Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
13/06/2024, 14:07
Static task
static1
Behavioral task
behavioral1
Sample
a5f134a628896889b50ce9a7ee9dcd4b_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
a5f134a628896889b50ce9a7ee9dcd4b_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a5f134a628896889b50ce9a7ee9dcd4b_JaffaCakes118.html
-
Size
23KB
-
MD5
a5f134a628896889b50ce9a7ee9dcd4b
-
SHA1
a35fa411e728145b5924b43448e4cca9169dddcd
-
SHA256
5e3249c123b1c2df16ee5944ff63cf4c7df15ee8c6db1cdd4a64d00b8255cdc3
-
SHA512
10b9d6f399495993276f89e3c76ff49c6684184580d218a22b8f69bea54142f8229af13da1777badd2743619695bdba6344636cea0472d1dc3c36918707499b9
-
SSDEEP
192:uWXIb5nQrmOnQjxn5Q/mnQieVNnFiInQOkEntGsnQTbnpnQPCnQtBwMB1qnYnQ7p:oQ/7X2
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424449522" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{480F2671-298E-11EF-A3F8-62949D229D16} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1976 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1976 iexplore.exe 1976 iexplore.exe 2948 IEXPLORE.EXE 2948 IEXPLORE.EXE 2948 IEXPLORE.EXE 2948 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1976 wrote to memory of 2948 1976 iexplore.exe 28 PID 1976 wrote to memory of 2948 1976 iexplore.exe 28 PID 1976 wrote to memory of 2948 1976 iexplore.exe 28 PID 1976 wrote to memory of 2948 1976 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5f134a628896889b50ce9a7ee9dcd4b_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1976 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1976 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2948
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57d6ac20a4c490dad9df7c552f5d14b32
SHA1010abdcfdf199d4e216c237bf866b8f70e99babc
SHA25614539c0d08230fa1b970674deeb2ea9fa2b5d2a27fa905562bc9d031b9620c61
SHA512d0ffaf3325f061ad175603c8ec47fe4eeb6751b98c1d100c34bc7e8469f0a2028f6ef1fcf932eec019c1c3c14e7e3b12f59aea9d5530446441d570175bbfac89
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5507e6549d90cab1f8c22af4b09451bf0
SHA1c3a9cde217e333fe8a18e127d47e27dbe3934f41
SHA2560afddd70fc0d2e4dba56131944d8b38b4ecf07f44642edb6152ac8642a987303
SHA51269054ddc19e0f5b9e968e65929a90986587eccae20aa026616f3d8d7d0e35c03188e26bfefe5bd7a0c2f03459fa2a0194757f2ce33a0ee2102f33340fc9878a2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bebdde467e47ab592de95c665e8fb407
SHA1f17f6e5f466334caa8aa711f1f9358b6ca453adb
SHA256bd0aee6e3ef732d9f20fe150ad097012905ea3b022f43350f31cf3013d168d28
SHA512a3520c529975ed52a1c0bbc7816812266d04aa0ff6239d0a329af2f58e89470127bfd54f369c5fe98df47fb52955b1716c1c3df6f2c2271b8c430fbbeed4f868
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5eede0117681122ddcad6727039205492
SHA16bb05f053878155a29d4ea8f83e1054991284b8c
SHA256ad1cbc7cc04476a6227468045294d94956f3f4321ffbe191af89d5eacb04e7c5
SHA51284521bd212684d61666c6506746929fa182c988bd6a9a7111793ec570158b57b0e35f14f0a91e77f808405e47bb7eced32e70d0acec04fdfb42bd5bbab425c9f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ef19c33f9efb8295a6eda976314fe8d6
SHA1a7d19c50673e60cfad2d25ba5297ee9a7d45c785
SHA256cdf81babcbdf10f6f8afb8dd61e8f2e62e370da7a07330db50317443a1edc7ab
SHA512e5d5dbcc6fdca91ca447fe2e70ed56fee307316ecd37a4532a8f01a5e0cfc5e004dbc07a831a7e37ae5ce8401e9b3325401f01e9fbd943594a18abb976e422e5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a2d3dc5458f22f35e4c770fa356fb2fd
SHA11cf966a59ca1cdb6f4879a66d2c76eb912881571
SHA2566cbb311b813d60902bd6826e138c002516e0b12dc520f6a53c6fdfc1ce331525
SHA512c3560740d625ce22e16a01217e8076ce84b4ab06ba91a4d8117a17a8e69a42e0a119905e47f77dd01f83f70ee623da6d3ee493e7ad05648a792a82e71f11c810
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a9edcc83f95f79211b0b008b8852a629
SHA167b35e37ff6410cd1a170cf36440bd80eabf90c9
SHA256835cdb5396d61d9b50553fc432258499d3745860d51e80a67ee97c871aa05aba
SHA5121097f51c595bb0f3760f70c308cbb98fd16197b30888baade177ebe4a7202496dbe7ac8c49cad3b584fc29bdeef3b6eff4c9be4f4b76fb5a5f104510c190e407
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a51cc2cf792c75b3015bcef11d3cbf94
SHA10ab87c302432d338bb0bfdbefce893f6ccae9607
SHA25676551423ab929df8543ad477b8047ddcca594eac0c74513f9c5cda1f04f64a33
SHA51276e1a3f19da8704e8e2ed9ecb6f8ad625b995d0ca0ccde5a0d421402601b45f154aac207a6f0fc063421edffbabc6f3e648c883bf14b541419b7c1289a0a1f3b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5896d8d65f930d3fa3336a6ac42fca004
SHA1c19554758e01c8a04e5839f4b2f937affa457d27
SHA256a9da5f2791f366b673d24c7e9133961d311cac4a0f3d518b06029283c786c823
SHA5121f12984652e51d62b0cf496e7e680f5a3d4db7f4b2972a60fba74d97a7804111224857c193d6f25442596cc6d3d264a3b0258d97bce403fea4df66502a09ca2c
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b