Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
01-05-2024 20:28
Static task
static1
Behavioral task
behavioral1
Sample
0cc5987fc44e1821aaadc481c0db08f6_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
0cc5987fc44e1821aaadc481c0db08f6_JaffaCakes118.html
Resource
win10v2004-20240419-en
General
-
Target
0cc5987fc44e1821aaadc481c0db08f6_JaffaCakes118.html
-
Size
242KB
-
MD5
0cc5987fc44e1821aaadc481c0db08f6
-
SHA1
f14b2d2b346e96822e7697e3581a6cb2d9eee537
-
SHA256
5f9a4fe3b812dc78adc0114d73d45ba02ecc0d8925e1b2f6b8288ccd6c8c371b
-
SHA512
fce6925fe807996df4a2a4207d283403c730b8fd3e1d8aace03164909a8ae628f3662165f67a13f8e96f483e213b930637018a3b89fac37f3ae209c42e1783af
-
SSDEEP
3072:tjoG2eD8EtrhB9CyHxX7Be7iAvtLPbAwuBNKifXTJ/:ge9Rz9VxLY7iAVLTBQJl/
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{61EFDF01-07F9-11EF-9680-DA96D1126947} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420757182" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2836 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2836 iexplore.exe 2836 iexplore.exe 2540 IEXPLORE.EXE 2540 IEXPLORE.EXE 2540 IEXPLORE.EXE 2540 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2836 wrote to memory of 2540 2836 iexplore.exe 28 PID 2836 wrote to memory of 2540 2836 iexplore.exe 28 PID 2836 wrote to memory of 2540 2836 iexplore.exe 28 PID 2836 wrote to memory of 2540 2836 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0cc5987fc44e1821aaadc481c0db08f6_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2836 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2836 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2540
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD52204838e973d3f6ea454aa5767b09e19
SHA15abd5fa084da1ede718f3b56e015eb96230e2e7b
SHA256e649adcd70f74979a1c0ff96cef6698a713b915a6228613883cd9cb238d6be04
SHA5128529bf9fdef2350bb784d52870eb0021d7d592cda619d047ccafd6534386a9765cb425f5b959765b9c1e23bde7a4fa3fa3c3fd23dff79ad5ee4c397f47f68bde
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ae2eb4b14a5edbf23392a914279d0d48
SHA1f7c39c02b4fb5e52cc409f0a416d5778a59e1fa9
SHA256a4fd00d85df0710c452ced7b0469cc08713a0d8b4bf525ba837d46b336b3f1ef
SHA5126e7bfc5f7baa3455fef456e5e5956c788cda75703afd2c3aee41c4f03577f34fe192401b3681ccc84e0a80d24f85c80c8a13663d7c975fecaad5cba07fc953bd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50971ba775322f1d0ab96738c373c3b58
SHA1dcf92b3705fbc7560d23e325b2b1c4672d4db85d
SHA2564a187a24cf765fda42095cc8b57cb627994b07e1288e3c944e7698e513983cc0
SHA512f7c1df52154851b6b54c2af2e104f5cea00ec6041a08b6d24b04dc7eab56682a4bc073675738ec501ffd52ce74d5c142ae85e795700c9a8bbf3f6645e61428a2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5329f46c41f58390c94e636bd5b489a52
SHA12d7224900a59276ad7d9e25d2f5eeb6c7b4db7f0
SHA25667bb42a7b7d107988cce8558322f9edbd31a121a5ce22ab4447f86d3d98b1f9c
SHA512ffed01aafa3675edb43e0bacf143eb4f8254f4554e95f40de1668ddd1adaff77f20638543cc9535f8709a7fb1d07e35fe6b1892b738186fbc9ac4e08e210fc66
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5bce875fdcf06f0d107688519465da6b7
SHA1037c5d0998bf5c365cfadbcec14313b9b03a81da
SHA256c7dc80afcbab95878df6eaa7e3e7a40e8bd82ac467f405e9954d2f1af0bce316
SHA5126e63e06d176bd4e18086fa73bde086129d267684d82fef3f682e2a5d35c2e9593a89ad18cf402fba7068ec997a716b93fce9b1e69350a5d40f77475d9e5b671e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5df75999b8ad6c2614be4702a684ea8a7
SHA16cc7fb02cda6e525e1bc1bf03cc05226a0ed16a9
SHA2568513c5881ed62511385a3eeadacfa258a2a3d9e97e4b2d1115f54065f08bb3e2
SHA5129a797fa64df4aa73caee2397bc36affd08b9ef83a8566975651d754f86dcd87d9a96c3ac9beb0e6087c369b7cd30fc888dc6aac1740798609985e394d57cb9c6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f7ef40b39f8c9d0dfe3e029c87d6b23e
SHA1ac4a484359445817c371d1766f0d343b4c9230e5
SHA256db026c2790524fda3421caed1181e3ea116bbd9ec9561e6fe9a4b01c5b66c885
SHA5129fab514392c472dbd27d366062981d7c8a1780736c9bc0d0de0073c872b1582275556a7a652a9cda415cbb100ec7c8ea181408b4fe093feb8f0b39ce90801ff3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD546f2ca5068c5c37b08459b955b01f3c9
SHA1332a0a96b24075abf48670b59744e98eb5488258
SHA2565cc462846f234d71b2a68e7f7914a5b09ccf286d6ac7c2a71493bb1e4f9185d4
SHA512b7853187a037ece6139b31e5cd3041bc9cdf195a9c3f80a230e5e34deb5d9dca37be8c360adbe5485964ec5b9a33baea3d588cef0d1b30d251e71f100fbc81c8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5cbd37b8b85fbc2ae43096085d3c01e9f
SHA11b4d510a137ccd9fac74036bb34a38273f7babe7
SHA256382619643614d0f48aeb7c6e1f1509fec51b2f797a9539863650708776add89c
SHA51248e46cb7bfb5ba779d8c8e7fe14c6ff139cd018a8f2f31072511c2a14396a399c5c7b3e4c024529bcf138acba0bcbab264cf16df9f134c131540a1d43de67311
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50ca6eca5bd8992da0bfc038797470a51
SHA16984c21fcc2a5d7e143a471b8b0bca84eb9cbf8b
SHA256832f75f9f36e61bcd824d8927c026a33b354b259a575d18f760f8e78d952c4e9
SHA5123f4bc5c051eb2fbc396cd149abac40791aacbe36eb1424b181d97309124b1f6560dd648d2187ce62b72c6264e756485342383d0e3ec553baf8507128738064fb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5536984bc0f9b38e8f7c48e1f4c99d595
SHA1150d62be3a1a8c4e91b50c2527b31c862a4df277
SHA256df0303d9040734e5419e349b9e7c65c071115ea5c8ded4b464bf8dd5c04ce24d
SHA5128c5aa64bcc19311bcce2266f95c4de7e257e3bf55359839df0d1d1c36f5a213ae7c313a49c2ff0fb78080cf4d90933b9c16d91c39f8fe41568b5f31eae2e1e20
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD5d66a2b1b43046c0c9c1f540051ee9b7b
SHA14ddddf13a963042887321f3ddb422496556498e3
SHA25696b88b6207d05906043dcb79fd9dc9fb49fb5ba2d5820832d05a119d720d5f44
SHA512d10274323395f13a9c73968480899450eb10129cf0e7bf5f98583c25b99349ba73b53290547af9838dba8808fb0e1c49fb0200ca6b54e23f5cf8170c0c7986de
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\f[1].txt
Filesize175KB
MD540303a1d6a240ce2a3f94e6cfa5d1124
SHA14fbee8fc7d59bbaf70c63894f2755d24dfbec53f
SHA256e4b7c6a6fb8e74c61a69e2266b73de55ae5324b6ced9d7093e9fcdd02d90fdab
SHA512819fc51fbf809647db50113b247c7151067dde290c5d78ebdea32a527452762f9885163e5e128822639c6340df661d011ab87ffa5b077f350ff1427d77608f4e
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a