Analysis
-
max time kernel
140s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 00:52
Static task
static1
Behavioral task
behavioral1
Sample
8c604d810813dc52eed4a3bbc81b7ef6_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8c604d810813dc52eed4a3bbc81b7ef6_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
8c604d810813dc52eed4a3bbc81b7ef6_JaffaCakes118.html
-
Size
121KB
-
MD5
8c604d810813dc52eed4a3bbc81b7ef6
-
SHA1
28db49bbae67cd7eb5d2f7c77b137e6eec0dfb4f
-
SHA256
95d3b4206c5d85dae558951c80607153c76e946adaafba8a0a997f2acee8ba69
-
SHA512
459c3d1856e458390140dd02ba8c37ed40e477d33480954f1be4f70979a4468a31b6465a10a007ce18e92b433f134cd3cdaa2737b6d4df3263ee7d4dd9668370
-
SSDEEP
3072:y1Q/yUcjvG8rMUcXmNRS7aYESMSGEWMgh090Lv8cFUfa:y9GXmNRjb
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423451429" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b07fd8a49187744900fc92eb2c8698400000000020000000000106600000001000020000000dfccd94a0a1c6274579d146b5005eef24680cfea3cd9cfc683abc74a241b2ba3000000000e8000000002000020000000c1db490b73dafd2aad86aba80fdde210968227168feb4530483de6c5f33aa23c9000000075bdfb418f0d84d8cd8207b9d38ea39c93c1dec4a8c695b381240ea8caadcb30ba4e68bf9c4a9988d46e569042edb53d84a7d14e6a58338b9566fd1a0c148c4f8a71069c315781a9154344a3d09b680959657016682656effeafd6d5806c971c6de7866c01b5a5e57fd6d067a181fba8e7a5c82be4b6a124bbda68588d109ebb0be0aa3eb71cc388f3237dd3bcf67a0040000000fa4edaf713aa965699194d2a0d28b6903550ddb40410368c5a3b5cb941e23a5c656534b09e2743ff50b1cb07d04ec3c71e9777058d80cf3a6829351dd65f1f9e iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b07fd8a49187744900fc92eb2c86984000000000200000000001066000000010000200000009fc3ddfc6a3eb4e25020154615bfdc1d4171abc3c81e919f499fc8dcf2e761f4000000000e800000000200002000000077b326c18486d7ad13e3b8f7c12d3dc42af43f2d31c9a2ddf35e4f713d2fbe5f2000000072e5de4020693ae7cd7634b5cd53271181eb37396d94d44dadb739cc79aa1f344000000014c94629ad38e06dddf58bfa06116bc21b00a4246ebcd69d0689546e1e23f0bdf9b016e68089cebc1837924452270646484aaaf6d08206e6311371aec40a813a iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 109ff24a87b4da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{67590951-207A-11EF-9387-E25BC60B6402} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1248 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1248 iexplore.exe 1248 iexplore.exe 2204 IEXPLORE.EXE 2204 IEXPLORE.EXE 2204 IEXPLORE.EXE 2204 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1248 wrote to memory of 2204 1248 iexplore.exe 28 PID 1248 wrote to memory of 2204 1248 iexplore.exe 28 PID 1248 wrote to memory of 2204 1248 iexplore.exe 28 PID 1248 wrote to memory of 2204 1248 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8c604d810813dc52eed4a3bbc81b7ef6_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1248 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1248 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2204
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD50691b4bd3e07df5c6201d8404f7655c3
SHA1fe0a2b57ddd23c9dd723bcec0df115997ed68d21
SHA256db26d4597af51519f7ec180c7234e14e762c5b3d2575c5d8b87e53f978fdc71b
SHA5128e0ea303a41673282158577e437a85309556a60b474d14b6a2175674e9b4bca5b2e947e852e71e6696daf988806f17b018e65d78eb6e4f1ffa8e77ad37b49b86
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55f56131a9d56a857334c8798ccefb875
SHA12e5e74c53424781e80317dee1d918c12cc167732
SHA256c9fa7c5bd73769f4a5f6ce61a5dde7a71990262128adcc40c15c5e6f01231713
SHA51273f0aaf34a2f84606c0d92b37b2acd59e1a676c12401852ba83f7e762462da3cddcf0dc6f993b57c1a043eb2d476c3fcde393e329a1e855d1c6d3550a8674810
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c74e1542bf097cbe814a66569e6d7150
SHA15b59743a123a17dbfc5ec635b8e48303725599ba
SHA2563ab716ec7339e39d55bf5a4ee8e7b1a61f10fb497fee0a04a949851cf707dd94
SHA512151fb67b81523cc489e53bea725b4618d8e919d0578238d34f01b72bd0beff1fe6337836604481a860dea495ef189e89ef23ee457b7766ad0f1e2b10d050bf3a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e90e38633b4880944391d9832302181f
SHA1f7f00368736ebec3afc7de7d08414b949c83b0c0
SHA256023fa996cfc1abb9f341f33d090f204f5bce4055938a3509a6e5c77d322a6873
SHA512c3a0831cea2f4a3016b5ea28ae7dc758abce5943d79173e8aa28d96ca3e559a0cb1bc268eb63c3b11a991894beaa61d9aba36711365dca955a5a6d76849d1c57
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5179c22fad996f8c3f78cc3afcc815139
SHA15a93c2a7b79651b41f727709cc07c05d860f8d8d
SHA256dd0f133a09076c8c307faf0b40aca1ea6011b718a7d9ca2050a3f562c68f2d18
SHA51206e513c1dbd4a8e289a60fd61478c3979a3a821dea944c7bc8d4e6b726582f813d99f1a77ec4d4e202ecee984797e836f477578e825e0d3e392b65023655bec2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55f796f313a563ae7ccba632b252a2ba0
SHA1a35553255fc2bda532684030ea1a45142a75c80e
SHA2560d31608862548c0dcdd4718c33593f8c30b4e6cb984de1bcf7e813425a28859a
SHA51269f0ca605e4d1b7c8feb31ffcea832014f8c7484b2eb6b6329d3e07ffe463fb015d19adbc3f2864b77366468d1725c77a774984ddfd2cf927af90971118f62ee
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5adb32e6ffa8bdbaf4d5e2138fcbe77e6
SHA104de4c03b8446086947a65f82b55bbffc7b1464b
SHA256089a59feb919b95f8f0fefc0edbe70811e5a7c0d98e3364338ad9ee86d0c3b1e
SHA512729259c05d99e18162df0df9ace1d01fd5d48b03d1e23ce0ef37b598eb019aeac8086cf58e84ad4b634915be696a9ceb774997aefb8db4e61036b4589667dae9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55bf627eaf000308a6a2bbcbe2fb587e8
SHA11e3f1db8c4d9ca2370d37efa4af9d3a4e8b186ab
SHA2561ce4b919d27a74e045eab8cf0481a8d53bda5f54a3adc593bc526b60074deefb
SHA51280547e27db8091166e31f1f04a16aa16ff6d2c8e8797bfe5836f95f8b8ad9a3e8e0f9abb4dc16550c825011f05945fa8c78d750fe6cd4acbfc99ec1c9e0e7faa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d6b810346b8bf5f59fbbe276ce64c9dd
SHA1a2ece701b011b88a17234a9cdf1ff41deda9be7c
SHA2568335751aa4db0c135a8f7456f1ad430b21d56ef4fa90287d21cda502840e8619
SHA5128c3661369c86e7e955822b89f386f0c73e9f9ac19be807224cacce778baf42b9ce77d86a19395f829897e81779933d3f8c25c4e73dbd994871ef6a1b1abeb6f0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD553b80cdc8ac4e8d642ceba1a5aa637b8
SHA1c5317a7bb4d876cf7a1c997ef5f7b1a839aea24a
SHA25650e95076438316443f0ffbc0b6a760d8b9689b4895a0cee52d40351d417fc9ee
SHA5125360ece72a5d536ec228e8610313123e1d5e07288a74ab865ac7bad924f18497da6fb6ccf064c75d1a9c0af3c12e17309c0baf3c3012874899719ed2e2ebabad
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD581d94e308a23d2a35227e53eeaa9a3e6
SHA103045807bdcf157452042cfd1507b0065916f27f
SHA256142a95c429fa4f782a53df70a8c3af4e2a33a95e06e8e1e9a5e5d6f370f08b6c
SHA51264af391717d14a10003d70050fd61f12c0ef0ebf2f7beabdc7b2056a47938149e2347b0493a7aed4f754ea6e2c98d37fdafb2e09d312f49b46f7bafeff1f52d0
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b