Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
25/06/2024, 09:33
Static task
static1
Behavioral task
behavioral1
Sample
0d90386ab72f60a40d906f334aa3a776_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0d90386ab72f60a40d906f334aa3a776_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
0d90386ab72f60a40d906f334aa3a776_JaffaCakes118.html
-
Size
34KB
-
MD5
0d90386ab72f60a40d906f334aa3a776
-
SHA1
68339fa4f55a82bbab84e5cbac01e6ef8420a955
-
SHA256
60582bd915af69450586ac85be9a00eddb8853d309300f5552745754f0d0fed8
-
SHA512
74fe9810f6278c1d681f91963d8b0d92dda095ab5d91a39808821d27e0bb7096b7dcf8cb7afb09dabdb701840ad1b482878e24073f9eeac4e7d1ef77c21869f2
-
SSDEEP
192:uwrEb5n74FwnQjxn5Q//nQieuNnYFnQOkEnt9JnQTbn5nQOgpcwqYYcwqYHcwqYk:jQ/qmz8J527Ou4wl5rFiT3
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{03633471-32D6-11EF-A5A1-E299A69EE862} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425469891" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2112 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2112 iexplore.exe 2112 iexplore.exe 2644 IEXPLORE.EXE 2644 IEXPLORE.EXE 2644 IEXPLORE.EXE 2644 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2112 wrote to memory of 2644 2112 iexplore.exe 28 PID 2112 wrote to memory of 2644 2112 iexplore.exe 28 PID 2112 wrote to memory of 2644 2112 iexplore.exe 28 PID 2112 wrote to memory of 2644 2112 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0d90386ab72f60a40d906f334aa3a776_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2112 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2112 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2644
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b086468d0d57b7e715c97836b86bb993
SHA153a0d06abb075f594a9e40c8787f4f746f9dbf3a
SHA256ac1735ed52f46e4c93d4a106746ffb02dfa51926e03ba9cd53eb120457680293
SHA512dc0a51c6e2e0775a6b9e49524764eeb5c23415caa917ddd52d882d9a5e68e97045bcb2b8f6b3bdbd9b9722f2f8167c128719243b3c87d9abd4c363f9a5937cee
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5df6212b72d008e961a5a85a8b4b1dfe7
SHA1441c1fa1649c7a81a1d885e49a271493ca66fd62
SHA2563ff28d356872d6df860aa6c1df2de39d7204ed0f60ee49905ab1fde2b58369ae
SHA512128a7be2f2976afe111bc1590b852c1d006b21b946f41cc95b46af7bd49cab6caf7befceb39ac557f660d63c223280d863922d6bda7e83e53c55998176558648
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5acffa2c815f315b16579825a7f5fdda6
SHA1e04dd934b08bf5c0517ee8e2d5501401e12aac64
SHA2561cba5f54bf52932a5373bc840dce6beffdbbaff1cd819987adcf0aadd5da180a
SHA51278cbb2fb715c4e944f70b253cf198a7739536089f70fb002d5b4d09357f230cb040acec0656f666303ad85e0879dc13b94ad0bbec6bdcec5d2e9d1c88a4c1eb7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5652a797ebae320f350ed55abb2d26c92
SHA1bcd4ed667a4d2164bde06cadf8c6851d55ba52ad
SHA256fd274d1b919087e161b32d180dfa7548f94cd5ed93e7c18a22567f8e6f45e71b
SHA5120615c2344c28163b8bae1cd5dd16a80ee97a20085e2a4f7f807e0d279f6c31c438f0c53955c5919a72fe124de86e131c870ddb39503d4203669fe4f993d18805
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54efc1f99ea093c3662069da8cb2a08ee
SHA1e6fda6d8a3988bfc49cf9fb450b4d3e5b5455bd9
SHA256ffc1dbaccf12566144a14fea5b8f82a0b9a83eef0339f0cc8b06475ce21bf7b3
SHA5123ceea3317a6fd21e245c4e40af6b0b9d8c8992172ba2a3db6d3a4c4ad28ac9577e8053924125ea02f43f9d536aa959869ee30adf0d96b5c09d2fa38c3bd8ef0f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD526bf9d616d3f8c70f0fae70264b04cf3
SHA1c79f23b50b06f0bef8ea441436a599d582ab84c5
SHA2565cfc357e55572cb708bc32e0184afcd23ee283ee73c7e3d18995368124c9b036
SHA512094f9e6a5b00f0e3f61943bd99d1e0e97149694d9d19871cb557406a1e1719ac4d37bdccd71702866c847c679dd5813c974cb24bbeea76fb42f6f0ecbe69362a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55e3f190b03342b0d78ce4f9952e30097
SHA16c7307641f0ec881a07d0f083711ffc998d4d026
SHA25666c7d2cff11f16dc06f1a34bbb556f294456497699ce5a591f3edaa84ee8c582
SHA512ecae5f71d1847bb397812ea13238166f7ae5de8bdd5b9eb68092bf9e85fd670a2685f0a39f2edcd86929e24c2c76d8e894b66426c923f588fe912a573b16c5e7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f6693b99de09ae9039bc30e990b99789
SHA180430c93792e0395d32d1a832837111754504d3a
SHA2569df20be12c3849b4578f9d0c9e766846d00b2293e1ecff2bf73e2f4b0d745f43
SHA5129684143535bddb86fbe9210e24140cb1f9603d4d55e030229601675d8168ffdeda725d50dee33557cf7f5b381986f3083f0635b3bf158099d9e0980cb282f9b6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d0da8a26b95d4bfc67e5c8db19ab5f7e
SHA17f03bdde9a511ace2f55a2080097dc659fac88cd
SHA25610bd7046b797df69feb069bf7e3e0e577b9ca1aff0b9649d0ffd138d6272e5ad
SHA512c5243d69a834f561bdfc312e4ab0dcd74ed66e683941697311fdaa216bc53e3fa6c4e341693f797972200d62b1b4cda75a8460fe03e412bc8cd9ceb1f60a0431
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b