Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
02-05-2024 14:12
Static task
static1
Behavioral task
behavioral1
Sample
0eb86370fcf661a8e1252fee1c1d68c7_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
0eb86370fcf661a8e1252fee1c1d68c7_JaffaCakes118.html
Resource
win10v2004-20240419-en
General
-
Target
0eb86370fcf661a8e1252fee1c1d68c7_JaffaCakes118.html
-
Size
19KB
-
MD5
0eb86370fcf661a8e1252fee1c1d68c7
-
SHA1
95e561ad653ba80fab7ad1f6d1908f39e9de2954
-
SHA256
aefd8475e1597532349310e08290221e0bdfe2affd555c69a4039289d1cc09cd
-
SHA512
5bb6172abc5f9d35990e9cd8130f3a6b0c1eef823f9275a3a42cdbec318bea76aab568c2d516bfe506fd67d8d33812aea89f08dddc1bef364e47e2f83c91f5de
-
SSDEEP
384:wSgeilu46UFtSu+542t1yZrP/TH5UmShb+y:2u46UFou+C2t1yZ7/NUnb+y
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0e1b2df9a9cda01 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009b106788dea7af4d98683a8983feb7c6000000000200000000001066000000010000200000001047e978473539d399ee45aab3ad68dd5fdeefa80d7c41d18ed44a9cf3e5ddf1000000000e80000000020000200000000f209fee22d0302acfebdae5e872772bdf923ab2d6ff7b04a770ccb000274a1b9000000055f7c5b9458ac3480523bfda0c3f9f51cc94930dde571a7323e08b4d33818c8d0ea6f1ff3f9a896c9a4454623b7734901de1c4ddc5331e6bfca7ea8ff08fd50357aa90bc29118f84a9d2218f94f5757762a63963e30240783c199155462355d360a6e1e8eef2eb7c7263fa4f7e10b3ce91d9560f6d14afdb7e0dd278822e3c95b7ae1d041c9d58de5401c2bedfbb02634000000058544005f67341f91877d495ad069172d06ce434164d550d0a39766080af9b27c9aad9a257fc21ca6bdfcf4627aa6c446de9109db018bc995ca45a154ce00feb iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FBFE51F1-088D-11EF-ACEB-F6A72C301AFE} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009b106788dea7af4d98683a8983feb7c6000000000200000000001066000000010000200000005b62a0caae3f54be0054d674520c29074ea65e5650428d6d2662a4247102ae69000000000e8000000002000020000000dba7e899bbcd0efd30e4a775c038f29537e88dcc3ea991ad22f1e92f4afc7e1420000000e223335049ad067875107e5a7fe7f1f4d11500b47819106f7988b3f421c409de4000000065abd201bc02df232d626ad6aaf554f77b3b8634be10d35fb193469835133335d93a7e00071921ebdeee935e49721d6e629a82010c927811a330fa0f87cb1569 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1256 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1256 iexplore.exe 1256 iexplore.exe 1696 IEXPLORE.EXE 1696 IEXPLORE.EXE 1696 IEXPLORE.EXE 1696 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1256 wrote to memory of 1696 1256 iexplore.exe 28 PID 1256 wrote to memory of 1696 1256 iexplore.exe 28 PID 1256 wrote to memory of 1696 1256 iexplore.exe 28 PID 1256 wrote to memory of 1696 1256 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0eb86370fcf661a8e1252fee1c1d68c7_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1256 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1256 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1696
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ac9e1b930af64aa0d9baf5785662330d
SHA168418082a7b70742ec241bc63d93e53b8227973e
SHA2560b7ed8a0a766b0ec4d7e9688771524bec66b16d3fb83d3477177a2c8623d9136
SHA512e838a01d142a049531170a07fa4810b24aa12a09a44ab37b481cfe3465ce40449562771afa0bbc79f85f3729f1b1d5da6be2900cead5dda996a89a4621eb4df0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51e3a1d1743f743eef2cfc5773f4947c7
SHA1698061a23331d03ce421a8188b1c2324eb57371d
SHA2562aec476d9747d6175d8d5b93dc02a048704669393ee2305f36380d374735d681
SHA51212434e1a55b2ef07bc4406f9fbf67bee254e9237d57bd1c870526cc3f40a289c6bdc510d0719da9f8f2a59a32076d941d4ef59c6f3d298ad83973fc7738e19a8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5504539579c23a7a23f6820df0a407584
SHA174f9792fd93b6cfbc42d472430181168d1b25243
SHA25669012945998626e7ec7b3505a9b36327066552b31d781ee87748bfcc974d753c
SHA512876d6dbc6a654fcf52541f5a7145f6a96b9c89a3d9a1959f90cbd33947decadd700fe518aadf2b7b11ff3f9f2ddbf9797a9523897bf4d91ab721321bce40397c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58a661ff9598cca51ac44b2b0a5951c38
SHA16bf05634f304eac989136ca15dbc501c84c463bf
SHA2562914e3f0a4a0757e39e6465d8e2ce3e6ac99901f527139f3aba823417c7223e5
SHA512ae038e55cc4185fdfefc139341bc3ab1cb8499feecf269c4879b3adc991b0aeb5317520e2a62e6258973d891dac284b4633a23831009e5b564c5f3232032a334
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51b1ada2e5f91f0e64d2a5842c7c6b644
SHA1d75933cb285facf0b1d5787d3707dae7c744235c
SHA256c645ae90b41e453890218cdaf741fc239b110f2cbbae71932745027ccf5c2f7d
SHA512d4282c8acf2b935bc5e2c91f6385734854d3351f404cec876f85b1c875f637973ca4d193672cf7671556f5d2f16deb76790cc56ef6b6db43550a7161dbd126ef
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD537213ad05fac2e7c2c2fce650876a123
SHA1a28296e2ace0bf4f09ec4e5e98b61bd51bc13c20
SHA25654a7aa3d4fc4d8c6dfa540d4283574183dd749eb3656c9217921f60874f49e8f
SHA51242122b4fce9330233ba62e32e0aad4469296792fece5d683e1531f05d60417af1f34fcb0da2379ecad14708506f5b366c97b6ca06997b4afcf3ed6d9ee95ced6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c3a4533ea673ec32335bea2578bbd9da
SHA1bc34065235975d5be8ea2637ee0bec2f18ce10ed
SHA256cebc344c026468c43d14c954e1859f2ad496f79ba26190639fa9c3a5194c51a5
SHA512867584085637dea32c649da65121527691ec2eaf566f684763382ecf5d974ed524c9a4ab47e9c629845c070fa82bb0c9b6a1db47d27b1483768791915ad696be
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52664e239fb1db9071ee608c992458959
SHA16561ed6bd10c40559bcfcf76159150312baae8fd
SHA2566df53e8323352300d1a556a86297778c5908aa29b73748c62e0518169a1bd440
SHA512ebc09a1271475175c331a4615d2272286e05ba45ec0048ed66ad2a72d84826630ad0af6e0a52e4dc79dc284bcf13b0b1e650ce1cc7a520bd054c952cb261fa3b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5877155e09c197365057c1e083b942332
SHA19a0a1461026e5d8391eb575c1114a18dc5f42f88
SHA256bc99f921e4f1948c95946fa94262caec560df48fbfc693467a6105c642f481b8
SHA5129eb4d8be99a105b102cbfbc7ba7c175a5f6a183f24b3665bf88aba60f0dcd13baad2a3d2f06606e6c6498b228ca843d644402a55fd27a99f76f65342778708ed
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a