Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 09:26
Static task
static1
Behavioral task
behavioral1
Sample
a4d7f5f08b1ee23f6d1a8ed9a99e5502_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a4d7f5f08b1ee23f6d1a8ed9a99e5502_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a4d7f5f08b1ee23f6d1a8ed9a99e5502_JaffaCakes118.html
-
Size
24KB
-
MD5
a4d7f5f08b1ee23f6d1a8ed9a99e5502
-
SHA1
5e7bfc59992df8b1c173b13dabc53a9d28284f2f
-
SHA256
5cf0bdb2d58e118a262691242a54b76872bc48d8ebdec0180940006364c0c4ab
-
SHA512
3cbab927fe45aad16863992adccebdcc858d9135725c2068f7742423ea08fc0747670411223235870fe265443446dddaa87a2e6f523481b94b756587df53d742
-
SSDEEP
192:uqN7HRb5nW7unQjxn5Q/fnQieZNnRnQOkEntFYnQTbn75nQeCJVevo7NtIFo+Nzk:nIQ/0ygcnnBH
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424432666" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{09237E11-2967-11EF-A43E-62EADBC3072C} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 288 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 288 iexplore.exe 288 iexplore.exe 1652 IEXPLORE.EXE 1652 IEXPLORE.EXE 1652 IEXPLORE.EXE 1652 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 288 wrote to memory of 1652 288 iexplore.exe 28 PID 288 wrote to memory of 1652 288 iexplore.exe 28 PID 288 wrote to memory of 1652 288 iexplore.exe 28 PID 288 wrote to memory of 1652 288 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4d7f5f08b1ee23f6d1a8ed9a99e5502_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:288 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:288 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1652
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD576243ed06f6de400d40f5c9d016e6874
SHA1f783c5746f63f9d9ee2110abd06fafa414c1bde5
SHA2560f0c870eb7a4b3563639416f531edea3a76cbf8806a5e007be8f2589056eca0d
SHA51257477ad0e9b1d0e6601b8175e1d68cf927d7e7dcdc071dd5a2386525cfe86e76182d7c833788ed65ed4cac031760aa89368425e1e6bf179dd4b4f43077050f16
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5562a922f788fcd9a07ebc5bfbab74937
SHA1c90a159829e39a8bae43521a682f81df18856219
SHA25665b8e4a331ecd05e1c6b151002cf1f00bf27afd491c93872be576cad7a4c3ca1
SHA512f3b941c3077b1e000eb4c3efbf0ebf4c631494c7039b298e6738bf441c2f4287b2b4a177b6fc315f19277bd3b49d582cb25c17d828f058ea49f2082e34a8c093
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD549636e70deab3b10b0bdc0c92f74dcbb
SHA118708008738da6334463c039c4dca04aca9c4dc4
SHA256ad4ae4e93d5c67787a1726ef9c3662bae0ffcfe85b81b6c007428093fc8616ea
SHA512be80045a36e85cb226e7b28adcc141c5df02036aa44e3bb375289c32fdf143188a5bf5caedac71b2559c228f473ef88b1a5ebfb21bb4b71593292e2e5f77d2db
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fdb853623f362687a67e88d7e5e6f01e
SHA109911b740f4525792a07114784bcc7a1e641ae73
SHA2563c7e0ac93dc7a71dd1683cc376bf0015d39dd0628a1ddf5151ddad3f13cc1722
SHA512edfb79774157263f9c691af1c252e2039a085c8b15eea47e06db17dfc0a51c2cb925276184bc5687b1271bd06c3eb2684df170574abebeb698493bcac546adaf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD500ceff71710ca91679b83e6c35e4eb22
SHA1f234865e241e39410651d01e6ce7e7937e1cfc7d
SHA256bd843db20c61b955b180555fc09be5b93223e86ae207ac9a12119cc4b98f9a7e
SHA5124db9a5646892f601f9f02251251381d6b06b9367ea9bae381c3fbb74ac015ba4da98f8fcd72076336482b5e8b967dc828fcad4652bcc926a61231cc286621aea
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD536c061bec1c118c7130e0b65e5ddeaa5
SHA15518dfc466324c5f035a61f7e681ac0bfcae50e9
SHA2567c0814583a2c9ccaba1191fbad944f4a3d8fc0dfd5e1d00c3869942b6cc34760
SHA5120c77d2fde8792226326f8d53f3236c99fdcd9928df2db0fbaf6f4c3910cda35b27b38d641fc105158aad84d47ac7d686fcb40d61802bb3d033b08d1f0c18584b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57c166f1a904edf262ef62f811a4d779a
SHA1153592812a06568c40b183071a15b22e7461ef6f
SHA256c2b7259a01d3dedf2d9789908352bcb85724e2d564991a2443291a708344dd1d
SHA5124139a723afbaa830b3a7ba377d8e1b889912f8f228d411bd9f87d5ff0b27bb4c9722de23c617991d9b0c7ba838a0209133c17c9ce47805c8999d8b2df7a7b862
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD524a1dcbd9038aabc94dd5d27a8263e4d
SHA116a9e69dee2851a3c41d24d12ab3821099ff30c7
SHA256b8cd1c68d2acea454c526338d904291ec29f937e6037384b519dfcba81e4c316
SHA512ebc9b8ee9b1fa7fa9bdd24bd88ca419eb19815d9fbb1a750950298f8d27324cb68fe874a0d1057fb0cb5e10e880da3e7bfaa313b9befc133699510c35fbe4d96
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ad86eb942b96b9b6ef74e21de1e3f526
SHA1c6f8ce6bf545ba9c26f5c0ea7104960444a403be
SHA2565d76c12f4d8a88ce8f3d440f7059dbb8016bfd220704c112d33935f6f465760d
SHA51253748fbf1d8f0ae3274e42aaab301ae07a70afce7edd40a05964babc3495ea3806908085a1e73e4fed38d63a62fa5e70188355e882499a9456c219a878256977
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b