Analysis
-
max time kernel
117s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
01/06/2024, 18:26
Static task
static1
Behavioral task
behavioral1
Sample
8b5ba79de889c1869f198320d3efaf7a_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
8b5ba79de889c1869f198320d3efaf7a_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8b5ba79de889c1869f198320d3efaf7a_JaffaCakes118.html
-
Size
461KB
-
MD5
8b5ba79de889c1869f198320d3efaf7a
-
SHA1
5decf462d4b2faf5ac0af6af3206848fb6d3c2c9
-
SHA256
76d35873bc60f4b49df04aeff44d559b424692c7ea759b242384c3c5eed06dc5
-
SHA512
9d5b6771f13ecaabc2af6d933a7fafb11b780c3ea2f34d1200b514f5a482b972fccbfb5fe847edf4dfe18ee4d36d80732802900b1ceb1cc2d265ef4f5e911c2b
-
SSDEEP
6144:SfsMYod+X3oI+YzXQbsMYod+X3oI+YoKsMYod+X3oI+YLsMYod+X3oI+YQ:M5d+X3R05d+X3F5d+X315d+X3+
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000158b28aeecbbab41a981eab4364f185300000000020000000000106600000001000020000000f00e7dceaa0fbdbc8754ff633a3ab74343097fd0833030332f5d1c6fbb83fcd1000000000e8000000002000020000000b3ffad1c30d749163e2ad4ec4103938053dcc5e041b6081da72e925be7269b302000000023a23125c256beba8e8e6a92c6467d8cf0455780747c81682467ce20d0d1f4e340000000f3ec765b8f6f5548d8526078300563320a6ec9d1acace1b611fd24b8321dedd36ceb0d8c1eddf209a98602cff8b690d709f8b01ee0bb7c99a386ce52518d9d11 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000158b28aeecbbab41a981eab4364f18530000000002000000000010660000000100002000000063f7c5b53204a02ca09d284e6f50f6d8cf986f60730ed023555d8d93bdb3db74000000000e80000000020000200000006228623babdc6b0cf0311e56886fbfbf35ea309bbc4e5af73c34dff361c9b4e2900000003cbb354fa76a7ba73feb7f81076a65841258a0f3859627bfdf852537a354eeed8965d543edc1b90e642eca71bcf93ac306d640308eab88a2dee28c14655a322303d09817b865a786d587d624ede7fe2f9d92f39b8b0d21105e91ad230e446e0e31086049654942bd1e113cc8b0b4fedd7bb9f5f5b6b031511da2600b31bb49a267e5b38a5b8c410ffc157f95d84493f940000000a9d87c66dee8b0c6b1813472e88bea91a37179d2b0eaef94e103fe566067dce7cc5becf9b7d6b7b33ef45f03386f2a3abecd13e00680c77b420bdd9f3f2fd48d iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423428286" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8800E641-2044-11EF-9680-DA96D1126947} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0de806051b4da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2836 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2836 iexplore.exe 2836 iexplore.exe 2556 IEXPLORE.EXE 2556 IEXPLORE.EXE 2556 IEXPLORE.EXE 2556 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2836 wrote to memory of 2556 2836 iexplore.exe 28 PID 2836 wrote to memory of 2556 2836 iexplore.exe 28 PID 2836 wrote to memory of 2556 2836 iexplore.exe 28 PID 2836 wrote to memory of 2556 2836 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8b5ba79de889c1869f198320d3efaf7a_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2836 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2836 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2556
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD512bf09375246013f7592ce19e1d11e7a
SHA1a5fe40c47d552f8a329f734a9269bcee794275be
SHA256e9c9760723e8d43c5ceccf36a56defe3b94545870270c50345bddd7cfe739203
SHA5128d3f2e1a1328d9db2599662ea3eac33b2ac99eb9a46c7da024b3278e5b26560a54421414592441adf62a774d78350726d1ac782edd547cd3dc64db2255a2cfab
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD550c15b153cd8c4e50f8466d2a8b2e137
SHA1a9bbe7e7aab084dc679cabdd0e1efc8014dff046
SHA25691a7bfb949748576ea402f6e8bc36a5b4dc3c4f33be5886b806a45fca0aac227
SHA51262cd79eadc173b0008f45f18b483a33a6c156c88a9e6065e5ad52750faf96c8f8830a22e8c2b20fa4c3907bcfa4a9aef589e025152cf4cf02f0abe82a15db058
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD534f8ac2970729a542ed309b59da30baf
SHA178c0e4fb1cf0d4f9ea79b4bd8b1aa2b6e25ff4d1
SHA256f0ad309ddbfa0237149622cb9906b0c2bd17b0f969e3dec805a04bed6732a458
SHA5121af3d144ca1da3a0f0d7964ae21b7d185bd0049cacb6539ccb0f5bcd98da49ebbcade86a8b2b616755a977ced0dbca7bd4320dcb63357ac5ea54199f62991a01
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54ecdc83e7eed39e3cf421a77a851ff39
SHA165c16d98543e8d7cda8a4ebed9deb58445ac7683
SHA256bf098d13038df76584c9699675da5dc2ce6fb03d5b993aaf2e3d8f74ee7bd68f
SHA5121b616782a5ade2ffd76cb9da01b7a4abd5fd2dcea27c37b0a80aa817ffe020c0e8dc2628d9082be78db2499ed8876aff3a054aca9ae374b4cd9ef4d08d512435
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD592afe312923e0794a024370fd87dfefb
SHA1eea54b26f0c5d51b037141c53952210cb12561bc
SHA256d7a2d290c079e5296833ddcfa92c516f9e70f5faf263712bd100b3b1ca18fc29
SHA5127ea1e4b529f90d02b2b1da43666f1e5037105e6895a0afcd8c75175e2c48994c9db37fe1ac2529183110ea5ca1900b55846dcf9ec20d56ead380f44fab21ab79
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5176d8745895722d346c9c77e59fba4d5
SHA12f2d4abb785accfc1389035aed8bdd84e660b26f
SHA256950eca9cdaa3fd24c6ed1a3b5f83692563d8d3982a483b5e4704d2c4da20973e
SHA5128b856ec80d67f4099ad9173fc47dabc5ae895ba27bf4398a6d9a3b966c765c57154bbdf6ffb9caf33a09389607cbb829705a2275f55790891966cd1f20d0c1d4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD596e7b7c74ab3079d612830f1eff29977
SHA1ff1fe8120c9910b17a2e063bed1003dcea9620bf
SHA256f15f5ccf5790d8310bbb394456cfbc5efa8436fc8dc3a7df9fded15a80ed6033
SHA5127662c18e66949e611e730ee9e2a7f8d66e575475c77b3332c7e0ae3115988820de96f82699134a1bd330bd9ad37cbb8721804eec27a80c2580b8ca0ac8c3b005
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a1ed830aef7c6e08d83b40db424a1f70
SHA16534e0f09bc6016559c4b9c3661fb30d24c88fce
SHA25640bb9ee4cddd117924b05404d83d140d41d5fed2478359153e14cf0faaf88901
SHA512aa68987ec607164e6e7287d150188962c935f1d5fda77fa2fa6916e3a2cb02594cb4a2f8bc4830166747d9ddcda0ac2fbaf8bf57fa3366dd53e9d427e593ba51
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5edd0e2c69ad3ce7897b58616233eb2a8
SHA146aa5a07912e247e1106d5e104e037a47dcd4aaf
SHA256d7f91eb79812d6bfc08d40f6e8a5c51418d6d6cd14af61213e98d41b91580717
SHA512d007a3fe3d8d7494f6826dc76b3fd56729057afd1d7d9343584308a4f73b7399b2002c4bef8602badce9bcb7791d7035441d292a99045b10a0ff242751948755
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD576da0bc801534993bc2ecd4d8bf3f47c
SHA1516524c15d5feb2426a2d2b52aead4e8d30da82d
SHA2563234f37e020b306e8e3de0bf39f80a62db88ff65f829fb974897af0762410fd3
SHA5122b9e36bc7f79a281e2f0be65f9b0314e936617e40edff1415880d79de86ff7c7894fc886afa156127d5b5f103064c0ba7579dcf666c0daba49e4756aae048ac5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5566a30603bed9119e63288b56552b9cc
SHA12be0bff77730a19168eae394b6c2a80db9b5b8a9
SHA2569dff9bba2a23efc707bba4356b4e83adbe14aaf5578d268cb08de27533f37394
SHA512e93d88b7ea674d9bb06d7d73bb8959870c2604e9e781d5a05c79e38e132ab449722706aede42d809710625641743f098867fb346c55767c98793f07405cf039f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b4d7945907046225abaa39d57cc3c895
SHA19f912ba7d1e1be21d53f354994ab30db83b569b6
SHA256b1d4ed2ce92d4da3d601b5720589ff04435a6ccc3a21cbe58b710b624f2f822e
SHA512bece726e8f54dcbec61a8f38d304c385bc2439eb7d863314b5e848b9e06cc24856d87f2749ba327fca0bb5526e709e8937fe3e213e50af8743badea50f7fc2d9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f02e0570d9aace1bbac7a6212516bc74
SHA1f5cf6cefa9e8ca1ebddd0b3af5260ae51218e072
SHA25637be39fb45037e89b74d6d1402e6fe63b3a469ee59367e102865637369c81c5e
SHA5128787223a9f67e27fd7fcea2346446bdcf350c56c8c836c3eedc4e31da52a2e94df67bfdfbf319b84730d66c4ad421369ff084c6b0bf6116739c514bfef325e15
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD590c62f7bf58a1e3af5660dc4c01632dc
SHA19bfe3e374e8b5aa6f255e4e5012ec7f42b7061b8
SHA2567768a9fb5e5be4338ebd5d03f417377d14043ea8086ab55f3d93c1836d81c910
SHA51201c54d73bc6f0430e04d13da796e424a6712d881d7a34dfe07c56b07d075122657f1c1bf06bd6890333eff1efe2252c1ade7cffa19af2d22da2cf225c0a98f2d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5992d261bc0eba741f7dc2b7e14bcc55a
SHA1708abccad54e0324509fc2f9db960e58a3f6ae23
SHA256f03cf77b509cdb71b00b4bd62bb79fe1b13513af742a5b789631f021a9be9577
SHA512b479f6e57cf45369e1e3ee8f18ffd6c04f12117942d44ea99a9c5079156afc834f9fc613ea39cbf1b860fb9cd462bf7904881883317271e5434dc16aecd40aaa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52e1971330599ad5553b26a299c34f27b
SHA1a28e6b65a0e7c69bddd383131cc70c1637892a4f
SHA25658828cb8bc0ddc58064aa34fb81c51f373eea660ba5d1eb82cd821548cc90ec5
SHA5120629acd7772b5af1b83879b57cf02375e8943af642c896f84d6d592ebba7bf53893aa19d0eaf2db24b0d30b0e2afb0cafe5de6b75bf537a06382f3c0a488064a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5668fa81c6408166ef0d16b4cedf9c89a
SHA19484618f54b855e999ea16547fb095bf939621c3
SHA2568617d1aacf9ede4a54a02b4f7600b1278407b188db5b60ae6ec05e88b9120a7a
SHA512f8707fa0f4601ea3be99558ff36a81fa578cad5eef490cb14730f81d16c094065b70604840dc9ad167c5374e8c8d925c1edf75878c926733da2f2c1018f1f903
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b