Analysis
-
max time kernel
133s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
31/05/2024, 22:25
Static task
static1
Behavioral task
behavioral1
Sample
8890ab738d4747286fd24fdc3239ec71_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8890ab738d4747286fd24fdc3239ec71_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8890ab738d4747286fd24fdc3239ec71_JaffaCakes118.html
-
Size
945B
-
MD5
8890ab738d4747286fd24fdc3239ec71
-
SHA1
960a47f7ebccede27d93c1e6873af56e1d971377
-
SHA256
2f94a1203089a41af85aa220e834737db8c5ea040847ec9607193923c6bd4174
-
SHA512
374e7c9725d05d305eee8e4b9eff3bfcd117193a2a850fecf0cbb8a4f5970b2056322d515f19cab2b199dc6a9f3c0a1f25f1089c1a66dd1447c70354ee584109
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AC9A8631-1F9C-11EF-9591-6A83D32C515E} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70164681a9b3da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423356192" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008ebe5dbaed1dfe449222700e5322641c000000000200000000001066000000010000200000006ddeb2f5cbde74737efbb15e3759eb344828ec6c435a6ad02550807ffcee9058000000000e8000000002000020000000747e867e444e040a830a42196033f403dc8bf738d1d45aad8bda06b4edbe0df790000000a667b427b1310ae4f4b26b6c945eff8b8f1e6c3d6be739966703e5ef173c742e3c53a4d608e51746ff4b2cfdbe8757f34434ae25f66c7ec5ac2ff7a731478127a91847c070427b6ce2a69bb60935d5de9958eaf6243e2cd8ad4ffbec34076a498a54b11370b16330e38d70303c329a309aba66d1bf03b47bdab0416231c888b55d662acb46f237878f5fa383e1bdd8a84000000087c7bdd97532235d1816ffeda29a0ef09d2bb9a5205c9feee8215f34ada7afd2cc22e4a0af8c2b1f9013325d729ac5852daf319f044c8e1c2a694c03f93b9ae2 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008ebe5dbaed1dfe449222700e5322641c00000000020000000000106600000001000020000000c51b88adf9cd41c56011c02edeb9d9a75ab90e8fff8af9bdda3a68237c4c57a7000000000e8000000002000020000000c2cc0e2c4ea9319a45ec3ad396661b06cd5018d6ca2711f723cccb50f597123e20000000620090b0dc59e95c40a56da66d7d03b15d36e9ad95a39d02fd6846fb9015953a40000000270bf28801e12cdbc7539eda45f8e5aae5dc96d2436ce50b4f3d456e36160265e649eec45c326e065c531a32f132c867001a8bdda262e52c131a8580af63cf5e iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2968 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2968 iexplore.exe 2968 iexplore.exe 2528 IEXPLORE.EXE 2528 IEXPLORE.EXE 2528 IEXPLORE.EXE 2528 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2968 wrote to memory of 2528 2968 iexplore.exe 28 PID 2968 wrote to memory of 2528 2968 iexplore.exe 28 PID 2968 wrote to memory of 2528 2968 iexplore.exe 28 PID 2968 wrote to memory of 2528 2968 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8890ab738d4747286fd24fdc3239ec71_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2968 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2968 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2528
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fde08f1dd028b5eab44ec1f558dfbdfe
SHA1134a67151fd28c05576ccf2883e5655d2aa8a55d
SHA2564c5cb1f166ca572d04e3d873e61f4c0fec682864fb0604be17c93cc17429ffed
SHA5127197c07ee5e242cfa2cc7426f003caae94cddc6ae3b81801791a251706b39780ea81cc2a45f87db81a20194db21463c8659b06c4418993efc150a3f513f7e362
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57cd193f797946c5a2c1abb01e44db423
SHA1176b80aa7636e49f8ed62ed4b87ebe3971d689b6
SHA256b8be47045388db3da56c86f53ffea9a5573acac83e752e9ed29a899985d78ce5
SHA512ecf2534eb865bd2aed27ea91514e0c10332e5bf3fd59fa2142feeabe86ad9a5e85c6ddd7f83e40c7e232658810c34c683c2e459d070d634e80613eb700ed257e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ed40bd2efc8cbc4eef6a28591d0aa576
SHA102228bd123b29c7cf11d08def4fd7c3c78419e2b
SHA256425b3c941a8734b97e1800f9ba5d8f89cf03742270f292c33085053189ed926c
SHA5123dfcc3cd8e9a264cf7c95f215e761f39e1d44fdb8c64eff30c37763f656c2faada2b8f9c13b1f7c26d0d8a9fb70b6c04bf772fd8a750c15d776e4029115623ca
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a5e8f1923fff72df1a4c41c21dfae88c
SHA1956bc53a1421168e7132ed3e897e12b62efb9a87
SHA256022515323c57a8483cc66784cd8c090e6f1f20c0b4a156331fd1587aa5a9a926
SHA512304b437403864bbbdab6067628a9425d7c5abb3a3f389eb5ed3dede08c1a9692371d901f252bc78d57c8acab1bf97ad6c0f3a83f78426a13063030e6df007122
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5296013d903d31c0666e06d706672b598
SHA127f51b79c7291181869fa11c90db62ed68e65222
SHA256e3a65072c23d830481fe775e4e81c70bbbd231c42d0935f2eca4b3277943ab33
SHA51271c86b8e747696b2fc176bb76577059a8a5c458dfe95a8637ca0bb175b8d905123505594cfc8539580389e656bf4acb9e18a6f0f3a1d1c42f0f18a9daa3dc1b1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD515f4616fbec582da5287ff66fa92df7f
SHA1be3dab0032f26f32219907e6e9bf28718e2a005e
SHA256289a8b19caba04cdd8126fea88e4a4aa0c4ac1fba8ea96cdad1d5e287e60f83c
SHA5123e07b58b848f78c837d0a30a42b0ee6caeea1c05cfc5083538d7e094e93f425429af30204ed67e3a9def62fd622635849e519b0f0d62505319edf5211076e4e2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51b846b82efc118ebfe313ef9d68e34b2
SHA125e26a85ed6de3729c714076112ac8d9346b3bdc
SHA2568a8cc54f101230ca8320a67e8782baa6ae5624d94fd5beee6488e5caddcee83c
SHA51274da98e0324d38c361164178a964bf4f93e77fc1b035b908710f1e82891a04b854865e9c6023e178783c13aebf48ee23ea432c8fd9e91d60b98f9007271fcf9c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51220bc7b3884e7dfc17a59ccd410c297
SHA124ff61f3367af41eed94db04472e13ab0dfa2e5a
SHA256607da20308ca4a65709a4401601c2bb8c62c7b5ab9b6e25d56ee2927aceae464
SHA512bcfa957e40aed9ccfab7889192b6b40dd4737e080f02fc71a2c320294b957b1bb89aebfd9de0232e046c03eba74e21f4ac1ffb36df3eef51f0e83c111baa8349
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52a8c98c798fd4641fbdb2e8351ba9093
SHA1a808ac5fe3ad6655b98f30701dc5efcf38381b00
SHA25644c399088e9a9c49342af062c2256b76ee4c601e3faa659d7ff7496963c0e359
SHA512e2c21b02459d451976fe5b5f1fd2042269c7b75a2ed5b0ab1afd3603537a229519dd951671b9e2deea8c9712fb5bd3c392bf2dd5999bdb94091ad0655a1d9908
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD505d708253d7c4188cd216c0c9cabc04e
SHA18118e31721c0057251610dd24f1432bb03524f1b
SHA256e109033a85418b5e4a69d8307e93d60ce3546257315cf5b49292562e32d8ab60
SHA512291162625b49bbc564abf2b67a22970bead8e85fa760864d192f73ccc080833baf9285253df6d68d682668caeeb9b1a978124375aa6600080fb478cb387563b1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD574e39612b38b6dcdcb6e40e385c8d771
SHA148a7687e86dace6d2ddaeeeb1ebcf30805e9316c
SHA256e8089c062ee48bd7fc8c066cba080b5c5d32609cd05c8bb40d8ef7d844ef217e
SHA512d3425a5bca43fd1877dc5a05af2ed993beca5b5b5fb910744072e9fc09802e0de2805b76e045156f00d81e51337c022cef54f0cbee820208b6d0971c6250a3b4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cd72b107ba7cdd42fd1bb78f18110c69
SHA13fffb9938bb799a752d82111a752ae36830f145b
SHA256d42585d92a8d8e1c38b89de1675151aaabc7f31c55f9097aa280ade4fb8e38fc
SHA51209e2d8e3c28bee217f9215b235136259632af5fdb2a7401ede34fd534a27caecd1fad9bbdf730b8073a3fd5add4704f0cf82c63849012dc8ef74a74cb8f5e08f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50e65a596aed8ac935cd542c2cb490838
SHA1bb50cb7526b3913949f2007d95dceaf26b54d29b
SHA25675456af27459a3504680cf570038509485f308e4c0addf954bf43ceb93869f59
SHA512c2115d4ec232b4265ba3e05c7756ffa5cbf8d95c7228e2587920752eaa6611c2ca021863612313fd4ce7e3fe1a77b33d0b1d44412cb9da79343f48ec8d5191c9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51ecb824351d189894c291a05329c5ade
SHA1c57ecf68bb98479ff9f3370b409c1dc3a9cc0adc
SHA2565323e607ba7726287e53728b3072613c521740163cc0cabe58553d208aea8e53
SHA51276297a2cf39e9f9a01490ba9a95d7259d94f343e9c509bc621ebccf4149328b2b9c004005f76ebf1aca75e8c52e3c8996f0ba1257ebf59c458a47f58292d0e9a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ca4964847ecad3ac897bf04b3ad709c9
SHA160105f52d4a2cb577046361296a45eb8a147579b
SHA256d5eed6fd532164ec44556cfd4f5120ddb84fdef81f445ca92226dbf1284596b3
SHA5126b0883dbff5b87130bf09e4965d3a8bdc764cde7cd5df9eddf645f566424f7a8d504d79f178afa29a4f2b9cc692b6243716f17630f9af7b893716c627622043c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5305a18d6d1338f41c669a9f7ec1a8b64
SHA193a609eecf34e9e24364431ec52f948dd3935766
SHA256ae127c61f820de5a60fad99b0e87c43427979d46841e3277251e499da4a586bd
SHA512c1861b9bd293d5b5f731c0b9544af7e08b1b470533134883613ec94d6b6dddf2dde4a2820e92224b21b66f23e4d07f41f1dce75e31085f1ba3a6c0948c2988ef
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5eb8421834acfa96cabade9e243913a1c
SHA142d00fb9a4f4baf9677bc104f74803859609dcc8
SHA2565c87d934af6d170451db97a3bdc7ef9f4e21dac71f74842e45f386217578933b
SHA5122fbeeb73c4b6f9e8df74ddc5c70c9b8705f6613ed2c67ceffcf8a18e99b65ef76a3bf3977d33d109787586dd5fb139a327f5bbace45859fdb64968aa116d9fb8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fa8861b07214177c6c93252a155f457b
SHA175b8e05d570f7c9e88b21f3d911cd27fe4f8ec5e
SHA256bfbe7a1102f0f1616e01ecac8257fe18340ebbc687339abdd2fcc479b9f1c37b
SHA512ef22e7c50a493829e9b55d6e7578dc1007e4a29659d027f7516ea34598932fce4309819b9329c101fd90af39363ad6d865db879a7cfbe46e21918ce5ed8c2a3a
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b