Analysis
-
max time kernel
134s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 22:35
Static task
static1
Behavioral task
behavioral1
Sample
8fac8ebdc294c4cff326b57b7c95aba4_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
8fac8ebdc294c4cff326b57b7c95aba4_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8fac8ebdc294c4cff326b57b7c95aba4_JaffaCakes118.html
-
Size
4KB
-
MD5
8fac8ebdc294c4cff326b57b7c95aba4
-
SHA1
ebf415341c24158de4b0f27b506a73682614221a
-
SHA256
b66ca5bc486ebcdef5c01a4ba91f03e8830b6d677e9a230e1b121bfacc4bc608
-
SHA512
9a0c6323a9c01e2dd18d740ca75e1dd608208a569436e773fec9e03270e717c97e511ea2e9334ce967965fb81918804cde195f1a8fe0b795a499f5e8e91fe621
-
SSDEEP
96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8ox0GS4d:Pk7yY1aEFHVKtF37sNjtXATIQFM93pDy
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423529623" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 407b044e3db5da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000008ada78774fee2819d2b25127beede310dda6b673aacc16102a13d26528d8f6eb000000000e800000000200002000000050959d7d92b46e4b7cbc7800b9841b6abeb4699fb39f708bf641be561f5c52a8200000002e452b33dfaf126396f8952cfd1928c5e5b9417297025060d3d8e389b4faf65d4000000014e4ce65c69caba4529abd70d011199994e613237b5d9a84da8cb4bc39887c37ef4e869d9d523b19bccca625e11b37cb5ceb5eb8b229cd107d539b0d782d1358 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{79870F81-2130-11EF-8004-DAAF2542C58D} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000004a32f04f3ceae2178aebd23da12a684fb849238845dc6f466eed89b1ee692a000000000e8000000002000020000000138a0c16859672d69e06860348554044236f20c32095eab01765a277f6d9988690000000aa18950b26443ee4c14df479bda35a1d019bb1d811190d98c1256820bb938922e348f76b4da9fb85007f1531ceb0b7b623eb1d96325098fd8e16912f4c258e8660dd9df719ad2b07cdd570a00804b47494012b022901441c3875b1592a42a4d5b5bf7d7307d07aef16e7e5438bb179b16cc5fbbf9f9974a3315103e8cd312cf2557cdd716fb6c9055340a4fc1b7ae2d4400000000e2590f30ad29e0a1be9a6fc5242a2833d6ef6cf43994040892bed44076ac29fec5b36616f7a41f1bc80b1b96dcc5beaed0bf7fac53b798a354096206596af8e iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2288 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2288 iexplore.exe 2288 iexplore.exe 632 IEXPLORE.EXE 632 IEXPLORE.EXE 632 IEXPLORE.EXE 632 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2288 wrote to memory of 632 2288 iexplore.exe 28 PID 2288 wrote to memory of 632 2288 iexplore.exe 28 PID 2288 wrote to memory of 632 2288 iexplore.exe 28 PID 2288 wrote to memory of 632 2288 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8fac8ebdc294c4cff326b57b7c95aba4_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2288 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2288 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:632
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58dd7216ad3e7c111ef0a878418d415f0
SHA17d7d79cdfb395228aaac1ac4bfc818290fa16e51
SHA256947ce2cacc7cf6786d92fbd9df0cd2c39ded9b039801e91b6551c2445a537e74
SHA512ce956203e06a40bdb2beff8f56954c74043694a0a1e4dbac15a57570c595388d17101097a99a934430e98e16ab33b799ef3d51d79a2063ab8c8b03c8f8ce2dd5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e7bd057ba1b5edbd941cec5bb7589aed
SHA1b86d2c279ab34a94723c269988caad376be4cde6
SHA256728ccd2cdf536806a942c4cd9ac03d43d5ff0ca1c43ad4fbc3d4f55dabd5e029
SHA5125b5e4c02bec44e34473e3c6d2b5003b8552fb2b98df861d989a107aefb1f25d0b43bfd5d175f983898e84caf272b80f6bb2b71c0fa44680abe37c0df1308e3ad
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5035ac78337d25daf137c5a67c44c4a3e
SHA1f45aa22bd4808fb18ab9a56d6218b7e4bcb31547
SHA2565edac3cae045b801b77f20070bfa5a659824db23bbdbab49dfef925bbd4169fc
SHA51217273862673175dcc9c7477e5f4dc7bc7774e55f6a7d4917a84680c3bd82d5389aa9f32da1850a42984830f92e5fddf0973bfc93796a1503103f88f25ccd11f6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e048077c6037bd2a737d148c84ab6b28
SHA16a3ba5aeb2bd953c1d46f760483b1e9f14decc9b
SHA2568b1bf55c7fe1cdbb6c0d6bb4678b94a25946af551f096f46c8dc831f17616e42
SHA5124e69d9f7dfeecbb44a64f6ec1010b5273749cacc686bd28e68652bd84cfb2bdb18706e8641b20b30c60084540a45474f1e15dd45a744a7459681026d3879064a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a7bdae7a2d6176a1e3c5ecc7ebc85696
SHA1aad6ebeb25de227f0b4e00680d392a31cf42c912
SHA2563afaac4df6258ebb41d8565cd6f717c677d9d5b94044399246781560329def70
SHA512d1e89bb5b137ca6185d20fd652e15197d196d01da38c82cd823d91ca9ab176aeebc964491f62fe5974516a6064ef756615212336a2003d881e0c5aa9ea2885c9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5504c45493bf2151034d2adf9ff2c74aa
SHA198a70eb5c442f55e2afb4f7ed0a0c475e522abbe
SHA25643c5f2f76c092785dae46fedcbf29e3973b963c111545575d0406f46641c8c8e
SHA512ad4dd80f4813b09af6db1bf94bfea23a1575a16022b1886d94c3a9625c6082fb110be9df353b35979e59eaf3ceade60d00610b1c469877ce66a9018e4beceb1d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5307fb5646753d6882db77341ea73fceb
SHA17e5bb8ac00a04d989c83ba973268e0aec8080a04
SHA256cc70a7937b4c2eabc8233237fe628126fc641c074e7b4c1e83ebc1dd6c1d5da1
SHA51298a24da374f6ba3f2d72ddb969b334b6ab5ab3dbe795e8d45892301b30e86856216ef921668fff02b4424489212420e307d80836e7a262fbe673eb0ad89f1af9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cdd2cca6f0f7853e3ab78bb5f0d4e489
SHA173ad3e765952afaa9970973fe54e286d1ef3ce16
SHA25660aec2e56930fda61c59d16fa7492b731190b50ede5ecfb59f5674789e4d69cf
SHA512a5c279fe4e923b8bbf75fa9672b2d152a8eb265c6efb1af69015d56b5a54e1c899c30fc074874c8fa897f7b6ede00337819d3cd8c2f7956f20543ee78348bcf1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52425bc00b7cc6babf31ef6e063a1fdc1
SHA14207c86d618003891a67b3198e05365e176ead9f
SHA256889a521c89f665712469f5b7291596fab33792568e84402dedad2d5249579859
SHA512e80afbfb6285bb60f40aa172b1c2867250267d446b572d099dcc4790da26cbff4055b6d20a072cb6cab23ee59e67e1377f034274c589cf6e37fa4b32b243d242
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50bc452fa325caecd3bd0cbb4e368e387
SHA13ea4ce4e0de1f7c99f04e8e7754922343b86a294
SHA256781786641414b0316fa6db364a9d46db203ed760c6ffcf100719e689bcb1804c
SHA5124b741fc99d9f44749af1c5b8ac2dea5163c12ee7836dbc87d604c660d7ff0e8df1e96f246491400bd899d324b29f1466572f2b5a87b697f27f50e67808967c12
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5966bd1c861f59e99df5084241d52f89c
SHA19ce8eb7d5ef4872d8ecb2246164b3e6e97b11d0e
SHA25637b99bf14747de9fc3f18ef409f111e6561e86de69504f33ec29fc4ba8e9d4f1
SHA512a072180a085572227590e4e6f86264549835a4a010b7e1baef2f2f07fe0714bd21414948613920752b871228dbc7b5c19530a3b128bb88607a587266b08b5c5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5241bf792cc35b8db52f42856d645493e
SHA15d49316b15d891ba8e9f74feb55aec8d36d4b944
SHA256781816e1ae99e55f406f4c692e84daa72ba1dfce8dab9ab59d862e21862f2cc5
SHA512e4fe2a5a704999ff6f5303eaa8d7d16ad3eb50e360d378bed8a0b0b6b94834896bc1e7f95cd3c3e39713f8dbf4c58f0e435913a2185438d8d836f3fb2b5e4138
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5710011dd78f3fdd4b0a96205f961d27c
SHA19152f3fe1776cb409b7938d29e5b32c9dc6dc364
SHA256b0d76273130c43ab10b7b4d2b5a6b0dc5f4f4ebd0f5d594d567a318ae9398281
SHA5127bd3397c717894f4b5c1fee8b06d3c85cb6d9d64f6c13ebef16375937d4a956bc6343878f6167236ca8ad5ab1b7ca7b54a557235aeb4c094eca97373cfdbea3f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58a8b0eeb9d99825914b76da4e1ba0f16
SHA183fb57dfeaa420d03752b088b4e0f85da427c93f
SHA256073747c75a498e031c81a5dff54a5309283f39b0332184901a4e622d8c7b2ccd
SHA512254e0fccf7695f7fc01248ce05b3405c2cd68988127365f5cdda444c0814693495845ae7bca7e462d0d24e41ff839d7a541b8e611cf1a306a687ed183e8269bb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5521acfb80d1a35069a925ba16b78c613
SHA10b33f64a0a2fe5cdf70ee7810d99ce4c8e4b7beb
SHA2567420d5a53fccb1518486eb251136aa7d0223230d0cc372ad0dbbfcc36983801c
SHA51289fe56e7ffe131e5b276e6f1226d29c648b85aa4465f41945f76ce7503a6ee51744e1b68b52d1b63c24f08477d7d9809215b48cda1ccbdd29282e2034ec30b4e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5866ad29f3acea65248377e26e394cf6a
SHA1acd4cdf58d8f554b1f144ce56f087bff88c0af07
SHA2567bf641a49a22c79be025d67c2dc6cb5e3cff00670d37e7568f5d3fe94c03f00a
SHA512f2c743fc96613aa5400a4a6d998d1a6c538d4b74bab7913a2383f56d5d8dcda7db6ef0857ca83f806b6fb1fc78bd63e4484100b77c593879b3fc4a5c1947848d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f06bbae98cdc4369f41757de2ab02024
SHA1bf1bff8831b8cfe7d6fdac9def92dfa5dc59dbe2
SHA256bc479659d7b07e0d7f03b884367e299554fa17ee0ffef8e633ad37c658868540
SHA512cfeee734f9966f24e0e08646035d8d86e59c9ef0101c62f3c3c321d646ef41b2d5908a180fb855d09ebdf2cbb31ce04c0fe8d79f9e53162ab8363daa6c924c80
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55c9bd9991b7a85cac9f48a011eb9ac24
SHA1b7dbcafdaf6f41df0ccf3a3b44b1aa9081449757
SHA256734134e411715d5074f1e1b4b25d78e2c4f23734aa1e1296f2186faa5010cfc9
SHA51291c47e68ae9e854795820883a7693927e00f038ee460c34108e8bb4d8d53026ed84816ad35ad45316d703a4f9540904d378c8047a716008142eed23da9bf8011
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b