Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
01/06/2024, 20:04
Static task
static1
Behavioral task
behavioral1
Sample
8b9d76c77eeb690772075295ac390438_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
8b9d76c77eeb690772075295ac390438_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
8b9d76c77eeb690772075295ac390438_JaffaCakes118.html
-
Size
37KB
-
MD5
8b9d76c77eeb690772075295ac390438
-
SHA1
c513c56ea77c81faaf8da5924bbdcc2b44241f53
-
SHA256
41248df548d33e21ca283d8034159ccba3b1d69f2f091400438c565005ab4876
-
SHA512
d389c8c4fc665f3c24254ee2093699ad41f1cd36f603a5a3da17d9a6781abe85f825bbb9296c2f871b57264c2c2be4c5bee0181396c4ed78ff37e1752cd85803
-
SSDEEP
768:KAJQ02ICmC3C3C3C3C6C6C6C6CCCCCCCCCyCyCUCUCUII4BknpP:KAJQ0LNEEEEnnnnJJJJvvNNzvnpP
Malware Config
Signatures
-
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ef76602af8b1dc459c2ac305ac9cb3ec00000000020000000000106600000001000020000000fbc66437500c716f3528441aeed3bc2e31c2b06bf4de754865def883e826f2fa000000000e800000000200002000000001cd65f36f61339009980843de04e0e6a7938a915454d30db182657dc072b8a99000000067dbb697e930fd203a454776e67efc7483b38bbfe0976eb8c137915c0f950c416740485003797d2bd72e43089f07307fe994c45c78468fbdf3bc3c4aa3f0da4d342fcaaf03b3680ce115f65c8ccbf2ca4c7e84dfb6b799b2896e3d1961ac437af93097a5b88b1a1cd728802d4d32e43f59ab48965e6a5a054262a14391a00e2727e418a52c6fe60d9849031eb5b250ff4000000030ab782c377e15847e2151cdbfccf495d73d6b153c83bd8e4ccf20e42057a72b1462fdef328774b74a372751b51cc18218f6e242bdeeafb1bba8511e5bb06a29 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20ec66fc5eb4da01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423434140" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{26E3B8C1-2052-11EF-A296-4A24C526E2E4} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ef76602af8b1dc459c2ac305ac9cb3ec0000000002000000000010660000000100002000000027cefa65657296143a66650b837c0cfde518b2806a94c58d9d75ca500d48b9b8000000000e8000000002000020000000938fa25904ec05c858e22a56cab96913378324a4184f5826623eba717504a40a20000000f41f8884a3a4db2f8f3d477ac574cbd430c5bb68c6f628b9085f34156d0ba36540000000d25abd37abfa178b07dc551da21b712182c5b2dcf974eb1852826b4aa839b84a8480cb184726346af4f1fd13c633e339eaee3f33248adf6ac13f7f0f100b73bb iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2904 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2904 iexplore.exe 2904 iexplore.exe 1984 IEXPLORE.EXE 1984 IEXPLORE.EXE 1984 IEXPLORE.EXE 1984 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2904 wrote to memory of 1984 2904 iexplore.exe 28 PID 2904 wrote to memory of 1984 2904 iexplore.exe 28 PID 2904 wrote to memory of 1984 2904 iexplore.exe 28 PID 2904 wrote to memory of 1984 2904 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8b9d76c77eeb690772075295ac390438_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2904 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2904 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1984
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59a1bdf2d930c5afb0c760523e40d148a
SHA13ed21eb479a6258f3f65d0c021281e909d0af455
SHA25619451f4c5b63b4b2056a084b5f9897cfd6e56d3909d24d5bd28495b0e1ac8405
SHA512a6039d31c3b41a7fdc9407fb45243383134f4323485b701a68f52dd3c7693bda441b67a4d66ddb3b74e25cff71cf3dab64b3cbb9503f15d30114a5ba849a0e20
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5689efc52750fdb1a6ac42f8d3356c329
SHA1652e3177267750d4be014ec89eaa9dd79dd959ab
SHA2569cb9d507154fe4bb2cd18d6dc21477b6ee0f3e554a6c85f0cfba3685eb9a0943
SHA5124f0bf7a55e544e79d73edc844ab04bf7e5306dcdbee65eae1e2778f79e5e3ab2dea95812e67e09fb374951edcfbffdc6be7cbd8048d32b57087d3fba86327f25
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55f7cf8653089971f0886f758cfe59def
SHA119c59e82a79ed483fa054ed6e9650aba73e20d4a
SHA2563638ac1e9d45ed1a3151a10ee607c5049ad5966fae1a568bdc472e0fd4520702
SHA51288ab823c449e899fdadcd9d66523ae23834f9a6b6016bc0fd363d60cffedb1a912d04b41f8577110e4b2ee7e1e955b3f9b7e230e8c6c7106a5182162c8ddff33
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c1ef4ded9b5765a1ed1118b1a241dfd6
SHA148128d3ae263d91c6b14bab7ab65d1191a8e8694
SHA25602e0a1fb8ba4f2247bab4d0b9a31f6a9ff00698ca659a434362aeb391986c914
SHA51235e887fc64bc0ad9928f6182908d648f291f0ba11e5e73307d91ec48488595d3f45832cf577402ce7d0e3722be66f8e6f7477fe76f9d2c3efc8d199a5640d257
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b78100a08a0a2d6a3192d35c01d34f73
SHA1c926e743ca54893a73bab21fce6638b9dc0b54df
SHA25699af8c7f78add43d1b5e15817487c9ad903e056ef9085cc5002813a7efa5a60c
SHA51206399d00a89b400868b0b9cb7ec728c6cf5f979d52555a70e2f4c2e80df1e582dd1cc5a31b344d8517e17c8b24110b4b0ce44df6f23c0b7739cde6a690c4cb68
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c12b2588729f9ff684139dca7c498b8f
SHA1b821e258bee0f2876e2b93e23b9b289e46200194
SHA25655a988d054f80319b65068bd2986ae971af1f94187100a436bbc6e1ede24c26b
SHA512ef36d3835d3b660f8e4b95fac6401bf2556cec19a7e77bf3c470452c0888e8082e1fe4d5b4e05caaebe4f78c931f3645c8e37725f53555cdc4232a47ee7ff038
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54ce436d60ec76cf6b589b4d548794db2
SHA1b704534fcc26cdf547701fc9a022a7d973efdc0d
SHA2564c22b0ea9115d4cab9afdf0f5cbb6b732016f5285908d3fd41557675845a7b00
SHA512852aaf82bbd8599fe507159b29f255e0891151a6035f52a275cb20c73f4b21aefa81e8d8acc208ac9f3b3597beae45f0fbba3e05d75f9870f2ed5c6ca5b12f8a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dd39067d6248117fb8e5690144e7ff07
SHA1b397cfad97e28b11414cfe3b842270145a14ecf1
SHA25697b3ae8093b52be542021b67ec0a334762ba9a9b9fd4398f9a58c05416eb785b
SHA5120a26aa55e159b67631e6266b655037e14f08b01b3489eebd57b06a9b48d0699ac7c42ca8aeb3e08794d2d5cae45abe3e10bb74963c4a8f9e3a83d0377069d90e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51ce18e5cfd188f2efd3431a18b9240d2
SHA1cf4bdbe3bdeb804339fda83acc6d86e35508a9c9
SHA256de2109b71714aa4048ec961b3197e6b491c90472921f01aaa969ecc671b93a27
SHA512c3b62da1b72e1c3bef6addc4f22b69b100963c288d4ff9a6c4f7ab87708424cf06d16618fcbf334ea82ca45653c73a1b500be13878c3593a5c7daf109b726a7c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b6810a44cbf72be64caecc5e3129f314
SHA1ffa7b7ababf006dbeaee3db8d3bda338fc3b6ceb
SHA2569419202426c8feeff0125a457b4303bcdd60df552634d75f3709275a2a21e487
SHA512cf9ccbe3ecf60ec73b5e6d5be191f848f70298712a29844af39e035aff4485c1d612ebb642dbe183d4b74c4fb31587f8d4dbf936f7ae0f11161c39b202fd8875
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56c8f9b710b0065b7e92044f273d0315a
SHA197f7b1037a0be0089ef57abf4bec5f06a84d62c6
SHA2569d055d4cbbca6038acd11cf9cc23928fa6058343e4cbc78e4297cac0088130de
SHA512b73924bb4d01f84ee830bb410178fffa75e3f73a9f003de6b049fab14460f68c143136192aecd528192c4259d350837b321ac02685910b1ac5cb112972283f74
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b2aaf8952f5ebbe588f71dc23cf7a735
SHA122c1605d8ebd1db57ebfc663044004a6807eb8dc
SHA256a77f978bc74488c7feb230e6daecf762c4d3421d6a8333e7ebf3bd12e30243d5
SHA512831ae02e528efb79ea8db2b9ebe219185ddd08940a9d48233bd7723485b9a447e14723d2cccb53102a48787afeb3dca7068aac6af227bba302b7f9c77ceb507c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD506daf60f3b0bad82789ac1e41772ecfd
SHA1f8715a2617ce28854162867d5a83490e3a13a8ff
SHA25691cb7c999be8cf4ddf21a64c6147b3d580824e8e261c22ddceab07b9e225bf10
SHA5128e9c338455f0e283e2aed1c7aff66f729c4f03af37d68f71e55493fa073fdc507d7f5e67656440f2acfa2b1c62703dd19e8316f77899f6f0609ce9f3815326c7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56af6571e9e4aef00eb1c79d22f3cb252
SHA1bba6cef77093e8ad27afcf61e12f574215ca2158
SHA2564291a5b6759a42e66edea1564e2370f0c7c1c4163e6e4b6b97bd47fcc7ebb4ec
SHA512294ffc609c70e533312ba7c3f8ce360e61a02c1695636fd8913efc54dfe05af5d3210d3890addf30ac1f9ae1078f00a7b42a1a534f32f644461c5cb76c02f5f0
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b