Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 22:36
Static task
static1
Behavioral task
behavioral1
Sample
8fad0942c495353ba3eaed1d098e4eef_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8fad0942c495353ba3eaed1d098e4eef_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
8fad0942c495353ba3eaed1d098e4eef_JaffaCakes118.html
-
Size
27KB
-
MD5
8fad0942c495353ba3eaed1d098e4eef
-
SHA1
e2ca63827782435958ed681786fd3ed686a9714d
-
SHA256
a3a76416c0f4e9fdfd29a7b2e515902610de5e112a2258dc95e311816c81eb6e
-
SHA512
34f9c4b90a2dabf4ed270fa195744efcd6d37e7ef202de753d117a96b4016b234926d2841c6cc7793d2c67a0b4df3ec827481afa49cc8362cf09a0611ababd2b
-
SSDEEP
192:uw3cb5nESnQjxn5Q/9JnQie+Nn9nQOkEntDVxnQTbndnQ9eIGm6lhG4Ql7MBeqnk:lQ/H5unGLS0f/
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423529673" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{975D7531-2130-11EF-AB14-E299A69EE862} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2712 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2712 iexplore.exe 2712 iexplore.exe 1688 IEXPLORE.EXE 1688 IEXPLORE.EXE 1688 IEXPLORE.EXE 1688 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2712 wrote to memory of 1688 2712 iexplore.exe 28 PID 2712 wrote to memory of 1688 2712 iexplore.exe 28 PID 2712 wrote to memory of 1688 2712 iexplore.exe 28 PID 2712 wrote to memory of 1688 2712 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8fad0942c495353ba3eaed1d098e4eef_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2712 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2712 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1688
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5410cb410bb1a4ae63a697a5aca255376
SHA12ecf585f5347a48acbcf510a225d43b49df24ea8
SHA2563cb8939180f4b8fd248ba0619320b0d66625431bbc1740f7eb451c4634458aeb
SHA512140f8558744ff115be036df2483af38e01633fc4e007cbfed80ae50f34e5981f39723b80c327c3e4906e24bf66d064513595c9508dab9c7d18561d188406f329
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52082a5a0734e392b83195675b5f67fd2
SHA1c45fc67a15e26be7c4c9947b95d5b5b543f63aef
SHA256256e9905a1b5e334a35765c33f7d7a4247ad067025318482abc034c86e39e783
SHA512227a6689a4f7165586b82aa5133f4783c620533021a5db341232eef63049a8f6e91cfd50c115a53442d7524a43d8b68a3f9025581800e6fcb27c5d61fa3358da
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59b90e2db0bd4e78d4ba30a3b08a0664d
SHA1fd189e41d6b5599fb9881ebb4bc283b6078baf86
SHA2563aed64812569e3f8379a0a6f79c9c4ddaa1fb5f6f95f2858b4264ba0392e92f3
SHA51243a3e0dffa4f9b3331ffc3e040885395ac54a4971716f7d5c6a3eb0f0d7cdfa81fa2a24fa38a9376e5f31f165ce5c408b42b624701ab974e6553c9cb53fb0f2e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50f5997ee76e15bd72c5ff458104e1c3d
SHA16fdd8409ef648ae7b15d7365d2fd9ec19f9f2455
SHA25643e65441df5aa79896a4d8b4f4bf9ed8de41ca4ee3dc8d77c134cefca3402f57
SHA512eaff59a4280ba2129af299eb54aaa54be753e2785976891b35daa038fe061097de43a841232571c67f27caec5b5e967675edc24efdf89abd0143bb016692469d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51e8bc349f1be2675e4ad6f551590c748
SHA17f54380588fec07687d07c2b39cf6f7968e04a30
SHA256d23fdfea06ce30b9196daff4bc3c822eae15c23a393c8d36ca8cfe36e06abf1a
SHA512c9e80acc98b878094b13b6f46cf761433b1875082bedbf72c351e8277b4430a60d6fe99f6af707a6fa73af624e9735d7fc73414497a2dbbbcfde28355250f9e0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58a747ebb5cf47f79f5db08cc5d77ed1d
SHA125d06b6d716ce605ea7b0d83442117933a019394
SHA256f0031b7a7e44f50546c003bb099491054e91228dd5f15739b7c236fec72a9852
SHA5128afb128529a5de3be435a1e8b9bb4ee022e2ea428da6e5ed70fb132aea9287fe4f2487be6e2ae397f79924d309e7959d77c176a2f746816b680bbb3871a5f3b3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c14d9b47374dfddfbd35d673c9d9a0a8
SHA1b62b14a6cd8bb7cdfc3f29be3f08fcea6def4db7
SHA25657f9797554ab2a94e8b1507f40369513b3feb3b77a6874720467f184298e6cf6
SHA5123c6e6e98fa7009577907d30d28943da544e394a13dec9447e4cbd4e58c776c9577bf00124adb1c1472e1949ba69ebd6bb4003aa6fe33c30746675e053e816657
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57eca03058c1e530da3e4db02568c5d6f
SHA1232d5835110e49ff620868db106f89bea1796d59
SHA2567cd01d87b3db3449ab858b99f80d0af61f8acb4fc693cb6047f075b539852d03
SHA5124e0917652dc744321381c821913799ec4cf85d30c9444f23e9c9628cfe7ec8add3566e24ca268a40ac41ed078d53c7867f4c560c836059ee884bf12495130dd1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50dc4a08d5c09a780891abb3b32d42edb
SHA1f3b680fe4835495e1bc77b63163209c1344ae44a
SHA256841a8be164d35ac97c7bda523e7f1c4b9dcc79ef6a67c2ece17f8a5ddb3fd78e
SHA5120233f0aa3ed8a02a76c6a6909cf853d00d3a559da57ccdf28bb1962b0d5ae203dd50a8681726943a8da673ede136f028caec071e804ac3d224a37b2a31f3f22f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD558ad4f8e0191fee0841ee84bd9169c6a
SHA16d3184c5ffd62d6920713e7ebbaa882fdbd47ad9
SHA256b538728ef2e79ebf1564151808a8da0eb8970228a9d2196c2478f5a3a7c3c647
SHA5120a3e7305a0f05b6e4905523f62665d3e299922e6849f76d2eab894a3128482e048aae7182ec366a6c1cd2603e2876315494e84f641e4835449ddf44247f2a14d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f518aa2337a5ab6880d16063ba3e8d7b
SHA10541a95f616a274cf84fe7faa4b6766ea7fd6a4b
SHA2561cd309110ba32541b604c979e16e96aaf7e85fd06da242ec7f5f670083dd31c5
SHA512ca7ee25fca9daf890e63b939f9caaf7fc3a70d2f0732f8d46bcea9cf2284c75004bd128391bd76ce2f113a2612b009e6bbcf036dee728a2f1105b97f64978630
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b