Analysis
-
max time kernel
143s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 23:09
Static task
static1
Behavioral task
behavioral1
Sample
8fc1d43fffbfbc039302c00307e3a1f2_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
8fc1d43fffbfbc039302c00307e3a1f2_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8fc1d43fffbfbc039302c00307e3a1f2_JaffaCakes118.html
-
Size
139KB
-
MD5
8fc1d43fffbfbc039302c00307e3a1f2
-
SHA1
b112d2922dfd1f5bc2e34050da2dfa70b26e5ed8
-
SHA256
eb608d7e24e928f728746ff1081b614048bc637054d50cd0f62370575bf96349
-
SHA512
b408cbf5c6dc6b5b276eed1c7684e4c82f192303b49271765a3e52c140536a806f1199014887267bc91bc5b613e05335ef7e3e8ca2088a46e08ed0833c0f7ca0
-
SSDEEP
3072:ScHwdwjfFyfkMY+BES09JXAnyrZalI+YQ:ScHRfwsMYod+X3oI+YQ
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423531650" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{31C03C81-2135-11EF-852B-6265250A2D3F} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2064 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2064 iexplore.exe 2064 iexplore.exe 1276 IEXPLORE.EXE 1276 IEXPLORE.EXE 1276 IEXPLORE.EXE 1276 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2064 wrote to memory of 1276 2064 iexplore.exe 28 PID 2064 wrote to memory of 1276 2064 iexplore.exe 28 PID 2064 wrote to memory of 1276 2064 iexplore.exe 28 PID 2064 wrote to memory of 1276 2064 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8fc1d43fffbfbc039302c00307e3a1f2_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2064 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2064 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1276
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f978682d13caa9a83f5d08f5a4844d4d
SHA1e92e3c76660da0683e0748061b6aa06c0df2bd9e
SHA2564bf3f833c27c23d0054478eb406f1f9db54c4f4772240fe8b31e52a94dad3233
SHA512c9da0cf1857e9cb120d7fec9beb09f221d9c323d6bbbb7d7b148b9b1bde3238d4490c75345ff3e0b73b212621b7d7a7890e05d5c666305cfce640e2066411fbc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD542d5911afcf2ccfef5e908150e3f4877
SHA1021d17ef554c335341de2f62aa3bd90ddb5f098d
SHA256b6a19e704312528b0ed201b62d6c3233efc2c36f7c7ed27c47b7f197a393b1e6
SHA512405ec07018a5d0810b4d44d251520fe9d6f3ca7f18ad7a473477f1c7286e2a0a27ac74afc1ad0d545363ce63ff4b9c9a5b7d42debb2ce59cab900f77a724dff2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5044702d1baa2692ae3b821f00850b55d
SHA1c8edbeb94812e79b6747c8f08e3049ee232f8079
SHA25626e83159fab858bb15a62caa66ae865ea2230a69af22ef7cc61536d1b47dab19
SHA5123fbc0c004da05345b9b91a4369f467465fed26804cd9d4a9062c0f0396778a202543a292e2074b695a4f12b2686c5041cbd3cb3be0b8249c33cc38615a72013f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD588e68982b06ef5c89f4641ddb93af603
SHA199726d920a467654f0de7009fe2b73776e0c0d8e
SHA25632471482764459328168e0fd8f51676ea34e236c6462150d3c3b880591120bbf
SHA512220e86b7d816a6731f818c9414f104bae081370d9c0cd0fd707af36afdcf68b4db988013dc02a714d6fa730b205e360ccd45785dd3721326d0ac8fb26a159db8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50d4147f4dba058542aa370c07587eea3
SHA15441260e214b9d554db6ac7fc7329d2b9ba7bfcc
SHA2567f13fe7c1cde12766f47ed80a7d9834c496ce7c86e1fdf3aca818c2adb8bc917
SHA512ac2ef6167f0a9e0778b2b2edadb78fdad9465824cf6f054ab062397087a6f1a1a5dd09819f354da85fa82e08bf9a80343e3bfafa3a799214a3742c2352e19bd1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5313283d42f45b27b0c9bfe2377e2d048
SHA13877716d077fd63c8f41550f5fa82674964b8d27
SHA25671fa0a41e48cc37142405e3cbeda28672055532d3268199e8b01af65fb4a4571
SHA5124205e9e7dbad8f693919ecab2d748502d34b2f263c716dd97dc64a8b124840b3f5ba9e54a9914cfec5f19ce5108a08de016f170295396cee5ded950aa2c7d5df
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD521f0e8f8484bc184e04835b0f14edbf2
SHA11f5afb5bd828d9eafa482c6c5624760996f3178e
SHA25634de6d6bdaafaca8f57387787374b2bd665c1a3b1ed2b8b3ab510b7079257d66
SHA51274bc5caa4bcb70d8fb496e010392a62ebf1e4d8cc1ca1da6e29604e83a5533be2b25767f125f4727b4c4db41d7943fa7cacbf424ef17b958abdacc176866e57e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5778699e8adeb824b53da4fac4759c7b1
SHA16f4961c70556519f1e03d3e50c9841b4b2405dd9
SHA2568a97149237cb14d6992c58d116532f67181e895e0226e6baf52893ba0f7d7067
SHA512308ebc9a5d096ff2ae130c2385b546c025dabdfb236de8020b09fc2cbb0d358bf0b2cb3c3961cb0a5db908694b64d8b97b7975018869726f2b6fc9a863b6f3cc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c94915afe66ff59718dc32143126efda
SHA1b672f0744a6ae4880214413812ee1046682d11c8
SHA256c456fb60169d2822a72a7b87268d3fc6cad8f16884fc4f239d621a5a456ec0c8
SHA512416d684ed8363ce98074acd12ea428d1f3d7efff7fa192a4a5f76aae53359546e10b39e073600d22d5ad7037ccbbf51192ef90e7fba8f266c083962117318b69
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57fb964f13b58d1178450fc3506628970
SHA1f3915bcc137530de304bfea508faca961cfd7255
SHA256b89c35f1cca55430abf272d870f505636511e38c852ba0022ae7370e5f562742
SHA512b498162d1295340f7d4917fe8c135fbf9bde4ff28ea18a5772eaac517e133c3e32f37681a5cc6548172add7f1ce072adccac83f151edc0b2589990c25607732a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f9d0b39453db0ce305ba8e0cd5a09df9
SHA1102ce06bd6c792ff9f73106028f1c12400dee1ab
SHA256212ac483b365580149adee99924dfb5cd8de5b644eefe8f778d2001a55657afc
SHA51270e4a7bd043181d332497aa76fe8b5643d4c4d3ca29f35016ba03ca6e96ea7525276ede1f317a7f6fb929d6085604e83174c05ef42af6fa9a22a7b01c004ebbf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56d41e83461f309f2d402f8a041c7bd5b
SHA161e4f21c7e670a039eec47165ee0670ea3e9584d
SHA2567ee717bb291397dec161868b68c5d2024ef26b119c2a76c788577a1d0ae3ed68
SHA5120b4feed7f27b25d2593b4aefa6b0ef55a5aa95a3e7f30bc9a3ecd5a13375623db4c09be43b8ac730402d6b27e15e2562afd9384586ba31be78bae5215410a49d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5143a8ddd58ea0a72fd4333ded2e1159f
SHA19e06ecc78a3a99f2e29f13ebfd581ddea9b09fcc
SHA25682618790586c2a686334f90a56c2bf0fd4c67ce12d85770dead973ece370bfa9
SHA512dfb21bf9c5c07388c0f216c4d17d2802d6c8ad037523ec189612f4e4296be961252d4cf6d525239cd410b3f97edc55a4d3d43d357a41563bfdfc6078942ab2a6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD587e94161cf0ffb0dce48b19f58b8e48b
SHA1ae7317897a756415a00e4468475c876d4e53c647
SHA256dc919079d4d9472b0b22181a9487a673928fd66a7a4d99e8e702e35e86423f51
SHA51296eb54d9b406eee2a219936f1d26416f3153d39567444294823d93a303c763acef30c74f79224796dc9287f5d61f28effb26e5a34125c234e9ffef3277d4325c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD547fb21de34708b32b8615baf58b6717b
SHA17003415e0686f330b4cd3e0790a1660c1a2d49fc
SHA2567a569635f4671dd788b3dbe4cd2e3194793df5ea1482d92570f2eaa1fd6fd103
SHA512e35994c7a806c3b00d17c266e6ab75fc728b0ed197ddd71dad2e8d05c7d01dddf76c751aa0bab848d239bd51e50a1384c05b0b97d534cf3c232d24ed2b3c4a70
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a6999b175f7120cf7ccc98bbb96cb87a
SHA1b807b1abeea8a1f7976703c2724df1bc81373c94
SHA256104b015fd957f73b95c2dfae212d59b3046ac729b1dadba747029c51f6d92d11
SHA512347583470baa43f436b53523015572c7ca6922ca92debb9780c6830f34c05a40aae2faca5d88c049a3ddc366b3d86ba8f262b8872a59d752245be883c1a7b7cb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56f25c41163887c2c7a1be50f5f7e977c
SHA1b68a1674e822aab0b7c37e35056ccb9a6cf5aab5
SHA256f0428f922f48e851917b9f3dbf656d18663582318896e21723ffc3c6eef0c011
SHA51229ffcf3390738752fb4ebbf022f47139d1ab162dd867b9db8bf9e58568f34df90d42518f92b2ac8ec6028682a44de66f4e294bb1a13f2b679b461456bd2b447f
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b