Analysis
-
max time kernel
137s -
max time network
131s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
01/06/2024, 20:04
Static task
static1
Behavioral task
behavioral1
Sample
8b9d9c1e478ac7ec3907340d10940431_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
8b9d9c1e478ac7ec3907340d10940431_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8b9d9c1e478ac7ec3907340d10940431_JaffaCakes118.html
-
Size
461KB
-
MD5
8b9d9c1e478ac7ec3907340d10940431
-
SHA1
263334a2e8db1dcdf224ab584441ed1344d8db10
-
SHA256
40009c59962840c9eee418ef363d05421186a7f12fe59bb0b0bd20d192067ebd
-
SHA512
3616352823fef9d2a0aebcdaf9f8d0560fdde649c6df918322ec1af72bef44e8059cc9873ebc0f472f236e367cda61b2c53c92f070661efb6b6cb8b6d855d3d9
-
SSDEEP
6144:S5sMYod+X3oI+YMQysMYod+X3oI+YNsMYod+X3oI+YLsMYod+X3oI+YQ:85d+X3+5d+X3H5d+X315d+X3+
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2F30FF11-2052-11EF-8840-6600925E2846} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000143acdb96a6e23459af10cfe762150cb00000000020000000000106600000001000020000000df9b712b2ee516978559d70792a18c2a1693f7135375ab9b43ff50b84d121bae000000000e8000000002000020000000e057c35a414f93220228b660bf762ea404a8f3aa2048eea8ca0d57d5b72009bb20000000143e9a04e8c69666c8acfd85a7533a3f78ce3f46e6bb4b32030330ec4814b131400000008a35407e13c927d32fb4f425cd8f054970c2d919b8ee9b361b655562b422245a50f67db0bbd0cf42cbeee854739331fcc0a384c90f1cc0d16990c86beee59180 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000143acdb96a6e23459af10cfe762150cb0000000002000000000010660000000100002000000087963dde22dc5689720367754801fb1fb43dc28c7dd759dd37831a6eb218b395000000000e80000000020000200000000cbd66b9c01fb55299ad7c44cd49bc50923cfb205f6eb8d4399187fc86010ed4900000006e3415f77e2ca547284ac044098313a70cdadab95612654779f9a7a9e8ba71ff05221a8de8fe5ab4ad1daea3a73e1a85be3a7ea588ff3ad6852f0e259c74511327b2e018f759ce3fcd9901a0026688ab2bd22b062ca09e336fa1655b0433f0b5d52f842ecad6762148ab0dbf4cce5b48080cdfe633654748eaddf82b061201e923cb58e794a6772c577222dce6f1e4cc40000000f5cab986b81c966ef2bf240e9cff133589f8a2ed5c41e8b563b00ea499acdae841777886503ec4cae4c1d8680efb39f4cdb37e38333c2abb7fa9b8e011b0efe0 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 803abc075fb4da01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423434153" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2792 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2792 iexplore.exe 2792 iexplore.exe 2724 IEXPLORE.EXE 2724 IEXPLORE.EXE 2724 IEXPLORE.EXE 2724 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2792 wrote to memory of 2724 2792 iexplore.exe 28 PID 2792 wrote to memory of 2724 2792 iexplore.exe 28 PID 2792 wrote to memory of 2724 2792 iexplore.exe 28 PID 2792 wrote to memory of 2724 2792 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8b9d9c1e478ac7ec3907340d10940431_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2792 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2792 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2724
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD507a03ba8a1452c5763bf1fdd33860f7c
SHA17ae2fac41566ab209f76d934015f2198ae7f94f3
SHA2565ee4f994b79af2cbd89750e2f595ebe3aef6edb95abd41a426ec8ab38070df78
SHA512731a62c9b6f013412c427f06664cd91dd8d30f065b73e423e7f933c8f379ee18392ed6d45dd2849065957380be359e7c655e5834fdf3c50b9f6436a553374ea0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50beef90a22aa19b5292cc421b684842c
SHA19773f68837e267ef1269beeec35e87b07f495c2c
SHA25663c2d2e0d6b368e0b29ef7853ae8b9218ee3cdde2182eeeafde1fd5c59f06600
SHA51222fea3416c6ec28ba2eeb3edc7df60ec460c5fdfa854d8c0bd8fe4c10a54ff20fb32ab3d0fc0c3655f8c8d9926560a8cb979e9a637ec58e7fc4551b35ed3c415
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a557c8d23d3720a12cd00acb77239525
SHA10e5217b0fd59fb7f95f4fadf30849b7df12ec685
SHA256a8e0698fa9aa9c67d377da5075a7a38df50165eb3abae6767cd0699712063da7
SHA51293b78f18d9a4575f6ec8e7238317c0e5afcdea32d52221c5558aab3ec6dc8ce359405ed77e37fe0e896fd9a55c8717bf63343ee4aaebf6c5e5340555653125ba
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ee37feaa9a358b6a85d66e28d28a8afd
SHA1b5cf6ab633a211da0872b318ddb59c6619cc7d9a
SHA2567bad1ca38a858a3af55d04ed973512df016521912fc5718207b6c91a4b9e8a7a
SHA512655bde82fd395e00aaa3ce2b480baf1838faf03a0ebf91408bc46cbf8164a06ecd8485f5d3e9aec5ba3a851baa660c806b069b6ab6a9ee40aa40c5d0d4e6c372
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dfc440d191630468cfb07c1b65139f7c
SHA10b3a40a11eb04851ccd799884f4dd1d94fa76f6b
SHA25634f000412a24402c3680068dd7d762b5e2cf87c8fd0a290946a93ecdc6bfb296
SHA5124d65e49211d46fd32d9328cd8c8f8ae6353f636ddeae5c49c183ce4a2d7472d96161ad775959a0c9e85d9aed422cd57178cf52b1057c238e168b0cbc3fca5d19
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50ef5d305c968cb36f004f6f272e70fb0
SHA179db7bc2255db38bb1a3edfd80d73717f20112b0
SHA256366fdc808c5703a2db5885d23de06864786c04c9bd4425fc29a4bc45ebb07117
SHA512805e2d96a40a8bf16ff092962d9a8596d5902c182fa89663ecc4d519614d9ed9561b5294cce0eb69987cd64f32a4ab960b8f0df26029ada5db35f82236029a11
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD558ca67b2f79f203559952069d31032b4
SHA18415ba7d7abd617befe5682982626daae0ff3ef4
SHA25606dac81852a1e00fb0fb2cad8607117a8a6bb707e38345f6d5d355f91a843135
SHA512a1c009ca232b8a42b85382c68779e6dea0500b107c48251e7171646a7c57542cfd6b1fe537b43b4cd9a4d1a161905cbb382b66a726d0469ca4cc1b704d2077b5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5079551689f4a8e208cd806827f432b28
SHA1a851a7a03e43299dbf4d343ce1794ad83ccba38e
SHA25685930e9d6d41f258a420836ba97d84d6f6ddb8606ae0e41e1a7bde8736c1b2e6
SHA512146fdb14962fc0437f841f6168e9597e2e6d01334634a885c4dcbdaffdf154a1cf84a479b35ae3964d20078fe9a7ba5b0d51a236de0037276bf46818f4bec477
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5af23249f17af59e25bad7ceb726bee99
SHA1de96b5ecac38a827c83890f19d5c154148f10b5f
SHA2565badc653dad9497e06e898679f330cf5817c8a477fa18df86b20e2abf1042688
SHA5123f01c9dfc3e2ad641634e36742ba47812ec6e35a363df5fb27df58fcef5a573af540a2afcc11809c4373ee45980dc38a070be459b84b4f17538185b1749f18cf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b7713da422333858ce66334c9d43c97d
SHA1dee086a7c8291b8ab6935fdfc2206870c32aa43b
SHA256302a430eeb9489693e39cefb208a08c17eaceecef859b6deebaea3be8ea878d4
SHA5125e316ba4416a491e698e372b36a5c84ea1e81ecff96d95a2f186494a4ed26aff63aa08c35efbfb01e982fc880ba06fe32710f5e3cb57aff447e92f462171f935
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD575f91399e69b07a17848ac8d82105556
SHA1cd29a7aac1025d3bc38f3f1e0d9b5191ad50a234
SHA256bb2f81de688e2d8daaa26a8dc3b344a508d09b7d94d5a4e5c034aa595e31bcaf
SHA512bee01f5a9ff59f4e9189494d5a426f65d0d990eb96716d8dd7b6f0d299b5d721c642f19d1328443699ffdf4e91af61dc470d2df5f7b4ac1c552f04e6a2f21540
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ce3010847eb13e5d6e47587aa38e6842
SHA16ca8f8ef432b00bdcac6b3ca180b3d90f9b7b063
SHA256bb75c75ea59c4b1e4f5967f8c61d4684bc1577305ea6e5e7a9b1225dbf68f6a2
SHA512c08c51e58c51343e51525de74bed8b8ef9eed4fb73a435e233012e3d1e1d32308128e68d1c39f5280779f50441464475d31fdba6f829f0e0447edc18f97519dd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f20dce2b9f867f8759a3148d0ce06650
SHA10e14c101adec61e397083a44a3c7ddd1158f681b
SHA256a298f790188011d755785d0d03c33429964fdb93986dbfc33153127e2e7c8ff9
SHA51222c29b778d8d034d1192505ab0a70ca2b3de1a0bcadd05a42fb3b3eba7ee016040e51c7fcbb6b75dfbafda38f02406b09fb69bbd650b875e7f9bc84a359c2ada
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD593ae7549967b2851f7365214bbba5763
SHA1415514884d393274749a4d7fc3da040b6b97fdf5
SHA256453cc67002ea27c3b30e6db56983b1adba8151e1305972b59ceb231d30da0d8d
SHA512ccfccee015c3b0531d288608d1d804082acdcf5a800cc97364d4e384f7fc2eca0ed433b2167cccf4d4954b68cd582af9e6f20adc48c02e77e5277c49a0dbe754
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59f348e6e262edf1dc5e963580f391a71
SHA186dc89025c315ba7e000fe966928d4c2c18a9ba2
SHA256aa870158e4da8a4ab06eff4bdc81764f030db52347a1cc25b92a2f53661d13fc
SHA512ac215060f19efeae208b2c27cc2cdbec53a1c594253b3e45099ad5f0e04d798022558a0cd3be28b179e73cb82697a95c945cf03d438ba353054f7ef20b8efdbe
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52ac8b296cb421fb63aa94c6800d80f16
SHA1fe96fa27316c6359f793f2bc376a7ebdc361a0b8
SHA2560a64fb3ddb528274610c9e6f08e56b61f6243013ff81aaba9bf4c5863036b8dd
SHA512c5b77f3bd5b2460e87a2bf98a5cfe502ea46e83bdce5df55696a1e95656018458002739981453259acb1fb0ec438aacf12b3fb3f31882515797b94a455b7e4d1
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b