Analysis
-
max time kernel
134s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
01/06/2024, 20:07
Static task
static1
Behavioral task
behavioral1
Sample
8ba01884786db21554228f4f07a43a90_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8ba01884786db21554228f4f07a43a90_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
8ba01884786db21554228f4f07a43a90_JaffaCakes118.html
-
Size
496B
-
MD5
8ba01884786db21554228f4f07a43a90
-
SHA1
83807d967e96657c640845b17dde7b80f6e7a35f
-
SHA256
433b5b37e917ae98a1fbc86744834a6dd1889314ca6833747f57191af90d891e
-
SHA512
95307d0d240dfb3c21a7ea0dfc6cb4ee093fd8b112ac641dd09cc165b62943a6fb08a5bff781f2379494f1c05b5f58f3670fb23f87cd553ae7dccce54df63abd
Malware Config
Signatures
-
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{99E82E01-2052-11EF-9891-EEF45767FDFF} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a58ace66fb2ae94baa2183525e2f0ec500000000020000000000106600000001000020000000b48be4cc3c227c6f5bbbdd5d8b08a37fbd53eb33ec4ef323832f201b922f9a7a000000000e8000000002000020000000d43833722c52a10a7741334a0a9a5604eb240463934a308ae0e1014c68b77860900000005d52af45d56551c019332c0b5ae470cd7d5eaa4ad81ec63321b357201397d349681b3c23400aeb4be9e369cc1214bbc5a9f34ad24e73bbd64e8cd7fba942ae894ecbd151d95ec80407a4a27fcecd6359b255f063c0e093c9bd3c0606e786ac967fa4079bca3db7e839f2340688d2fbf0cc3d0dfc2269215ee86fe0d80c47c9cc873c1e6f4d90fd6469a765fc85bbf1ec4000000055a0915f1e1b701cdea51a6c703882dead2c7b09b445f43cbb062d5f963ce48d584cecb7ef102031c344d2f88f9dd2e1164951dbc98ef6fe3606b5ceaf499146 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a58ace66fb2ae94baa2183525e2f0ec5000000000200000000001066000000010000200000006ab3cadcf83f44ffe7d75215436e0ca9038b48f8c9969bcee329256b209bf55f000000000e80000000020000200000002f3aa7220d62baff66ded5cd9ede2f256a27d80afb11026805d6f70d969fd30920000000747d0d18eae8bc8ef55dfec2f92824945739f536699e7fc6df02c64c79f439f840000000f0ea301d01826c6ed6c227a4879da3d7db39d9935ae4a7001c642d04e0e9397b478e9f491fba352b46813d99c3b99ed96e58ba5e5cfc77b9da202ec410dfd85a iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423434329" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7005726e5fb4da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2080 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2080 iexplore.exe 2080 iexplore.exe 2944 IEXPLORE.EXE 2944 IEXPLORE.EXE 2944 IEXPLORE.EXE 2944 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2080 wrote to memory of 2944 2080 iexplore.exe 28 PID 2080 wrote to memory of 2944 2080 iexplore.exe 28 PID 2080 wrote to memory of 2944 2080 iexplore.exe 28 PID 2080 wrote to memory of 2944 2080 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8ba01884786db21554228f4f07a43a90_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2080 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2080 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2944
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5701e1bfe678dab0d4d61cf68182e4905
SHA1cee4e2e1810436e03211775abb82c6a5f138d2ee
SHA256edac99930b7b522d9b4dd35539c2855046baaf000f239d1bdb923157f32ce002
SHA5122b16f8fff75231bd1f693feeb91d9de8cc5cf5eef2588a72583b991842ba04dc8ac9a6240f352dfbe3affed0ec490a007e0e41b572e231403aaec09d1cc4373b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57ebdbaf4833b902621282a707d03602a
SHA13165d0bee511edc21e78b54b3bc730232e768767
SHA2569cfa2749f5bdd07fe9d4689d315ed2dc1d2a7d25e1a12195583892636400c4c9
SHA51293b59720229dfab39f2979d62d2d2f87d71221ce6626ad60343544611e865dd054239348bf4912c694d43f6c3e18fbd92a0e4ddbdd7083fbf5b61b4af6296a86
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52e1d72f81a4ce70e46150bb87df2dd95
SHA127848214b6fbb27c2929f43746af500f2aa52cff
SHA25653dc471de3ee7c7d9919f00d6fb19d927177645c999ecee5e0567b7e1c70d5eb
SHA512678279614d11aff622ab90f2a5e7a55377ce65017fd24cfd80ea7f9e316f52a396831b3279a45fe539a3a5cdc2b646c79c88cf48b7757aa23e4078651501fe29
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f6883ff7791c3100b3a576a783caeb8f
SHA1c3c4d078de277f03cd2ed94edb1bfa02da66ab30
SHA25694a41db67e2f3eaa7d18c3547deff581e47bde702a2bf4e0a6d278792234180e
SHA5124942c7d2ac7a2547a21f37b04ad6537ff3d28569b65ccae29dc8ad24fac58e7f3295ea507a19a690ad2214a5b903f85bd0753b1df2a8895b8dd206317476b097
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54007bc4247070c414b35a9ae21c3f2ed
SHA13a44638230c3fb2eefcf297c1d3eccc284fd5a24
SHA256d2caa1b2a3da8276dd7f19d498c68e77bf14ab7db58a9fd97c85fb8a5c1af11f
SHA5121ea983a4242ef1bf4c26b8dd712f89cff3b38b679ca4c4201fbe57700a5b12a33a2a6625c78af6ba26ac0dd0c545bc6b0605ca67fc5dcb32b6ec01a22fa1eb1d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d23ead1133a8dcf3c0a223309ff54e13
SHA1347da809240f7bad324e70ba9a3eb331e43cf24a
SHA2569db9e86f94b7ac2bde74bced1fa05427f4d04b78cfc974f57a24b0701f793482
SHA512c1ba93996811bab08bea3b0a5af7fa22ea3a60c9a6cbaabca0fcd5fdb64f27e71a5bf025b718abc17bcda2da658b9b8b8ceba6ac226b861128d64ad872c4e041
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b2af65f60dd4cf2319b236d2b21a1a71
SHA1ce04b61e3ec8b921cf406f6eb000134ffb3d4f2b
SHA25695a5fb90ca91e194967a9cfb134f6127101a3fd90384a90e2db8ff4dcfe84759
SHA51208f2d4a11e19c3b1898059148d1bf5cb6c717635d819c219ecb893c2e0a4902b9f664f60f0ee9df8e013d34f71e8f35bcd5ddf376af5458740dd94b72a771dfb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57d19e135b56d4eda5d6a357a8578e787
SHA1a217f6eb7dcb168ac698ea771f88dfbda6d0965d
SHA256d5be175b4d085432545bb29bcd857234bfe6fe1eb1137488e12e3d13aeefd772
SHA512cd8c2ac55a5ecfa6139b1cc3c9bb9a1524fb20348a3d7db82ae15edcdd220498d25c6bba0b382e9e534eedaf3b46cb6cf9f33a581b37a1cba6dc2a8fd630b242
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ec47c77fe407a1ac4294dbe9481fc7f9
SHA1940def05fd07040b15e4e33aed6e808855f899f7
SHA25665edb1b7a1c9fee23e308d7318022dd3fe459943acd0d89a3f4491b98860708a
SHA51298dca820d6c24a4f624e5f54a3bf19976852bf96cbafb73c27dca00e0e9c53980c857fe1a7cd92ac2f19bb6b2f70b6bea1ba713ae22b7d41818d2149fd314d17
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b6bd91557adb7ac23c9aa50514f1b5ec
SHA1fe54a6b10d3ddcba72697431d8a95d465b24cb01
SHA256571c84df4377da5f7f828797a83e4ba812efe7661031fb171fe6a394f6086c46
SHA5128c47aeb3afe1c7e7f64e56a4ad24d171aa7e1822ca6a91bde1fed7cded979386029891ba32a918dda6e21e2016b31f48ce2ae37d7a0f0bc1f956050cc4f21629
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57c7bbba0fa64833932389a64f1b9b783
SHA1412f59d36038e98fba324c5591a17da823ba179d
SHA256c1159cd10068d252fb1ec052671e8e4962ff76088275e8c7cc737faab99154a9
SHA512810b38b0365a132b57ab501c5e3e3a98ab56c7dcb38223dac1676d8b88732391fab91b607b439aab907ddc9a7aeddadd1b6fafc12605904b6d4b33ea81b01447
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b699547392cbf9e6dad05f90785c83b0
SHA10d53b9fd9908c3c18efa93770a4644ad737f1618
SHA2565d926fad1613e538c72c263a5f64067750e3ecff03adc2ebab9a7cd9de703a13
SHA512e3cba5fd26adfe4410cd8b9418c5f95ec8aaa785d7f31d775a821d4c2de292be0fea8c9c0e7bc460ba668e4a20caf999f5e3573e4b673b59ae5be2394f730d8e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58b4003d46ab7db562236865863d0dd88
SHA14998a4bf3211c94506cc9a8cf3c0e69a4e39c00e
SHA256a96dcc21316202c05dfd7ab9ed1760c6585d23d117111efdd42d92df1e91a7a4
SHA512e69d6620131a459ca2d8989fec969a4de5930b2e73381eeb3f7519be6b54802ebc0f9c56cb73b0fe75edcd7b3091f07b650f05b36911488aee754a9fa2cd2a3f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f7af9b85131411547a7578ecce200f07
SHA163b92878e31403cb9cdfd194fda0beccd4ea8425
SHA256005c8e6917021836f402052a5afc4b6d30b513c1c5353d12bd28b878b7684a7d
SHA512a0ef3049f1b66e51a56b9e1bac90d74eed421eaf0dcd93bc6d81ca65af00c00cb04cd48225379e36dcc6a1bf9d64ed717320181e71448304bdd2fdaff3f11ff6
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b