Analysis
-
max time kernel
134s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
29/05/2024, 09:30
Static task
static1
Behavioral task
behavioral1
Sample
8044ebf5882ef3be80f8d9764415dc10_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
8044ebf5882ef3be80f8d9764415dc10_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8044ebf5882ef3be80f8d9764415dc10_JaffaCakes118.html
-
Size
3KB
-
MD5
8044ebf5882ef3be80f8d9764415dc10
-
SHA1
4b37ecdb78d28ca344402a592501ddcda6abb3ba
-
SHA256
95558ea7fb5cb4cfbbe5d060cf859cde7f19aca115aa1503ccc38a3934549b6b
-
SHA512
330fecc650d6c145150db57e9644d15baea9be156ac5c519d3048d464e2b48bae3d4ece5d84b745c1cbe6f45f3b56b345c32ff309481b801d774653402fafaa7
Malware Config
Signatures
-
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c08c83955b83404b810e3aab534103ac000000000200000000001066000000010000200000004352816c3559718b5eef74865b95fb36000e82402212ae71e4ce69cc003f308c000000000e8000000002000020000000df9e6d456b721ca9a3ddc45baa8ef4d56c81b2f43304f4f04ec2319caaff90d590000000c9fc0a2c82e7d94cd10992f9576c06dc02ce193863a498dc75b288930a96203333ed5daa9420c083aa851272f8ee0f61355fb50024925e5a98ab78cd844cfff9405a64c6b5ffbaa27d8254296feb39cb74aa3d5bac1cf84e43bb8a0f9a5f86c14f0422a2011005294f6d2f8243fc93d7d846268c3bc4cd281a3d759262899e3be0ff7be2c2058ca3d16602ad07404c494000000082f357fd0b2636a3d2944925bac0c5c7a9e44aaa56381eb682dec33481170fb4ba2dda19509d4b437f6278ddfe0339e08896637a1dfa000465ac8925c9b776c1 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423136922" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c08c83955b83404b810e3aab534103ac000000000200000000001066000000010000200000008d433c0fbad8e4073f485faa9f116096da43578bb21bf81c5a69b0c2b165efef000000000e80000000020000200000001ac67a15f6c8e4ea8b62f1bc0402e2cebfe29a82ede68233fb4118305ecc4333200000005b17e5de61031a7831be94fbbd13bd290e5c766740a5aaf5a046835cfc05717140000000156edf57ecf6186fcfddf10c8f21d8cd962eaeb70bf78ef72e3cb33fc5dccdfaf9e7d72840fd4e40cb62431c925140a79a2c03be66bc5d5b705f6cabd9978f75 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 900e2efaaab1da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{259DEDC1-1D9E-11EF-B54F-5EB6CE0B107A} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3064 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 3064 iexplore.exe 3064 iexplore.exe 2532 IEXPLORE.EXE 2532 IEXPLORE.EXE 2532 IEXPLORE.EXE 2532 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3064 wrote to memory of 2532 3064 iexplore.exe 28 PID 3064 wrote to memory of 2532 3064 iexplore.exe 28 PID 3064 wrote to memory of 2532 3064 iexplore.exe 28 PID 3064 wrote to memory of 2532 3064 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8044ebf5882ef3be80f8d9764415dc10_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3064 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3064 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2532
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55f2622075bc0b2fc09c0b1a4b69a3725
SHA1fa6777cf518226a29af235cee8f4709b4a57f41f
SHA2560a2fd72f7c64e6147a372b518988b04c5e913d34a6787eec9bed67337611fb0c
SHA512401f98aa4e2208df03db304a6ae9e205c4b75073cd346787ba53519d729ba90a2ad1aa024d5c1792cff426c85ce71b57cfa85722c883c23337856b89f620d52e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5455793e03cdcf2e5c5063680b5f5569a
SHA18c1e245336d86e57c2d7e31cb14b7f09d05a392c
SHA256606ee357d67f0f332ed90d5219031b89b4f273779adad78c29670ea1f977f6ae
SHA512d21ec29c07ce0efb7897e33e855a18d1b167d68d55f8086e128a52ea8b1cf0aa81be4466cfc71cd775bc6924bfcb29d31fd8f2ca8dc1b22db8d0ee0e87e2f76d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD575b14e5ac6324f44623113337cef8d33
SHA167aacbfe00349bd085083e954b4f0884ce60f0f2
SHA2563dc87d5c864fc2edbaa77ad123ab18c27eebb8d326e5617246431ecee7a3af74
SHA512190411bdc6bfb4bae788aa7b13aa3157934fddb3ccdfd61bc4fb0a445899c2a66bf37d144798393efd2ebe57532f9f9bfaffeac573781d59ecf0ec8ca7f6513a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5eac1f4b35d8600f37e994d77e4aace4d
SHA1c54d0dc065e4e3cc6bd93eb26b6dba947a406946
SHA256f65e03fcfa94fbfe21a80228c91e5d2625c4e0293d22059f0765471d3f64e52e
SHA512e937523f8b3bba98d1feaa5422b47aa1106f8fa351a3cbb87b0cab015c8dd475250debccb6ba967d9b00463b3cd0bc8f0b6d287ec7a5bf8a53a524926deb1a46
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59f6d0f1b6526f1c41266cbf37ea75cd8
SHA174a896db29a0bd84c8e0cee57e492ade2ebb9924
SHA256256700a88a7a5df95d511bbb78120dfe945e738735265eb34adababc5a324ef4
SHA512992836bc0dfff4404eb259d92d8f9b6d87dec733dd936ee646930bbad0d84cfda5cfc4994b1cb8d8be951fe8acc4758aba3d0a017bd303301fe5bfe5d5c8794b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58952c1f03b17c0574206b22910013e45
SHA1502ff08cb4895bcf0af2379d28870bbb50830c65
SHA25640f42284543de3480320310b27fd458ca5d4b9b8abfd80f35cc88d1de1a316a8
SHA51213c29579fe0075c799390fd0cfbcdd098429863ee408e89afca2cce1edb975a940621c8374527b4aa95554b5e5a0c67d4d0b39f1ccc9c5099ffb3461d564596a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ac0411567ead672d5f6d40fd06a359dd
SHA15dbd2d06ee98c3630dd9c4b614c4e8dc9857032a
SHA256ca460e776399e7f84024592435701407dbbd4c0ca564a41c899824766a15fa8a
SHA512df6c52006c6f3aadd3529d599e21ac3bc0fe132f90dc512ab9c9611148cf774a32ae6e3aab13f31632f3d01c7f9e6c9e157309748706afcf10a37c0b9a6f0001
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58f3e9954d07a006558171d949d4f5992
SHA1fdbc749e428ff5a2c3237d2052dba9b66d38f509
SHA2569b1774d02b6578036a98e1d5730d2629b965302810d12230c09ee8ee907e70fa
SHA512d79ab54d82c83d674199b41dc7503443c801a1edce47bbe4e912ca99d2f05e1f8075d415ea7a08e24dd0e715291366b487a1390ba1cfc6726947d6df7dd93096
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5429593ef1a45bbaff05ab144c7cf4665
SHA1db18bd8554a289052077d435042ceb8dd24d6a6e
SHA2566d9a12cdd8062f28e95573e40140dddc00beb6919e74905f29d14d2448290657
SHA512fced9d29669a4c4a6396db3ea62b960b56d59a3d2a03ccebe7fb5b37a954244601dbda2e3dd714396560842f0117f2a2ba1925f28d74c74f35d71bfb7bc7d969
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57265a8b4d041747cd1f12d743af13345
SHA1a1017393ed0dd23a5c967d0dc4ac6cadf11ad9e6
SHA2561fc9df9a6a60b945b8c905d4c83a57ccd53573da42001da244a500d734455825
SHA51244fdf428cdd50bd9ced632a2f3ee8b3d86da9cba68e0741609528a95b953cb07f68bee3ffc286ca8703137877c937b9d3c409dd8134d87759881698321d08f1d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a321697c610b2e1a01aefabf22ac6955
SHA1cc8670267d6b52fca33fd5949052ef4b9eb764b5
SHA256318b5c5fc986716350badad46a7290f5d9d3abacf2e1a874d71fb64b19f4a9e1
SHA5123264b2a49d7151eea1d7a8b81cab314fec10931b7f028320efd68b3fac4b5be790500adb37fa9891054a89017a1b132544b556464747229f017d4a600d161fab
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD503781727e048c884732d4aa645e47367
SHA195cfd0aa4f1700e2018a7ae795484dec545a136b
SHA25610bdd9a99b589b12016a684995e01a919fe09353d71811d455d5452dab2af857
SHA512e518e9fd4f24d8a663d9319f42d46aae4acc08e0d70657479636c22ba282e9d04ce16a4038c793fc37584160dd730b230db4245b48f7c468dc7720854a206577
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5210f6fe129789ff4b6054efbac84644e
SHA1b8dd2ced141659deceac5a33746f00f210055f49
SHA256ad51af2c27373e6838a56e63d149bd49625f43065a77f6e92e43d142bfb2a57f
SHA5120d749109d1a5f58b8b19942668bf51dca8bd890ad6e04ecced9bac52158cd69c1a82faf342fa4813baea3fca7c716539dd5aee01906a99bc3a55a7909045950a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59ac57504ea2274b55f7e021071dd807b
SHA16412b40ace77ce58ef7a0c9fb79ddf7890e82eec
SHA2564e4faae87245a6eb2fddf894d22f0109766fe660dbe5a2bd70355c47f7f3884c
SHA5122e93259a6110f73edcf2a651402c3c19883c27786f7ec904d167dea04ae1689abb04053e35f534e434aa24960c2cef2824e1c483f9b9715ab09721953e94e893
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a66bcf17b8a130c23618281686fa15e7
SHA142c06f8272a976adb5147a5af8a6d48b6be61c04
SHA256f7bd80739685fd3a7fc08feeb686db29597619241cf86c748fb3adf5302671bf
SHA5125ee2ae99418268cb2a48b4e5339b4292d53eb27e0a3651dc92089a6f7598db58e604a8d7115133ee3be57d730c1aa2bff615118f7a82833a9d37b071020bb915
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD536f73bbc14c6f723b738923716c7af0c
SHA15895b9cbef9352c07ac2e3d79b36956294d088ed
SHA256746da36cabd8974f31ad5d400fae36679bd56704f87057450b10da1ac4d9f5a2
SHA512ec5c394a1c40be53a7e145724293f08a24bea8a1d5a4635473e9a88e642fd6665bf09f237962bd7b86a54de25d6ca730d623437acb4bae499feeb31cdb55530b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5af6b8ba93f1f1807778903872d2891db
SHA1fa8bd416c0aa263a1a73e3073a610e55b58095c3
SHA256994ca07e2de3c301167839c301e37f113feb432bc018be4f6c6d3de06ff66d63
SHA51221c1a3e63ac8a739f01c7eaded318967295f9c04001b8723d925885455d0b11ec91c4cb01b5a1a52c3d306f450af117e308f1ced638b9042d1a5a23223b24e42
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b