Analysis
-
max time kernel
121s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
01/06/2024, 20:11
Static task
static1
Behavioral task
behavioral1
Sample
8ba29da9718111f458bdb594460e5c78_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8ba29da9718111f458bdb594460e5c78_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
8ba29da9718111f458bdb594460e5c78_JaffaCakes118.html
-
Size
30KB
-
MD5
8ba29da9718111f458bdb594460e5c78
-
SHA1
72846c27e38941cec55797b7fcebec7b1264a21d
-
SHA256
2eb18eea92a0dc845588d89c7be9b49894ceffd14050e6d1f21133338591e146
-
SHA512
ec39968c9e25bc799f9077b25440724a67af9b934f421c3bec151552188f92bb3957f4a86e3ece15ef8b5cd4cf3f88b3a9f509f3ccf85fdeb40bf3d18eb70f35
-
SSDEEP
768:BpHpzCXCXC5C6CpjzG/rjR/r59wkKQIAVO:Bhx88UnAzG/fR/V3O
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423434572" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50ea632060b4da01 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7e7c67a1beba243975114ed97cde28600000000020000000000106600000001000020000000ac9cbd9a84496fceefdf4289f86959ab0f1a176716b113f678997a437fa18325000000000e800000000200002000000080ba631c62b75e954ef8e445ad63d6d74e993ccc37ffc210bd4dbc94ded13b5f90000000b6b6f9d85422e269ad534452489d5f2629bee1898d78787b422c1c6c1e558855dc142b5ac89330473001055c1e2a42d725ce431ff3f1e1af4cba7e6dbc3af76c7825b6baeade59518918c8f664c04579a408b369543be55f847353669550f1f710f8a10c000de97b37145f640adb135200ddcb08f92077704464e7af8192350cf0cb45e90177037a1b1d40ecb23f0292400000002505b9bae49dc6746b310f8f3bfae4f120553a775019e7c93cd018a8d2665cdee052d32d2c2bb29a7a024d14d8f72df8740d6a829add52fb545c14b9635b7269 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2AB758C1-2053-11EF-9034-729E5AF85804} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7e7c67a1beba243975114ed97cde28600000000020000000000106600000001000020000000c5e2d769e79da289df0859629164f18cdfafab2314f9fe1fa12d0aad14bffdea000000000e80000000020000200000009c59b8c84ffecd86e6ecd9b05f529a2c0784b1da39656bbab403a9f43bfc701120000000b9687f1268ffc5af47cdc57da560bd01439f8a82d300a04dde6b1ab1269acb4f400000001c0d057e7e634e1fd48ea02c68e75e0da1d2017e373f37520f6ec6cf0a2c4004fffc45365d8b061b7e2cb6f32a5b2552e5f328c6d874f43f9e3cd4327c56ca5e iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2420 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2420 iexplore.exe 2420 iexplore.exe 3060 IEXPLORE.EXE 3060 IEXPLORE.EXE 3060 IEXPLORE.EXE 3060 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2420 wrote to memory of 3060 2420 iexplore.exe 28 PID 2420 wrote to memory of 3060 2420 iexplore.exe 28 PID 2420 wrote to memory of 3060 2420 iexplore.exe 28 PID 2420 wrote to memory of 3060 2420 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8ba29da9718111f458bdb594460e5c78_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2420 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2420 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3060
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e5334dae6575bbec503d68ad3712b8d0
SHA137e877daa91d4e663dd877cba10232dbe026d9fc
SHA256629c3cfa27563766600e7276be9be6419c4ff45d63a57fafef8b7a4eefadd6fc
SHA512a2794c9b01a4f7d1ccfdb793bc375f2528e5bc44e13562eb72cfa775d09180422823f062495d0b32ef51bfb416adb21996f35a5b6335c35536405e8d2b73c58b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bc9b9285bb578cbb89bdd8e78af3497f
SHA17ba7726a4d3fd1e53216c92564e15962661056b2
SHA256e76305d9b1d4d0b024c0c21561362e3c25aa223a73287b17b7d4abdb24da9cb8
SHA5126379d9b90a27e5774e0958bee325e5676cda2adcb4e19fa839fe3ad713d00b901a06b2f50b344d8552b82ece6efa69da4b3b34a7a199a8dca59042ae60965069
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD589098621f6dd3a9d30ea105384843fad
SHA1225f9729e25a7f6163f102812ef27c41a0e95ad8
SHA256f633693513d23cec31213f1a3110b419d0a6d592b0ba2d96ae91f0c061195fe1
SHA512f2217cc3fe134a22ce63c6049e5f42de9cc6cd3c62e0048c87ce447df1e4ea0de39bb52d1473cba01052e67b34e9311008eded032b7b6681edfb16b48a474797
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD561bbb03c37d16a5e578de6f281f283de
SHA1b704b58b95b98690e6041b373e5e94c22c88c1ea
SHA25681a6ca736f0494b74ebe319305e6e10dc3ec2641a0329d2dbf0da708254a8c13
SHA512f14e23b0180331302a3e87583ced7c09a81e3e889fd82f7618ce6b61162ce06b6d50300863a000add186cf63d7f909f4c2df535eb9abcabe5af03fc1460a2e92
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD518ae8decf011746c20f4c7126dd7201d
SHA11e76c66ceb55d17ffedfaf34ce1e19344c35e749
SHA25641de7208086aa70d8fcabc4e56ae79054257223024d204454e7f434d71b0a342
SHA512533d2ac25569d7975b900e6b37e1f246cb724225f58585eef0af2bdb67b7a3fa04b492de9b227b58927ec38804cb37855c6f28458f406a30e6896b32ab1d99ce
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5336a7767343f27fdb718ce98f45940e8
SHA1d5175fd02d4d5ebe1038093173ebf998961a79ff
SHA256b9d787b8a3cc671d11336972b06454b4b3cfbfd46ae5df91c494a18d9063753f
SHA512b574232921dfb982b807b993c154f461fa36de0870d10213b14a8a395ebaf78645bc137c12a4a1a90c27a1da1bb5ea78301a7cbccdf543d68bd12fa08c70a6de
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD525fd04c7229c9a4d2ea4104524e6a578
SHA190fd255dcdcd3da4ee962d731d920b5f31bf0765
SHA2567f6ae5cbebd7ee39de83e1fb700ee99805c4db9bb68ff1648b32b5d4edc5a9fd
SHA512f46941257653a77f166c312ce4635724968ef04b1e3e6f7c9f8f6962d2014ba4fe69e1f38dfe731a3076695cf217a2bed7b4d4dedde768ce1ed5a7fea1cb2976
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ff0f659aed5c20d17fa0d81e20f3a9f0
SHA142f4a176031e118639b5225b9937da9203487f1d
SHA2562729eee0793fcfccfd8f6e7fb81ad93ac2463a8d890c1cd12124c15decf8b1d3
SHA5128336dec079136b85465ab773488c887632c9a36afb2fe69a117d2e3c03064937a413bf827828cd087ce4aaf0f8ed27dd4948cbe5be4fd716fc27bd6e8061b110
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e3a6c0d9532a108a2d973cf780d1fd87
SHA15863725519646301601d5a872b91f91b8544e80b
SHA256f983e5fd65173d8704ef27366a306e2f66fa48e0ac6d3a4ab47fed5a2169f151
SHA512e73b4365a5f7efe0c4698b88a11355febea7eef8546156eee7b96f6d46cdbcfca4757fffc8e45d3d19971dfdabff8007a17ea9e1e83e451f743a77f71325fe8d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5375986cfa9d77d0a979e85b392f573db
SHA1f7277fbc9ceec9d5e50b700e59a741fbfaa38b24
SHA2563381f077fc82e85b9d1a1b667147690a4344b4bcd66965cd5e95fb2293389ad7
SHA51216515f5c9b572ff7cace0983e332d8849d772b9bb5d321ecfb4dfcf5a97fdda4c84f05a970402dd33b683c290a188af0f3dd7cc0ef33c579a97b159aa378ea6f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b5ea8350e618d05628a4ae647f9f7245
SHA16910f4564c8bcf74ebcb117fe0f6dbbf4b2a6b29
SHA256393c6b72eb26a009dfb6805ad70ba144391afe9cc8e4934fc5e61aedf7e72e9a
SHA5124242c40913e6a4b8a0fb56d3f08f35796a0b31783f6665631d92291b8d1606adffabcc69e79c4f6946d309cf0b54a3b92957b54c720b130c6064fc60ba218acf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD556373b9a2fee4bd32a6390c05e0629a5
SHA14b2ebe7915468e8fcc316aadedbc7210959b924d
SHA2564a16a7ae8060bf58b823388ad0e99c2e16ff76fc14414325bb9ca28f7509fb2c
SHA5121bdbd7d815611aa75a1475a6b5ffa65e65756d53ac7fcd9115b6f768e9806b02af11db7cdb55e26f693c14fa1712a67d999f823d3f62511dc11f62ba8b2a1e1c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52da69f861a298e5e6ca9a7202c49f282
SHA1d4d274943c18e5ac032488f952f7371e45a2306f
SHA256e8d436baafe5517f21a9b1caf6248ce5ed876878008934de6e6be8646936e85e
SHA512630b587e205cb241ea07da4af452215998e7fdb015ed07ed89ef61036bf7cde6257b003c77cda0e74a4518a03e5c90e5d28624435195cbd4725183e922a95c8e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5be2c226e913e52354af4f3d61b86706c
SHA16f1ebbd1db155caf738f7fb5bda5c9f76dc92a22
SHA256c17fc7b70a74147c6a9b6110da2e26ff5b8c20582c3719896fac3f2d77acd524
SHA51271ed241962921fff70d9c1db155caa5a7716e4d0737a92f8f0b8ca655ddbdf1659fbf7965e72b61f3bb15e51794ed8d01e527e36d7c943361ee88a2dac9cd01b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57e170d08f696ccd814a920fa8d0dfea7
SHA1f1deff0eede6307470e14578d43439a7d6d4c355
SHA256fa008b677f71f92c74b4e2df507f95677f2365993fe1f2d7da8369b37b513c4e
SHA512c7e880ddcda532d72a1420282dafe8b7e9bda20802e14bc80f6a0542ec99056dc6b17f5b27e2a8bc38b1f9af5030b9ee01f2ae0decd463e87d86020e7a06452d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f50a227649178cef70475cc536b222ec
SHA11930c53b5eb445dfa75b5da678a2a2a1a10b663a
SHA25617d425ba94f31f17eb1b28e174f7ccb024284b406029c0c5b5d0f103d424deee
SHA512b73ccd667d657dbb52783f01d36feba96eb48ddd8028e144005a2a305b97cba496bfab621b74d0acd7da4c8e852943efaae78a4b18dc278393a8a502c2a7dcf3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a33d92f0fcb15dc0ef419e343c79914d
SHA12bc3611018e40ef3d05bd25cff6ba1f24b684145
SHA256c8026c520bad004fca79e12916176824efddb827ab3d550f6db04732ba243597
SHA5125077dcc8eb546b38c2d0a2fc7ba5e75f39361da529b11699c2b6e81750a6f0a79b6d8ab67d90a51c4f9f5c8e1c79c0b4f4baa12d73137a483cb8235dd1c4ad95
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55d39602748cc1df52aaf0b065bb1e096
SHA14c0fddb04c9854d3cdfe4735452b737b28619ca5
SHA2567a59c2566719f00961183f197230ef1cbd10077f3a6ca2093bf3ebaa376a134e
SHA5129800817f5408000ce79a1e2db4e8e0c396ceeed93a6bdd7c20b4859e42d7a042f149303d5e5f3b4c0611465d439222bb04a1da917a51260d52e2c0e2e2725be9
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b