Analysis
-
max time kernel
138s -
max time network
146s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
01/06/2024, 20:07
Static task
static1
Behavioral task
behavioral1
Sample
8b9fe4976275398d96e43b492cac325b_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8b9fe4976275398d96e43b492cac325b_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8b9fe4976275398d96e43b492cac325b_JaffaCakes118.html
-
Size
73KB
-
MD5
8b9fe4976275398d96e43b492cac325b
-
SHA1
fa7f6fe712086861b3a0e02fba74fa77d108fd14
-
SHA256
33d090cbfc0b1fb4b429e17a3fe80c6917ce00cae220a50455a1a2cdd1b2285a
-
SHA512
ce6007b60bc916460f9760431e0fd386431eec74136d51dad221d76f90c6eba17e4f627c0aab087c65f53421af06cd1066f0e21b8467ce0297e9f55213af916c
-
SSDEEP
768:Ji+gcMiR3sI2PDDnX0g6s06AjTjWbTKTfoTyS1wCZkoTyMdtbBnfBgN8/lboi2hX:JauPATzNen0tbrga94hcuNnQC
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 4072056c5fb4da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002d372db91a2bbb42842a140bf0bc512500000000020000000000106600000001000020000000a9b76b516b83f34cdc928942a040a089a0f51022fd56a2144b964234ac905947000000000e80000000020000200000004cc50ab9f767f05c1efba886be67cad681b5d60ed088ecaaf3cd5c9e4026953720000000e1717e09b8220cba6ee3ced0d8f2e6c0a207a82f10c0ea825d429d6bc1493eb340000000e8485da6b1f383db8612113b2cda3924fef15f093b3605ee9c7f07ab067479c081d48b2c4db2aec10f83462e2ee7dc39f8315526d80aaf1cf7b60e541d9a401f iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423434323" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{95D155D1-2052-11EF-AFF6-E61A8C993A67} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002d372db91a2bbb42842a140bf0bc5125000000000200000000001066000000010000200000005de8d25b43474dc198198b29f229f9de5924e00dcc888fd5cf0494e92f848ef0000000000e8000000002000020000000a17f516aef0ca6b581c879ad579f60984e2851634463f88bff06a98671bda62f900000003785193e872bf972cf23b848658a23a4b63d248a56148081e59fe00e660deff63aa915e2f1f5b8ff1b3aadb430ba3763d6a0d9cf638a124f89433addefa0e17ab99a84b9f752c8801db1de64488738cdecf5237f799cbf5a7a76c7ec9397a2152c3e777bf6a3f34aa1b83ad0910dd1f365338aa54f20b949ec1d3fd08f37bb340aae4cff588426259f858a250b32c033400000006c11450b08ebe93a70cf6cdd48cf9324cb2262cfbd65500b8fb03af34732583560bc3387c788a24a9bba545d024fc73fe8443b7fc7997e4489813f1f254c1aa7 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2292 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2292 iexplore.exe 2292 iexplore.exe 2540 IEXPLORE.EXE 2540 IEXPLORE.EXE 2540 IEXPLORE.EXE 2540 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2292 wrote to memory of 2540 2292 iexplore.exe 28 PID 2292 wrote to memory of 2540 2292 iexplore.exe 28 PID 2292 wrote to memory of 2540 2292 iexplore.exe 28 PID 2292 wrote to memory of 2540 2292 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8b9fe4976275398d96e43b492cac325b_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2292 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2292 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2540
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD536af0ef2307950874a1eb00051e1c804
SHA1a6ac7ea6160e2ad70477cbc2bb20ab9bd73df262
SHA256ee86eaa1535a071046dc1e927bbec61afbb3070cf9b6a92e7f9b030849cfbdb9
SHA5126698dca9255fa2a322c6b420965595bc48f5e1e22dc7f9097bcf72c4afe6f684da22999cf33c68f41a5d1ddbede1f7af5f0e39f3dfd4cfe5312eb471883e1aa4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5558be485c6d54d484863740843d4daaa
SHA1f9d1100eb68bd6ca7ec1df87db52c80aed858d07
SHA25655cd478b2af80531b326d25453bc41045fdb53370be8007da0241e4c77f096c0
SHA5125849dcc5685ec64452306f0a603eafe35910785634e5322c01fecd75482ae7ebca934cffe64b122eefe1c763c76d19a5178e18864762c481092aa70f463b35cb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD567f1488786dc612c4af3d1be3e464e26
SHA1579a8f551d0b6c2f234666c9c4c4c269f8864ea7
SHA25647d2a1d8f565fee454b58da19990ac6f088ba862215cd65aef97fb7c5960ee8d
SHA5129f3b6520b752b4f4d162649ddb1cdc55fd5eef6339e9fa9daa35d5fb247925ab6c8918e15121d50ccd6111137e8f1ad3a148e38dfa265c16f4d1857971d50cb8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e12e44a5d348c901a64ac890e04be756
SHA10bf7772ad2f079994174f7ba0967c42a3f116a33
SHA25652482266d4d52c08a5c89662a92d80771fbacbf352d9ccd77aff0617e3acb33f
SHA512c9f3f90a4c713f41d561f720ce1715173c0bb1d45362426be2c470d492f57740eaeb38dc2a107bfd4b60c366c3f12fd0bceff76a8ef3f29715a58cc9f71476de
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5354128d6beb37961bffa939141d256e9
SHA195e68813d9ba10a270071540f54d28235abe1db1
SHA2563d13b595a989e41a3dd12473f4e077d575279f70989793305b76dba07dc50787
SHA512ad08f6c309e26ff9ab7e18a7d71dd38f42bf6e978b05ac2eadffe9e4def1d1a1adea0ab292174088cd18c526dcdfc1a5d8a4749fdecec0991286f62743c53ff1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55f3239f82b05d39957c7d3a44b91d6e9
SHA1b4fa12e459fbd66266d81ff759ec3eccc073e2ef
SHA256a0034c09a883abeffc126d7dc4d195a4cf7b59c7de6f0945466ed15f7e5ce215
SHA512546acc25a73532efda265f78bbf1fc538183d8b223ea04272732eed1ffe89290906f37c0a4d14d86076cd068ff67d8efe352e5c99689eee9798a18d05f08b432
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD598087d990de44dbbb4194e0b6c4f4f47
SHA158e77ccddd9aaecfd0d1b0e3ef2109545d62e54e
SHA25654353d097c525a11fcd9ae3423f29dc8f98f9af86680ec3f3520c3e82a3906a5
SHA512ce64a6ab623c00ec1ccaf48a4990403ab3ef1a4e29c868f42f651a6d5ff06dbc937bd6fb6ad49d2c2e0631270a69359d758943f448be64923893af728618c440
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58c7aeab8e6c7c0a601aa4b31cc0d6aea
SHA1e37c141bcb0944095e3df7f3f93ca565e203f9b4
SHA256e3236ce1f8a4e929cd3db6471153d687c1aa541d268005dbb54042c51cd5cfaf
SHA51255cfbed755a86e82ac6fed5b79cf4c23f5aafa4b7481676d955151c8a544eb0010dcd7d740b1babcbf3dd593dd34075548fb76db8a027cede732996908278d0e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5df75a06b26d489507e842ff901880e36
SHA188fa28a8e2e5f5efd3be1a14650ea6bf6eac6dcc
SHA2569b0881d1cc1d529088341c772f2379f5c8f144c6965e33f7aacc5910c9a40b60
SHA512f4974cc0efbae6d9bb8f487df840e23ded63e572cfd7b02a169ef15e6a9db9425a65f812eaafa60605024273bb40d62c28fe533ec7ee2dbbee8a927ee6ea6396
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dc647e5261f673486e98c415e4f1d276
SHA1f9cbe0f140afaf405628a9f017dac13966981933
SHA25666271334b37b1d37a47dc31ab8b3ec06ba6af58a1fc19620db8403ca6d44d4ee
SHA512a8ce93f6b1b2d201c2be1aa5243f11b059cd361aa36cf2c6bc66fa3820acdf2560b4e589dd67855eb98b6f7385c81f17fd6cf8de24073d249eedac41ef583b7f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cb933613f303af86b0f9becbfc523a2d
SHA1fe04df80566341e714c84aefc4ff626ee6ba7cb2
SHA2567cf6ddefb2e14519079e23928591731fc70add870dbea0b648e89d61160dfb8d
SHA5126eb2054a4b836e733987790836359bc857c1b131f1a6639f4ab6b32157a802fdc4541da8410dc5c77414d8ead6033b569ee3997082f7359db60dad9db2065237
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD571ecee6f35ddc065d07902978893c393
SHA13febd3b7569ef2e844ed89c013f41af7f183e389
SHA256072c5475aad399727313b0d98a3980161915b3656fb88a020f72799effc4496b
SHA5120e1fba864ee48d6539c39b3e3fa7ad223aa5a94ce74419ed29772443b38ddae026692676cbf74bf72bc6906aab6165750e31d39f4d493d49cfc6785859e2c5bd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b094233fba650b625fab0f9f96266c70
SHA1f812edd4015f6554e782a9e67b21df450bccd393
SHA25617279a3365755faaea550912d176d920fa16c86aa25a564c59cfd4e37a4c6a95
SHA512a545e3b644c835febff1814c4dfd41b5a948cc222a4df0c18b95151c62ce555ac3e1638532d93ceefde5869b3ee6c5ad91c13cd945765aebebd98a74aa47e58a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ee8bbbc7ae347854ae7ef6021b996326
SHA1dcd536d5637424a94cb95be33031621c104d56c9
SHA256dca86964063e5033374d019818b4822909433957d9f53154dab18407c0b65033
SHA512f562e7e535ccf5d608471308ce6fd5d0250383af9a5b176b4e5c02bf15e54e9eec38c119a337ad3c8550d08bddcb78de1e81f8c8282f7f34f69bca7578662c4d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50c15b21414a302a875b19fe5bbd0f3a0
SHA18cdbb1a54498c9a44ee749660e731056dafe6801
SHA256512b514efdf2df317723f5a249375bdcabfe8dbaa33720feab2308955e3c00fc
SHA512f5895774d68b8213ac8338f9eb36f8045c3e6d6da0bf9a8b5f96aee513ffcdc5e18dcbec46b6b1e6e5776fa5357085a3f7bc2f96e539f6d9af5ae299ac2abd2a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56b1621a28e05ce4aa8c4c122c9317a93
SHA1e3596e839e4cf6bac6dd417732a2822a24340934
SHA2560457944591266b483dd2b9ed44388f292859b191556bdb7da8ee7db24e11ffba
SHA512aadcd1a7d3a0817f6dde6517f6ef3238918482a66f93bbbbc8ca8786535fe417747450c8032ab853b47d1210d03e05e4ff34e5472c11ca1c5416fc58cf075dbb
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b