Analysis
-
max time kernel
122s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
01/06/2024, 20:11
Static task
static1
Behavioral task
behavioral1
Sample
8ba25dce5473aca6cba6fe65d267d69e_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
8ba25dce5473aca6cba6fe65d267d69e_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8ba25dce5473aca6cba6fe65d267d69e_JaffaCakes118.html
-
Size
3KB
-
MD5
8ba25dce5473aca6cba6fe65d267d69e
-
SHA1
2c015ffda1fc5bbac8254e40290bcaeefe522dad
-
SHA256
d60ed58e82d5c28899cc0e88fdbe407e96cd9b4471f32163a4f050702033e1cf
-
SHA512
cbf8dc5528b37050dc857bd804727b114d76248da6022464d4329a8ed7120f4ac5bbf36a29021451a7ba72dbba4b448ba82ab56d1b459dd0910ac90c7e4c5852
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423434554" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a230000000002000000000010660000000100002000000044696e824310295b46332dd9dd62f7769f3d70bd998e17b2548e2b8a9ed4bb8c000000000e80000000020000200000006889482220c52189c351f6f033794645920b5cafba1bd41eb2cffdd0aced5495200000002094261b3339958c265d83f441647523835f09547b328ab9a0ef7da45e9536174000000089d43bf39b04ba035fe0cf71edebe4c3735e9a2c8853dee2bdb186bc50f3d2f86df897b80e88bb1871925dca4e4967e9c360ee5172dc72034e9f2029caf46327 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b04eb2f45fb4da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2009A4A1-2053-11EF-89B4-66A5A0AB388F} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000d4006a0ca6671abf423f390c949f467727b56add3012986330d5f570367be738000000000e80000000020000200000005c1a2aa9b93be88d2612c8b22ba0ec2cf4586a6c5ce1e63208ef16ea235610e79000000038fda82b309def63821d4912f21f72246a2fd88d03876ae680acf7dd2d7e8d52c25895cd191d71923f23549ee9cd0631b6396f005715b4a85c8b51c9810f0f173828400bf1e3404b89cddd1a1709d9d65fc066d0db079d344d2b03ecdc89ec63ee04bf8094cf3f2dfb9fd2a7e55d753774511211f69ca3c7fe1ff28b27efb54d87ff49240b5665afa5ca5800e59a397640000000a380bc5428061898a9fc38b3b312f58db522a7112c87fda8e4b8ba60532ba3bd5afc71bbbe3f6e3fac20472efa71184f929387c7353984492a1a9b5861110be7 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2244 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2244 iexplore.exe 2244 iexplore.exe 2184 IEXPLORE.EXE 2184 IEXPLORE.EXE 2184 IEXPLORE.EXE 2184 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2244 wrote to memory of 2184 2244 iexplore.exe 28 PID 2244 wrote to memory of 2184 2244 iexplore.exe 28 PID 2244 wrote to memory of 2184 2244 iexplore.exe 28 PID 2244 wrote to memory of 2184 2244 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8ba25dce5473aca6cba6fe65d267d69e_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2244 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2244 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2184
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD58accd3cff22c381e607e3d17ceb21ade
SHA145290f29fc5ca9ea18104c3ec57847feb59175ce
SHA256551b24c5c6369fa68e872ee7e3b8413c4e467513f9f84062de7240473542a112
SHA512e2bc18cee2ae9ed4186cac9b1d88bd6df3903ef2520edf7dd655d1ac8e30067b2e1f6308726933395932d0acb6e538a4bc790fa263faa6ab8cb83802162e4f11
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5a0ec7ee7dbbd7c66290abf37030da5ec
SHA118e8aaad85f6b2bb6891c0b3ddcf13f9797b5bb8
SHA256889db0612eadf58e8c20d2d5b8d6ad4d2e03dd4e79e9dc4dd81a8ed0478ad73d
SHA5125ad792c1fb71653f29959b5a7288906eeb64d9124e9b7495e9af38fc55fc61aaaae04b4b235fbb3e1ab36611d5e6dce29d798b5babe5f52fc2b2a0b1aaae2d06
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5a3a48ca3a515c434ad7738a9dba6175a
SHA156849aedd0c71c4a39cc9237a2ca1e0fe5466bef
SHA256108bf5c38d71bcbe9e3901de59b861eaa1cc21754ba271b7eab585746894eae0
SHA512e187bc0f62b5d51559ece1411b6c45ac02cac5ca2cb268b0af75cd77f12a090d17fc19e4589a057c2d4b793abff519d6f5d3223d31bb88d8ec0228e6db65cd64
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD56168c4bbd0d96599455830e4d9f35eaf
SHA1a685af02e72e27b2882807b9d3dbc4d8204ca88f
SHA2562cf2cbc299c4c9b81517071379debd1cde7b93216db39399a1d314764f9a8fea
SHA5125d03376f0764e43a52a900219e4de3cc37b601b65f4e915804172dd581cb939dd61b39283876ae63eeaba9ef87fe8ba9224c46e265ea882859dda3f1bcb165fa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5e721631361ea05eb7e79c4327120d92f
SHA1291379ffccbe6b0d1cb3e3ac4130a5eefe1ab08b
SHA2568756d3ff830959d6a1b77964cfdf0a1085cd8d5d48f172cd6dae5ee32256f9b2
SHA5120338fa3249400e7fd8530e339dfa98aa825bbeb6065ae78f1b2170e7a24cf29d8f7521288788754ae771e6e09c73ceddb1e07a27a7fadf14e70358e5c70f39db
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5cadbe8bad08e8fbf5a0d9187ce3f63bc
SHA16e6bf0b5fb17b0e879c5854cdf325a4b0869b89a
SHA25632db04c81a884812de24bdc3cb555242aa83b45c6d2900fd05ebcfc298a41993
SHA512e930af2d7c3d1e2702e053fc675f95a3141d3d3934e544acd64ea074b6b248a0e0c53ab61de87cfd50cae459a0ff9b5d69b42ca339199a8e47e691500fbe4429
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5f6a90fe8e83357d9689d3512b7b517d3
SHA1d9e3f44a98e9396315908ad8b1526e3c48671822
SHA256a9bed7ec6a811b14ba6fdcc12794617394ca37c3d605c455a65ed8631ca4780c
SHA5127145457a2e342372e8667f348c0106c4b371bfcbe8797be055a6febbd6dad3be7b4774da14f237d0657e9093cd62a7ee36e028f345db92c71f872e7da07492ab
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5c5720230802b7a31e8fb626113a53b91
SHA184843dae3be896454642b2768350ff288f77ba30
SHA256c0290b5890d4bfa9e47dd8fb8399a92b633e31cbeea7c165b5b8283b7ca1b7b0
SHA51228ad99d8130f791248e09d4be51b0f36826fab3a57a3b2825af80e57a8ea40b71cfa87b25cfd9e123d924abd8d2cebb15c9d5bd268e05affc7df57a1b6aad5cf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5453ba4e4f91875581cf75ee809ad7ca7
SHA138f31a1295c410fa9ddd5d0809d837085712f532
SHA2566f2829330088f8e3b4a3ecbfc361dd2bfe866eaea2dd21f0ff81148182ac9e0d
SHA512287b73d9ad0fdc3f3f661a20ae06e210610925ed316dbdf0ca752d096c9015ab63cdc39a0775e38f2705e82756662bb311e6234d30edd38ad1c73ec225ad613f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD57915db5e8e196d95bee1dd9d323ab426
SHA12441751f38098279db79785dfbd5d0e40a8e891c
SHA256dab58aa0a399d0c0658db499e2787a3da077ee114aabfe3d7650a5b7eff61de3
SHA512a6e5f7285938d9ec996dcd27ea6432b07b0bc2cb25a71bcb2dcd75f3573edd4f48f97e8d82c6bbd05c8fc568d720853041ca6b2bab1e036f2f74bd704bd83760
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD51c351c31c6c08dc7c43683e057bf385d
SHA167491185bb9aa9f885eda88f9c7b91ac63509a9e
SHA2567ebb7d7736cc52b6635a73b13a1fcd6a49aa0cac5a17807fa667193baf8eab33
SHA5124f77e2678d6d6e32f5f2a83ab6e7ca6f4cc65702f4bf4fe928affb1c9e252fd6f1a6384946f74186815bdc023eb9ebe86130ab164518df75f5a96de47790fc31
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5860d216d699c33419616135dd1a43a3e
SHA1bf1e154a4f3421551b16f5f3d9f9fb65749e09fa
SHA2560a2637806b7aaebdcc129dab75098e0890912d8a02734d478a57fe0b96a68b88
SHA512b7629a88aa5e564164a3225b0ab7b3b2336098b2293f95c8cdcd2b0d52e0ca49d8648f903a96ff6bd5d3f7e3772488d6a2de7daf08ce0117f4ef07b30ad79dbf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD511e3b2cf09ffc2f879000e3d696b4d48
SHA125fd1b6957885a357401f967ea8e6a4293f1f9eb
SHA25636deb692956b62e2207382a1fc17473f1b3f2bee03a79f69815a125c27ef9e62
SHA51226902117396cb36afdd0d0471cb8261dc179e29d282d7ec84b22cbc6158676ac3b034acd61366d2cd911cf0280a34c6d04e7201009b934a428d68ba5e5ee45d9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD558a773be8b78452aab3b55096373fa93
SHA115989a7b01aa3174ed379530a4fcd0e1ed2606a0
SHA2569db7c8526e0982351c3efad72bfab192a997c93f0cfa5ffd0cb770c1cea3beea
SHA512996ccff6aa66d834176583fc3a0d902afbeaad362875e49508981229b4fe7bda9f8ca6e80f2eedc0c8a943543d9a2e84fbaba31f788d7d6527d64c1146b1f380
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5ee0976aedcad650a3c6e9ed2e62b256b
SHA193c5347af4194dea62485e674be7803a35e9589e
SHA2562673c043981d326bacf3796b90fc07688ec822742d17c4b6b629a94fee0baa3f
SHA51264bea53e2decd72574201d54e606f2eb2efb7c833571c5b332481cce2237d676f3d6dabe06d189881241794b3da1c58de39145b43c443f04693065f3f8a4c9cb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD587a10325c50e8f5ccac66f2bb9620865
SHA104155f9122d26832c2dc4c917548a704367a6334
SHA2563a9d8d3aef7a5b4c2a1bd5076df4db911897e12dc8526bf0ed91230bbbc36c43
SHA5123a6992f53e85bd29cb22f4b3ea571b5e5d2e7ff57f90450c14688291e27418d18aacc10b0a459cb18262b09103471d4e20c362da6201238c622d2108cd8ae152
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD52a87d6301eb94f8cc0f59d02a0b9bc92
SHA14f9f37d97586904a7bb35faea07fa3628e44f92a
SHA256c7e78465a2f528104ed410f09e76e6dc8f4eed55b5a40922abff69b46aa9615b
SHA512e086b96d7c81ae5b0c4d6356a6bd0166493b4413b11cb0f730293233f1dae2514991d6e0fb0cb4c4560d003c0a0db580491b2102086a97809dba54a53de77c20
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5f9060e29d3c7eb7092ab67f266818e46
SHA143af05f26a62e1aa7e10c3e5559eb082a7b5a306
SHA256e65316cdb82a0dac4e9397ac176252ec777486c100064e3da344d17e88b07d5e
SHA512beeddeb3ac97f711b595b8ab0ab7a3170c98d0cf89a7dcd75152df35fa1c46ab76249237af1972b4501a6aefc2a775f6f89e5cb249f4941af77b881c877d2a94
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b