Analysis
-
max time kernel
136s -
max time network
130s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 22:35
Static task
static1
Behavioral task
behavioral1
Sample
8fac5b16b502573cffce51815d78babf_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
8fac5b16b502573cffce51815d78babf_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8fac5b16b502573cffce51815d78babf_JaffaCakes118.html
-
Size
354KB
-
MD5
8fac5b16b502573cffce51815d78babf
-
SHA1
ddd9db54274c74355ffff8fa1d03ad50c8111a01
-
SHA256
0a44ee0c39461bfe84fbb094c0d195ffcc9903d98aa207f645ddbc27c337bf85
-
SHA512
d7eeb1251c06e3e847ba92805d65acc275db7d71bd2d2a5f94277a1b9c22ccd90efa118b62d7f5bc393d42d3ef51a70ff033d40c1054a0a6b8266a960c58cd51
-
SSDEEP
3072:M3SOxooaqFsadqxlXF3WSXFKmcK/hRdNi:M3SOxojFpFi
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000d796d184a1a0cb6d0950b979509fcb330cdfa1e20ee994aba5f64eaaadb4c0d8000000000e80000000020000200000008051b8fedc8e0bf96cdb66e07f213f7b71d0049f5c8bd9851f1e6c52faa34161200000007524c54c4362463bd3ad97d7dd71e65cf792f32e9ea368c14a0ecb0a2852d21a400000000f17d9ca5835ac451939de56d18f7199971a80b501a3c40efbb111040ecad9958d2cee11851b992613f635a5b380c1032a1ff25dd8da14e3b973f8678a038442 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0f25e4a3db5da01 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{74CA9111-2130-11EF-805B-F637117826CF} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423529617" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000c3b9fd66adc9d44a611234dd4546bca22cc0e858dec4efaaf6c7547d3f4d6f51000000000e8000000002000020000000893e8d219c1d10344552f88f0a5b6bba56e610817bb06d6599569b718d66fcd890000000b3e02ce57e670a1e3f1ae4f6b53b722bd0792aa6e94f4cbe3f44c7f9c0e85e970dfeec5651a81bdcc05165e768317dac656e09707f34c497bcab1229d095f72f2acfc2d18322bd6f79e0144ed7539bc6b941ce945cbeaedcbcd6a9349845f7889fcc7e794c1928e86f258bfcb8f8dae4d46006d5743102788ff984cf374b10847564d5f718ea67da701a6eef26529b7640000000a9ba3aa6f5253c434ea155f56fb56f892bb480e149afa210d88b5463c984b17d1457e459e91eb41f76208312c87625a67ed09a283a0bcab9ec62f2f41ce46cdc iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2416 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2416 iexplore.exe 2416 iexplore.exe 2360 IEXPLORE.EXE 2360 IEXPLORE.EXE 2360 IEXPLORE.EXE 2360 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2416 wrote to memory of 2360 2416 iexplore.exe 28 PID 2416 wrote to memory of 2360 2416 iexplore.exe 28 PID 2416 wrote to memory of 2360 2416 iexplore.exe 28 PID 2416 wrote to memory of 2360 2416 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8fac5b16b502573cffce51815d78babf_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2416 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2416 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2360
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize1KB
MD50fe896c1fe25eb524a8b49a572503f14
SHA1244f5ac2e4e56bd4a924814ce4ac3ae4f900f94c
SHA256057d3ab57e61cf3b84e64d0ed324b5ab2a29b4ad2e81a107a17bb24222474e1f
SHA512718286f53e834eaf6ba5f844980aa1695f8477262d49dee7279241c466dc118328f1e5979ffc09e76fb52a81a0d5cf1f8a96020f6ecf861c057ef0d487f366f0
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize724B
MD5ac89a852c2aaa3d389b2d2dd312ad367
SHA18f421dd6493c61dbda6b839e2debb7b50a20c930
SHA2560b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize410B
MD5051ed5e76aff127d2fecf1d2cdaf2c93
SHA1bef8132741369f78a79a04030dfebf87700f632d
SHA256765a70855b1f50b7a6b48f3e000a6259f81ea6b58618849f6cf2468cf4042de5
SHA512b03ce595ed7ee307264688c84ef14f3acad19f92456042118c71e7a28822afc6d60a62bbcadb79bc4a2606e2c13e8dda820c6e565b206404e3b68272d8fba37c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5495f540ea3856d859d8ea00983f73270
SHA12f6aed2148900043375206d210e85a97a58dc628
SHA256f61859df2d0900408c485a651b1c0451a205e7ad827722fe428e24b42ccdc145
SHA512d01ac956898cc8c89da60a7bf2c2cae080a5519ae52e0156da69910889c053176869b537bad6463aa6bba9e35808a995add27703af69c903cc8c4b33db9a1a99
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50bb333ea3d5d5eef349062723d5a4daf
SHA136dacfda52a4580e5b34b0a37cbdd45cc5e161b5
SHA2569f7f54ec607958357d8cd7331ae4cf3d7a2ca4307ca99ad59ee4edddcebcffcb
SHA5129b60cfd92bc601abaf552c71ec5289b02db92e44d733a4edfc36ab1ff760ddcc20d119a0625044e39d6ba6b5aa417929d26e35911ab5fdc1fe270287b088b52e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c3bc9f0f0860d983d42a4cc9c5507b96
SHA1ce58216669b3f47bebc9155b36905bdaf6cb9d1b
SHA256ae1c0896d24c4ab40310ae00d5977ba33a7ca40c0c20e3baa8fef25cc0ced9d0
SHA512332b7872dee69405a638691d33dc95727244fc8e227f24c3ceafd2991c48c5dc47f8328ab80c5c188ca84b66e165826b11e7f09b97240a5a4fc9b68879f86e5a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD508311c21fd84b65d6740b17d7d3569ad
SHA1c9335bbbf3b8dfe56de9b3f45e7e2edf5d69c634
SHA2569a3d80d8a5aa4c32958435e2126ae57b38196a06c284bd27ed89bf629cd074b6
SHA512aa6d2a77e1c862f3264c1bc76be48494722601a4c95fa91c8ed5350835d1773ee664fe23ea87abae909fd621e152a512fcf12e0a0784e002d610a62de62b8e9d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f36be0cf28e3a281d390ce329bd24226
SHA114db3c9855bed7af4154f6346ea6f8ba934ace6d
SHA256a7e8a3a4dc4a8948f58fbc78016fc8d0ba2349d24744f71f78288864f0d6d53b
SHA512e002ea54d7a46254aa93815cfb5499b3b2435e51eabd250ec6fa2f4a5fbace685b3beca33659010c99885743dc87920248d72b283ba9b4d50e0992c01cb7b0c3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e0f06bb6ea8400561522c285e1e648da
SHA11e9e760b88dd343c553c89dbeb4220f72e3e77df
SHA2565b4f2d26765aea940f3eac8e0098975e0539a0ffb73d6d2946090de363c2beb1
SHA51253687df00b975d0bfa9cbe3cbbede15a1457ade49ac92ff5a9596050860456bcead8d520fd94859e65a7c6b058fa199ae989f0ba0311d91b23aeca0bb0358849
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54e6caa47589d945279e1870f2f5ff614
SHA1b71cbbc03ea88a8d4f87dcceb8f54e68bf89a980
SHA256dee82234e9784c3b4d0cbfc18e313902989ad4893192a6392e7237fe2d1cde69
SHA5126cf56882f3c51f7ddf2c1e04da062b304c3053d82c1e35e34dbc7da9d9b24f48f0075826daf90461397aa8ee7f7cc92b4c969abfecbeb21958044bea83c78736
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a51392239e8a538984d516701dc9bb47
SHA149ac3c48e92795618c8ab556b33ef1f7fa098283
SHA256cc95538ef33228f753b1ceee3641c5299ae0e78647347d7b5bdb3034f77cbc24
SHA512b34bc0255cc0dd2b130338d7cadb16d72dda0f4d6e60455f9211c1d9bcf3863e912e93087c0e4d19d9acfe47f1595620f3224ca786e9f860eb841fa545769f65
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54d0d6eba2114b5116f2b0690e9c24395
SHA123479ece370dcdc9307dd9ea35ac615ed8f18e86
SHA25686e683c560833dd50b00f7b63911231b0aae8e2f5bd877d8806f5decb00a0bf4
SHA512752c97d36b13ac3c4216e309fca843b3cc483ef8079aea553ff8e8762111ef81f41befffa770aa1042f66c2424029b65ee1a23744e1dd207d06f2ea198fd027c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ebaf13562f07be67fd0e6a7f6641cbe5
SHA13e03353d6e7eaf46217fc38e4292cddcb03074df
SHA2563d2d3fe615e088877e2657b3124f8ddd8ad17c6a9fc839cea7c97d0decc4e922
SHA5125ee233ce0be72a8ed6ace83309cdf6da09045f951a361e2581635917fced19ba6462fa84eadad7a105e9045be19eb97134bdcf1c9a016193c4cf75b819f45d10
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5106797e0dc9ed2ef9a5e3775c4fe192a
SHA16f3de42fe016f7bc1d01684462082eab5d3bf163
SHA256d321ce34e11a64f638f2cc7385dab19bcd82633a3121ce9d9dc872291a8c1d3e
SHA512efd5605c8475d9984139601d70213e6a247f5bf4f336bea1e3fe982a172c38bfe19d4cb9a8171ecd912cd0d90a264047d27b429cb3267647c2e2f6e2359d4549
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize392B
MD53318c3b3bfb481a64a5af4db4a42bb7a
SHA1d1a472d40809fc480ec386e7765f77c73ffda600
SHA2569901b2707ab4bdd90b30c685c10707669c91e254057ebf8968b134b30688bf56
SHA5127f670fa047a43161b472d43456d0a978ac9c172c468262cda57d13f7d15289ba81e9a856a9abcdfc234a6a35a0edfee8daff6505a91d3034ecac19a64218a89c
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\52G8PVLC\cb=gapi[1].js
Filesize134KB
MD5f9255a0dec7524a9a3e867a9f878a68b
SHA1813943e6af4a8592f48aeb0d2ab88ead8d3b8c8b
SHA256d9acfd91940f52506ac7caeffea927d5d1ce0b483471fa771a3d4d78d59fda0d
SHA512d013be6bfc6bcf6da8e08ed6ff4963f6c60389baa3a33d15db97d081d3239635f48111db65e580937eb1ea9dc3b7fc6b4aecb012daeee3bf99cfebf84748177e
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\52G8PVLC\platform_gapi.iframes.style.common[1].js
Filesize54KB
MD5682c26af19b240f98d2cb951721fa54d
SHA118e58b652c7f82a55ab4b1910693686049e25d62
SHA25696428f0f585a874c185d560538ad83ebfad0365d760fcf9fcefe80add9e3c980
SHA512078aeef086271b7f9cf0f6e3a1e7908d7e38465a1a7a4de6f2a785147e9130551a2995e80600824da9341d58e5425d4505518e90eea9ffe1c64f4f41825a9660
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b