Analysis
-
max time kernel
118s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 23:43
Static task
static1
Behavioral task
behavioral1
Sample
8fd896822510d693e0fc583b7f0d3946_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
8fd896822510d693e0fc583b7f0d3946_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8fd896822510d693e0fc583b7f0d3946_JaffaCakes118.html
-
Size
460KB
-
MD5
8fd896822510d693e0fc583b7f0d3946
-
SHA1
21e4d8578842a8358b534a8b405b4ee8d4513bb8
-
SHA256
076ab04ec9194e970e106f7b6c4ae437a8e22c21497e741502c59e8e19a18f35
-
SHA512
434b98bda8109f9f65bc3f85237459a642ae3568f5c0402b146ead951a532319adc7211f68d09e94be75c308a38c08d0036d570ba5c65029dc5cd9c39970cae9
-
SSDEEP
6144:SXsMYod+X3oI+YusMYod+X3oI+YHsMYod+X3oI+YLsMYod+X3oI+YQ:Y5d+X3u5d+X3J5d+X315d+X3+
Malware Config
Signatures
-
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f02566ce46b5da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F5DECAB1-2139-11EF-8F47-7A4B76010719} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a23000000000200000000001066000000010000200000003a1a16eb94eda11fab22ebc64895ee6ae129bf02565203f6c9bb94beabb63ee5000000000e8000000002000020000000ff0b0d988165786c1c04d21ae56f8f40e041063a6077b6a36c955aab951ca6d52000000088ca2451385669afc953b65e70eac46880a956c63f6b062a54bb66cd7acbac144000000032bb88181791555c04730beaea3298016d90346f9658cacf0e1501028e1ab98faaa425b5e0ff209eb240092dae8e0087121cf94efc1db056b03a9587d8d32144 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423533697" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000ecc3e7f92c6056101ff3340138694d51dbf10abb870d725c3a6e9d7cfdb662b6000000000e800000000200002000000050ac769c15283cd95a88992313207de5460162f6d77fda4f23374ce7eefa994a90000000b7a585e11568bfc98663df0145e5af4c5c055849f2ee55a13c81cea981978ef2e52bbb5e6d04c6486211e4a421abb88aeb60e669a6f271f093932c9f9a03d41c4cb25375e7b93e121335544afee52ce0c1630a561fa9e6cacf902cfa805eb2f7db4e668c07145f13ce5526e67474ce3029673afd6b0204afc5b832152068d0d640eccf3bb376def2649312ca1c46b6c2400000009012d0cb3e2c777d0448701b4fdbd2fb9b4db579938f4454d86c193040458261773067405a3914c8a850eeb90dfe14b1ab6c9cd48b885f5558e79bcad58f505c iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1688 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1688 iexplore.exe 1688 iexplore.exe 2996 IEXPLORE.EXE 2996 IEXPLORE.EXE 2996 IEXPLORE.EXE 2996 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1688 wrote to memory of 2996 1688 iexplore.exe 28 PID 1688 wrote to memory of 2996 1688 iexplore.exe 28 PID 1688 wrote to memory of 2996 1688 iexplore.exe 28 PID 1688 wrote to memory of 2996 1688 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8fd896822510d693e0fc583b7f0d3946_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1688 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1688 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2996
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f44bea06728ca4fe4504a1f4fe256267
SHA1a8647513262edaa3bf743b1aa869170fe6d1fa4c
SHA2562e34f5a218dcce3bd2fc0c6923357ee58f4a46980912bb8ad31dd8aab6093e73
SHA512203c7649190317feb04942ddddd0fe6351226fa942854c7ec9adfc1572f10806b380cf96587ace915c076fd9b1cbad5d3313010dc95765a3763673a1c9db9ec8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5814fdc5b343348da5f07a7e89a1c496b
SHA192c78990b259a9387db8fc884305827431a24303
SHA256d134172713e7638a7fc977fde9ba3a36d170651365a4e5135074bf5d979c4dfc
SHA512f9c67971c12b92b54672cf204809589058fafada39f9220a0b8b41b3b0575a6c6df1b8cc8b49871f50bcea30e92c0111d3dbd205b695b22fed76b3ff0de8f75b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d942abcdbc629b4dfa945914a2789c34
SHA1f69c6f7c62b8771e161551b631cc37a874ea911b
SHA256cf68eefaff85852aeca5c51ebdb6b9fe5abb7ad227147d5f0b1758a68e6f681b
SHA512b26d5d84d4083195b145b914f55d1742d861051dd93c6579c9ca8a305adce9561628d1c70d5f39425ce356078ffe86fcc2da895fd6a26b08dca1118256790cb2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55c263b6bb4f1f0c115598d14ef81ddb9
SHA18650e841349f9bce3de1c0280f4bff83bf344153
SHA2569b2f94b28c027cdb2b623f641da0eb6686935e977740c3741f7ce617de4b5c8c
SHA512372473b16bf1dec74d1ad7c9e62a1b7473e03cd0ccd09f83b45d658625ab697e5793b0e9b315e9ce709bc1f8a31fb97409a580466d29062cfd9fdc799ed2caa9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5eb3009d3cbcb49a8dc85861b151ddc59
SHA1d243fa7ec49ef8a845e64ac2666cf19a5565b38c
SHA256c8755ff65b5dcf736666b82e398396854bbf01514af6603b1b0f2e1f7967606a
SHA512c5db25229b9281a51aa4618dd4e6563bbf7e4b4123b0f2a739bd5aaa47e33e2e1643862ebc49c61af6f8e3a39f12f588bb6637527c44cb975291eb5b16120452
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dec320dc98ca8b40e4a089f4dd2c1db6
SHA1518e125c44dfd6c1fe2ddd7bfc64fb9d889272de
SHA256b02306140017f300398bcd53d9275e5a932b3a6cf457f37cd64d42580ccd33ca
SHA512e4204e201626a263b9fd8c629041864a4e5f1ffad14e6ca185f98daadaa90d352095c901cbdb3390e611510949a24fe2699caccf9795fcbdf5549979bf822c86
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5612d174678754892345f780c3185effc
SHA178f20848076b80498f8a607cc19a73bc22da22e9
SHA2565ce3e92ed6766fa3f40791cf555050a4f0818f53495b922caeb915616323208f
SHA512f9579060a868be3335de4215b27f8959a42ef96dcd700b39969d450933cf2093fc9a0cfd6f91bed532fde15931bf576aee44748e33a0c33a5867381c0b38ad8c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cdcfd212234e1420b75d394fbf3b43ee
SHA104c9f42bcdf296e4bee4cc5ed93827a8f3881a4b
SHA25644ea259cbd171bc2554be032707a69076dfa0d0652899903336d8fa06ace004e
SHA512326a3c13dd41c7e8f91d5dde1fa0604f33d066395f3a455764ce17d1af1032d2464d386cd4b37c0b70983271f0202fbb1d3d73f1df008798da3607cbf0c81378
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD594a2c78cce89ea99b53740ef4a168d14
SHA1908fe780b7bf525ee42e5d74a5b253e1be16b14c
SHA2567a6d021e4a133da4f8de91dd898320f45a56d848956d990569ce8c4511ca4d76
SHA512f5173ef4de34d4841fca948726d28578fcd780ac8092ffa07f6039ab0972daf7e9204eeced5d586302801e3e1ad05eacaba9589e1eabc20d4a52c39a3d9ac6f4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cc95fe31b5e32c2d873c560867150f91
SHA18d71ee376c75d8b69feeed1a6be465ee87f535b2
SHA256bd014ff00a186b8456182cd9f40fb291ae58be599605a4e173935710ae5907fb
SHA512383e8e34c077534958fe633a60ab4d494cfa172693b90c021d138dd0d8cc2905c086424a26f447a90f27d7b0d18a194ea4f78c66fd7da052a64f138975c3fc7e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD535a264a5b18e339890a3a4183fea8bba
SHA1c7a292367592c8b60e9e3a95312ba79e680fe85f
SHA256413ed5238b954acb6294ff5f53c32f425692940e0f8d2c54925fe02410f77dbc
SHA51265627a4ac23b5077dc7a9732ae8d39eaa6ed4c1451afc372e21db108a61328abf78ee6ba54ec73e392dfd1cfe784fe71211803ca00dbb2402626d420182351f6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5793ba72451320a677c830cd8703fd503
SHA17b61da9750e4f1ed909904119fb8b8b84c1a4a25
SHA256ad74587e2312a054e653f8160a0ed97e9798af8d9fbae16949f28d084587db72
SHA5123ab784cb60a51b03189e263a53ea47231098357fee9a767e017e1c820e06e220de150c092525cfb62c832d13432644cece26622b11164d4f4d4e7aca16da0743
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD560700903881c59683a39b1ad6a985a2c
SHA127fcded337ed92626053f82693465af6bab61a6a
SHA2560a1f4501d222b13323dec0a7496c0d83257f169116d3d1c0b95dd0f6fdf03581
SHA51213793e8d2a87ca07d1db937252ad0beeb39c86f6c9443bbeb0b0841afd591842202a9b70f054983e642e828bf40f0665b7297cf37c308bbaff1e3e45509089c7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fdf7adf93c70e5aea5ebf0ebb9e299e4
SHA11baf7e63f7b40673651f48d3d4596c739639eeed
SHA256d4da727c96c8443f0547e8163aa229b1c19861010bd174d3d94a1bfa1e2879c6
SHA512b5e7d7849846fccb127314ca140032ba6404cbbab25c40f95f57827ff08e3ac5432b99bd7c8dd77e817d8a036d3df349c2b67fdb30ff3050e0bc3fcd02149a62
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59709260bee58fbecacb125262fdd4a9b
SHA126b37628bcc7708528e0ac4c60c32b44096e22f0
SHA2565f2c190c81defd22c3745cb23c1455201b80a0d14a1c23b1e0e529bea2709be0
SHA512e688fb8485091bc8d4c64bc8eeee6526b5e2d8599c882fef962a5ddd2b46deb6852f4a6096859fe52aa8bb08e33a91301134aee9b98f35b08c7ee9c3268a7138
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD505bb6611463158d021bd2b93a18b5b14
SHA1d3b555c203fae71863d4681c1bbd2768de62ac07
SHA2564e1d017a46d67e1855d218f70f45d86855f74307cbb578c6f8ba8faae123ca7a
SHA512827a2c4090d3fde94bfb3b7ad5e1b96ee7b1c6c2fb2f9bf5746ee29ff616d5820c116de47480d5546be0cd0835066482fa7e02ea2265ef4fb15c9abe5c684aa7
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b