Analysis
-
max time kernel
134s -
max time network
135s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
31/05/2024, 15:50
Static task
static1
Behavioral task
behavioral1
Sample
8789e0fcf5137cfc863a415f1b716cb3_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
8789e0fcf5137cfc863a415f1b716cb3_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
8789e0fcf5137cfc863a415f1b716cb3_JaffaCakes118.html
-
Size
13KB
-
MD5
8789e0fcf5137cfc863a415f1b716cb3
-
SHA1
0baed95fb51efadb21063e283274445bd17cbfe0
-
SHA256
891c87ddd508de28e2118dba39b76bc6f13320e8b01561890f48e216fd3fcc32
-
SHA512
698e896eb746d2828a1ec06d0cc299e71f9be32355a2afcc960cf16ccfb7da787997dcb90149fbada0e900f89faca95dc428e1f9a706c5762376128aab0bc68b
-
SSDEEP
192:PzGOYaRwtUKrSDOYCECb3CDJMKkNAfVoE+eqNQfeRwqfCo3A0wclyD:bGOYaRwtUNqYCEhLoDNNIiwVsA0wnD
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7DCAB7D1-1F65-11EF-8DB2-F2F7F00EEB0D} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423332491" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2416 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2416 iexplore.exe 2416 iexplore.exe 1400 IEXPLORE.EXE 1400 IEXPLORE.EXE 1400 IEXPLORE.EXE 1400 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2416 wrote to memory of 1400 2416 iexplore.exe 28 PID 2416 wrote to memory of 1400 2416 iexplore.exe 28 PID 2416 wrote to memory of 1400 2416 iexplore.exe 28 PID 2416 wrote to memory of 1400 2416 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8789e0fcf5137cfc863a415f1b716cb3_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2416 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2416 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1400
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55bb4c7710d617556b3934c56f6d827df
SHA1b0df9c6b504f23c6de92adacfc08818042ecf963
SHA256ae9fec109661e35c9deb3af6bb9f8f6035731ec5bc1be6e42e85e5e1254e864f
SHA512f3cb9eff6d741cb86bf8557dca867ceb7d121ea022aa978c3f086182185649616e01208825ee1489f45b8794e6de63ffd1f8010d739f55686b70fb08a0508797
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD548dbfc2c4ac51ac77bfc1b7333c8bc8c
SHA19b2557d4018691a7f4442889d0ebf4ccb028fd7b
SHA2566b1c6c3da7e85c544ecfd8dfab766589f95f022483312edf91e95d0b26ee0274
SHA512cbcc23ef9a2294e56c1e7168e449c43ff9f55325c552ff9698fa6afbf4df0253351d536188580128ff09472d49fcb78eb7d7b2d0886bee3e41f6e24926e7b6ba
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b40a2472682b7cdb2def1c75e55ac8d9
SHA10b8aed1e235e8b07731cbc28ea1c8a23ee268757
SHA25641866a9452af3eafb4633d0b409de6695767a49b2bb96e2e8290ee91f454f488
SHA51287d30b73d6f4ab04645fbb17cd72b958c7a381a1badd5ea60d4f08e00aacc9a3233a06884e8c27ba057486b87d45c8f589da1dc430dc352a7acd3cb4c96347f2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f76932ba9cd318104421803e7eb24ddf
SHA12987c8c4c5dba3697a5ad134d079dd9e5faeacac
SHA25622c5df9f4d64e47e547c99149d77ff34382f0c6a136cc465d72a251d82b89808
SHA51216cf321c6a203482726e49ae4b40f42528aac309481d53491103a07d5e33a4f32047b73e47439d75f10a0870bf3b27b34a327eff89a6a95f2d7bec41ccac9a57
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54f28aa5c7bae890158c2717bc0a2a75a
SHA1b174384c0c64ee19d30f748742bcabc6fa356d1c
SHA25697b809bc81a30968760a9cdc5a25d7cca09da91badcd28859c995d862c86cd14
SHA512b05fe7d60b910351ca14367f8fa5f2b0bbe1c8774a3870685da2a7e33cef15581527dab13e5ebaf10ffb198fdd4fdc54df032c0f1bd8ec7326259d2fcf0c1427
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c8262e4e30bd87cab2c59b56d386c180
SHA13429ef952df272c98cb47d21bc75b701596162e0
SHA2563aaf438e17deb3666bce0986936e74fb7061d90898a3b4b79f8f9b3cf68a4058
SHA512bbe879eb42d42851fbe1f7243de09b8a83eb6e7b2baab220363608bccfceb49ca95bfcbd65fa762d270f98d6c7b3f750eb43ffe51d7f7db65cc8dd9dc5616eca
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53b526372b235414475438b647ea4a500
SHA1ea05a057b3013899702c6931724f32653fce130e
SHA2566e1be67500fcd55217e567cc03eae4a6b53ddcad9a400974866ff2084404e055
SHA5121470001b9327d66f988d54601a6fb9b43d2decff6fe2504b2d13fee81220a2a4219f9abc01aa4b3611ebfe0bdd7723fae71267dd26c01d23a1728542abd426b0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5eebcfb4aae7de8b036fc5328c2bd9c0a
SHA1d7e58b093ab21ba1cce837e1e41fc63128e724ee
SHA256410182560bdd2cfbe681b2b332cd829bf129d02db37e02183c5909f90fdb9fc4
SHA5122f45186f18b3b686f78c1da76fbb4b7f7919f061795f8b706c8ec3be0923f2908790de20da49c308bb214af0f4cddc79478c9bfc1512acfed9265afebeee7b03
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f9a723daf2aa1c62109cc11a9af2108e
SHA18b7abcd08611f1d62166b3409cd7a96753e93cdb
SHA2569284160b17211276ba3f6acf383b05c7b235cd46abbe789fe402db16878aee42
SHA51206d31e32d1768459a557cb873d1b87f16a73377d4992fe276daa2ae1c6d94d53369a7f914939be2e965e4d79fb6ce3dc6f95ff93e5a6f3fb78ee7af305cd767c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b88a59e6f6bebb38aaf42f12b356f10a
SHA1ade5ecd2bb6b6a333609a5402e616406cfbc99ee
SHA256fa3d41fb5dc5993d323fbc6379b0b528f2607fae891c6ec473a810501b42b34c
SHA5122a2a18c634021789d7250fed100e45bf462998144b038f3425694eafc283fde939672e3b4dc380f2353e7306c3db344ea80393c670b58f1e07c406bf826af950
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50c0cea60000497d7be3642a1bad275f8
SHA1afb9a7acb91a96e731b0a4582ca6ad7916d8120e
SHA256830b68a8557f951a79e9701cd01f94f3d9444e0b6dc34301edb2020af56ce072
SHA512757297c67dfaef3afd7a55c749e3693b45c057b7a5e466bde237eea1844198c85b379e56ddca873a61415e98befd3f5d33cd6e1851ad247117825b09476f721a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD535aec93d42c318ab93d2ec6ad70fdc9b
SHA13b87769b829e0e7bca5f8c923eb2f077b77ea92a
SHA2562976d0a18a1ad28a96c9822d726f554ba8a3e43932ebde6141429034bd9e244a
SHA5123a84371fa5623f0d0b5c705b55fdcd49e15268b80813a03224e79d90a0ca5a628600ca929c4b6f44219594b5d3f06428b2b5b202456f34f4d351afd561fc88f2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5405ab876eb86e52dfa5c837a229fd10b
SHA1f50e0611081c3460b17179e1897bb6b6a5c52b51
SHA25626c888cddd20b98a20ef7f2a71610a84e1cc5f0fda4be93ca20b17b4251bab59
SHA5129eb13f83c2ee9b6c5bcce38e6c1f010dd284db0cef8bc7e9f8ff8136facd524b43e225d102ea6263833b21bd36373e68772f5cfe41c515cc0878b87e398e1da8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57e554e122394419ca79e2f19d0159633
SHA1656089728caf9ebcf0bcd9f87b58035a7486c945
SHA25668141aeb648774d2bcef8ba02cb888622dbc4f39bd9fbca8e7cae85badbc714c
SHA512ba36b2c65e7b35a95d4c8deabf6d00534962e36e9085e21a81c3144db2c885e5ebb971a2093d987c81ded551b8fe3b626200aa1dc81cd4dd401a88b4184299d1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53528808fddda088da344f2328b02732e
SHA1e73569ad94401f11dfc92bfe574df24a8e63d46d
SHA256dc9b3969750a8b469c79f3d2b0c7460b50a7840987685502bca6295efae20828
SHA5126c14c355772c252c3cee0641cd4ad894e5715db5deddb3298856a5ed040e5e7bb9b9ca8818d353d0e51d6d85fc3a030c0d50fa39eebbd2e204b3e70a9ce2798d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58a1e4fefb9ef20f3c2398fab601eb386
SHA1fa57b5b485cfb04df144ecada070f1283846d4d0
SHA256ebb02169e36d0940f580b2fb0fc3baa0b70631ae817d9d0285ea4e41d9e13597
SHA512b5c8e69fb6a86d82c0bc987d7c7047015d5f48fcb6c1fa5b83e01a7a16e651e6f941b13e59ab39802c581b2403d0c0fe8fff6f371a0bf3f6bb48c7a67737f683
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5816d16cacb751eea0ce667348859e8b6
SHA1bb32e3327ae0eccbb8bd7f2d1055f58969e90315
SHA2564ba8dbf3b1289f573447d1eb9cc280b22751ae68e01648f0fbb64e86630da1f5
SHA5127d6db75dc8b54f1c7a16b0e2bcbbd417ab9faccc130530919daa7a35c570515d243edcf548aaffe2f010c941f26e30ced7c303cc507dbf025dcb043903d07750
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dcced74ffe1639fc817eedc109b496da
SHA131775a8ecb9e7b419a84ef8a336dc05f85731075
SHA256d9353db2761c3f60e55fc2eb56ad4777da2a50b989bf43472a7d14427ed0dfa7
SHA512b04730b3ccf443676705bc9067ddaad82cfea991370493703b3e386d24de090845cd5db76932eda5690edb4c8f14dabc135b9a9f4e44d0c1c758f723c16da38a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5756bf8c25179ae47a2770ae2a1e092b6
SHA15a945bf14e353dd1dcbdb883847ff084bde74c81
SHA25671725956fe54c3849886595f9ef1dcf52b9b839579c1dfdec84d2f314a1156e4
SHA512f6d0a88425f79e1eee5aa6271c458d682c0f539c2b4dbd4f8bd545203dbbc8e367844886335fb2124175fe420a572d8b67b9184615f48217105a737f9a536f57
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b