Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 22:32
Static task
static1
Behavioral task
behavioral1
Sample
8faa49c5f46d34ab6dd0c100f6f91af1_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
8faa49c5f46d34ab6dd0c100f6f91af1_JaffaCakes118.html
Resource
win10v2004-20240226-en
General
-
Target
8faa49c5f46d34ab6dd0c100f6f91af1_JaffaCakes118.html
-
Size
909B
-
MD5
8faa49c5f46d34ab6dd0c100f6f91af1
-
SHA1
945c11d419c0ed56be43b3fadb9e02e1f20f7158
-
SHA256
3fadf01cf2bb5e511bcec8a88c92fb6a3f3934c204390621246ae8d6243c3209
-
SHA512
def0edd31e6bdc6e4672aba110699b8a931872d2f41b0b296ee50a0e6c9b0098b536736d3cbe8e3e945606ec43747359fb63d171a8cbcc095740c1591195d8e2
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c090b4db3cb5da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000001b99b3a4b1fd523d4660975bc0839dca4d18386aac586e663c06890e808b4887000000000e80000000020000200000006416e82a78f593014c93a14bceb8733a0f547e270fb5680fb25f7a1e92713f23200000007c8a2938b22ee345a9f5c0c451cc9a5cafea99d9ae6d00aeef5bc89798e0c59f4000000063e70eb31e2252b5609c392da230499be86422fb14e127e5f878bf51f8743de23dca1c59a4b2c081c69a4a4e2d1c5a552a1b19ff5bfe027876a3aa64e681f739 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423529428" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{05F127E1-2130-11EF-9449-6200E4292AD7} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e93610000000002000000000010660000000100002000000072c32e6491f9201b540beece1b9539eae322e9d8dd88ed8431d99f3ab6d1da37000000000e800000000200002000000042e086ef40a4c5bdf423a841307449c0803216557eef4ac7e857b3064efa88d190000000d782b9a2849eceece95b761a9abcc353d2f9081668b38874a612140efb36f394f7a89af09e152ebad8acfe80b6a38cf01ca1fd57d389e06822ab7dc482cf6d64eca41e59fff7598f7a2914e6872174c6ad113516c654720015629d2bd44afcf6e52dbd8994e490a30e3b44af9d03dd6bb282b1adefa57cf5f7147e8052975fc10e11f41662c02fc33a2f4f2fc541b18c4000000074b2004d480010ee82a7bf46d0439078cc83cfef9d3f2d92f19ae5b388aae180993838117e1245a25107cee6f4ce68262baaf3c7c563f6f481374434866d469c iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2348 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2348 iexplore.exe 2348 iexplore.exe 2080 IEXPLORE.EXE 2080 IEXPLORE.EXE 2080 IEXPLORE.EXE 2080 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2348 wrote to memory of 2080 2348 iexplore.exe 28 PID 2348 wrote to memory of 2080 2348 iexplore.exe 28 PID 2348 wrote to memory of 2080 2348 iexplore.exe 28 PID 2348 wrote to memory of 2080 2348 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8faa49c5f46d34ab6dd0c100f6f91af1_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2348 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2348 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2080
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5a1b6ca561f92cb3f8327270c66a6f93a
SHA1969bdbe88808dc6c17957c5086d53c3f5dc853cf
SHA25682be591f1adb8d1cb58c1f7c54071588ad79af3c6f600d282e7d5b667eedced8
SHA512599333a29afdc727fb49706eaddc70808096d218408aa143e2accbbf39567fe4f4b808c9433a151c28f0951be957ec4456a58c476e05e12ef67108201ef33140
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5697aa700c9317adfa206d51b8fe0d6f0
SHA1ae1f0fee36b1d233f52e44f2986a33395470ed8b
SHA2566ed26a41cb3ac823f03864ea640d605899878d3ae9b1b51e0759c2cfa6ae806b
SHA512dc1f9bfec09738e0d57bf5ef56e94d029c77bc17e8235320cb0e582f90029c5bdb501e08a7e9e45faadf3cd55361ee4bee8184247e671a445761a29aa9d778df
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5dfd0cb319a11da7ab5143b391ed7f120
SHA1b54be4a004f0eec369d8b12ac67c11096c567bb6
SHA2565d88a95852af3023e4264d829086568a6a5ea73ed4af6216f50a6414cfcbe831
SHA512b2ce2bcc72462e4551bc2a2e239cb4b1b0b38d9e3eea2a87ad701abcad7a4f9399877586c3c3533a00793565b6fe82d31ca98a0b8bb86636c4d8cdd1ad782464
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5007652bbe0a8ceea9dbc756bd73df1c9
SHA116ef2dcd41ec38057073bc536cf59e436b2f734a
SHA2562ae9d2a0ca4c2fe2f6410ef704652c7b03ff2e7f32487d5d8fbdefafe8ebf709
SHA51232894db0f411181669e237e551ec43712a036c78fc90d3aa541151567ebf2fc70e6cd4fdd0bc3d931429c5daf37fe2745313f4cb91fcfaacd24975eabaf4880a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5e21f33430ef976b185a972e012affda2
SHA155b6e119cb7b55739c4172cc24f8eb2ad546c6d3
SHA2561c56fd8448e6f15b7e832f7c33cd51186d1ba6074e0bdc22be6ffc5f426dd892
SHA5126dc683a5a112a4f8e14e47b0ab1e24bf5085f8815b241a9a242baeafcd897a035d8b331df011b1f7a06e1642b2cd43a5c55715bc5ae1e333634cc03e093f6880
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5566aaba88a8ab3dd5b134d60ba1d22b3
SHA1f669b57aa1f7c865ab0ad4aad62fb56aa2835e0e
SHA256731669c2269f23e9a2bdb3707e6b2f885708b187a7a938cf29cc300f88fed1c3
SHA512cc300fb842c2e5464688274d9dceac1e8e95a653b3be2e48f202d68f4126e7ba4a53e2865a3b82a260f098804583041d2da51bb4da0476949ecd0a3d0a2df7b4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD59c60527315673a004b00f0e2ac800d26
SHA19f198fdb43f3e7223f228410f8a85b20a2a87bf5
SHA2563a8e6bb3ca9e7d4ab20af5d336539519b689feb76d394bd46a73959cf285c83b
SHA51290561186517217b3740a56efa9e95dfd4479f1445ce01ddc8d2969a8df0ee703f3731a8a97bff3a30b5092a5a5d13597644d76726aa951516ec9f4fb4a9368b9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5a72b2828a4202e6d4adaf4b8eae1db82
SHA1fa2c82d564fd7950a374e595882f8223694a6956
SHA2563ebcf4d69b61b1435909792245aef5a10d912017d57edfadc98eb9cd1f5fef06
SHA512b18e5b98a57eb86816f4fb8cb6c11f1ddfe4c2d95fa566e1208244ecc9511252c20e9840424d77aeda5304f19e6705e8c77e50a6341a2c6bfcda5addefe0bfee
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD50969fca2bdf4ac355cf424c21a31cea2
SHA117e85c18bd22b29ee087a8066507cb39a4a59b8f
SHA2567ef9498ab37de01c3985e2c7d24e6f41b65a33bf5adbd9e8690d18bef8f66821
SHA512421d07bba35a8e2f7de1a1fa99bfa8070665a1ad086f718e2dcee2e0b62327129e61af623e15d74f68e2dddedd2f00840cf3b12aa4292619f734b4366958f76c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD51f476acd95c5106f1a047ebfdc20b535
SHA1e5aa5b05385128ec77a38d6129d4ed02dbcb03fc
SHA25627bfa7424d60e1aa2b2d333cd3c7fdb15fbbe738342ebfd692582d8c18f0373d
SHA512b955c31a76648898b08f31888a78f45cca6442d8c1bddfb96aa3a99e57c73f379418c6eaa43d7f945bbcea0ae3d6cfe830b6194ab4e2f725bf73b3331fbca0d9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5ca04c069eb39d3b5f34b90d349910d77
SHA16b79d34c4dbc451ce3be94753409aba7cda20b8e
SHA2561c2c24b3cfa2b77e76e43b4785dce1ddede4e574530a40950be9d98ddf6d18c3
SHA512889c38c3b58f4653f1ae87f030f41e66e10857fc0e8dac51a0b205fd0e94d3581152bfe1e5733150398100bab74d0a22bf361bb8a046e513340337b39b6ffff8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5c6bc9d7bcdc5465a7db01ac57b452619
SHA11f13c382d41df2a49fcb62e1523b40c132f1394a
SHA256d0b54b31746e76ccd12154485566f38cc88b5c4644b1158df26545fd852f0118
SHA51205f4f53d41b13f2698638898e34e1a00edc54386baebd937a03a7c79b2e3314efdf493c750d1d38dbae584ca8c41345678820c5bd6e95086adcc5039e929277b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5034e0bd40f571bc6278fc42c4f3c9b11
SHA1f6916d45eb8017006a1dc3ed75c7d58fdbde6f64
SHA25606989d3b657d80bd5d2a77398ced6454fb69fb90e1fa42f4d7593e8a617d5f1f
SHA512ae324bc1e63db9888d5eea629debec8debabf46175ca99bb602a508a6bed07f92c195f56323011914d66080a16c34c4bfb966127586f4597a1056daab23d055a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5b3f52ac28821f0873ad936fe65d1e0fa
SHA1babfa72aa4ee786676ab609edc456bed6f2b55a8
SHA256104fbc24357d7ab200c2e4059acffbe226d2dc56601111f1e0b62c44a20cba51
SHA5126ff8e2604678ce92fe6b6f14b5629c0ad4b2d349528a025c176d6c533c043c667fe08a54fe16d91043d7d442ac586973bb4254ce648aeea40fff513f18df8488
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5ce3da114ebc852168ef8456af084c556
SHA1f67f602de3d557f4181c6286e3efd8e0d80618a8
SHA2568d5bd07dd1a334cdab950641a333bc9166cb7a355ac17c4ad2c0d79de9cc0638
SHA5123607c0ecc22884367d1621966a3e6c9226c4d64c82f062a60b9707c097e7696551383c52d0d272037d9bfc1f1816c2b0498631651d3f80fc40459611bf9f99f2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5dd2e00f70c9283cfa45ee9ab9309a404
SHA1bd984410ebdb77e995ee9be6030b4df0bd33b5ed
SHA256c3e98fda38a782513131fec1aa4491c2687bf1c9d761d54ce19f1172e7477734
SHA512a36432c2b8963d12dbceccd30c59514ab0d16875249bac83018ccc144d305a06f26c4b29089551ae2e9bb004a053c75c4280bd2eeab7e731797a8dbb827bd1f6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5ced54ee99bba249e32f2566d86725a2e
SHA1b0f632653cb0c8f9e8b001a8616fe21b25682f51
SHA25615894dbf1bd5a9d9334b913708db97b6658018a63bd08f1a0d2ba9405473d04d
SHA512ee3cc0f5d2f7afcf3f55622c5e9bb62e92d194d92167f10c4e3ebbfd146c1c1412867b046c56b44cc4ffb018e6caff308b2770af9501a2a297974b4a8464b337
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5abb2558995d38e45309659631ec8c335
SHA1d2a76e0bed7a141995cc3018e85ec86c4ed8cbcc
SHA256f05782df047c509d928fc9c00064f4dbd9b633b8d16fa97fe1303e8f7723d7f0
SHA5129ef54011ba0cf3b23f4e9574efcc99812d568dcd79580dc7c9f55481cc29b2971fd1db65ff23679142fa8cf839ac52974a986b193c64da686ba9ca02d86f461e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD503b2889dd793f7f8e50c3b598b4c766c
SHA1036d0ac20390f2e529fe48aaa3cd78c0c372ac5e
SHA2567f97fd13396cb9022ff5b1f71e7daa7a3008cffbcce5a521d309e214be51a540
SHA5129e0753969d1d17b069bbdc2a065e9aa9af34d79e8070c5f3a60fc660c92b46da8fdc77c976a044e5f994c1b48c1a963e9847379a51b3fdc4176f93388ecca10e
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b