Analysis
-
max time kernel
143s -
max time network
144s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
25-08-2024 22:22
Static task
static1
Behavioral task
behavioral1
Sample
c1b5fae029275b311b627651c3c7f5a8_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
c1b5fae029275b311b627651c3c7f5a8_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
c1b5fae029275b311b627651c3c7f5a8_JaffaCakes118.html
-
Size
247KB
-
MD5
c1b5fae029275b311b627651c3c7f5a8
-
SHA1
0027ec2584cb78bcae86ca6a2894d36006e7f2dc
-
SHA256
4920f8d211a77ef465be8b27a0209d47c4b5bcfb11c33aee781a41bb96b6bef9
-
SHA512
49a382efa3a3953cf40c14db67a8b072a1bb9c9ca13a0929ded8ddc5b3eb4297c76013a95a70f7f3eb3b9fce428e0ff38463285ba767e0ace79c7f06c2e1ebc7
-
SSDEEP
3072:KPNnXI8Bxic54JlBi4zodsh8pV7NdAn4Rr1jx8:6NnXImSlUhAt
Malware Config
Signatures
-
SocGholish
SocGholish is a JavaScript payload that downloads other malware.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
IEXPLORE.EXEdescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
Processes:
iexplore.exeIEXPLORE.EXEdescription ioc process Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{859DD461-6330-11EF-AAD0-E29800E22076} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430786428" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f04ab1753df7da01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb0000000000020000000000106600000001000020000000c1ac0e9574f0db44b0447273614209a29b805bad45cb62212d3f51f386515885000000000e8000000002000020000000dc93911bcc92c504cebbce8468177848008dcc98ad79e225cf020ada4d5c763f900000001de977907f8c407eb1c58f58708dde1845fe3d86e9db8e1d6917604c01cd070c61e35b7f7aeea2953f1ae42296a42072c43f1e921f66f88f7edad2e847d5386330861f3f492d81f5246a49554c8591ce738f056480c316b8b3cf4a7cab0676575e7b2c99423b05de88cf79679b858800d8ebfee836f51e1a747ce7864c8afdc74b58deb90d1a92205397ea7895c87ec640000000ddbd42ffa6c116b1f88357ae7b23ae7b5c20ede176d59842c35d2d6ded2872cd27f14ec0fbbfbecaea5ea8a3c9893c7e8cfc995fa282db863d3aede3b44b2186 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb000000000002000000000010660000000100002000000062625801e6f2533a942be76a563ea6f376839d0e5ab02fa15f51e87ff4f2220d000000000e80000000020000200000004286bbf93adc7290efe969c29b90bf58022c81191cb3da2b8e5d65c9f705fa0220000000f35f78e366135e41367f6c4ced30eee969aa410bf6b8a87b35c42ae1fadbaa7d40000000cfd106c412d4c069f21a1b8faafbf0283807d07361f48638f4d6355e80ee5adaa4d4721de3a1e85dae34ee8f2729b0647027694db21b8f373b7c85c69c63e634 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
iexplore.exepid process 2276 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
iexplore.exeIEXPLORE.EXEpid process 2276 iexplore.exe 2276 iexplore.exe 2684 IEXPLORE.EXE 2684 IEXPLORE.EXE 2684 IEXPLORE.EXE 2684 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
iexplore.exedescription pid process target process PID 2276 wrote to memory of 2684 2276 iexplore.exe IEXPLORE.EXE PID 2276 wrote to memory of 2684 2276 iexplore.exe IEXPLORE.EXE PID 2276 wrote to memory of 2684 2276 iexplore.exe IEXPLORE.EXE PID 2276 wrote to memory of 2684 2276 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c1b5fae029275b311b627651c3c7f5a8_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2276 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2276 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2684
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD5fc6d7c3d37c1f6936c4ab809a6cbea90
SHA1672d56703b86ffb1fbb8e0f247cec3c89cfc065f
SHA2561387dbed37670383a79608240a612b5a9b4ce0322c91826be48101cf40f7b87b
SHA512c01cc9763090e85e24f69d43110d5a8ab19a36b36f09e6cf6974feedcfc79b693a97302e4c0696d770ced98dc4392a561273823c90bbf8df06e717a3ca1167b5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54631e973250c1f8b5c52895ce31df43d
SHA11882adb244c49557c936fa19703be02bf322b520
SHA2568b481cd2ddff8df3bf0c5f8373a3546b99a70b8fb1eb7483539395ab4a720bfa
SHA512694c0391edb7517e3dbf6ba96d2053846a69c7b9ed934e06fe5eb13392b34d817f89aba294baffec931f56efdeb1c65491833717517a0d9ffda79d5018adc85a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c561678d87b0f34e132cb5f51b5d02c4
SHA140ea3e2355c086214ae5dde24d97ef26b2398655
SHA256a44ea58dd54c0f711732ef92a24e063bc09d23aef6867d2bb7c959a522131448
SHA512387450a70a4fd99d6adc15d75a92ce9af3e6aacd12b5fce6d0265bfbbf96b6573cac6e30ff0027b6d8f1c54438560b739854e9528f450e474173e117c9a5bcd1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51a76d7e5dc09f35be4b3ea3abe6bfdb4
SHA14aae987d6fcb98e59841d01da85122931dfa972d
SHA256ad847f308877b832a42066d20d88764ded8ecd9209e7f30c783e93efdcd7d727
SHA5124bcffce4bf03db12817c358f6f2cd4d81596133eeea42ec21b1c6782cc4fbd05edde18c2a4d973b7f5389dd552d7d75fe996cbd52f8201a3463cfcae9a6697f6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50c8b1299e6549f7e11232ec70790322d
SHA192b360a3505960f816341f8ea095b821fd6a9950
SHA25673afe12342e86a27e537e5747837354a275f21e25d367daeaf65059109320681
SHA512c0ae485495fb6e098dc7283ddaaf8b6a77e701ac01795c3deb12b1431d319baa8d057440d4f894d4992ef19850a6b992d7a7304d8f49247a9539c4b64f404962
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b87a3f7e706b9f392851d547bb0b1e13
SHA1197f1c55956c8885b6e67253ba9dc37c951cebc9
SHA25607b9e9bf5252993086bc16d0d8db286b02162d1ce7fc6aa035596311be3d0f69
SHA512e85a4721dc76d713a386501e016ce439f9e35b0f1f974907b39e5de4543fe9da07e05955c6bca2f19588afeb0fd14e11c90a3f3d0a6936dc891f0676f104da8a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5215b7dab397b7f6eba20ae00c9634986
SHA16d39f7d46b4078c615439ce60373588544c2a19e
SHA256bb7cfa555ce3043e3962aa869d94779cb5164fa57bc68249531f84f76956cde1
SHA512066edaa7502250ef73a032110bb05d2fb81670a521edcde4a4c416265e41a1bcacae7ff87ba8b3ef6af4e057d404c2daf57ed930ef2a6b7526831f2b128a42a4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53b8084359aaf68ac56df8936662c793e
SHA13a4c273f4210e477f29df59e0e181f26d8d7c82c
SHA2568173a0ffc773c97f276b6505f552ef40b0fe0d698f524f7e69c3f51210ef555b
SHA512bd4c832513ecdb1804abb1d9e0caa436eafad346622b8758996e13466993c8c6be9ab38b39bfe4ff560cc7d812c8b1a9898f752189e2ef7aefdfaaf156de6a07
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c7aa33a2c149ec2d4ba934fa4f5faaf8
SHA165f170510473f09f2e222c402baeef4ae4aa2112
SHA2566e1ad4b0f286afcd0ef87e176805eefad7f41cbe5c993d65afe5ac1379d52bad
SHA512071f40081089b1bae989e85bbe3316a9c0281b3ba302c70a05338621b1c3259655512d3f282b94d8f5b8ce6035e3eb9c33411cefe8ce1926eaf03c23df4ade75
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a754f0012d9abd03eb2de1808fe46f66
SHA1c6be8de65a10f728bf969549755cc6c832c25d0f
SHA2565330e2a572947a451935508d797a1d223cfbaef4b277eac766117265fc34f9ba
SHA512445cfd080d02f1cf65b7a84825aa4fc6b9b849e9a9e2d8dde0dbffb7a1b980b6c1d61e290e796c9911220d934ada38194f67c386d306ae863f43e356cb21c750
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5982770087722db667402fe53a86c215a
SHA17f154c69b53629256ee2595a8c050de4d8ae5a1f
SHA256bfcf73fe69d33da13d0f9b95c339d0ab9c7c2eef0127ebf040b7722d50f7430a
SHA5129e83a52273c7522f54de66971e98e88f5bc7239d435a11a902836d95d81ecbc903259525d321fedabb97375a1254a90fb9446bf8f543a3a5dbb18bc9deac08c7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e7362c915a959dc4a5c0af80b3d40b34
SHA1ec061a8275abe4764065c49ac056cb10172b1dc7
SHA256a285cc8f6b2ce7418937e7c9b6bc507cfb1560d7cc7d960ee3b3ce91451c44d2
SHA5125df70f087b95fdb9cc597a54ecd0cfc0c24bab354c31553bdacae736feaeaeb17cf08667d973097b72554279dc302a228f922f7a7c1ff35c77d2b897a1a17b31
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b00d9e7ad53cfa444f20837b178494bf
SHA19c29acba7d51bd21659ef1ec9eafb261e86ad5ca
SHA2568b4f292003a4feb27472b71762ae78a0c71589bc076108a2d3d0110d6a64b3be
SHA5124ef6b3694190ad08d4e793ad779eb9c7d74a178f994f0afe621a0348992352dcf84600dd815a14811f1f24e1505d7dbb61165a363c37c64f3a1aa6e2012462b9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD599546f987a6f99a8412efc9aa29ed474
SHA1136e6a20d97633bf81624928b12c4f47db412247
SHA256fabf69a170534303719da2a2ea3274ecb7d6c718c604aeed1e6adbcbe4924d33
SHA512d288c29092d95216a0e2942c353ac36ee0f2b6f1af86dda2bad5b40943b7fb6953497465d183d6535c7cded9a2761b7cfe53549960a1d04863e3c6712a7e8e12
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD521e42a6d8aa254e21f0b375d102ca194
SHA1f634baf912fded2071ba72a25a221ddd37fa895b
SHA256f49f25bd68737b3b0ad64f47ae99c9de22243b03a47ecb0af75483d02b7d4443
SHA512bbf4826bad7241c18f9c3b6a7d90bf2b5fd624e6c90c3403edbb304acf45a4b1ca437a6f4ebe2d07f0d94cf745ca25fc7f696abec531e93210d34c2e89647495
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a5c222247eb3e0103ce17cae710322ae
SHA1a9c9dc3c04c7a5151774627b27dab18f5641f36a
SHA256aac356fe894c32362c50203b59e295a846ff43b86c33b52831a8fc45b482e394
SHA5126a6c757a59e5b6c458aca29173ae0799fc551f6ab0422cb86675970287cd60be8bf43190790b4daee2aafb5a3eae67453013a15fbb9f190b028b51933eb25f48
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD57b23ec5ad8b562931b42963cefd9f81c
SHA139ecf4a812cc4901eb1d4e15bac6cd63e02c58af
SHA256ffa10bc4fbc7f87ce0442e65c9860178044a4caf5e9312361edf58d17a5d4aaf
SHA512ad7594a4e42a262b2e73352b5286598af0e7a97219e10f0ba1b939c0b9ff35bf702a1175f3b4957bf01dc7c544a84f2918a4957a2141e563c9cce1e737a5aa45
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b