Analysis
-
max time kernel
145s -
max time network
151s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
29/05/2024, 08:23
Static task
static1
Behavioral task
behavioral1
Sample
8017a3bfd86b011bc4e34fb279c5559d_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8017a3bfd86b011bc4e34fb279c5559d_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
8017a3bfd86b011bc4e34fb279c5559d_JaffaCakes118.html
-
Size
27KB
-
MD5
8017a3bfd86b011bc4e34fb279c5559d
-
SHA1
b4b66b50bcff94039ad09b53e688caad263c369d
-
SHA256
fe7e017237d2ce01000b6f1aeaf683f2375bb902e2d563d206e281dd43507a74
-
SHA512
a578ed18ca60cddcb6d2ddc4636599ff0a282b89e61eef2245126bf5919b0f9b84d971e316b5a624b6807566e90366d9f7c7463506ed95d5969ad4fa7d69b205
-
SSDEEP
768:SOJpCOAOtWtqtytYtXMzE7y2Vnsb7n2BUSvoEP:SEpFAC6e2gXMzE7y2ViEUSAEP
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d091a7a3a1b1da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005933cc40d58337408aa929a0432e39dd0000000002000000000010660000000100002000000047df5600b2ceca5d3b442e151c0a3f5849376e4f2b8952ac475a20f19efe6f9e000000000e8000000002000020000000af3830033e9ab694df1550e6d8b0e1996ddad5e2973bf239bde3602ecf99ae079000000053c6b16ba4dacaa2a96e77895f57e3d3c8dcbb8d117e0eab254116b968e65b264d39dad280c0d42abbaa5af1d55e14b8137d34a660937ad70150dc16cef32d76612b304920b190e413562b3862d6225aeaf599a2d340dd710bc477761723fc3b5b29bcb4185ad5a5da5b97d3bc3ec3685e2e9be407027beeef1355d333830fcfa8424f290f4ce24d3249e2b6caa86c9640000000331f24db72b6dacbbb326a9bd4c8e9a8d6e8a146c3cc0c9b091f7d864f1b24efd2876646d300183ca7fc1323d9560e721ba9ac9faa0df801e6d59788cb9ff465 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423132909" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CD006071-1D94-11EF-9A09-E25BC60B6402} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005933cc40d58337408aa929a0432e39dd000000000200000000001066000000010000200000001be59b7fe79a6accd329048f93ad315a0a6daa0f1ebe6721c1615cfd199ba949000000000e80000000020000200000004f2da75a304d9f19b3e48b36f018311fa1a00ea669678f6c10c99960e6ed58462000000056e3a32c47d338344423f52d0a0a6491df0002978f929d45a4256e74ca3a9ad740000000d157b028cabcf14733565e19d6fb1c42125090d411a6373ba063137e57e460b32cb7b89d533484e8016d7f1707ac673f946b2b206d82fe4626adf92ca9043a8c iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2660 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2660 iexplore.exe 2660 iexplore.exe 2556 IEXPLORE.EXE 2556 IEXPLORE.EXE 2556 IEXPLORE.EXE 2556 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2660 wrote to memory of 2556 2660 iexplore.exe 28 PID 2660 wrote to memory of 2556 2660 iexplore.exe 28 PID 2660 wrote to memory of 2556 2660 iexplore.exe 28 PID 2660 wrote to memory of 2556 2660 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8017a3bfd86b011bc4e34fb279c5559d_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2660 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2660 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2556
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5252d1c04304dd9b09e94a1adafc91831
SHA12652bc0342e206c3654261c909d15dfae538fc0c
SHA25664dbeb74fb72fe893ab6b60b21f19a8774170e03cb583a847391300f1e7cdaa2
SHA51243d00b4cefbd127dfcd3658d020a171f3df67b4d4e36dbc06694f3f179b429fbb272630d536d217d88022db7253f6dcf655e8abd9b4916067e589af9a47e5dee
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bb95ececaa39eb2f53cbf4e1ececfeed
SHA150f07d9383ecdcaa1c907908a54b01fdd35e0426
SHA256ff0aa32ea05cf4ff33377940a5159101ec6c738a72ca69ea1714422b7aec012d
SHA5125e754ae92ac198c10eb72f50d7cf1c5ebd745239a79accf874bdc70cd1955b7bd5c760bea068d144d6c637b9dd910bf348044c58543c575b9d0f535cc916bef1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51213910a1b09bf7cc887732861d327b4
SHA17af76eaf4a8ea54aa5a270929fa62234c0f36e20
SHA2564ff8cf1c4bca742a52fb5bb43e46a65f28a16a9e5516a9af8928be99af52211f
SHA5123fed3f9e39d7f09f4e932ecb2df5f33534f839edec0a04d5d67ba0be477292e069ab99e35964dcd13827278a05bf0447180b7ed8965483cdcb22a98146311bd9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a9a56e39573dbab30741341b5cc6859d
SHA1067d02e77952babb7fd4f53870c3ddc5dcc9567f
SHA256f3735751b8fc4bf88a06e61259f2885693b3fde01e32b935d2b60c36504a9eea
SHA51225299cb504bff1ec2dabf5c64bbfaf7cac6d79673850dcbd5035fd0aa82727e69e4788e23997fc4ff36caf084982d2fc7c1de4b1b2992fea6cc3749db88ecc1c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b34480b8d400304551b3ed13efd884f8
SHA1e2aab7d396846ec0c7ffa57258196fb0ce9fac6e
SHA256325712331c1c908e39590fd4318b99e1485115647c6fbf1de66a9d959069399b
SHA512664a90167494ec295d9abcf9cf8a8763ec53043182c285a625153b741d154be333a7840a0556b8cb4d18f992fb6efd4eafba64113dd4724fb9b99f1bb523e6aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD548f2862212b25baa56faa49a5a7f50d3
SHA1a0204ed58aab61af359555b6d154a928a3fbcc16
SHA256ea40bda5d73816b81a7cfe6119d38abf4b076ba28bd83a167e078357e2522742
SHA512b83f8e582dbb80ccf6354d6aacace1d1a3fcd0202839a6b2409f0e71e4f63eb0e3935ec87c2dd3bd370600ea75d0bc21799f816e8b08787e01349d8e872def43
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fd65ae7846543d57decb0665758870b6
SHA1ca265df4a9a6e0a8fc82f6a13b6d90650142cf19
SHA256d6c4f5d1b0090b0bd271cc5f6184ce8dacfe4b60f6246a230005c98905e0e567
SHA5126686aaf9d47831fc142dcf57ab23bf1b21ed14d643b78e469505e7bb9d2f1af57c18077bf3cd3199d1625cf36c276982e960ece77cc6573877d27c205c97b43a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50bdd87de177b6fbae0735283b2fe2cb6
SHA14991bb17ce22c85f951ef9b98d2b42351c1cd3ba
SHA25602b2c409b1e55636835aef94898e56ea0e62cfea6438163ea5e0a65af15dae22
SHA512c44a34bc64fb866dd4808f213781607a3b08feea9b6cdd65aa8f19039f2ce71b492e3af52290f18fad656bd68b4b12b15d53f68c445dead9d48decee328d0a3e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57d8084725dc993cea5e5d2facafd0de9
SHA18971f95575174adaddefdd8d6b1a354ebc45cdde
SHA25688c048a667955f52075af95b5819bab7decc6f609530da93b3507bf2d1952587
SHA5121a59cd7ac39e4deafb08cbde05132d7db8de286a1db07eae04f8a004f2014a57d90ebee5a1ab540c90218ee81712cf28aef0aef87fe7b7796ec9ee652922a36f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c21fd8853394dddb6756db29cbd22d79
SHA14fbb325fe87bb82f1007ca3f9b2a7c736aa24b08
SHA256f4a06f23d4faa334aef14d508493a4e11a9032842130330b35ee9ff097abb602
SHA5128f743743ef1b6de9a3684990fa4f08b77f71998c85218c0b070386265f25ce8635fc38ff6d9d72f2bc1f6966adf533e2b1ae08b56195e8f3ec476409d0b7c2b6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5131bfa790369adc057da0f2b6bda7079
SHA19b604d04a370e968f828e815bad0de112c3d6d7f
SHA256b924c9ba63dcc727f19f00b8a43992da7c186c8d442790e63136fb5ee1ce08b2
SHA512167b032aaa9388316baa34e4f0a24f0d58ffe4bad389fc0add35a52a9f97da470b7e048886b61ddb5d2608aa7a10c4a9a219c1b9e7246db94d34c037aef35489
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54e5dcaced93b8777a15f59e06387dc33
SHA1a7421a308e4a56c39755904aa8cc43092db4e5ed
SHA2565fc6fc2a48078b40c5a34e7ea576cc9a0b22ad72a59b808f2c1414ea971fdbf4
SHA512d2e50bbeb6b70672d98a8760f534da11d91fe505b7efe3e4805a8f81b0f15cdf3ff4885cd9de0d10f0355f6f698d73b5066bd215d6474db8a241fa9ff7a12121
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58011d68d4a0a607e5494c26d8b258a36
SHA1780735770c964ebb24993792c5a92a66c5040187
SHA256b3f4fc9bdaa4c0b04b30981a1a0a6cf44be832ee6904652b3756b62dc09eb092
SHA5122fe6edbc3b12893b2cc7fd0662a7db06201d54a0f48fb4a7a6da5093fdfcf3dad222fb2adc07c09840aaee7434218d20ea07d89bfa6a45b2fc9846c072d224d6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53eb648c82a92a59cf5408a97b49e5e71
SHA183cafc023e265c06fe310464f76de38e3e01399a
SHA256232860fa917eec383af1372268824ec760c67fa19378acbe0f0677826de6f9a1
SHA512a9fd3544f5b1f415ff00b32b0484d0edee597f4d3178eefaee71a0b5f40a5df03dbf7c1a04692bdd2dcca6c98755e1c7cbceb35ce871ec574598ba51e88a84fa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD521db01bb8b2ae85d00821978986b21b2
SHA174cf67fbdd84a2adec3065d17d5ef002dca5f6f6
SHA256f1e42f0bb97603d7ab0f63e6ed0420c52c88cf3bb50a2ef65ddaa7baf02fe8ec
SHA5120d3fa89e8f993227214c1bfd5606f3b0b8bcdbd2d3d432c68a3ba5aac046741060c0de65097654476ed72c61b1cbd6e38cb2c2c2b60a688c3a1061b9d0bf4883
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f02a05ddb9880b94e5913dfd17857030
SHA1f1374d1f8ccc335ca55dea35cd69062ecba5f989
SHA2565a8482d4bb1234bb504c435db76c6dc0d26f0a2fd406e2a9c26e9b79c1949e95
SHA51250c720b13e38360def05c85e7bc300adcc60c6b34ce8f7116fe8ee67854c69ac213e722820254b402ad1607c7fae0b884b21d78ee1d7fa487bffe36eeac39f6c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5175129ae0a4227b441adde6fb1cbaae8
SHA196dcd642e4faca9c9da1c23496f2129ecd386cb0
SHA25636821e260b8eddc4364e9f16528c67d6f95b6e878b2df72c202f1388efcaa423
SHA51242994c9d78f747b55d14b7b3dfab64d5f73e65f60f1781c870621ecc11e85d90d756881f052ed2db2d257bfa3f6f3fae5c98f13e82d5d7364725a56c44e2388d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD544f1dd93c6941b0232a8e503f701ce65
SHA1043f16c93c3b4d00c8e8070a6877f9b76f082df0
SHA256c53d2a46cfbed818b4f16353caf90c0f48a3b996c17240d6bba709bbc93d60a6
SHA51289a2c6378469c4028434eb1d0f4da6fe7fd4195f715f3af5dd3c8802b7f702caaf24254d03a6b0b57f971f152c9edf45e799aff9db29364cacf464601f100c38
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b