Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 22:37
Static task
static1
Behavioral task
behavioral1
Sample
8fad6e6d220ad70464c7b144789c1438_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
8fad6e6d220ad70464c7b144789c1438_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
8fad6e6d220ad70464c7b144789c1438_JaffaCakes118.html
-
Size
30KB
-
MD5
8fad6e6d220ad70464c7b144789c1438
-
SHA1
9f5bb40e566e2c74c7b7afe9ad678ec0119a62c2
-
SHA256
b185afbabbe5f391b1b61fce8c7ce5741c748732f90b58efb3ca3bf3bd10c020
-
SHA512
291311610a837ef93268def72d9f37e3ba4a51d7abfcf99275827213291dd9f460d76c32d8e41a3ffdee8f79dbbce25e3258f19d720152b30f5b3a3c8862a624
-
SSDEEP
192:uWjhb5nxA4nQjxn5Q/knQie/NnznQOkEntwaHnQTbnBnQMMCrAq6K+iibI3serww:yFQ/POZjOcca5zARvfIOzQ
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423529706" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{ABA477A1-2130-11EF-AB95-422D877631E1} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2188 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2188 iexplore.exe 2188 iexplore.exe 3024 IEXPLORE.EXE 3024 IEXPLORE.EXE 3024 IEXPLORE.EXE 3024 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2188 wrote to memory of 3024 2188 iexplore.exe 28 PID 2188 wrote to memory of 3024 2188 iexplore.exe 28 PID 2188 wrote to memory of 3024 2188 iexplore.exe 28 PID 2188 wrote to memory of 3024 2188 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8fad6e6d220ad70464c7b144789c1438_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2188 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2188 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3024
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD527068336c013469b4afc11aa90342f49
SHA1b35554660e68e7dd8ef752c1df731be3ffa97282
SHA256c29b9b815803c2fe5f84cf8f9220179f8256dfa45ca4065d0757620a1d007364
SHA512d1ebe74c6613922b2d6124aace08abc4e1df0f909e5c010a2cc6e29820b759dc2f2a6e0f1edabf2d92b7e202bcddc34188f6dbb334e408e62f8df315494d907e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD592c21578bba0141443a08e63c84d9da7
SHA1a9c3c49fe3d6c348ddd440845be7489ca6922800
SHA256ff3881a7eb3e008f98277105e9d7e9d34729894bf1933de8144ae4e0e81352a9
SHA512569923c779e742b67e2f678a2bff0ddb7107c66df54b5537b52fa64d69101896f1880f46dd9709f05c75ada967088cfea085c70426fb0c3307654b35095c7468
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ac6d420b189e8e33f54f271e33764c29
SHA10d6defd11accc88a0bda4bde3521029097ccc1cc
SHA256f15f8cdc4298a93a758957f0f1cfd0a45fe0a86ed4b58231d17db46ce80bcb26
SHA5124ebfd34e80ad5bf42742b2894e5705554b2bc532ad234407f5083d772b6cd3bae5289c7fc3ab5879faa6ba64ed23faf3565b9f74674444b5dc7e3c2341ed6f69
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c45bb7f3233804c1099f9a335bdaecb5
SHA10af4a7c0cd066a9149d5caeb27024f749072db0f
SHA25647d03f3529c9d767297c1a6e8d08c75b79e03eecfa8d3c000050be9442fc03fb
SHA5128db67d6e939246c74fcd88da811094f818ee7ee37691bf9a70472316b5a26709790b5e4cfc5522578b6f800fdf40f921aeb4a546aef8bfcc0ce8d52dd6802893
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c22476467fc2be6637802321a223b142
SHA1ae9b16fd7a3055f010fa7ada91404e945a59a570
SHA2566cfc723cf9c68d42bd4f31a013c781e273567b6bd280ed04844e7a7c54dadda3
SHA51278adbf485018b1a6d11c527a9eb04ac1433dafe763f19ab6a13c7b6136d13812dcb619dad01caaed89da549076145529bac5a9db7c071025366906c8555d7256
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d42b4cb5476fdfa5161790fa615819a7
SHA19a152d378d5a4ced5f71e2e93b66fdbea004eac0
SHA256c0647cac121341de687af1a95eeec880913fb320fd6e975b9bc5ad7bec1fa2e9
SHA512997c0d0d77ac28ff230c493bba9ffcf62a976b7fa5829b99e2f263c2254a611838a6ae1850529f58f2c7e50483014f7b5bda96a8fef9a29bd101c33970797ba8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55090026860c60cd1ccafc55096c779d8
SHA108bd6e80aab093a1494b4b1645f6356884a5fbbe
SHA2564c36baace9a2a48913b3c8356fd4db141afbc514a3a863ae3ef03c59b752be0f
SHA512b0b6e29067b1c4df26f4687d76c56ac7d36287752e4385f71ee6be9bdd2b88720f1a41bd53fad081c66c2e0244a36540900da23bd378495469dcff5b36c7a355
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f96f38d3f02d31114bd7175c5ab721c4
SHA1e59019e7b3bd0d8b4849789fdda8ee78782cc7fd
SHA256c09ef9194631b3d546a1162b5d93d76e127e1b4747812541d150cc8c5bf6b76d
SHA512a30564fa4217c1380b4264db313bff3da7e15601a48666e406f4bcdc5201496e17949e8653eb54b2fe72e8d1c636d8d41ecfa10f860a6462a46a3acc027d180f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55bea3bf0f2461dd21dbab321a5ed5525
SHA192d1f1048891c4219f5146f9fce9fd0d773c1b05
SHA256bd51e4783dc7d42b72be4f01bfb369bfd048066f373b8c41a9800f47a6edbe11
SHA512aa3c8b76223e501980f0eec34258a8866da8c3694d03babd94a3f5d24cb233dde2fce7613f2de78778a252a8dd6fa63dfd1b4930f4ced04a2ddaf5eda62d3a78
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d08c87bf3d6c08c82e10d3bdd48ba888
SHA1b55d4daecbbe32956bad4ba17919ef2a37a81725
SHA256296b1957e7c50b8c66868491a119c0bfa0b6a9fc1e8d39e15c328598dca620d5
SHA5124fdcc727743759cbbb1c02def82af1633484a1601e78f333eff76b1817cd93a5f12bdf03a10136687517ff5a8ade4132eb7eb49230fa449babef53146d50473b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53e0010c2d90fadd5ed4cb973adc654fb
SHA1f40c0f4f76d3323f7d2b1d1869c98866fb80ec6c
SHA2561f878a26526c0ac71cc7fb92588d3cdb8ee0e46016c3b6b1cc9d8ac282e4a663
SHA512736d9e404b92d556347fed25248eefca2d8f3c8e2e58ef8d2845e44ac218dfbf81ae7c806a6cb47fc44a9c052ffe49a84215d58203d61f317b8ca90be89b0fd8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD585912912b7a3eb81a0a426a70c2b53cc
SHA164e4761b668da71e1fb9cacf22107923c78f7211
SHA256202d49aaa64e4c5e51288de22699e8b9d1534a04cc2ad78cdc067caf2ee4ac7c
SHA51264f7e8addc0fd495b46c4cb0b4bfaa2f6abb0881cfd1fb830772227b7a74d8a8eee970cb19c79cdf1c12307f4e2f6ea6d41e607b84633b488bea467e8cc597ce
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b