Analysis
-
max time kernel
150s -
max time network
146s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
01/06/2024, 18:26
Static task
static1
Behavioral task
behavioral1
Sample
8b5b270b0931cac03921c04819325b81_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8b5b270b0931cac03921c04819325b81_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8b5b270b0931cac03921c04819325b81_JaffaCakes118.html
-
Size
34KB
-
MD5
8b5b270b0931cac03921c04819325b81
-
SHA1
e69b250d054cf1d5cb786ab210f3862a5902a867
-
SHA256
07e52c72cd257d9d21dfbe119f63ca9aac1ce205701cae53f6aea6cabc04e9f7
-
SHA512
b9b41f45c7029f932df2ec24a827e75b5914de5930f3ba7b35dc1f5ab165ff1ac22a027ea805f297cf0aff755af186098c65c8b082d2086abb828075c209bac6
-
SSDEEP
192:uwnab5nWWTnQjxn5Q/1nQiewNnOnQOkEntfXnQTbnJnQOgdcwqYscwqYAcwqYQiN:0YQ/FNEe5i0wroK/tRjayz
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423428237" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{68E03DB1-2044-11EF-BCB4-4AADDC6219DF} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1712 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1712 iexplore.exe 1712 iexplore.exe 3064 IEXPLORE.EXE 3064 IEXPLORE.EXE 3064 IEXPLORE.EXE 3064 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1712 wrote to memory of 3064 1712 iexplore.exe 28 PID 1712 wrote to memory of 3064 1712 iexplore.exe 28 PID 1712 wrote to memory of 3064 1712 iexplore.exe 28 PID 1712 wrote to memory of 3064 1712 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8b5b270b0931cac03921c04819325b81_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1712 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1712 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3064
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD555b163fe2d306e62109e19678b2df474
SHA107de62a3fc36ccbff86576915cab5335d053c2ca
SHA2560f0b35096d99e45c55402bb3fa54b1f2cd4775a21683d07aa1e26ab658d18ab7
SHA51223d4e2c46afa4beacbf919208a654289b3ca4b1d929a52eaccee06d351e33cc78b8c2fd16b61a6bc97b63b66fed2b4d1587c958c0d526f224b70b7ce4379ce38
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57dd9fb073d672236cc8337b540c5672d
SHA1a2a5d0e49fa1955e7586a9b9b621816d25db56a3
SHA25678c6c4cb304788deeb8fb0604a7cdb84c43c3de3904a72df6493b6ee45151ced
SHA5129a909d3a6eb70b527c14b3cce83ada4dcdb1a67473145064cd4910d59203bde7d6e1f0fea006e2ca0109522ea25206f538ee1d4ee6fdad74330e654cba4c8f65
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d34960c539a94aea6e41ea51f19e1ea0
SHA15918eb129924746d0d7a3f96de5e26dcfa75f0c9
SHA2569449db1b2a85389e45daec2fb9855146c7d8a28e2a99203d00c30e1c036d585c
SHA5120141bce502cf00b72390e5ddc68545e782505bec4b0db5c9cb1461205e5f0a69625e571822822c0cee45f276bc6a6bd9bc6ce5f85ca6525fbfe3925bb186c9b5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD578dd8ce28450a6a5fa0bfe4de6738403
SHA1664c51fdb05d043f35c681f25bfee56df3fdf1b4
SHA256ab246258d89565a83a6d1034ed6237501179eaf8db2f06a12f38882c00512a5c
SHA5127cb661ff47fcb1a3f11e70f39d307da04ace62f1eb8dd32e324c18c72b229760246f55a79cb9784103bfecc0bbb7a08a8a6901421932176a120ff521959e4100
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a90cb6797b09eb93494c07a71f8cfa4b
SHA1d2a4b073d82d7632722276a74929b7821544db63
SHA2567c7d308a62c8c9aef67807352b0965162f139c7a973d3a5d8dd929973f083000
SHA512d52238fa143bc61d099a4ca8b671ccbb0773d2ccc854896d68c70a122bfeb010f0dce7805fee983c9a39083932618511b30cf3d1ee9ff903c34e00b906d973a8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c9b34f6a8c61803af4893305d15534ef
SHA17573e0977ed982e7cead6e07bea9117a649f24c8
SHA2563a891b58248582df7da1ea680faa5396b30d4718209ccf6b238610f5f190c347
SHA512eba8d97f80f10f393f0d9e36dc2955d75c9ecac286eba5feb5b219473495a9f4749cfdee8ea5fae04769ae546576aac55ff09e951ac2bd1d9f80bf93edc86ed0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD501f42746263fc8457f7128cfb8588251
SHA1b8991ed3c35c01e70b996259a40088c5bafbf0f2
SHA256eebce82b6795208f8ea89fff6c6df9fedd8c6970600ce96d574c6f0a250dc541
SHA51252069897ebe82ff0cb771789628c972cc2c149b97476b8d5692ef7c1dbfe86e8cd24f869cb3254270c0dd8f08fff876b342f99087dadd46f8c69854f53e17190
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD505b718e9d3327111678bab5cd88dbcfd
SHA1f29cf562968ea912a64df45a3a7ccbb3f0e28693
SHA256e9debb73c0a3ca8398f92b4b5c7f7b15b754e3d97529c1e8f5eb7958982f0629
SHA512cda0f9db99c9dfded862a42914b451989da577dd4333d2b5026152ed14892800aed087c225bc14f594b4d4ba0c4d50b9d24fe207853eb89bddd624a1dd90db1f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD556a1476050710d1022894a7308fccd38
SHA1c57e8b0e473f7807a61dab15fb56c5b85a1ad8f8
SHA2560fd388e4473c60e2f2064873fc0a566c9f6019d310fb7c3e2dcf49ab27cf2d9b
SHA5121df13f68a7b80768b6ad3ba197ee4624e659ae6a7f91dbf2220fe18e706aca6b1aa3697461ed3c382c22b7b9c43420a86eb86697b7363eb352efbd6be24d5c03
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ef0524c179d81ae5e77cb08a9631457b
SHA11f5083722b2a6c5f297b864dc7c8b666b7b008e8
SHA2565acdeec1b7858162d9f71b246b61866c74a2f252d1097676d2519317123f2cae
SHA512b04023efdeb90c946f12debcd2c86e695e0a5be58f26fd32a8758204d71d91120b1211eba2bd2472774bc3208e16c301a7cff756422116c23fd411afea18060c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5406914d02ab48e7a81a8c1c8bac00d17
SHA14fd603e70a3451d11ebadba65d3cb523353c2e37
SHA2567970e8724ce5abe3e03549369ed3d6616eca015c9d80f7a538217526a90ee191
SHA512fd379c784e782bc760f36d763bf7c364fdce4ba91c2f2d80818b0bfbcdcbfa201af450a5f1e7a5dfc42b16ece43c6ef65e26b3546e79ee0fc45f5d83a670eb46
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b