Analysis
-
max time kernel
136s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 23:09
Static task
static1
Behavioral task
behavioral1
Sample
8fc1846c82f2d4517802a51c159b98f0_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8fc1846c82f2d4517802a51c159b98f0_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8fc1846c82f2d4517802a51c159b98f0_JaffaCakes118.html
-
Size
177KB
-
MD5
8fc1846c82f2d4517802a51c159b98f0
-
SHA1
20208b923216b44c28135043632b21c9cfe81276
-
SHA256
d23fb5254af9f099ecd6f89738e51b459bcad9b0409b975901da57d3f5342f5e
-
SHA512
65d1cfd74e9aebfb32e786f0604e345da7d5fd3b099f29fc52fa090c8fefda0a1aa2e5b157e7ae73bcdfce357db85bac2f4a85d170041f3ee6cccaf48b517753
-
SSDEEP
3072:gErWyfkMY+BES09JXAnyrZalI+Y6XXI6EyA8:psMYod+X3oI+YS1tA8
Malware Config
Signatures
-
description ioc Process Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000047ac2c48eb42ac499a4941f0dcb34cd000000000020000000000106600000001000020000000e23c819132fb2e1cb3385c6555b008374fe8d47c267713ea9918b35fb2343870000000000e8000000002000020000000e44cabc37415b44cd68b5f3529ba82b1f634e7c35e235dc4ac5375cbe65b96d3200000004b6f403306f30fa967961236d707b637335eff66129f1c0af5db024a812ce96c4000000051054fa1e5d14dbb94150315f28b7530c2743f848a3e41a754e910911a5226f26f8cc956243bfe05e9427a46df98313a36e06e07dc76e62960af06aecd3bb32d iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000047ac2c48eb42ac499a4941f0dcb34cd00000000002000000000010660000000100002000000026ba4ad0207b7f820eed5ddc8abd67d6184cea6e883f54b97dbc0a94cc7fef37000000000e8000000002000020000000b3998cd46ce3b82cf479324007e883171be97e7ac8610270508ca25aff27efa390000000e3c1df09c0a593e418003b9600429f3bf2035466f13594c16fe15938eafbea87ab59f344ab304691fcef515ae807a7fd4b5c0ba0158f00009cb48eaccd051ef044f946196fbfb5e4472484f69a28f3eb32508bf34f8bdada0c7c9dc4e289074d88ec72f618583b51f4bff3b1319f6d1d382c250898bcfc68d963fdd1346324b4d04df9b5cf8e5feca992021fe204a85f4000000018428e5210b494daee9c2295b7632cae8e06ea925467685e599cd87931f5e008d094f31e03d9b3baaf9fdc7c02b137c6ec7a4c4f10bb09228c5636982d38b970 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20dc313542b5da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{21A73BF1-2135-11EF-BAF4-4AADDC6219DF} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423531623" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2872 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2872 iexplore.exe 2872 iexplore.exe 2564 IEXPLORE.EXE 2564 IEXPLORE.EXE 2564 IEXPLORE.EXE 2564 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2872 wrote to memory of 2564 2872 iexplore.exe 28 PID 2872 wrote to memory of 2564 2872 iexplore.exe 28 PID 2872 wrote to memory of 2564 2872 iexplore.exe 28 PID 2872 wrote to memory of 2564 2872 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8fc1846c82f2d4517802a51c159b98f0_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2872 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2872 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2564
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56fff1ce4df4b19587416c63dd383bef8
SHA1a626ff960bf44c19e4f2e57d633a737413e0bba7
SHA2560f6897ea8e4e50a6e7bb81505b198397ac6e84e0658b0dca0880fddc68aa4a23
SHA512e13f705fae2a1d537cfda2fbf04e03147ea2fb1d071e6fff230e197e73af7850b6eb19e653afdbe66c2fb4ffb91b2d95853aacd585371fbd9949dd766b114257
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53e9b0d52b81f75703d4d84ae7b7d52b2
SHA1f0fcf2af883b9bb0b329a8ea9eac98b6884daad7
SHA256a7f32d6e4f4de830d8efa06c84a155658cd3e41107d3187e69b325209235bb96
SHA512eb6cc87a5f78c85d602b844fadef76bc7ca6ca4421ffb50c607497c92fe06fc6da0f51d42a84d5ba14d860e0b8e809518390a84c8c1e6258f3e6cb96a6374086
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5656077bd1ad661f258be7d317f32841d
SHA11b7ad9f70059142dfd1fb1c0c4d2b7a1adf6f845
SHA2568c25c4411a5840c80741136be8a48d9f32ce46996255fa9685bb55c8d9cee366
SHA512b871c217be05d5b1f37c4a751c474ca48c751922552361457c045ba14be25c0e714f0a8e9b56a5166f52bb0174b0c377dbfaeef0553d382d5831247f6dccabb7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fb492e836b3271b17d9965a8a7fe4658
SHA1a0b44b30b58a9e9197ce34a6be24fc18f4ea8928
SHA25653a7fc7be12580c1a9e292652bcb64d4e37ecafdccd79f4f2ec43ae9b0de6900
SHA51273c0b510bc0182299904c50bfcdf946c9d6c20927a649987dc54ce3148b180a5e6195d5a9d9511a0de5c813a86c17beba7a421c6899af053bbe86cf6cf0eb2b6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5014f1de09c18df936dadb66a9908e045
SHA1f6a0a0231d44724e04bb334f444e29ab9c7b57ce
SHA25610e3e681ca5d3949c0a35965366ccd31279e5e191d57ea6c0179ae1c680ea1ea
SHA51273b6370b06e4f2d8c106aa8d892b24fce887ca487beb709b74bcb5834f43c99dfc22f496397e05112dff285d77553f5fcf0ecd8a0a1b40c935c6cb11d5bb24f5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d8ec6af3637fd17917b4056841d6d924
SHA1f7b59cdd92ff4c93138f2a036c92caedcac59ae1
SHA2565c361b63fa154aef70ba6c5d7633e8c14316cc0100e080b53ca25416af7af200
SHA512163fc75bac716ae9a1d41420a89f15289e36e5383b6a6021da5841ef8015f8d241041024cefae007b59d76e6c5b7aa69935c9ed9148e96b7f30846a5bd9ce70c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5892c5a146ea7575724d6e3d9a73ad6cf
SHA14f7850e6fb598d3e71cd84a9db7c3c296fe20f3a
SHA256441d698489ce0a59501a3a25826f0713d92e620c2b3d7d8ed7de5d6b6d9da797
SHA512759836645f17fcd5ebc06786222d234b8bab4eb50be3a32700ca0e84904eb54fddffa69fa0d026236487ddc2b240a0bfc842b09324dd2ee9740445d89f78c524
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fb2616c5f52ad6bf62d02a416829d1cd
SHA161ebea453d4ba24af7e35eac6964d445a3cbe1dd
SHA256a6e0db248f7260a17eaa5a4cf3f35417eba458dcdb1a7c6e44309f93215bc517
SHA512ef87259b31a14da702ec6924438d55b6e2c5ba2fbd1337870bdd3f8db01bfb3bd01ac431e3ba54b75055b11b8dffbb35d89691e363259a447002027ed9617e35
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56652b830ed9de23af71bffed28a734a5
SHA1532d455be3da590c5be6f5b8c19a38908aec8a07
SHA2560650d8c293fa69720c4b95d541a303043fdab11d659e2f11fb12c5a42cf9c120
SHA512b3cba8510dde17d44a265b9bb272581239259ca97da295ba2f0f52fe5bf482ba7bc028ae6c83916e64ab9d9f527cbe369cf69c4e7d7229bb3cef88f3d38c76f0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ca7797afa26d53bc937e91581cfa6ccd
SHA11df56d623be361de987396e0e27f1eca3d313a32
SHA256444abc6a3487d9022e44e4911475330a7cd0dfb811f61b5f027bd37e36a76308
SHA512d56098673ab063b68f41b3b0df0565fcc58a79098cf26aaa793a17c13c0d4e58f2dea790116018f5ce0576f1a6191bd018912d19afa8e01daafaf729979fdc60
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f9b370c44589cb294278dc52a58188f1
SHA1dac47c313700543ca2d5c75be1c595bbbd1db0c0
SHA256377b4aae08dcdedd107a8bba0f5735474b96abe5715f54e7c12e2d82b6453dce
SHA51276a32b2592aad196f334d85aabdcfd86e8ceda7be3c46ce35335913f6749bd2ceb2dd18f08dcef201c3bae0f9499c5ff9b3c1e7ab121bdd3b1352d44f65ef1f6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53399abe231056b418b89c0c1a917a1d6
SHA17c4630db4d37422d33980583271d688a9a594a20
SHA256a32845b538a74903efacafc1d8ad91e3d79af3595d221f9b6a44aab48344275f
SHA512c7da4569b571450495e262ee8d8a1fe9ced7468309cf10db80c89c32eae35e09669d80cde3835f3e7db7aad51fabc968462fd50ac21f6c9cd624d0d9aabc5b7f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD552fb35a9df93c853dc3c7bdc1bc865fe
SHA1d0249d195627d28abc483717a18fb3947833da3a
SHA2566070e7a362f6d20489a54866bf096662e5a574149a18406212c269714fe90af7
SHA512fb2e785175097e5eb21a9f9a5bb68009220a2ddd388aac25750a15cbc3386c2b1b2ff966ab766b1360b42bc8b91abc90b19d46a4d928882ce29a4ce99cc1532e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59520d841fb8f4fe5f0b37c0e8bf8963d
SHA1591002e9e3ed69fed3397c917082b8a9509b3cbe
SHA2569066da625ddce80a5195d3e908bd363fd9c4bd5ccf4b7160f08e1c80f2ca95fd
SHA512e69ffc49e1471254d2a70e3ce53031119bb16f27b01270226ea20d5d7e427905e0024bc2eb43e8a19fd5de1adc2b3bd2e38ae5de0cc62507db2cc1d2ccb933bf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d35d595cef69bda7b4d8a80a0e1c258e
SHA120a5065a1e24cc96892092a081d8364720bef9e0
SHA25625cb77ddd91b31e1b89827e8908311dd1b5a45f30a0df7ed47915158d8af6b5d
SHA5121d95ce10c6419278a8e0bd53e0d31aeaef3402ac4324db952223123622effe9ac5fdb8f55457724e47ab86567ae0256ece0d58d9730dee3617e279b1ce6d4465
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b197cab48553afc2bfa1f0aa559b528d
SHA149a2f6e8d04f3db84b344e02735250fd8df5a4b2
SHA256c115c3ae4e450af97967d09279d7e5474134b7c11808c7edfdb6ef26fd214d5e
SHA512573a14e79a6458e7a14404279d40ef7b3248f714157e70b712ba0ef314129e23da37c50d71a750915f8ca30815cafbb18fda1dd8885e6f0cdb0d5827d9667375
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a2a9a2c184dea3a0f4308d30aca57fab
SHA18ee6d9b56f14f4ba3b5e4fef0c6e9530ea8d0692
SHA256edf6ad5432e56377e8d8721015b432b707c11e715600eed482e101800e783807
SHA51250e54867b7d42b5b5b56af9b8443700ce7b2a5fd0812023b16b34c32bfbe36542f77585a685fe0c4e7386a85ac04b2d451f696bf75ded1dd97a46497b4b6285f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58871ab6968ac3c4442c4cf7f29ab58f3
SHA15d19722243d2c7a8b8a9725b4b11f541d655ee83
SHA2567a402eb63333900f92998b0e4da637c97e22ee652e58a290c34ca8cb6b4a2796
SHA5122bc23f8f9c22882aaf00ac857a71e2d18f2b37bafdc0620c66ec3ccfd95ac86c6870d4a27007fa479bb22c51e633dfead4841a21e7826e6950bd602cd1736634
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b