Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 01:02
Static task
static1
Behavioral task
behavioral1
Sample
8c6635c9f0d5f3c7b7b01864ad0b3524_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8c6635c9f0d5f3c7b7b01864ad0b3524_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
8c6635c9f0d5f3c7b7b01864ad0b3524_JaffaCakes118.html
-
Size
127KB
-
MD5
8c6635c9f0d5f3c7b7b01864ad0b3524
-
SHA1
8bb7e4506402e56165aeb75332d0b24fb8f2ec71
-
SHA256
00e8bdae831e0075c9dca60083543b35206d43b3c954649c70d2edf7fabd23b6
-
SHA512
5e1c65eed16e615097c5971f8572835274e5f071b73e172971e34123827b85b073a1b976111ff60a34392b7b941696bd53cde0320eb571bcb5251cdc0cdd947b
-
SSDEEP
1536:SN6HzD1RiUkXbArGGsOOUbokvSuPka2zBGdo:k6HzD1RiPcr9vSuPka2zT
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C8ABA8B1-207B-11EF-8C47-FA8378BF1C4A} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423452045" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1300 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1300 iexplore.exe 1300 iexplore.exe 1760 IEXPLORE.EXE 1760 IEXPLORE.EXE 1760 IEXPLORE.EXE 1760 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1300 wrote to memory of 1760 1300 iexplore.exe 28 PID 1300 wrote to memory of 1760 1300 iexplore.exe 28 PID 1300 wrote to memory of 1760 1300 iexplore.exe 28 PID 1300 wrote to memory of 1760 1300 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8c6635c9f0d5f3c7b7b01864ad0b3524_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1300 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1300 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1760
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5752253aedef1d09e74e1d7e8d126c6fd
SHA1e8d747f86b5e0f353a3e202e6f2f88d2449715b5
SHA256cf19e480911e3e12587f804391786d85eb2fb53e6cc0fca8b8d752621cea2541
SHA5123d1451a101d66a716980e36f20775daf49715bfddc5af03edab0551f9a36389ff351b2b54e604f4fabb711579d86488e06ed6d3d78d00e353f0ef16c9c5198cf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57354a20c94835d2c52162e4f815ba227
SHA1e10af28f83cfd5556f1b1480240ed061567bc2b3
SHA256a5bc706831f2d50351906b91dea3d866d75989d7013d291a43c5596e8c6250c8
SHA512db643138b0cd9280a445a0108923cc44ae9aaffc9e3fd4634bf315dd83bca1dc739eaaeaf15b25d5c89a211ebccb3e1223e8c55f74fb24604f18ef0eb746f5cf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ac6c6336568c78c1ba5bc2b136a308ae
SHA18739fc92b7cd699cc2872ff927f6bbf33b2bd3f1
SHA2565711297cced849102abe2f930f485c2df6fb80480e4699089f71bc79628ba22d
SHA512b722d5e82a7f22126ecc59d5f1d71f1b76a81b57e907fd7978d5da1a86b5bfdbb158fa02c5ef3cb2f5e4404e23a41685ffab9f62efd7ff619d740db4d7e02339
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b638944c5a5a29affa69d24939cd83bd
SHA10a5da434d3c00b2d19860fb4ad432bee144dbe65
SHA25671a860907fda1ad8e72a0cb3cc55f092127afd6eb1fd1261fbb6f5545a4e2ed9
SHA5123821fbd37135b9d45e1ec8b717fc5fea400a5db69823b3d759e680dd0950f33421b4232457842b2cb912ac453e0f31adf171e4720468f890bed375574b2d6b11
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a8c8a687eb81bbc2ab7b050b4bd49582
SHA12ef784b1f41bd292a3f923586eaffd1a31f3513e
SHA256dedae318fe157d513012688b440be013a0dae58633d8774c0b0eef12ced8f824
SHA51292e80f34df52e35a3efcb57bfe6c11394bc6753dce41150d3d2e1eac5e17ec23b0accff7cb9d2cd8c14bc1d7a0030f92eb0c13f302b5a769a5e34dce84dd9e1e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d293b6207598b455d882c25b754316f3
SHA1db08985936576a7575b09c11f8245c08fb96a64f
SHA2560faeeb25aafb352a919684944a9195e1b013f7ca1b0efc551ae053395e80c088
SHA5121218f6c4f80d4017defdd8e24aa8f310174a49227d4a110184708a9c379e520c89968b5afe7e192945f4d89a3f023f5a8398a6c0a7eebeca61a761280f31f0fc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD593fac7d4c0f8fd03191cf3bc3fd6c518
SHA1d71cae61bedc5ebb22fc2ea413a3f0ec4ba6285b
SHA256dc87712e55e3b4eff3a1fcd5985355d29d61d3b1276eb3436d0a20d9e2d8cb90
SHA512206d065997a3a874a8118687ef42c4ad06b859e8a2ba7d73b98507a1e051221ab953a9be941297419eca076c8b73be460216b4f60c92a96d7e55ff293395b3c7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD534ff4c8beb72e787d2c7596aaa1cae57
SHA1669a3deeb56f15d4f93d8968508781b4f56ba987
SHA2569e22916bd11af61c7fcb65c70f381439860be504fab539e023051409b5e81f2a
SHA512fd23549fe54698b602a494a5412ad8603270520015b27bf45d30d490ce1e7c37d410d9e561b3a9630e8c3ca469b114d2506ffeaa43b1cfeb4f7b7367d7dbc02c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c6156a81bff6bcab07c50844edbf5f77
SHA119f0e47447fc1a80d6a3b7a6be50c6312463b69c
SHA256bcfa320a799d2d77675de8fa438490af82fd82d358da2efc7b0119059c364679
SHA512f71d59a582ca980446d1907168b9946c404b4b0f3ac91778478be501934d54812f380b99358df65c1b4fcf8241d4db025abdf5f7262d0eb27bcf4d7de9b0430f
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b