Analysis
-
max time kernel
134s -
max time network
135s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 01:39
Static task
static1
Behavioral task
behavioral1
Sample
8c7d66325ed3ab961b6a523fd81cbf8e_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8c7d66325ed3ab961b6a523fd81cbf8e_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8c7d66325ed3ab961b6a523fd81cbf8e_JaffaCakes118.html
-
Size
213KB
-
MD5
8c7d66325ed3ab961b6a523fd81cbf8e
-
SHA1
607aa6cc8ade91f8a8bec6cffc01c2e86ded5c67
-
SHA256
12030c1837af1882e96b154806e1d02154c5815df15870b3f1d9944b086a30d2
-
SHA512
d48ec1a6b0864d7e5bff75c0d8652bd62796eae71989174e39681d60eb4c07cb27ea41486590f94741e47d817e7e481039651d82fb1e5778a3089643b0ffa601
-
SSDEEP
3072:SdkcgKZjKgCpZyfkMY+BES09JXAnyrZalI+YQ:SdSia8sMYod+X3oI+YQ
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423454237" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F400F1A1-2080-11EF-8E71-FA8378BF1C4A} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 384 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 384 iexplore.exe 384 iexplore.exe 2492 IEXPLORE.EXE 2492 IEXPLORE.EXE 2492 IEXPLORE.EXE 2492 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 384 wrote to memory of 2492 384 iexplore.exe 28 PID 384 wrote to memory of 2492 384 iexplore.exe 28 PID 384 wrote to memory of 2492 384 iexplore.exe 28 PID 384 wrote to memory of 2492 384 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8c7d66325ed3ab961b6a523fd81cbf8e_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:384 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:384 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2492
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD528092f3a188b0bb0c4759babdfecc598
SHA1604d5c214229fa75582b1efe4d7a3b70ca22fbd0
SHA256de504f951220a672c1de0d722d8f12236e9f59fc1214a1c3eb2bb6fdd59d2589
SHA512c3830700e47843838615f4f726cf2085f8bbde0c393e97a29feb11c79a67c2b88f15f0d43887a3ee6f934c2c3e56dd84b5b499a2f9fd1174512bea80978ed00d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5039446a0f993e23570984e3543ec0f6a
SHA19b40b95f8dfaecaac30aee13b893b7e581179721
SHA2564d2a5f84d9cdb532cccaf37f699f57964ab74b47e9698b49d91f445867b822b6
SHA512bed115f4e71f0d18e040696af4a412d272d525b43549e50c796bfcbeacee14ffa2c22db7ec3936127a59297927be56170b88d988fb5ecadaa9479a9dd56ff933
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a2ef9114aa6ae43fce336e563237589b
SHA1f4cc58dd6813e49740a2e829d72c828bf29147a6
SHA256da5dd786deb1f2190bf6b28a21348426f59463b6cab64ac55d85b7b043998b26
SHA5122f1cd649c3ccbd8dfc495b3fd565f29868069945a94d64c714b40162bcb4c4f9fa5b1a5c390603623e479cb1263c43249dbf50eca91657effa5f25921220ec1f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56f140e2a5fd927157c696094e8804b3f
SHA1db4d7035cef9d217b6397e8cc279d2576e92e339
SHA256dd4681cece16fa54b1ed04b3cfff5f82bb86687680887315a0c4332a87f77710
SHA5129f23ac23bba50459d3f9f9ef14a67d86f84491f4830b4aa30568f13e195d4d93d113ab07f09375b297b85643f3d15864199b025ce25631334e76c7b620a6e593
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a00852b263de9580a6488aae06ecc353
SHA17275df69ec10ca9b7ef93ad3fa049f2d814dbf8b
SHA256b6c5c833f7bae8d594fb68c95461cec05dcf75c811eb576b4702a5821f82f0b3
SHA512f37a8083b34ee0ce47ebb977fccfbc1a505fb9ea148bc3f8c8ee7ad67c6d0c9f3bee93f21bfbb2ee098108fdda324a21f7bb16d9a6ce460a696c3d64542717db
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57f0516b32fc6e204067b4cf94016f43a
SHA161d685c2aafe6932b8bfdfcbc0f98cb848f9175d
SHA256c91a2d84f19f4113791974bc6d30f7db34bb0939ca5a713e895ddb33e99628ea
SHA512e89465157148bf074e04e88b539c5312d5755371b2de9d64886d6d09bc43540b829b506a304a7be052f4901362c3dc9672b2f60bdcace2c567626213d2b92525
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56e4a3a9f5995490d2e3bcf120450361b
SHA1434f4b80a5fbe3267e50ab574b11e331c7f98fb7
SHA25674098d4920bdaadf312087132fbb8345a574b4e12c9737fbd66d85e04e000829
SHA512f113273b4cac4707986d45c5f7824875e4c15941fcd856ea42ff8d9d34861ddde58b29ed79f34294d949ae28985f50acd4b29b8b18e1a715b06c3b443dbf2b18
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54ae74f486dfacfeeb66de57c24feb962
SHA1fa26661798887d703ec5bac0ddbbf948f8316af2
SHA256cddb86895e603466485916424f8ec8f94b768d6320418ebe9c73a222546d4bea
SHA51241714ec3ac1d19ede19f699cbb99052bc4603a6854f92a0bd888137980d7613784bf201f753c33a59095ec1cc961ace5aabe50f80bb09fca17dc27975b42ce07
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD539bce22b74ff6803065aa2b27c2463d0
SHA1e66f47bd3048bd65652f134a3b457ddc5ae60828
SHA256100ce8f509cb2b66e796fb88607c59a42ecd89c29f9e1eccde347d6f471198ab
SHA512b0b601b9f513dd345c6c195aee9495eb8833399ca96e48f6072b72e44ead7e350a9d521ed459c03aaf672fffaa87983698032f5f7ea9cddb9262d1a272fcf377
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54f840bd8107b30699fd021c9fd05a69f
SHA1a1028ea5c7c57dc6a0240cf847a1608cb6a9b753
SHA256efb5e7aa246c9ab4c77798d9476536359e16455023acbf86b184ed9ff3e4253e
SHA51277027b7cc6c2cc5e962ce79bc76e8f86318a7a77335a5d2d4dbd3e6179723566dff6ade9c2af9a5d6b31e4092866d7899647cd9bba48c54846e9c62f40095d9f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a032bc57f3ca53fada6dd5105c80e9fc
SHA11d465566b088dc17f0eb7875a2add839eda24661
SHA256445940214717d17e856e581ce13601c5ab69e69f4f56941a497079fe1c9da2d8
SHA512f6a1591a90384a5331aeb4fb14e43b36612a3a81e601ea07bf611aa08f517d71499baf5c97c5734e0f08eb3fbdc9eec1a4cb4d71919e33bba5a38e30bd97dad4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50144b70bc186902c6a1410db0731353d
SHA1baf81269d688818fe0dea46c176a17557c735e86
SHA256bb48b261afd86fe21da2dea47885b9fbdc791879523a6bcbee9f22c9c537f1c5
SHA512c3d4cb0a1cd1aaf40771a455351d99926ed9183b4f0bbca2a0e1dc8246f4f100cca78ec449f929b1038f7eea7baf70f40cb443d5d9f655816e7a3c8f43d5307d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5097bad2a3b9002801b1016fef186918c
SHA1b9b92841eb5fe812173b9a23a60455f18cdd53ee
SHA256814bdf5bc0cd63bfab0bbebc8df5f49df24544f606d9f30394c739f3efbe0474
SHA5126a7e56ce53fd814f81256403bfa64b644135f5e76cc312323baf75a790c837281485722ab4898dfc2a4fb89fe214470cb78fce73448bf293f19a9cfc5ff495de
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD523b958af57a1089a8be8d2ba9284d786
SHA17ee3c76d19fba0c1ecf733615cdfddc601ed81ca
SHA2563fb43a28ab3d71cc7ed3258b4d0fc151011069955f4a724a118d7f1ecbaecd0c
SHA512169dc82560f03f4afcfe36499959912e3737380fa39bf7f34d53d960c173dcfe6c249af7fe29e4a655ae38fa5ae61cc0f7ea85ec9b9051f2e54ba6fd08add8d9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD572868fff86d36480df04b58e0efeeb73
SHA187d4ce9fc35fd832f6ae309102797649292f2d85
SHA2564a57c7381aeacd233d177e4a6dd7c59a7f3bcad0e13e00ba89a1dd4e0b5d7ebf
SHA512fdbf6642521e4ee205058a413a3a36e6f51f7e41079bcdb7039c4eee7eb412e4dfa03e8a8d9e15d4a16a71ae2bbbf65c6436577a3ca652278509a3abc196f9d1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e722db8259b17dc5bbbd0c114ef682dc
SHA128d8ebdafbe6db8a7f44c9c232418c8bdcaf5ac6
SHA256befadc10f33bea27dd12e8261b8bb14472b3134709f7bcd2b2796f68b278d620
SHA51204c819fea6c26b3f5ddc486bb323c09603b3c9624b90edfa67eac0c462e2e938c8e9638dae266b07c37e2fd472cc71465ae6c1d248008a4a3f9be9b7571b86c1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d812396a40e367bd0373bb49659aebe7
SHA1ef145745a2b49f66a6d17dca1ea8a2797d37ab84
SHA2563b427ea4e10c17f11af433ae6063df52f4d8e62e4078e0b1e50d66cddf7eac9c
SHA5124ff34288c38c8e613cc62caf0499e4ae83611595bff2b5cfbbefd02358a1f2c140fd37797a9aec5509e6df56505b36c4608814892d10c733fc1be900d7f7d996
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ff492c84cb147ba6e4658841d6fa0f68
SHA15e6ff26e5ada312ee78d36cced67b7879d6eac64
SHA256db51077c1471217fd5d1582cdae0700482dff5c15bf9c6c49b3ef5c96d256e64
SHA512594b96d882ff359202f77fa0ba6635ae7d760a118f940798b3f78ff0da17099e4c48f7843c4564590adc4ea4bc3ff357904e73dfbed8a00dc44d885e0b655d0f
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b