Analysis
-
max time kernel
121s -
max time network
134s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
31/05/2024, 15:45
Static task
static1
Behavioral task
behavioral1
Sample
8786cf7a6e9842b3f299b0d6157d8150_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
8786cf7a6e9842b3f299b0d6157d8150_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
8786cf7a6e9842b3f299b0d6157d8150_JaffaCakes118.html
-
Size
12KB
-
MD5
8786cf7a6e9842b3f299b0d6157d8150
-
SHA1
9dd1e51d2eae69fa1dd930e98c826481ac4058d7
-
SHA256
902a8a0a415fc0fe2eca43c3fdcd445677c5e8a2c7feddd9dfa71aa847c3c8f9
-
SHA512
eb88479292bd1ab63f5e48ec0b279ef479c933f67281d71d9878710bdea4bcb7d6ad05b1083e0c912aaa1c8bf8c971ac8aadab54227aa463e2316e1318d16ab4
-
SSDEEP
192:pGq8tzYdJJd+0HKEYFrE12u/GnkYVAp7kGdoHAXIuWz:Iq80dgRBnkf7L0a6
Malware Config
Signatures
-
description ioc Process Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000cf994cddb8a938953a9706c2946ddd49e5aba4a6e71b72a9fc891e790c7bca3a000000000e80000000020000200000009945417c9a90e568d43e8e4352ac79087da4bc8622c448ef89fe624d3711525b20000000004a2f82ec035ebd564a41727527e5e3c154c88e99c8a8e12edb276624fb51304000000069a5ac0aaf59f5d281042c16a7637678009117ad4c7354c4a83738c30865fb6efe3a98d524a480596bf5a34140ee2f6664085361bde4a3907d42f07e8a1f7cc0 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D33FB0E1-1F64-11EF-AE43-7A4B76010719} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423332205" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000008e9c8d16137b63d97cb64dfeb76e8026edc76591474a14268492db6174e42ed5000000000e80000000020000200000005449e0ea0f0aa0910988bfb928fd5c7b47f00b95a7c77a6bf222e9e0b227c3529000000017d84878d2b74a08de52ccf4b3a089b00c1e3dc65ab90ea80c0dab57db5bda93276e80bf7e7a8ea12cf42ddc1ffe78e36899f896ee47bcafa3270baee057d293393062f8c4238dca93ea7b7c231587d7ba43076bdf0a2930c9729689bcd4b7c0ed4baddeb92d9b554294b9c4cbe3ad76c9c3d0b490c87e394d8d221db224e3f807f929c39e25a2dc5e05a86fe456d78a400000008b09fdc3eb299d08f2cdc1e9d26d358c05142ccf389a0c2ee1bf1c7c3e1d5f199fc2ab66c36204bc5369cb467c6c774a53b5d8805fdb4b3a2b27fbc7af1b4d66 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 901859cf71b3da01 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1924 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1924 iexplore.exe 1924 iexplore.exe 2560 IEXPLORE.EXE 2560 IEXPLORE.EXE 2560 IEXPLORE.EXE 2560 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1924 wrote to memory of 2560 1924 iexplore.exe 28 PID 1924 wrote to memory of 2560 1924 iexplore.exe 28 PID 1924 wrote to memory of 2560 1924 iexplore.exe 28 PID 1924 wrote to memory of 2560 1924 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8786cf7a6e9842b3f299b0d6157d8150_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1924 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1924 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2560
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ddfb0e427f409b2904d50780e46d6141
SHA1df5c848a7d1df6ac35b41fd87ad457e8b7ef5fda
SHA2563c3d6e2941bfe05abe99a3a36c34ebb6a141a5fe877a8e92169381ae5aed7710
SHA51235e7716d55dd1b2c292540fa1dd7dd34afcf9792d400e6a2043d92a162c1f9cee376363a403c02264fd24753b6c94cdf2ed8241e5f0bea1f3ddc2a267991ce3b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5abdf7bf5eef843def3e65346ede279a9
SHA1ef33ad2d0d5ca88045a0dc319dee67b5e07e7f44
SHA256b1bf1f873bae882d489aa48895a766f56fc1deeee121f3f1f884b71336c0a1d8
SHA512aaa1c5ddad8734f182c7afcd98c0a8a4baed0fb7de97fb9c6a0e99222a8f99811f4fe919e553149e1dc8b77e817d3421f1e6af029a9e138c526577d0221327e7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55716d97cb02646986b16bf5005ff35e1
SHA10d610dda3fd01159fad89d95d262a9a420c5e82e
SHA256623ab507fb574ed1e076ee451d78729b0d40f450e66ae69e34e80927d7e23eff
SHA512309a50b5bfcdfdd4e162f1ba2b036a906fb9e35766faf221419bff3fb449ac352d14e85e532bfd7ac2c93a663cc67a47d7cc2870aff0b5e11cde80e0a0d64192
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ab30da963e0756dd66d0482f2bd290ca
SHA1059dd85ebb3945c2c072fc5c24912c6cf0d3d150
SHA256ae1afb61636d6a87ab781d4988b985f24ace76e479fda94161f676e315a2e5bd
SHA51200928c7ff045059b27a8c300a1cf40cd8f64b98a11b539f359f932119ee36fb0508a8c585311042af32d57853d46a6187595a2d563caad0793a48aaacbe874aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bc56d9c634ccf8a55b823d8c692d77ba
SHA1ca187f8fba1ea9bec8be1e439d4ab881bebbb0ef
SHA2562a05669a8cfd7b29ec7cc5ab6daaa0606e1009592a44615ca91cbb7157570e92
SHA5121cdf6e9c08a7c59c81e643d14546f4e55eaa0afa17b48f0ad9598158a440b2474fceccab9f0db40b5f99f9a2da6e56548f8aecfd5d8d19ceec348f0feaa4c555
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58b8fe4d2e53681c0afccf7a1a8ac217f
SHA1f1502482ad745c2976c877662561a055707eb1ec
SHA256cf3d1d6ba93e7ca8d0c915a0634edd676c49e41431d288d45f425b5943bc4cb7
SHA512c1ebeed712dd58d18cff4082987cfa280f370c5374bbd01b3aa723fcb9f0225a6777183ba1d4ad0f3340d189ccd7cdd0c972cca744d5a9c8a9eaf478b9010b62
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b2fc0bbb1cffea09ee8738f37b0fdb8a
SHA121c78cbaa34f7b7d76447a97e8da7bb87d225e7f
SHA256558c67ad56abdec8a147294c06081778401bcca478841b15aa5c6aace4742483
SHA5123b8901d7174e1e15dc945b24dfd37ead4883ca6c5ed6c8c8d81f8d40b226f30d0534252b33dba7125beb9fee0ff9b50724d446f7852e155630a04bfdcd846e54
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54e31f65b487cddf6006fc3f221af9234
SHA1b96cdc83c75d8f0cc7de7b4c5fce8c60066c0468
SHA256cbfc7861bfba4d762eefb99dd67599384df5cfbd3b99d0556c8680cb15d44916
SHA5126dd950d8a58818398765a3422189a1270dac8ea61fc805bbb974a0859875d941a25cfa36cedd8c54daa79cec7096241dbb686cbb40a15e2aa6610846b210a20b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57f82fdcdb6bc6e0f4f18d2034674f369
SHA1ab4ed80f73c334d823423ea76e1523610cf288c8
SHA2565e04a5b48d09b05d84e1a2716364a1b227fad39fa4fd335a185de400d7f0376c
SHA51222323052d90a36834848c72145961884a28860c9efb21dd0e158f9e40dcc596174c5a980b23fb3c99372ef6c92b0fb2bffaee581fbc41a92614ad3ce82d1748a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fa5e5cbcfe13945d8621b9e71a006b85
SHA1f63bb74806754a3ba5dba83c45892398df1f056f
SHA256ddf49bd9101bdc8aa47d2244a6f7871b3b25f2690bea8e9ede522cd8b3ffeef5
SHA5128f8ae8e137c9950952152f89b2dc8d2d9099fcbcf2897fd217bd48394dfe86da7cc92bc7a448e82b945b98ba0906a66a77169f78b49565ada7a8b4592853ec2e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b0c4ff7cdc11ee218a9c621a188215ea
SHA163720b44c9f00a7b45d9ce1d64504b36d101a70b
SHA256604e079ff362ef4e3ff0053c23e96045800f97c994c2a29f99e8fe618fd963a4
SHA5125feb275456192c40957391de3390f657a4da30ce306a9ec6535f705a3affef89fc0553e00280e5aabbd4c5f14324e1b5bfd45f77b30b4d694b66638723654d11
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54efd7ceaf821a277b26530e60806f524
SHA12c4f46059ce3123208b4a81e376ade55ae37204c
SHA256c6830a980436a4eec4098d6b49edd2f7d19d48212045d81bc184d0874b8590cf
SHA5120da522340b3d12eef09143dcb09836be1608b4191a8b000fdd54baf2327a223ba29dcb0fc9a8d75724d1b8b677c766f2760ba00b2c4373e83c34b8ed93b6c59b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58b12006e453c916be819034b8f5d659d
SHA1eec6b308705e8bd1ebf8c3b4289a69c3da152516
SHA25636b766c274076df6a980058e1984121b347dffb0c60ed4df9ccb8a8bc65a437e
SHA512854e5dae16880ab57ac177569bdeebebbc4361f43874e92391697370f84ccb936cb003adead41965a004fb1369f28ef03c7a4075a00633bf9ac09d3a96490233
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f0cd100549e4fdfb1cc42ef59b93d4ac
SHA1efc5a73110dfe5614d3e529d6bdabeea6b717a19
SHA256f01a721d429335133ec8dd07c69ae1d833ef0150a8e96f91d48c99078cf9af50
SHA512f1c17fa45a7f4c86c66afbf47c0bf7657e8e9ef3c9f2a796d74be12e85e64e724e512ee85663690736461b9e903f593921298a8ece4bc3347b067f50b30b292f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cdbcaaccd0f1dc915e80dad70bdf6602
SHA16355970a4a330a386a05f0ec86018c32ae9eb71f
SHA25629b9ccf74e00d3905a983bb8d4d3e3a3b5a6fdcb1024231b36b7d8a00a5500a4
SHA512485d39f052ab3b74bc2f610c9a076feba2f63f9e347c909b7420813be7edd47845707472779c65907737495b469e2561dcf1f32465c9adc1e2efb1fce1a75b25
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52e94563228cf4c13040c9c2bc6d17575
SHA1e4190bdcbcf6388d2a7b22d69eb04f29941d5bd2
SHA25636ebcfb915ed37fae2b789e1a55870458f68189c4b38b7d750e21414ac8aa5ae
SHA51286a4f8bacac110724e1369e79fbb3310bb6dcb6da536059c4302fad30476bd7352bed770ba9b747976e519cfc7525aa6279aafd98ab61f425ccd9262ad56b37d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56e756237539c2e1e94d6f87a5d38fa38
SHA1d60982d51189e4b452c7ece45e751c41358db420
SHA256a69e2388f605a901fb59d8f8370daf5e25313d4cbf1a9f8054931e7b49f6089b
SHA5125ecc64a3ddd8d5f52ba4e8a070c5e0bfa2582b17f606916c1d4f6d01c016e38de21e8543403010c0e7b0b8d9e9459ad82f29e77ac7b02ab9d6643793998593e1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f2475cf69f2308c20a1de6da2776ae9e
SHA18dad83d89eeb2d459d891f638e54cc6996b47ebe
SHA256898f1d4fe2c2141596bc92397397a1842042afb3e9e6d7921ad28ce5d23a444c
SHA51251b25a17cae282a524260a448a88b3441ffdebd7949c85983ee3505b867ca1a50cc66987ceff5f0a356a2670d6f739c185bede3fa370a7ca45f327748115f490
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b