Analysis
-
max time kernel
118s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
01/06/2024, 20:04
Static task
static1
Behavioral task
behavioral1
Sample
8b9d90fd4e5c8d38337fb89dcd456be5_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8b9d90fd4e5c8d38337fb89dcd456be5_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8b9d90fd4e5c8d38337fb89dcd456be5_JaffaCakes118.html
-
Size
67KB
-
MD5
8b9d90fd4e5c8d38337fb89dcd456be5
-
SHA1
ddc436bd625c5bb154c1838bfda3dafa228bbcad
-
SHA256
51a11b4204ff26ff58045297b1c6fa8352fd7591810804b56cf5a2530de6bf25
-
SHA512
43460845ed2b15d5724aa6cf9f01a351ffd055829e3d498c9ce2ccce368ca9c1b3561321054653a0a93cd226c78284a17da910ffd5ebe362b7867758d00c4fc8
-
SSDEEP
768:JixgcMiR3sI2PDDnX0g6R02loTyS1wCZkoTyMdtbBnfBgN8/lboi2hcpQFVG8s/k:JV3TzNen0tbrga94hcuNnQC
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005f595d2fa543f04e9211adaf2d42a50d00000000020000000000106600000001000020000000c64bfb04a1caa3886835e28d52cfbf431614dba55be06dd01327d7b798a5d32c000000000e80000000020000200000006c7c00902ce28a3185e2ab3b415c4695504b5aa72be36bd9be2d5b0dad56103e200000007b58df5417d255dbd7195c158aa22a0020520ea0aa36aa914e99d0b79ef51eea40000000e1464508f1926dfd845a6d2889fd71d2990346edbc73ae8e96faf9d40a9482a12511b33d131f8f2206a3be1901d8f79c78513a21c55ef6001e519f67040f635c iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005f595d2fa543f04e9211adaf2d42a50d0000000002000000000010660000000100002000000043d41826a22caab3057e800f83da01bb9c6ed8deb95526285114b51327abcc81000000000e80000000020000200000002caffe8cc3a3827fb343484a0c32e5f06f2aa39c6e63d13aa0a8cf9228688cf59000000015232a09c91420bd01882ea4008b6746f954e8b7a231644e3e2a376573eb83ce050f9c032d664b5b592618dc5714c062dbf681ccde90be8e6d4f61efa4405900628c205b6bed02c49c557286956c38b3a28b967cb5375bd19ab71e7b8a5b0e194c425d40b5cdb89a497c067e36c676a01f686195b97569c3f55f8ccdf8b951125016c1d028cf93d7fe478a6d2f7122ef4000000002e984b145a6696daeaf1b15a77df1a2313cc7b85619652e6872d8063c6a4dbad4a3250798c4740616a710ba5dc38b40c3343ff6748a04cee5f93259ff0e1285 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423434144" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 805ba8ff5eb4da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2B0CD8A1-2052-11EF-9E38-E60682B688C9} = "0" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2160 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2160 iexplore.exe 2160 iexplore.exe 2544 IEXPLORE.EXE 2544 IEXPLORE.EXE 2544 IEXPLORE.EXE 2544 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2160 wrote to memory of 2544 2160 iexplore.exe 28 PID 2160 wrote to memory of 2544 2160 iexplore.exe 28 PID 2160 wrote to memory of 2544 2160 iexplore.exe 28 PID 2160 wrote to memory of 2544 2160 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8b9d90fd4e5c8d38337fb89dcd456be5_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2160 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2160 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2544
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e1dd9c64a230263ba3d7856b100fde03
SHA1ef146e14a6ac56f48b0b92c9170ff7164a3db197
SHA2561f02d0876b63c04a4837b9f23fd1b1358d78130eb9111f10a480b8ce23623138
SHA5125e3461257ff9685a253c0f7bdc6ebd5d29a2fd7feb41b45d1c677bd02ffb104ae6bfd47f905836f08741cdcc9947dbcc885bac0d3ba35f1e6a8d921e673449f0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59246dbcbcdfa79a89b5c5ab1fbcba741
SHA17c1d1a5ace4a87469773abccc45a996256bd0dda
SHA256da7c6ed800dc01c0638a14763107adc3e9ad9f95f3b6a1f1ed872c865084d51a
SHA512bc45107256d75f22c27def3da36775a8d3ef586bed93a9c6f6bef36e2a03473309bd3eedc64c8d951fb7535e3e9f33bade9b9a2301a5f28bc5a139acf3316f64
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50d2f6296c22073d4d635f038c270cd6a
SHA11725908cdcf8f4ee091b7a119f54452b747c879f
SHA2568ba00711c3e30fd75f29a81622c61841f97673d51683851c25b7316f4563a955
SHA51293f5358267920ad908a90ba4dbe0d790b47aa9d83d5746b727de4e4b2fcb19331d0bf64ccf149c63ea67d85eeaa561d5023a5cf40d78f5c8ffd7679f07f28355
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD517d5e30a98f4530c7e200805291b535a
SHA1e491fa66c8e41f5bdbafc5cbde1a4787366f2956
SHA25675a6a983e1fa149b175472c271d38a90f9626046eed468edb8ed019cf16a272f
SHA512ab68c61601174aa71413403ea5271ae52f7f4de821eaf36e1b3d1d239dffc89b3a7a5d784776b6ee4cfe06905a43dd03f1cb12efb91ccc77ece675cd10c58a74
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5011527e51e8642fca3b8d00f301653a6
SHA1ed8392b6787e7423fb83d0fd3061dfc1ad1aea7b
SHA2567023f5a1d006d945f3537a0ab1d2e4270db75abc103a790b0b05d35213c36707
SHA51220112ae65d8cd99e192afb359a4ea97c2336b064df042e2f1c0a82470a85364bf32a1453f6b0acb198ee6ccdde5263a2b386688ec38643d148a77ce266630355
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f3157dacc3436691bd67d5d205ba2e34
SHA10604153ab8b0b51b0666b1e86577b49c00ec6a5e
SHA256ecec020e87597f33ea2ab04f75fa264c6b19d87015017e83bbfbc5428af3b143
SHA51245633cd5a5e14c2d0503794079d7b33d69c54d29128c1ac6751adc5d169195df954f0d66b47a34501a556600a416a0c3e597a3d5ce0f44cfafaac5129cb3f894
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54fa98c62be8e9785107e4ba9099dfcb7
SHA1afa4b50bc1ca87b91f249b4c9326de433cab26ed
SHA256aa2fcc2dde8ca98ccec6a18dbb71f57847977223a3c3edf4abcb6b2e897e0f5a
SHA512c32237723f2a275bca9c47407bc1e41e0f3bc0b3d1f7240810b69549df46d8b7f6549c576e7f625cc4784003a088fb4f9634dad5b49793beaccca0eeaedbfa23
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a352a63ecf03120ec824eadae889092e
SHA1e719f691eb32c24270c588db32fec3398ee2516d
SHA256f55ce2f622712130508f6033a5b4a4682aea7c255141175b5ade69ab36d16b1a
SHA512655a560e3a90dcef17ef152c6544ca974d5b6e1bd039acc6e76d2c9df27f176322d859cfd47123654577abf96f27aaf4a4a476d795c2d532d3321d1236c2dcf5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c1c507edb3719e9ce37cf13c117e13fe
SHA16aac6636c2079f25f96f5b7633aa8bd04f2bc0d5
SHA256aa092c780b229f8b3821e2bacf6e8c519bbec0a95fb7b52ecf3ed82a7939aab9
SHA51276ab05cb6e0e71d9111236f1ba570b888213bed9b662b395c2af9a99e516db8f9f3dd25457b804609881dec5114b92c6e491d6d701703e3853aa9120c1cfb9d4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56ee630e056bc2a05ca1f9874be920d6f
SHA11c74f73a3c5583ca3664543750118ebb3a681c58
SHA256a2fc4a4ebc7ca81621de55a2c66122e9521102efea7161223a6d3e0f82839a35
SHA5121489cadb018ad44c6bc597738f17d877c8e149ac44c10ebc44f79984e610cb7f136200e6f08475575ebd7919717c9ed095793150dab7b5acd9d6b79bf197a5c0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59329b5b40674f31a0352a15c460ccab8
SHA145102551399a843f5aa00f86a83835f88d65750d
SHA256522ce2852b09ad8754fb6ad74dad7264520d5f119e92ec879cc4791ccdd59d40
SHA5124ecfd0c939a108f585c5d7e5211d7d66ccf58c90f8112559f7575be156a9c7ccf7f75ff7ec8bc7e1bc669273bb1d7bf1647e8479b1fd7dd7ba945558702e2140
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53b3c4f497751893982727d0af66d42cb
SHA1548f9c51740126b286f1c4b3e54cb20b4b97b17c
SHA256ae6565c120dda2970e4825a6fd4569ffc9cf2ce3f4daeed1743d7b055861204c
SHA512ab430676faa64e8a8a6654ce28a6b1887bedd844cb6c8252e476587596cca01724c0e94132c1c48784f1273bdfdbb0bfdd9307784de3dca7fba601970bcb1c06
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ce606350db955f85d18f254a7036dbce
SHA13b81fbd45ee1cf3d3eae4da1040d1e1a04910ef8
SHA2565adb9a2fbc26c147c21df6b4826dfabac1af8af49bc9b0a31891b1abe1cdbf4f
SHA5125d1d9c79f2a9bfa77665c6d3902bf6ed9931e7a907ecb80db8ea5cb23bf8561d9c95fc4f4ee08d583780b0ac902ed0cc3da9916639513bc2c53919b4467fe10e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f3a7315f7ad9b272f03e913f93196bbf
SHA199ebe7452900d3cee9fd56f3dfa2cb228bdc4dcf
SHA256f4a41fa749c51cf703311d6b27fa95d227f4c029a64e4c93099d3787b5d8da6a
SHA512939c6944b8ce9bb16a15f1220143e5b2c098465cd4190e42e1e4bae2b0bee479aa0342fc1c0a044996c4813dbc10ec95e3c503e396c7fc45e69fe75f5ddbcf98
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58873b86e9257a2ed3641680a5fd0fb5a
SHA1f8403bc9fd6f7fc9961ee17419e22da3188e01b1
SHA256e9a8a82f234a256f94879e343528c5ae529c8e0415ad7e9c7007913c785fd861
SHA512a1e61333fd730b2a1e2cb1f5a675e01d04aec7a3ed9cf4998f0c0ef8b744e5f10cbbc5f68e8f64a4302c4093d882e407bfeb7a0897a6a5747469c8ef4994ea9f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50a5f889f1a624f4591432c2dfa58ee8a
SHA1001bd1606a5de0c0bffc03a7f6907d7bca8eef50
SHA2566e014699b777b1e56aee0e1135db16c07245ed1cc280479e189bcee66dbd0ae8
SHA5122ea2a6f1b5a2edbbdb0e55bde10a066c8ba2d8d407c42b45cda4035f76d9917d2817b341b7ff0b26134ca5ac9db046fde1325c861057bc88db087ed766ea9a0f
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b