Analysis
-
max time kernel
139s -
max time network
140s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 22:32
Static task
static1
Behavioral task
behavioral1
Sample
8faa3867ee97e7b92789cf6ba4250235_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
8faa3867ee97e7b92789cf6ba4250235_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8faa3867ee97e7b92789cf6ba4250235_JaffaCakes118.html
-
Size
69KB
-
MD5
8faa3867ee97e7b92789cf6ba4250235
-
SHA1
ac724161668c08ed327c3411cbc18fd5bf15e869
-
SHA256
29ed53b96e06670880dc6705f952a1f4717fd8c81834bb304cd19037f1404c32
-
SHA512
67418943e9f7de1dde169ade8fedee2fff285f1f71d5acdd9c77fd1acdea7691afab32e425af1bdac586c6699cfc9537be25a8d5cbe62d586fa661000af9d5ed
-
SSDEEP
768:Ji7gcMiR3sI2PDDnX0g6s+6J3JioTyS1wCZkoTyMdtbBnfBgN8/lboi2hcpQFVGo:J3DTzNen0tbrga94hcuNnQC
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b38c4f0fa7a4345a74da949cb9af133000000000200000000001066000000010000200000006c17573a3ed7a70d56664bb1a70f41a28cc75528455c078b8f108141ee47ad6d000000000e800000000200002000000036f55dc32cc432f81e5444e1fc5911adff302cfbe764afe0a0b3fa3ca96aabe4200000008311a46e51295d76c78f51d3682ea18e8eb20a2fa84510ea15d1399ff9948c6840000000eb8063bdb94af267fd427131f02dd73134d66bdcac76fcb03feeceb643cf35cfae789cab585453d9ed286fc7f2d517fa761698b7cbe0cebe88f08c3080b30055 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FEBD7781-212F-11EF-A140-5ABF6C2465D5} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423529417" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1038bad43cb5da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b38c4f0fa7a4345a74da949cb9af1330000000002000000000010660000000100002000000083bf85d6dc0b4c4985c74be806c5aaa80f50a82b0ed33b4a6affd9e125f81cc0000000000e8000000002000020000000bdb43fce4d7b216771d70437a90cbe66105d837f69a70e9a91d58aaee7ad80f4900000009f17036782374172eebfd3d79cee0947e36d6e262e3b901a5c8aed1d3266244e3e63de724ae7416d464e62860c81ba664bf4eba1a94044f709430f5afffb3666c124787d2593a8c4894cd06d1983391e0439eca9df93ae13c2d31224c9019cd23a5760f4265718db58368b303af4cfad890c97d359fef6b1bc396efb31231a44f7b01e355af8a9fb2b414103e8c164644000000004cfc7363d7c77fa44d34e12beff3612c160d70b88db28540fad195d83b9608cd294da1957a2a006fc5b6b45ad828a922c64576708cc3e517aee13e675e38129 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1632 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1632 iexplore.exe 1632 iexplore.exe 2852 IEXPLORE.EXE 2852 IEXPLORE.EXE 2852 IEXPLORE.EXE 2852 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1632 wrote to memory of 2852 1632 iexplore.exe 28 PID 1632 wrote to memory of 2852 1632 iexplore.exe 28 PID 1632 wrote to memory of 2852 1632 iexplore.exe 28 PID 1632 wrote to memory of 2852 1632 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8faa3867ee97e7b92789cf6ba4250235_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1632 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1632 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2852
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD52919ad8fd10ed67ec610d0676261e604
SHA101a285944cd20cbcd71bd98682f4e9477732a8bb
SHA25637b594bb4af03260071e6f447f652d48afb64c50852210c0f9d7acf5b8444690
SHA5128a61b8659f7fd377408c4af2cd02566c32b54b49224f10fe050d3a04ba5250198fd744370f159303e65ed9d2c785a3d372178713e3291523e9300408c4cd6b3c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c8034b5c435bbe5ac8134841b44c3c9e
SHA10827d024dcbe50f801affb23108154691c8394e9
SHA25655b851d46bde516767028c2426e09eaf2a4008289b94deda88f8db7035566734
SHA512b64d3e69657c7722b9068e656325d908c4b21ffa8aa0b10352558469c751e8350328a3995746121c309eacee336b407afca119848401b77ba65978d7b020e1f0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51bdbb2e890d572b66226da2509b53916
SHA16a296935411772e949a56a252f624d9446d2555d
SHA256ef5f1450b932d811e74712880797b884d353faef9fd679c480b8a737251f6564
SHA512067983e5d30c220b74171f883bc935ce1eaffb494e39847c1dbbccb12038945ad438418ad48650a9d80ef1f275bd86b7e9c1cd3e0e3c1ca4b768f759e7d2f6e2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD555f2ce63c4d0045a76f32ed14b3882a4
SHA114fb515b5440b823511e7630a8516d94317f1dbd
SHA25602ff588e2424d3e18ff46c3a7c047ed99b1bd57fa1711e0979835b328d9e5651
SHA512627bb14f1f43a3548b0609d01c3561bd88df232d4a4e493c530c2672b10b10bab5605a58ed620452a675967972113317b702fb6f412435a5331d16f0c75b47c1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cf0ed46a9c3852f80ceef37e5145ea5e
SHA1c089bc1846462c38bdbf70a02f5e887947433ab9
SHA25608233b84b3f628eea815583fd5dd13974556c8f1bbef0d9d26743da7aab4479f
SHA512bddd7e70d021212d9f002c748da597cdb301a190bc794d9169b131b5617fdd9da629b91a7718f7ccd5f4102a8eb59d6374c50024eafb48de2ca202a7583ef67c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5adbd8e664837350ea6a9ba575ffcfaed
SHA1368c053f124658852fc365988909c0d96f5743b1
SHA256fff10cf35c22e8714474d4aed8a3cfbc7f79f816fcecca83063e6e0164953d0b
SHA512af3e516165dda28f8489e4832c71275f1768e457c3baa8b651b239f10e7e05909a1e30c0ccd80e58073f661636b73d6db4ddb73babe5aef20dd0cbd2897bb4dc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5291b9d02dd1430d1dc422e69d271b6ab
SHA1c948184ed99e6b53c11d411b2fcc01c3370db026
SHA256176c9735c2e8fa789ccc45d1dc41ef80ad781580ea1e18b8680a1a86baaf9e9d
SHA51299715ccdf1171026522cfb4b394e8b5343f8ce048ebadf16e3ed687648e166fdcf36d76d94c18155433bd3acde5f0794aaf1a5ccc02ba8a7e79afc08b894cc89
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cf8d67d92bb80aae2b4d719503af5478
SHA16c0203674c1f3dc56ed211c4357478528a93bde2
SHA2561514fa4337a27536da188f848aeae78efe465ec2c64ede83cf2e8563c410fb0a
SHA512d6797d911d0c232f21c054d435b750350d994193efb1134e859f556586f557c20f71c712f8586096f290d54811f40c96e9ca63fdb1e35e16b20085fead733f9e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5df1c22e0f127d6b2c2174d6d3e956cc8
SHA1ad73b826f8c4809337006204fc24b58b9a8b6ea2
SHA256533a6bc40d0dd7a76db208f3072d456f047ca7fc9916f42fd50a0ddb292f2d06
SHA512e37e1ef3de02d8ba40cc0d4a0f1ef25f51577365108497dce1b8cbb7174640e72847f4467c4c6b5d636658738e9fe17330a3d273122d729e1a9a2a9751996297
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ee761c9c6a1276d8227c176784d0506e
SHA11dcf441ba328ff138257d963a663f66b95b04d05
SHA2565cfa77ce4626bdd71dcf88a55c187a5b74562ade7569172c852a873748ae0936
SHA512f94d5ad68cc5fa5e6bf76dd6267f13ef617702fe1ef787c6c84ee8c4b704feaa48f7b7a8bcc3768358eaab9eef74b708a122e10660adc1b538868a129c6584e8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD562982df0e9870370bf36e91d769d2927
SHA1bed9282b2c792f0ad433419d8416c34f19abdf94
SHA25620a0d8ec4bcb8fb3b7302af9c6f9fb5ef5e3bd7d5baf965427f95d374ce613fc
SHA512295ea93eaf48cd428848c2cc10f03c2e92850953d40ccedca195de8a80548b1e42e1bcf0c08b3cc6971adbce64b1fde9d25aa6524a75eac8cac2ecce2eaf5a35
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52ac2b303c963f80d62c2e5b1a5111b2e
SHA1cac5a8729136ee155821391ae0566242e101fab9
SHA25683f59dc71c914e212b66af7c3c071861e29bf0e52412e57a2d48a5427a2b0505
SHA5121208fde04fa2b1341e3be8adc353ef96c54b3b0fe1f09f0d01d4f921d01b0e434e30929975045b8eec6e2bae5d04ef665164f24694ccfc8722b13a1fdc85bea1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50ae0d1cc270e8cfb1b9655aeaa54cbaf
SHA17d98aedd9f67c6c64c2c06ee22ed7f9211520137
SHA2565807889a16428baa177434d405309578e3a243b20fa0cf4d392e066aa9d818b1
SHA5123b73e2311591e3f1b80322adb453f748589ec7c3b5e2a77ba25264cfab994f75856dcfd1a3edc53103c750b10aed79a86a45d2374878720b972c64e31bb181e6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50757e0c5a2d232fa6c6acf8ad2f50210
SHA16d0385062723cee019b27aae7e6feaa8f31ddf8d
SHA256d907141174db0f2a3fc3a8620988409c13b69fa40cf2d59f0cca3236d60eccfa
SHA512635883ed00ddc69ae8061af2ecb0f59472546c17ab91685d8cb1c766d5f279688e4c04c407ed4b2ba9886e8dde58b8ebc15b36d4ea25a805114816ce3ed2790d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD58d8d135f761fb7277bb646e9476e4b79
SHA19c793706314956deb6326b4c8a67714dca3fdd07
SHA256e6a0a717ad478012b8434cbced2de64474dac044b9a98cc428c6b3c8571763c0
SHA512e6f5136602d197da658d5ace392f85c578f868fba46e2c56c3a2095ba3a78d7aec54836dc362be1f9582b963c33c4a939835162d499399134fd752818fdd3872
-
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
Filesize4KB
MD5da597791be3b6e732f0bc8b20e38ee62
SHA11125c45d285c360542027d7554a5c442288974de
SHA2565b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b