Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 01:03
Static task
static1
Behavioral task
behavioral1
Sample
8c66d2af64dde9707e397c5725d36831_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8c66d2af64dde9707e397c5725d36831_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
8c66d2af64dde9707e397c5725d36831_JaffaCakes118.html
-
Size
213KB
-
MD5
8c66d2af64dde9707e397c5725d36831
-
SHA1
adfba3ce5afaec4a72dc3bae6cff7497acffc320
-
SHA256
1208f6b6bdc1c2564522f58487a4b5db691e3dbfe97b13bf82342141df96b3cb
-
SHA512
1f4e9f27cae104362fef7280ecbd19be29ecb6907f012fa611c4be8c1667e2cb63545c5dee155e69019b1af2fe44b6f2ea8b56d4a210801cfe0dc9b02d69e5f9
-
SSDEEP
3072:mrhB9CyHxX7Be7iAvtLPbAwuBNKifXTJL:+z9VxLY7iAVLTBQJlL
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d080b3c888b4da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F447D021-207B-11EF-8FBA-CEEE273A2359} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000040ae4058322ed744983dc0d6e001812d00000000020000000000106600000001000020000000c057966fbee830f811134bf88b4ac5440621a455720ccd08cc04da8840492fee000000000e80000000020000200000005730cd207a2af40c85f4f87b2a829af5ed72474eca42fd4ae9394f6f495934c99000000036bc85b38bf39d703310679430482d1dd0c74569e9333bda0cb56b059499206421a4ebe4ac77c1c89212d70c476df84978d32b2e684fd73eb19ba0810ec461b776bc982fce8bfdbde2d08c9d50217382145c1ebde806032e8b8d6d6fd1640dda8348e3cd23ca6642170edf836ab80440fe20393c0c66eab8764c168e58529c1737577b785b6e5e81afcdaf5c073f1c27400000003e92e9144907a2bdcad75fe0d2d8245691ed90e61f2fc08c1fd37524d0c70cc249aab59ea4261a0c3c3ddb0582773b3f1d5535d561915b85255660892d9d19c7 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000040ae4058322ed744983dc0d6e001812d000000000200000000001066000000010000200000003d2d5a8c3a71b73b56d88da7565c5517c81dbbdbe6bfd4aa497dc9c428889357000000000e8000000002000020000000d7bb6085755538a993bb8c165d19b6e953e80b5cf708db3d5c3374a0a254b87620000000e80e96c7e1fb81f9106d421ea8f3e313ea70211e3b7034d088dd3f2ec70c3c9b400000003531b1f75b026cd9ddaec0f791242b319c953baf65d8e0e2dbb9ae79ac82a6c23ccf9efabbb662f586b6640fd9f59ae3bbb20ee59cf274903dcfbeabc3ba8811 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423452109" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2440 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2440 iexplore.exe 2440 iexplore.exe 2912 IEXPLORE.EXE 2912 IEXPLORE.EXE 2912 IEXPLORE.EXE 2912 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2440 wrote to memory of 2912 2440 iexplore.exe 28 PID 2440 wrote to memory of 2912 2440 iexplore.exe 28 PID 2440 wrote to memory of 2912 2440 iexplore.exe 28 PID 2440 wrote to memory of 2912 2440 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8c66d2af64dde9707e397c5725d36831_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2440 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2912
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cb9e8f85b120c7d21fe72ba4a0363503
SHA10d6cab2d7af9dd0cf069cf492980746abd041d9b
SHA256e528e60efe0c15c09907fdff13db09c64638268f16d29e29de3e5550b8635fab
SHA512a23592debb640670f48e6248c34474c5132d2648aa668730bfd80d5d4446456ec92b8131a088af942bbc7b6d52125230818fde4f374fa752bf363a3669d4bcb4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51e3090408a623034c6d404935b4f5ead
SHA196cc287dc28a239f865c1ddbc2e1f0cfecbf5b24
SHA25644ce0857326321f7cc32b37f3a664282f1073b007aca7c5fd029e1ea7038d23c
SHA51241abfc86ed50448ee38bc6e6c45640edeb15fd9869547814956522ff803452179b4d4aa9a22bb2737954700322a8be7861e044c03be465d4e5a4d458e2ef0d1d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5df9f00abe6eb88958f5e97118aae5046
SHA1ac58bc6af72be908ee6213cd9d6f23bcdfe0d043
SHA256366a631b61703b6e0834b3f41eaeaf80ebff9121adade2368e1558b46181f2a6
SHA512bfec9415e86d9ca5bf2fe400d06a84c7e0ac6ad1661d8c05cc780cb8645b10c7b6f14e0722229bade1159140e6470366dae9a172639b4e57a4089dce88ea9375
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD528a1fe9b3f754af2667959b1eb2f482f
SHA1f4685123e0765db63c55a97df63d6aa58fce16e5
SHA256adec7d9f36661dce5b703defdd62d30e4cbd3e69a17cab22873e816c2e4fc340
SHA51238f85354247f811907a22bb9d187d48893f88b9ba1adae4abf1d7db5c16ca09aac0976a6341115fc154376d650223d768b071730679765ac21e962c58028f878
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD504363509a282b3c9eca6b4b871a5b6b9
SHA1a1b5b89299f2b018058ec2293bd01a30b9f5b744
SHA25610bad6aaab0661e230b7e9d4acb366975fa12bae6c59ef189aabad2652824105
SHA5128f85004be66b652b6a369ec6c4830726673b49d752cd52f558893db17f22fcd62c0faff3cccccdff041561eea150f874fb28768bca4dae59aa2ebc3cdaaa2bb7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d3afc38afc99a5606500ad77e00e560d
SHA1c3e11f39ffc604440cb618369ccd4d610ab36294
SHA2562cd7418e1f94484e8723a4d16a27000c0ea2a868d9a16ff886b9706f54659ace
SHA512f9f6d3ce4538fbfa5f7d05c4297c69d211da0bd05651bf36793eb0682ed18e4b3e9bb160ac1bbdf20290dce58864dc537a0d6c718a86abb3d2e8e1eaed25ef8a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD558e7fe0f7541aec96c2a564b665779cf
SHA16c534a3fe3035fb97dbb717f8a87a0444bfa8dc3
SHA25647403a04d76f8ec632b1242ad7cf45e273c7168befd60400f3dcb2001d4c56d6
SHA5122b236b15a7affe679a8229e342a131eb32817dc8a2dc1895f36ceedcdca8671090fa672e6474380fbbfb37477cbf66da5dc169433d84a5bfe9510edf332a605c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e98b429d24d80b69d60b082f8bb69c3b
SHA1022177830c72e6e6c1182422358a32c2a9fba047
SHA256288d21350b5d6cdb898312539c95abaef9360e04a9f178243821e1a7a0b793f1
SHA512950487d3b0e5ab61b6ed618a701bbe4d2ed2822d97f06cc465224fed590196abc1f673b25270ba10294bc5a55117e954d2b31be5f53484a36529b2e76966ef93
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e132fff45b57c9b75be67b05298cc4a0
SHA164360c2518e4d5123c060cab47e78e53e3d1fe10
SHA2569230adfc7b0428642b0d6b93383cbdc9943b9facd87bb005e552a309d15d6284
SHA512b95e27582c68623b6acc24d0de2c80d5fd4ef8ccbc8040f4f94609da22c135387007a9cf84922656a1e7d345acf197152c26c151bd44c393b57d65efdba50f70
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ac2c41266307ade833be5ea836ddc94f
SHA1095fd9042780d3d92d79dc2d3c8beefc38edb752
SHA256c7de7e00ff27d4bf68f4dbf4063ed6c1076ed9d56dbfff8937ab1fe2f6fd2745
SHA512f84750d37147e86c9516246bb8fc2a270fc336d49df3bda0f1ac85cdc9cdf8f584b9047e0e4c86cef5aebf0cb29efd4c5a5fa4275a6a690928b5de061339d818
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51fc1397dbd35dc1090e00befa069b95c
SHA1e5cf433e981076ce18efca525dd7262e45cb5b4e
SHA25677635165b0f22dc1af661fdfe3a5a38f92db4419a80855d9c7e582b713e6992d
SHA5120043abbba60c450bf3078823d81ae8ff00ffa489da5651cc626b71f136fdc3b3f7c1652f3a9a022b0c3b436984a03a13d5d2dced23be37a71495c6e48422797e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5300afa27fae6f978b812508e38ef49e1
SHA109ee53fb9be83213f115766bb307673e59a1a223
SHA2566bbbb23fb2471e3ceb8c3c3fdb11932e02a5464e0390e5cc5aee50e45ab6b577
SHA51270c6227f1096ddf83ce9420463689d11ac77f5101fb0fd5af95abea736310b54528d1e93ec3e176f7ae43155daed10609713471ec5d5d14110afcd76bf951a57
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD565d1478baba65c29d2fef78b87a5db5c
SHA1a02ce6fcfeb8dfee2ce63c0f9268f310f35b85b6
SHA25644f27f2e5e4de6ece9372406575fabd3a20816c345297bfa46e8a86b0f3d94b1
SHA512eb4a83d81082b6d4722e0e46292746ee783fd11e2da67d3123c82edaae06f59c7236a3731ae2c2cfcb7ec5a92c18918c1e8c2bc6046368fabe605603f40db913
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e739fad6b927378d87a4c6eba5b1ed61
SHA1a3f0229191d39fb220ffb59ff6310f0d7e5077d4
SHA256b839385d8551a2248bfafc2bcfaa838e1cb5029b2dbbe0a3ac3aae5211c3f81e
SHA512cbee92f67cb6d1f9f34f6e8e3101ea722cb9f99998c65966c01aef2bcafcb07a02554024fbb94b9de04bc001adb75e6816beeeea9a314f534e804e47ad5f6cd9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57de71c93982d046121ceaff23220a1f7
SHA1fe0c594bbb9001e1b8d8c22599f5d146586b9056
SHA256645ba5e5b836a848a52214f1c3369b8c046db8a2906c9ca3262d37ef13617ed0
SHA51290bb7016bef08f7310c84e5709cf241dbeaa1508b317cdb235a75bdc04a30853de1c81d3833e039dfb06cd29be4ec54cdc604ba47fe75ad2954a9644bc26d6e6
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b