Analysis
-
max time kernel
135s -
max time network
133s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 01:05
Static task
static1
Behavioral task
behavioral1
Sample
8c67b8b399d5a9a68a91e6783b04e9cf_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8c67b8b399d5a9a68a91e6783b04e9cf_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8c67b8b399d5a9a68a91e6783b04e9cf_JaffaCakes118.html
-
Size
21KB
-
MD5
8c67b8b399d5a9a68a91e6783b04e9cf
-
SHA1
705adcb3f78bf69b50b902e6e2f9e1a9481d189d
-
SHA256
dedbb0138c3d4e242fbe4fff21ff3da83bc8888e4dc33fcf60f1280a80f04d6b
-
SHA512
56fbe1c12de371158f82d09ca09cf393819b01433ac504bec1b1b9b714117c65d7ebac25bdc85107d3e5a4d98144cb0f8df5b6743e719c75c8b3fef0512cea24
-
SSDEEP
384:zifKhgeftVBD8cY3RLnSVS53fImEfP4ycbp5pCzVczMDJZTO6ur:ziGftgcY3tnSVGvImGP4y8kZJZTO6q
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{32F14181-207C-11EF-822E-56D57A935C49} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008054378d1a9a534ba197539784ac7ab600000000020000000000106600000001000020000000470705fc93685ef4cacfdb4d0a840400dd032fac596a27f2bfd05afb15647862000000000e800000000200002000000001ac5fd96f4244daf179f65900b2824224dafdc5315f79b1f946a653e4e961da200000000394c19eff8d92a8d51e8d80c87bbe4557b08ab776dd6334eb106a8e600ef34040000000017cc76321d3b9a5f20faf363657fe01710d80f6fcbe5e1df8b557dd7fcec604d2866a9f6827b3f8ae03ab5b070804417a561cd1e3af7b26cc0560f2112f54c2 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008054378d1a9a534ba197539784ac7ab6000000000200000000001066000000010000200000003f751d537dd4381a7d49657c6e68af9ea44113226a4f9b8e24150d54b26dffc9000000000e8000000002000020000000bf810e7c786d6d3b4d79ec19fed758b742db758fda1da6f01e529c2cb02fb2ca90000000db03cec2b1118c5861894fdc4701e655ced5d011a6e13697df4f92cd1f20820150f4d5057838c627aa4110dc2f2261622155f820d563f69a868168d20394014f04499a58a699a93bf654c9c0653e31934e31805cfbc1fb9f431d2b23cd209784146c6ebf213c60565347b941c0523eb7fc3f1baad31586882bc870ebe01ec3f6482fe8a9bd680547555b8acf94f58a15400000005e30948a8151d79ee32728967638234598ce2bd15fcc1e5b3fad313cb0e14aa64d4abb0cf1d32d0dbbb694ea4154d62d29270fd6669fbcd381fffda2e2ac142a iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423452197" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70e6d10d89b4da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3020 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 3020 iexplore.exe 3020 iexplore.exe 2016 IEXPLORE.EXE 2016 IEXPLORE.EXE 2016 IEXPLORE.EXE 2016 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3020 wrote to memory of 2016 3020 iexplore.exe 28 PID 3020 wrote to memory of 2016 3020 iexplore.exe 28 PID 3020 wrote to memory of 2016 3020 iexplore.exe 28 PID 3020 wrote to memory of 2016 3020 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8c67b8b399d5a9a68a91e6783b04e9cf_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3020 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3020 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2016
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dfff75da397e9a55e35a101e1176512e
SHA11176e2d3313209eaf5777b0f9c396963ee24e6a3
SHA2562f03bbaef2144c988e578317014607fb4313c72247a8457ba1f9560fac4d2924
SHA51276d98576b0a53996c60f1822f67a7649ffa4d1958edf0395b96f2322cb261880da3fba809f14205fbef5c6a062db393ecccdaaacdc67be4000207511a820da01
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5539bd3bf768d2b1ee40627e66b43ad7c
SHA18c145f8136e5f872cfe595714ea6839f6d602e8f
SHA2567095281f9c21cfd4183bc65818c4a5f276838dc5cadf92b8c81d8c66eb8d3c3f
SHA5120e5d17ad7f27faf9507c153bacc4239ede17212885cf8e221db29983a3f71d91710db2d90a6125df48a30ab6b2cb635c9b6e92f4cfa8c875b00231a17f5e690c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c1403c8bc99104945afb8778e35c7e03
SHA1db78d7a7f6512b596c888dbc61baa492f7f4f7fc
SHA2560749eb1cd45ad0878a7760d31e55df4e72c64ba9113a2e527319116835193733
SHA512d457136ca2297bfd162987a76213dc09c941401b4e72d3288b1e25b9b46dc1c7df1c4a27ed50af0debb102a2a0e6bccb826062c71609025d5c403d0f23dc282d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52604fad923195d7ee1fc0d3e3daabd10
SHA15902f35ded2fe046a88379f7491e50da3354a978
SHA2560c5c4410396287fed8e1751eae76e2b589a1332c6847bbfbed122d637d80c222
SHA5126eff4ad5914eea734e582ea8e96265f90d930e06e0feaa74e3d09ba31724ca9638133e748fd6b92dea6f0854bd11151a1db79f2804e3b0ffe2242d3eaa7d73f4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59b28cb635551ff50d5b5273f940db43e
SHA1cb591efec7b6d577859c6a95885262b537bdb04a
SHA256cb22d2859392f39d219352af9f98e056cfccd84f7b08892f14973265d48b3ea4
SHA51239d5df2bf2aa38bddf1e0ee3650fb16b59af7e06b849466f3eb5ce679b8f8e0aabdad90f91dd36b367da0ef6aafc467215eef4faa5fc8f3da2ab873d5549037d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f44ee83f6dec6522ed73b682d5966d0f
SHA1eca91ea18719ce4e041ae6fa5ad36a314de8730b
SHA25664d849045eca0d08dc6747f5124f2f3c9b98b4850c1d59d4d1ffce2e5f3537b5
SHA5129f1004c4b6da1c5ed06853aafea7288452f9b17a0d2a8147f0e4be1f46117759bb6e6d02ef9e9b9e50877af3da92fae539dd5881537c667c8af30752fb8fd189
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a871b2c5e7b4c3d24ba2fb64930993e6
SHA198139325b09c3fd1184d3abff65f1928201004f4
SHA256c40ef3aabeb8643592f11ad6aac8719a18f227da2c81e10078731c4c8be99408
SHA51278edb41239f2d24d54b35990c00c3d05badcc18ead672f8c88b77178c542be761a6ea50d9c97ccd3ee91cc7d340939831135690c703454757a7a96deec5b368e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cb6277304065c158add1be6163605722
SHA1efcf4fcd8da27a321eb6bac2671e4d3576cbf1aa
SHA2565ef45322be42711fcd10ef0bb945e874134c0a1fc64d01fbc0b2a03d992c9dc1
SHA512240d7bbec1df7446cddc7ee58e1b83f19c105493c60aeda390f38ef35475b6b5fee914e5c2cf26d09229b852ef69b47923dadd47bd60ae46218fe9668b048e3a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c41c23f354eca3a6289bfffc1b4f7e41
SHA15e21bd7adec61e27946732fce393690af9aa6649
SHA256c7ba949ce3be44a43d3dc3436bc511b7031afb904cca40d1a43085dd8685fd79
SHA51271de1415d4b86a4fbd4f10657fe051e49c250d4bbffcb1dcb26578cff55a1365ae8b787c8e8658310339d35292c45508b1702b73d8250b749746f06d110e6129
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a64bfeed172a7d21db75525259979498
SHA134f413610bb0ca00f1065868abd4a4a79bb6070e
SHA256db7c425eb2279210ff124d69023024094e4acfad78f5d818b4f4344ce1add856
SHA512f817dc29a6cbdb14a7416a6a539023c4ad4a0231a450f61ef3224b28891d1224592b992905b231f05152a5310ecddd03d402780ce0f0395186952763e27670c9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD591b5b454037ad9cb541a6a85f7086ffd
SHA1b54727e32d34a532b53c45640f2e34eea6e43118
SHA256d9a3b123206eefd55c00c948826a914c31ee4ee1682446a8145d81fad657eaaf
SHA512045202d3f91f3678a7d7dc1dae3a40e71734432b127d221273c5105e0b8f18d2469617cd7e506d710d4e6551292e7fd5da4c93ec7b79827ab7c8e3ae2b745fbc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a06d3d0a1123056f3c136298422f917e
SHA1c61fd8f141eb03095f3921717e082c34994ed35c
SHA256c98a28d92bb6677e54fb512d45b498185d10f89f368484e272d78d1e2b90ec3d
SHA51229919b97dc3bd3c0aa7f73976fb6def9dd68496203eafd3d461ece24838c749b74530ed45c3f4c73b416c33749a7d544e327dd94d7187f8c8099a086748978db
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD541f65eb91dcdb4f7c34a1934b29a3b14
SHA12ea0ca5de27b899d991212bc452fd10dcf7e42be
SHA25653b51c0e7689b2da0d53913b8402acb99b1ceb8403813fc98ef3a9c6f865ff8a
SHA512ea7cef2ecacb3bd6ebeeef0c885ed0bc3decfe0dfa378fcaeb4ff4c3c1b22a2303d7dad6e21ec493650a0c70cfed4834bc8db50c163887d8ec848a14bb8966ad
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fca9602382e731ff63bdc3994a35bff0
SHA11bd77a8741c6bdea95cfc0c962c2bf01503211f4
SHA25664173841966f407eafa3a35e7c2077ced84edc337fb5e121a70b7069085d470f
SHA512005a0ab3bb38cdc4ca89816939309c0218298205a034657347d7ddafb9a2b773ef1ffdf751bbdef1ec48f110672327f6eb7feb6113b4c0f3de581471b207a416
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54b8a7f0650ffab02cdf0baca186ef30f
SHA13cf2b19b9823ecc51341a7d5d199113e0ca7a64b
SHA256e8acfeb79cac0882c21ac3b0b00fe192e929b14d02f6520387d84b29177d5f99
SHA5120c81d0dc36bc9bce8da061a556a9e1b82af48cb05090db082f155153c7f748ea4e43b6854f8bb43270420a322d91f4faf254e10142cff3ed7d03ca911343b68f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD566188da02f2fd70a8f189b0e258eca9a
SHA1f958d8b2b5a7b80d999e432e526ac12ce3e00260
SHA25644c8374d555bcc10371e0dd36c7a2b64150281750a76bc5c9bd97bbd6025c2a4
SHA51236adcbc0d84648bebe28f347f1a2335a8bd75a9c2c3ec3041b6e02644e2650f9ec33eb52451207e0c97f75a2460e2604ab2dd1eea05df1c4d2249981bdb11737
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c3de96a9bfb5fa5eb46458bf1fa868bd
SHA16a6caf5196acd0b077f3b3c1954582635cc368b3
SHA256f1406771ae44a863368cb3a10651b99523184b2a15aed4ed5baec29bcf4c5372
SHA512a12e5a943a3f6fd4101f45f54284c2786dee59c7af0abbcc91dea6801ffdf5c7d247e6a413529b55ece8c4a406c17bce41afebd8a5d643cec55e416e43c3ec7a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5880fef66bac6e64f51cdc4913b443351
SHA1994c6c19a2e2df3a671058dba3d19fee3545cc22
SHA2567ee3242c9a003b4438215429c84343f4e08fe9c3306da7082149418b20681652
SHA512a4e81f1e97273a473439d0df11dea2820f752fc59c676e8cabb823181810365810695e561e81cb2e7a2f29a12dfa23aaa45cc80e2abeef502512eb50aa68d1ee
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b