Analysis
-
max time kernel
137s -
max time network
145s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 01:02
Static task
static1
Behavioral task
behavioral1
Sample
8c6663e4ba8fe3c7c5e7c583cf20da82_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
8c6663e4ba8fe3c7c5e7c583cf20da82_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8c6663e4ba8fe3c7c5e7c583cf20da82_JaffaCakes118.html
-
Size
232KB
-
MD5
8c6663e4ba8fe3c7c5e7c583cf20da82
-
SHA1
2b1cea1b319b6909c7276c3084c3ae3c080d8b12
-
SHA256
d5d82b15fe4c8360bf88d12d574fc5af045ea631983ef0daeec62ea25ef86843
-
SHA512
02a285fae2b5d8b25490064820853489d77e2a279e17cc2a3f2007a7162b6c18b5b94602b70b9db85baab231accbd82417771006338a3c5f9738e91901c6efdc
-
SSDEEP
3072:+JsCCodiQuzqejpKjlU/a3HoS77Y0CrMH43A8:wueejnaYUWZ
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D5E3C0D1-207B-11EF-AD38-76E827BE66E5} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000832334574bbf274c536530acdc85a7b3d83d7a6fe5dd17b452178647460aba4a000000000e800000000200002000000028d61eba785205a8673a67adda32564b7c7f6ccda4004b4d645428367fc173e42000000008f60ca10c46c157f8bfd1deec6d32e95f9b1bd52612f120e1c11fc624f2a64740000000460d5358be13078ae003051b33a0e7d6ef6394553b617a126230c33c7e4626ff1aa6916b245d8949e29fb616f320dd658374df661e7776dc665d4ba6219930c0 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d05946bc88b4da01 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000d636ee8d070159c1bd562fd9a35715c1fc822e4a3074936df6489d4c0a8dedd2000000000e8000000002000020000000f9d2422bd3ecbbe10c7b8affc83eac806bf18f12cf0e455636010a1ebbcd9f949000000045cfecbc1cc4a16610a5d9c18ca86c6eee8f1409c380968543e473aed06bd189392600ad590c3f3fc363f20a62b8e1fc93a703e154feed3b2a0a49a3da43db4d165ff8d546078261015c23d214e134caac78b442b29c6d292be84ff7b8e0bd43b1d02a38530cf92ac314e4551fa0a33706865a2792717c0a67625e810b4d73880b8395c5d0b3185ddc33143a441a6b1a40000000287ee0b083c9aa59894b164e2e05610346504bdf239ee5ed597626580b8f1e9c8e4eb177992668b880fafb4ec4a2db1fa351067feb83f4d9ca805d85b10655a5 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423452056" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1860 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1860 iexplore.exe 1860 iexplore.exe 2140 IEXPLORE.EXE 2140 IEXPLORE.EXE 2140 IEXPLORE.EXE 2140 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1860 wrote to memory of 2140 1860 iexplore.exe 28 PID 1860 wrote to memory of 2140 1860 iexplore.exe 28 PID 1860 wrote to memory of 2140 1860 iexplore.exe 28 PID 1860 wrote to memory of 2140 1860 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8c6663e4ba8fe3c7c5e7c583cf20da82_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1860 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1860 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2140
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54b56616090232103017ad97046370a21
SHA1e292bca2619d0c0c4b6d669b7a7f02ffabc3c1ad
SHA2560394daacdb5b3a449ca829f1b0ea055dd2306600f947b9408bbd6045252b423b
SHA5129c191352738ef24b270ba54b897f2533b9e0dd5b1a53c8b345c1cd352b94eab10f40ea780b3cd3265e3934effc23c0cb34f562c81ec593a2766caf28af2cdd1b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5586476bb1d2a2835541254993824334c
SHA1dc74522adf00048293473d8cc6360982a32c62d0
SHA256de6efe8b13c34fdebe13e9b0a9516bd1692d10f82dec871602e72b70d0aad4e8
SHA512527ba6ee2ef467b06a63df3a3270dd6513d8088dd0148b1ebd6b4cfa8e4d765f318bbc5f55e112b2756b23e48b4bbd921175c249978fce14ad6fd3a0e273588d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD571d7e5521b5ad451fe169c68eb4428a3
SHA170b6b5b732195ab64e722538ae6b049c7850a5cc
SHA256d3dbcabb21d8deb1c692cb8f1a3195a1873084f795a84707bfb76e7d9ad8f66c
SHA5126b7a030f4eda6f100a159efe685936c1f8e6ef075fe327d33d0c87c5a272e26afb9eeece6859f5abc8af09bfb5347ae65b44ac5868e9e0c5ac410d01a7d1abfb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54cd0e276ebd3d4fea8910331e5f15ef2
SHA176e8349b014a6a631a118edf141943a54383e379
SHA25634071caf077863dc344e51042b3562644ee8a940ee6ef533197b6416cec82d61
SHA512c48f09e771d748929a484ff4dd880f772435edba93e2d6b65ab69d42e03d9c802aaa82b22fc8ca28b216cb6662f9e4c8f49f076b21e105679610a04441387f03
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ff61d9f4bf4258dd4c09642cf6dee31f
SHA1dfdedeb880794cd9ea0ee87c584da1a33fe79e99
SHA2568ca883424887f9dc88348d09c975a7b041f1529f8e403ab3b42d91c8e1f9072c
SHA5126e6993b191a58f870b37dec4f6d2aac266536dff9709e64d81499c3db7b4afa23ebf3586f950cc89c5caea6af5e1e7b27ca7cd8ed39865f92e9862712c4045bb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59418a68c49c576e5a2a7dad0ab0a95e0
SHA1ae2171c48ad34adec5636fc8ad2f5fd259296ff6
SHA256fc4507cc5c41b32aad2bd15effb386d6e93996dbda59d23e13a86b7335490839
SHA51283b09312636c440f85766b527e77efc90b275709ffe223a90727006feaa195bc076cf0093fd6c10ed8fa48ce88ffee345d39e8503874e5e00b19e5b6723051e2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52012292a1f1e09cb130d61c1fe13256f
SHA18c2b3e60ce3fb74eb3e15a26d3b26693e466c44b
SHA256b2e4c37d5102be2dc24368f2394623e8ef30555ae0c74baf334a736b6929ff2c
SHA512f7e22b2d43de064fb904cd463c83a7e4f9f858db05972dc633f83ade7986588bf119d00ea6ad263a210cb9ebc8fa964061db30bc2000e54157b93886ea4dd063
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b721cb52392a63f4dd3aebb2774ebda4
SHA123311f97024e492f9c6b8bf1562dc9d8290e8f24
SHA25645ca85fff253fdd94502bd60c239a71f4698326a1d33c1c3e5d529480f7a89bb
SHA5126d17fed2dd23cd5a4256f7d903d6e8c4498f87748bb91a82e32353f9f6ee40bb2f3eaa1c76048c74dfbbf2a1b3f1935036f703b39c900d42c10ccdb70d02b407
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55becc22cb68290d949726bf93cd1dd82
SHA16b3f1629983de8053a85cd409d5a849c30fc1749
SHA2567dc28d8a900e419e96fe1a9a1d7dead0985101bef333b7353a4b247a91ff5e08
SHA512309adf7f61567cd3c3b156277ccf5422b511856bf959e57651aa948c3ca366166a57f6bd82a2362364ba8d0f9b08d2e37ff36e92f964ff89b2522304fac9adc1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cda10ba04673617981fc87147d05c6d6
SHA1f8cd79b243a5952ace99b3ea1680a80144a7a20c
SHA2569d35e4d598f4118ed450ab2860d20f73210c06cd2ccc81a947f87e39c59982a7
SHA51221573755c899b35f01049799239824b4630bfb643541ad2c938c87dd375f5e64d4be95ee64e0075f5660c9aacad008a1fbb0ead7d6522b55d0b5c300009f5965
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d8c0aeea3d8f354f381bb32ff370b921
SHA17603235c8d60ce4e9cec511217bbeeebfa01d678
SHA2561e6fdf1340d9e8137252600082e57f97b4680ffeefb77c2f6d2ae44632a886ed
SHA512c484f1170f693527e0fd396832af93c24c1fb7ef338084c853347b7ce5b53936194905b2fafdd18230b9790ad908cc8d8a23da242ebdb218c163be3ff6e7603a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD599db370cf2d90dd74542b92b9682470f
SHA1a2c7c5c1cd9b8a8db0b95ff14101e92f9487f282
SHA2561ac46cfd6e6b9673ab356987f50a24bab2f906383ad47a91c0e32b6e2ed26486
SHA512b5f59b0b66513c491ef7ffe968afe1a5dd24f64dee011e8da2d130f5da9d240ef91b6d1e24a9e5386781ed0d512822ab7c00e31d9248ad5adbd91104959d2a65
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c617f9a3f7c4dfba4c08a44c9094dd07
SHA110fa8ffd27723db79574083c74522c3fabc24b2e
SHA2564d99d545a6710d258abe2e49a44d497ee0fe689bb4193e45c2b6162f4442e1d5
SHA512240c3b338cce2de25f2817f15f4ceca91ce75f1b67e2277796d7a626015c3ff0c6e2b1dcb0632225787117d8dd7af82efca6187bd103c25ad03a1bd32096cb77
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5828054f83a74b796680bfae72ac613be
SHA1deb466806d3b14bb7826f11ac239317c4b113d28
SHA25615d7f2dff148a5e29ffd7995c6eecf2f5d75ec228e50c88014a9030ffdc48cf9
SHA5122315f2822ac397fe9bf8b2dfac17323d21ecd2a174a701f33699873e88ff37d4628576ba200d886d85640ea73d527de4672c86526cdd46207cc5f681760c346f
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b