Analysis
-
max time kernel
141s -
max time network
143s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 01:03
Static task
static1
Behavioral task
behavioral1
Sample
8c66d2790151719ad779c2b2dbb4556e_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
8c66d2790151719ad779c2b2dbb4556e_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
8c66d2790151719ad779c2b2dbb4556e_JaffaCakes118.html
-
Size
53KB
-
MD5
8c66d2790151719ad779c2b2dbb4556e
-
SHA1
998ec7162a189b3de621f89088bda859507df1b1
-
SHA256
b6be022b305651fa3bdea52ace343eed1b52fcd1f49aa94fda65a76f54d1b07e
-
SHA512
b8326bda7b19c87b25501fbb5b7f5c9ae666078dd759d81f03b9b433696b2984790c9b78dcbafd081e40a50148d770c1a7bddf2ac0710de967851352c1e4b057
-
SSDEEP
1536:pELGjG2rOlwX164dlA8ip1h968F9DSCMCDwlQ:VXrOz8ip1h96YtSCMCDwlQ
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000004413edd51d6b36d6006509e8d52c75e96a686c05142013d8b3a4aa6493e34b50000000000e80000000020000200000007c972de11bbdecd71de43c40ebb5a673f395fdf3bc5f88916779fcf7210e0ec820000000691d53dc24adee43a62751e11238dc74d76188017b2f5a3086411e26aa183e88400000006f669a35220f19c0446ec2a5ab37baff4bfa5b3e577465cda97f46d87ab7cd2fbb2656c2855b2fc47e7b5c79c8cad02b1a153e5094eece2274c114e236db6145 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000f4788bc41a22955440aabffd33f810a5aec6d46567819a667ba93f29782a920c000000000e8000000002000020000000ee7b3d335a1d0e9a4fed2fd389291e89aafb2c43f9de1a73c41d35794fc41d0190000000d916cc39fc9a43b9719db587cbd1992418c0109afc0ea8a677d818dce08a5d9dc03c35092e3ca39bbff753c7475907c929dc5deab236a354eaefa44858775ee40f7357f776d2723ecea98d481a3dda1426e4b045b09bcafdd9b62a945f5af2e4b46cd72ad8d40a4777427197dc9af1de8fe704cacf982e29fbaf8f2133f5319837ff2d0ac890e7c8ace8fc2c1cbe892d4000000068b7f6e376b243ef2cc661991b8b366d1f8197c15dd8eaf5f17acfee0fd4b10798c67d5ecbd1e90928c4e5c55509000c42da800a2d055287dfade4006b463db5 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423452088" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f03517c788b4da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F025CC91-207B-11EF-91AA-4EB079F7C2BA} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3008 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 3008 iexplore.exe 3008 iexplore.exe 1964 IEXPLORE.EXE 1964 IEXPLORE.EXE 1964 IEXPLORE.EXE 1964 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3008 wrote to memory of 1964 3008 iexplore.exe 28 PID 3008 wrote to memory of 1964 3008 iexplore.exe 28 PID 3008 wrote to memory of 1964 3008 iexplore.exe 28 PID 3008 wrote to memory of 1964 3008 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8c66d2790151719ad779c2b2dbb4556e_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3008 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3008 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1964
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD528acd937e753c78713f4080f898764ff
SHA16c259de57f461e0b2aa88bb36d1a306f607867ab
SHA256da9c62c3fcf771ce26889f337aa18e36c14aaf57aca9fda6cc158dc35eecb34d
SHA512b73c25d9b37d25be5ce60035aac9360f6cc4334a69453a5162e6ab684075eeaf3cad24e0df039e7ae65400d23fa4f9b180c7f38a15fe1f0c4d90c707fa5a12a3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57257acae2c578d9bf8d2c62db57ca4c8
SHA121254de610b5bff2a3de0292418a95bfc75187cf
SHA256aa09d95adfe53b643bba2c9d99da24bc13ef4dc61dfe4328327c3c31aebccdd9
SHA512b40608837c1a3398433142366bebbeb714e5bebb57696d4a530b3848e74b18d2617ca663845676c1eaff7d4b11dca1f06968721b55f14b291eb3484ea9f105bc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD557e4091578aa716c22f183a2f51f0c0c
SHA1a6f1894a783e7eb28af88466e8284eeb0b11a33e
SHA2560c33b7d74156599cd4e37f12c1350c3c4077d2e94b22c59e17417751c46cdbd4
SHA5123a91fb7d0a63fe2550f9fdce30e5f51e4bded9a6707ba9753f04cc93441c67f0a3aff68bfc6ecc296fcd10c63ec1e84603528ad3a5649799669c0240f5fc4901
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d63b181e58542d2d6c88f67367a0c01b
SHA1102d814f0c598e8c5cfd2cc9a01cce39976831e4
SHA2567c34ceb3289a52e86dadf74fd36156e648c2892c0ae788f5258cc8fbe15ea3ed
SHA51267eca48cff951d37b9fddc3b1ce50c4fb216864debcafaf5fdec1c2bd2339199a314a140a8941927ec64bf62b2f7b1e3dd4acbb05985370cf880b60318dd529a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57a5f13c9b22699f17018d80fa15d899f
SHA1fda642249ad556c0360c0e2d8b1b70590ca968af
SHA256649a1765ee59c1b6792a70e1968bf2f912efa736fffc1d746634675adfacd0b0
SHA51266cc97cb677c29ac420a2492e5a125d84904fe6464aa87b1a4c41a6256d9015bd0fc6eb6343e747f6d948913c503fe36e6409a3dc303c64ad9d751a5e262dcda
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e520b3e33402e646f86741b080b88177
SHA1f282e19df870d2ff8a09c2d5b365674a1e0d7a5c
SHA256585af422ddd0b7d4d9d8097b2a9a1f44aee6698a8a482ab5bde66096b7d6f039
SHA512fddf0edf97b4dfc86eea7b77e8e41c68a0bdacd08aad750c42076cb083886d4b79f24afb159bb7c89e8f4e93a2fa00ab739193fdc1971d522c390bf8775d129a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b4a40b5437c0f3c2a2e04660820bb234
SHA1e489852ac85e1babf28cb5d2ab4c4c79e04ab9cf
SHA256ff7c94fdb794bff58453d802416f6aba64ef8ea4bafe97fcb7932562757d398a
SHA512d67201c5cc3d1b887be441cbac0008b818beb678315a5c6a0fb7cfb2dc9ed99c2990b6a4e5a81246de2d65744f3e77181c46ac75fa26425d9eaad27c368d78d4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d1b6578337222ad13a137be97a5d7d23
SHA11f3403cf642d54bbcc26d9de1088634758b008fd
SHA256b59c6b8aec76f1952be4643e630a159271b1b0f2ebc4d89cb5b946d26ca39a42
SHA5121f1d399e20f68e5b8b47e87053fc1785ae58886509f012d2418f56ea94800e8738475e1c40037486c495989f990abb87761d845e83b59633d74e6b577084771d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58a24850f5540510c55e2aaa3c19fe724
SHA150c268e5d186146e5b404f4d935f241b0dc77bbf
SHA256afa5816c35b8d30d7e6928c8343147f98be506ca3108111f93ec87aeb43b7bc9
SHA51215445a150c3336f4bd902069225c2fa8cf8e6e8e8d631ddea745876ddb43d406e6f28fb1d93025dbb33608918590b95968ebc9bf8fffc2e710abd392127162e8
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b