1ad116
SHA512782baab8d368854b5dab4a12c4c1d4fe65aca803c7fc7720cab5599f1a6dfbb648130ac950d6c0387e72a304d3ebfd4c30507d9daacf3d30932fb7e5fb831820
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD590fbc608c041668a211d77a2e372bc38
SHA1a34628ce925f4c7e28adc19002321f3179fbe03e
SHA256bb830fc4ea76df9acf103b72f83633a969271980094302ee6cd5a4c1560e86da
SHA51298702e9a2f1c5624b0f02fd4428af925f1e2b6bec9424f2331fca87cc28ebd40ec416607903201fdac7cd5e74b97d93d3f944487e5b8a277ccb3f158044a9294
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54c9ea9b6fc8103a11a05622c703ccf03
SHA1c6576091c826fb53f89f052a47baceab111d6574
SHA256f37129f94c053dd455dac76cd86ee52c255f68671cc1176d4c6d17a7d1a6248f
SHA512b077100a5b20aa3e7119a049b9d95345298ec64455ee0d7d727590f2a125b7dbd438a85017a03d46c63ccd8ef2c6fd829edc7c43cbf90b04145823213bdf8261
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5678daa17da25085da1947c33418658fd
SHA1673464739b536147bf04b1ca190243252196f0b7
SHA256cc90942a8097807e97d952c8ad482cca887f14b7277f68d6635dc179606d0561
SHA512207bf6ffa1de053aa83c24d1e951f0943048e8f0315dbb7f789f95804e897d918d5a61c58982ffdbd56ac90ed4cf6d9893c4e24e39471443607712b51621c54c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e73dfd5850adae1d6daac5817f6ad38d
SHA171044945e3a8d76cc57588bc71bd9bfdd711753b
SHA25643e908335c14b49000974de00fa2ac9afe24b7240c4dc10b1150bdae2deccdab
SHA512bb8bd96c21485cd8dfdd998e3ac451922472f1e7d6bd2eca09e3a2bbec81299bd6990a3521ecbfd64557286cc6d73b28c1901d6e208982988e039fe6b1e3cdc5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f82dab14a6f305e35e73b8b17b8ae398
SHA114b2707e595bed1fc233a60b3da8aa6c5f291f62
SHA2567e5b883e5c4b0d9dab96b2e8383b711d4f2e29398ea9d8730755ffe065861fe7
SHA512d701bf97cc2dfa44e112943116eaa2570d7d877fcf1f7220cd3aae5119305ef52fc00fdb2d39a3cd6759b681037b041cecde3a0658f47f7ff5b620dcab4c3d59
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50acb56e8a7f5c32ad8046f69b9be3048
SHA16f30d3955ebc890c8d8991bda372e7aabff72a2a
SHA256cb6941346aa0c10ae619af3718788d6fa6e6ae987048bf4691a7545f31d68f92
SHA51214da918bda6cdecfa7235aa8867b30eba35317ecf6ece1084c11e05e3aadebc8e0f41627a38211dc930e1f0ef54b697ed78d7e90e6caadf2102c9d3594e7f94e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5db35c2beaf6e476b24a591ebd985cab1
SHA1581f1b11d00dc2badc456d784d4715384efe3deb
SHA256d5985fdbc08447d570b68497bf4ceba47cc5bb6913d6b98f9477cb0141919971
SHA512cebf2989d52d12fb97acfca7943a33703f851efc984dc30bbf664651a4ba47fd944dae1e1d3f97a454601450932d2145a1424d28ca2467803a8e438351e6b96f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bf239ec31e9a2641b1cfdbdb28642047
SHA176874e5be431ffae3164e0e92e1794951675ca4e
SHA2561db4560102036e7f8934ad7d3aa836662d29bee0ef869d13f1c45fcb75a7ce9d
SHA51290dff5518fd6ce519fb14db6ed3c2c495d75b9ee1aee28a22cff0644fb37ca4efc42c88102f62686a541b3b8bd67ad7049a64f2fff34aaf0491b7b01934c5001
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD5af2d4ef0cb1e8d08cb32d15fb6da266b
SHA1f9f476d967d326bcf80ef87a4f31a00bd2932d69
SHA256522877f531af214443082df62f2e378940b3492f32292a371675125b8b210cb3
SHA512fe225f14e485aa9fc1f67f4c1a0bf546f2644b378e76ca7bc968ead0f3fe187ec78db863e66fa6c321403b2e3a712f1369e6613e202d8379d4b6fa7c90fd8396
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b