Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
01/06/2024, 18:26
Static task
static1
Behavioral task
behavioral1
Sample
8b5b4778b9efedd9d2c2fed4f3174365_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8b5b4778b9efedd9d2c2fed4f3174365_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
8b5b4778b9efedd9d2c2fed4f3174365_JaffaCakes118.html
-
Size
508KB
-
MD5
8b5b4778b9efedd9d2c2fed4f3174365
-
SHA1
ed405fcbdfc6b88688b55d3ea4423d67d257b6cf
-
SHA256
6c3fe84f2482fa63bb8c3a4f276b495d70a80de11ba445d62bc665dd6923dc29
-
SHA512
2cb76e5f93d3c9677449449115853c8218f8104530c373086710735584e690e18ccbb6d3d112c17e854cc32a60385f47bc1905dcea0d220a809bda546b257c67
-
SSDEEP
3072:wt+IpBxYUVrA9zfs49PwVeL5AmPTDBcM2mqU1O:wt+IpBxt4tLTa
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{73268D11-2044-11EF-BC57-569FD5A164C1} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423428252" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1132 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1132 iexplore.exe 1132 iexplore.exe 1188 IEXPLORE.EXE 1188 IEXPLORE.EXE 1188 IEXPLORE.EXE 1188 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1132 wrote to memory of 1188 1132 iexplore.exe 28 PID 1132 wrote to memory of 1188 1132 iexplore.exe 28 PID 1132 wrote to memory of 1188 1132 iexplore.exe 28 PID 1132 wrote to memory of 1188 1132 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8b5b4778b9efedd9d2c2fed4f3174365_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1132 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1132 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1188
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD547fbcdae96510c698ef5789c2cbb60db
SHA198fa5c758edf12f4d887e5d16326d45225209634
SHA256966812c4e74c882aac2318d50d737f7835b93be5da72c29f5839f8fab281796b
SHA5127b5e5be99901ed9c0490082005c8dbff5ba94d9d8cd8a88fb804f58115feee8fdb936e898ee7b7f65cf0491a060625d7cf972759b26c36b3303193b2bfe8d80f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e7ab4e9f24e41fa7ece23a22b93c72b9
SHA14b290c7c395d91a043a88b65074cbec255454143
SHA256ca76cd34f0a5aac5a09bb2dbee5898e0c479b14e0db7f386e7247b80fb046ab6
SHA512fe279ac813fbfe88db1701093edfa93294e9581d09bae44838a4e3bd2d451fb1b8e7b7a3e4a5a843c837f476fc69018b2d9684d472a3ff085bb35b2c4f57869c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56fa43ff5b4840ce10a1a9d28b64c7fff
SHA1bd92f24024b81e71b270c862a01e095f83531302
SHA256b3425779174ae269db8a1431fdbd13ef71f68569ba11c8460c21d0e9ff0d36d9
SHA5123f4dcf82118c5cbee859f4baa63e42db7ee72b1be3b3a69ad3909eb65f94866bffa4ffb8fa90e08f604cd4dc0a7da58c3bc98e0d173f58d40df26d207156179b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b4965e84b06dded548f445e49b8c3c99
SHA1995b9813d829124f7dd78555eab04b5fc9be70e3
SHA25621ca56ddae2c713d8ba026a8228b13ec1f4639ae50eea6a0a2b20446711a73c8
SHA512fc8735b79a078a77581e8e24808697818b3f39be9cbed771f5746c57c348505a8850c52b21ef4506d9b290d84ff022b1041f143e15d33599f9afa7f63ad91a82
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5195a70f86948fd13c675bfc2f92d6401
SHA128e7b8fb5fe3054e398b2663577f67215160dde3
SHA256890d8fde7f93c74691db8cb0df0b2a648fb45153468c3ac3cb5b0da246c93cd4
SHA51259b5f1e14e582eeac172a6d3303e8693d117b0e91e84c1de364c3171bbe0cdcedaed6cdb09380667b5df267412a99aaf8d3ca0a54782b3bec69880fc9ae98693
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD569d471763da072478067a1282440960b
SHA1fa8ea6b25808531685c4bb335b2e9de2e2f98355
SHA2564c3ae708c535fb93755a2597338c76321b96d866cfdf7ee5a2e6284518610617
SHA5128ba1e16ff3700a5b80da0e88867f2d10b45e40039f284b384d476b8e3150cf86025c8a40cebd167dd5ee51e95b3050607d5fae54d2e89e0c012fde29d2675ae3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5099e70231bc8967d5b9cddaf03d9178e
SHA11b996c048aee19fa185e65c11c9fb133c8c38e68
SHA25696a9008c504b66872da0d8dccd5e7c9191dc2533d738f094f22b175bb0d312e5
SHA512622381bff5b908746004e76f78eab4ad407ef34e2b362948e7eaea6b39de347c05de87b1e4d5dfb19b5f4d620463e1b1e70a7b28805747f0f027f76f73b4747a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD524deaeab52443b6483f677f5d992f1bb
SHA1e586d8e940d4ad1541da0e6691b385d93139b487
SHA256702e8a2759be0edbbb1225a91b2c9425983bdf03b1bede2d50ddc60eedf8c362
SHA5129c322718289ed44ea869c2b2ad64ba65451a833eed56e5efb927a4aa4006717c4a37ff701f9163693bddbbe7ac0d4e5f4da74f0278aff138dc2ec1564a1edd39
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a64d29bd1d89939b6a68fe5a78a9300a
SHA1b3d448c3b8ff214d460bf9c597d7090c05b04934
SHA2563a9204c98e94a322abfddbe0ceed1df39eb4e98afbfb7bce2efc2027696af511
SHA512c704ee8f5db5cbed9bd3a37829fadc9f93ad16ac12483a76aee51fa1662ddda1e4ae08c0b6a5c26e3f27d17f35a9d9d1932845355b72d4d055b01ff63eca7ffa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54718d76ba9a9366ab98d98ca52a55019
SHA179c1d70345b981a159cf9f25abfcf78fde159cd8
SHA256750b197bc516f558b54efcd21d6ffb2a70eccc0f7496bec2e364e37a7a00b269
SHA512272313791c5dc980bcce755905b11e8d70dc554d0c151ed1ce37e85101f17a2e854f78534fa113e3a4a6f63dad44d120e0893a508c13e66186bd6c50ae8d3e82
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD515578c4954418766f043e792950656e3
SHA14681851383f3aad70096ab7ed93343c5e5ccd9bb
SHA256c1159ab3a1b66f4347e68315f76d726ed7f31e11953fa6896f8d53a88fbcb83c
SHA512f1e16fc15d375b9518915241c0919d9ea7e0300cdcee7f50c610e6bc8011117e4ce5a8303cdf3c32449336cc77459894626957b2713d93c1eae2a968bb0f6951
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57392efcdedb86f22582c5a93d3d6c8f0
SHA10a2f36cd2b9f96349bfb09ec2a995fa28404b4a6
SHA2564d51c4be69605eb137d1aa333f25b6ac81d77daa9b9174aa11e2cd203040ed10
SHA512eb422b0a56645d7c0683415799c13ad62c91090c74b071af45d64be8e99d0078e0dae84d42eebeed04bc988eeaee08ea9d6b92522ab6098b194b1f29196bc26f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD5e0b57764bdc94fc40beb52e3be4c3854
SHA1342e5d0e765988eeea343ae88455b2e4c1b68318
SHA256373041359ca7d58c67a32d467eec9e32442f330e27546329fefc33f1c0ec1284
SHA512c00045ba5a771d807274185e2741d7297c3efbaa7110a53143df1f76315204abf6f68dffb136be400dd95ddd678b63ff85e10b50c6c831417732253a3ef92f55
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\cb=gapi[1].js
Filesize134KB
MD5f9255a0dec7524a9a3e867a9f878a68b
SHA1813943e6af4a8592f48aeb0d2ab88ead8d3b8c8b
SHA256d9acfd91940f52506ac7caeffea927d5d1ce0b483471fa771a3d4d78d59fda0d
SHA512d013be6bfc6bcf6da8e08ed6ff4963f6c60389baa3a33d15db97d081d3239635f48111db65e580937eb1ea9dc3b7fc6b4aecb012daeee3bf99cfebf84748177e
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\platform_gapi.iframes.style.common[1].js
Filesize54KB
MD5682c26af19b240f98d2cb951721fa54d
SHA118e58b652c7f82a55ab4b1910693686049e25d62
SHA25696428f0f585a874c185d560538ad83ebfad0365d760fcf9fcefe80add9e3c980
SHA512078aeef086271b7f9cf0f6e3a1e7908d7e38465a1a7a4de6f2a785147e9130551a2995e80600824da9341d58e5425d4505518e90eea9ffe1c64f4f41825a9660
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b