Analysis
-
max time kernel
117s -
max time network
145s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 22:29
Static task
static1
Behavioral task
behavioral1
Sample
8fa7deff9a218365bd2d95147a5ebf8f_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8fa7deff9a218365bd2d95147a5ebf8f_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
8fa7deff9a218365bd2d95147a5ebf8f_JaffaCakes118.html
-
Size
204B
-
MD5
8fa7deff9a218365bd2d95147a5ebf8f
-
SHA1
419e42981d070c5765a2edc28b9337c1e26a9da2
-
SHA256
2a3ae83989c33c3a1bf6da9ba06b66422982a473edfbdc0f0fc76663471242c5
-
SHA512
531e7c0ef0c393c357bc881fd30021b1e951e6217a35d662933209431819e20d6022145a9fb46a2b51bc6291256402ca840b14d30627ca5bad45ff11a3f99e87
Malware Config
Signatures
-
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000965b77644ba4b94fa10bdb55fb9a42c2000000000200000000001066000000010000200000005c6176231c4504f3164ae41a92c26406aff1a7d3fba20b93e1431791463c2efb000000000e800000000200002000000091d05dd923ca72d0e513661d5f5f5cffbb196d15f12542348e14da0a46c5dab590000000de9e5c6d91ddfac03b1b3aa7b6b63b1b83b67aab0f011486691437bcd6df31b2e22c9737ff8dac25ff37f22ca3541dce761c155165e7e2bab0e6ba8785fe9e640bac466d312250395d2a69b4144734911c70e802aa371b0f547ecd65b07912a2bfba0eab6addfe65ed30cd745d7dfce76ef0ac7cd9ca3abb38d1e2f9c71433e775974859673cef1187f64e115f3ef37840000000bcdbdef62fef8398304f6a0f2ddac9fd5cedc846bf905fc0c763f8279095350e004da305c81d7c58fa725cebfdc1a7749171a02f0b0fc04738c577a831515074 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423529267" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A1B916C1-212F-11EF-9667-569FD5A164C1} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30acca763cb5da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000965b77644ba4b94fa10bdb55fb9a42c2000000000200000000001066000000010000200000007949d2bbe412baacd439382f94e65c0e2f6841c735a217d2f715ea52c748a0a2000000000e80000000020000200000000583066569bf3fd7364a1343ee86adde5278c6947431e246e6231df2e6fd650d200000000386f1f64a88321dcebfc61b4e6d885e14e4407db96556643ee8f2863c327c7b40000000b8ff9583ccd4c647421551094a3b63623c2e412268a3c1de59deb1ac542123840db9db694ff80e7478954e96faec29c25133e563ae969d57c05551dbd31c6cf1 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1624 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1624 iexplore.exe 1624 iexplore.exe 1616 IEXPLORE.EXE 1616 IEXPLORE.EXE 1616 IEXPLORE.EXE 1616 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1624 wrote to memory of 1616 1624 iexplore.exe 28 PID 1624 wrote to memory of 1616 1624 iexplore.exe 28 PID 1624 wrote to memory of 1616 1624 iexplore.exe 28 PID 1624 wrote to memory of 1616 1624 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8fa7deff9a218365bd2d95147a5ebf8f_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1624 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1624 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1616
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cd9ffc0fe8639cc20813031428a0b4f7
SHA120ec660bfc67201d828cbe1581eea486fe8f5f6a
SHA256f6033d5ff1906689c24e625e59278a5dd55020e2c6f2f525348f07c6bc48ca26
SHA5122625f6b17f127ad4d915950126516a9af1032cd5abcfd212c4f7d43c94dccb6a84e8b4a71312cd3d18dbfa523c0572c7d0514221d698bd6d072db38237f01d6e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bcdd7e5ffe145ecae1391773d6f46673
SHA12effdb930de99aaade522829c31197cf6e30dc03
SHA256bb12152421428dfbfc3d2d26942a6b8ec468c9f9e8768b3dcc6509ec56266bb5
SHA5120722d264424786abfa2943372b6ece38eef1a148abbb3fb6f461ffce7b8f7762882d17dbe2e78d769a3c2d39718ba7739d02832e18ffea7fbe80fec1aa3784f8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD551ac352e562717d67780584f2b18a8b2
SHA1504d488b6c3a07e6375d5535ab1c52e8a7dd3667
SHA25628a17ca3e71076d2fe2b886c149df6e09f913dbbc4694e1796aed80475050328
SHA5127f8fd0f1bba1071272994052b9f89bd36f3c1e443b362ac6afaa7eb74daf0c6dd9c036abc536498c7a57e8e4e3ffaa0dbdb22f9b2cd50020b74d49269bd24f93
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55f364735294de6107dfe192985806026
SHA1d97886800042058d8010555a188f6cd5431fbd16
SHA25683f356a9c7f8bf5549ab2e412b06e7e0a3b9a44bd7911ea2cbf4c2c0e85abf2f
SHA512d8ebf0c2162c40807e65af9bf1b655c96a571bb8fcca8f88e3af2631842014857a5656c1bc3f9cf24607d468aa6926ba920717dc686b736316bccdc7c95b0b2c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c36c42a92b877312febdb7d3db6c3dbe
SHA1903462961836e69a65077c0390a2481f4f72aca4
SHA2563d7f8c4538b9a2e134893aac95966a218a8906e846728b3588ac536a3d73e550
SHA5123ab79b304011713daa03b2db3b592ddd2849c93dad953ebddaf05e9daba895bbf7964123521e53c6734d3ee51c0b391083b92a79c3e2828bc2e9501cff7b48e6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD525b8a62139fbfc25f4b7ded50b343226
SHA114d78efaf6f69e1546f55f0445991453e044d5c3
SHA256fdfd21aa0b87292856ab57b6be47b63b3c0501f99f8eb6abb418cee44c9477fb
SHA512e950ba2fe1ea9337387ecdfe79afa0900a34f621dea788ef00ccb28feb184b9decab96f8d8c1205b61f1fa7116ccc9b67894d4c4e940f7a2b88de448dac21315
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e1fe0017e2c22ee9b87abc6c154c3ea5
SHA14bee8369b5791cb9fe3bc93eb2a1476ebaa732eb
SHA256e8b37d205cd4ace5185f18010fa856b97627a018e3054b29ddaf40c0bff95378
SHA512fbb2ee9ef2893a8aa163e73b0950d51cb574c8976a94d0d63511b9802ccb62e8cf30f2a72fdee0a9d18f43eb0b52f92297910a4d6610b266a352fcfca14ae8fa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ba7d739e4707b60b68f95655eb0c35df
SHA1def43e3d40dd8b5d50d5b01cdf5295793149795b
SHA256a221e5e89221cb9fd24c9be7880dd4959941166a3eb00fea21bb291e1939de60
SHA51292a3defac40383d3d821e685755c08f423d78b9ca28937323b8166276f5690273e57c6d2278d4a12336c99ad062dd11283d9f591e992749f074be4c76c6730b0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5765449ba275e30a02fd18b63f50b5646
SHA1b004d06a9328a30dee4220bd2582b67ad1b714a7
SHA25602dcbb7b6736ba925c8d6dcd268c09c5dc2c664c4b620e747342cc6044926f61
SHA512d633683b1d03cd4554a6f6abfca87df7b9b23125a450331f21551fdb139429ef886ec9b9ec082df28e0faa32b680260fd3563e14f0b0903a87ee340403e2de57
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD560965d5ca5a7e4c663f34cdc1525dc2c
SHA1df39082a65160c691f0051ca50c61357c17925a9
SHA2567bfe9ce6088b27ea8859b9260a6ee828d24ef340be0c8eabe5f7617c0ea7b742
SHA5129179d5518506790904423de19afbccd3ce198f96bb50b77f7f73bc9e88e2d1b5d298445b0a18fb309f09c57e4ac143b5c22710c3d942d96f847e307a714c460d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51e585a7a8f685b2bc8166ea5dc7923a7
SHA1187904517d9201da480ac13c4904d86c3fa0743d
SHA2567c05fe8cd0873af773f8ecaf891cfc16cbc12f8d38c33c34f462c1599175768f
SHA512476cc49d621345d26d79b2c184952772a4600606490d2a8d1dda4b345600b3738e51ab54c1ad190be47d66de767757b0864cd0fa05f8a9e832fdb986ffc9bf4d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58b559f87ec9d04ac75e70c0a80512447
SHA19a7d7332cd2c879e97939ae32e7752c38ac49382
SHA256d8792bcb33871d4c805dd35a8e9958157a484a96ba5f26bdd6b5547d37c14a4a
SHA51250b7e6b926324469741668f8dc0e363ac9daf6b81445863be215eced74c6a8d0cc6d4875b772eb371519e1fe5e91814f29b33d4840a1c32219d94ae2a8ee7b1e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54d3a4c915b5d0043abff64ca0bd75673
SHA1ec414049e2290fb0b9a84729926eaefeb16055c2
SHA256900a97f114d2301612c7e91f8b3c594d9cd2f8c25a31c5763c97c35d24180c07
SHA512e6e65fb8d21f01a3b2d08901c683f47c72a9b461dc2dd500d6cd7a7f62befe614c19e2b491ee1b150133def9b84d4c39152729c6af2ebe9552e177627e121980
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b