Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
15-06-2024 21:03
Static task
static1
Behavioral task
behavioral1
Sample
b012c0cee4b5e14f74e71c19fe7b7d74_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
b012c0cee4b5e14f74e71c19fe7b7d74_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
b012c0cee4b5e14f74e71c19fe7b7d74_JaffaCakes118.html
-
Size
23KB
-
MD5
b012c0cee4b5e14f74e71c19fe7b7d74
-
SHA1
015ecf3fc27f1c24af7b108641e4a5c083c0a9c4
-
SHA256
7e5e76ddd8f2a7fdc322a28fa6f8772cfdff77065ccaa8aca5b0654232b775a8
-
SHA512
bc1e8ec6d4c46f0dd52d5bb5669cf96f395dbb2f625e1643f2e26a8ba4c45641f26acd99bfe79a914a54e6e00f259fbf02fd30748bc1e4aa09edc37423a945c7
-
SSDEEP
192:uWfMb5na+nQjxn5Q/hnQiecNnQnQOkEntbLHnQTbnhnQ6CnQtOwMB8qnYnQ7tnWs:zQ/KBus
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424647304" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C75BE491-2B5A-11EF-B5A7-FAD28091DCF5} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1912 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1912 iexplore.exe 1912 iexplore.exe 2588 IEXPLORE.EXE 2588 IEXPLORE.EXE 2588 IEXPLORE.EXE 2588 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1912 wrote to memory of 2588 1912 iexplore.exe 28 PID 1912 wrote to memory of 2588 1912 iexplore.exe 28 PID 1912 wrote to memory of 2588 1912 iexplore.exe 28 PID 1912 wrote to memory of 2588 1912 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b012c0cee4b5e14f74e71c19fe7b7d74_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1912 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1912 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2588
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51819e6503f2cf4ebf097947a3be8af99
SHA10a060c77745a937f7717280b2768143c209a18c9
SHA256452ae15d7f41380c4fa34df29170e36d06fcb33bc1c94e13be44484cafc9fbcf
SHA512a1c61feb3c79a3261582de8c886c07698c0c223c8349e3649c0089d1490b064dc6f36ed358c7a00133f92988d7486c3233259984a74b62dd60fe51395699103a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD547b125ecfda6aa0432cd38aee4acb318
SHA1e9407a0534c07c2fa09f4ad72fc3599cd04b532e
SHA25656d4721916185c34507b0525e2fba24265e502e16aa9a8cbd59c812b6896c5c7
SHA51261f63e43de08097cef11e60326c35d10d8518ac32779dee9732eac77668ba4101eb8694c8ac06f5b4a39dcd883c1d3b865fafe2cf5ae9af2a6371c7266a48ec7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59b25c8e33541f18efdbd06c1bceb4941
SHA123c6ab2799965734d31c49a3212e238ce589fc8e
SHA256325f2696177050e2b551252a25c703d9f66debf56040d00bf48e16dc53ef0415
SHA512b684452b8c2647edeab42c7d407a3c023b6a288175186ffd96484b0faec752fc7c0fe614f2243bfa61323f0b8867a82d7571b3851afc6f0043b7df53ba79575c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cd871a65e9a989a3a38b8c7d274a9d21
SHA17c2cab82022427d0bb6287e1085c22ed0fb043bf
SHA256037e5d0309f372836f63000900cc76e278b8a4558c402a2a8b372fc52a20bdf2
SHA5123b1db7195bdc1a9044fb6fbf222c59531329a6680ee69c35a1577e5eac33f300616159e3dc1975996a55b36bbff17c100e69d394a61369448440cc16f078e0ab
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54795c0afa6ee920dfcfb8658a9b75394
SHA13da607f6b460bb7b9c495c1e2c5244901e774dac
SHA2560f808efc5dd8373a61e716247c43c4b2b97e1606e2b5aa79abacf38bd427db01
SHA5128bef749408ef310e2ec56b4cdb503daf1fb1f1f8e508689c06bccb1927c009e723f53ffdfcfbe6d06edd89cf38871fb5cbd23b7876ca0a4a0abd8d6be1578784
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD551fa49803c46bfc46824467c6a490cd1
SHA1055c7bf9fe2ee20cb9c482c7b0bb9e1842907093
SHA256d72c16f32d799adb63a9f0dedd75d8b7dfef227731362c984116a76ca4e1a178
SHA512fb338e3848d2311ed04729fdfb1596a5e1471b95e5e5dfa1599720a2642e7fa3b3b12711ca413a662b24df2f3ffc573be7d031ff5310e919199e1c9ed45728fc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5664d60331c8b635dd362fb3ec94aba3c
SHA139fb300dae31c67ff487400764bd06e3930944f6
SHA256ff55f36100aa29d1e343a2e5e336b85af27153e0ce8c85d556e6c4139ec230ed
SHA5129cdd63d5e51529d6c11d8e293ebd4bccc395fcebab70e30cdfd5bcd2860db9f54b4936ff33acbaaa57adfa213502626acc32f4f96d8bc767bd3f4be961dadea1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5887dac4cca948ee0ae37ceb57ccb67ea
SHA16f7b947156935e76e075263685d0623379f537ae
SHA2567dba5d9e648763ebd7d328d3ea25ed2adcd684b4c3824d5b47b752bd54a19432
SHA51284810eebef28eb4a90e3282f9c14c81b5895eb4a40d3117694694c1f27546d0bd75bdb03aa9ed84c5cebd69d618774dca367e06d14dd1647622a886404bf916a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50e3ec30b4e6013d68215b34a362c440a
SHA1015369b7a58c6dec455ba52ecac920da67154565
SHA25695ad2d8b2125cc4026b0670ee4df33981f01d0095b73ac96d49ca91e736599d1
SHA512cdafc0f4fb70060a2308ac3573e01c90c01c185d22853116f7f8ca96d80bf87363a9ba9de3ac8d2e6b8ce9e85389b1994c23af2d14251525576e89d78ba4819e
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b