Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 01:08
Static task
static1
Behavioral task
behavioral1
Sample
8c68b8303ccf3c87335fc41381f9faaf_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
8c68b8303ccf3c87335fc41381f9faaf_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8c68b8303ccf3c87335fc41381f9faaf_JaffaCakes118.html
-
Size
31KB
-
MD5
8c68b8303ccf3c87335fc41381f9faaf
-
SHA1
0189b990c231bc12e93d2982755156cf40632949
-
SHA256
4b54dd2971994551f3c2114d20be56ed1ba810aa7a4ef43d43b9a7a149520e1a
-
SHA512
5611694f99e96dbb1368f607ee9f589ab5db6497f945f44a7fe27cd4fc000f88fd494a3472de8530e9d20327cd94d0b319756f8aec009ec86175304e94c63e4e
-
SSDEEP
192:uwOWyZcwLdhhob5nrMDnMyHz64q/fmIOAnQjxn5Q/ZEnQiel7Nnj9jynQOkEntf/:kQ/3fqxQ2nSqQdFo
Malware Config
Signatures
-
description ioc Process Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423452389" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9EC029D1-207C-11EF-8221-D669B05BD432} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3040 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 3040 iexplore.exe 3040 iexplore.exe 2268 IEXPLORE.EXE 2268 IEXPLORE.EXE 2268 IEXPLORE.EXE 2268 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3040 wrote to memory of 2268 3040 iexplore.exe 28 PID 3040 wrote to memory of 2268 3040 iexplore.exe 28 PID 3040 wrote to memory of 2268 3040 iexplore.exe 28 PID 3040 wrote to memory of 2268 3040 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8c68b8303ccf3c87335fc41381f9faaf_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3040 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3040 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2268
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD5fb717b96cfe8bfbebfeab4eb0e2444e3
SHA1aaa2463463204e0bedab065eec1a71b0469fa629
SHA256206d9bab894cf47323fd327086476ff7d77dcce797c664b8e36d95d4c98d07ea
SHA512a73954d851d378bef3399859877c28d1cdb87c79a9939ca6099047ae30d2d5960e6749b759eca5277f0003ed46979c6acedee2e8aa9c48b219ca67830aef81c7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d367eb764d971468c30e34e565f166b2
SHA1623215f7e539cf549b92c835cb238917f9aa219e
SHA256405fccaf8dbbbb837a86d7088072745016563a0d89aca6558a76d46586bb9bbe
SHA512cab3afb64f6a29f0d0479dab3dd347b5f8697931867f9c802cf635bf79da78233e9cfc2f84274acc28e632c65e1a2f9fd7ed266b08a8886b789d89db084a08fe
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a01d75537304bd23bb8183509a90108d
SHA1ef8424e02b8a1cde1347f47befa1aed26c594584
SHA256d02eab2615ff7103959628435c4420a515fad822fd392f8bc25e65118446811e
SHA512cb5ac99178fb3c78db19dd8de353be9bf8430e54a87ae50c92191d1f7d997703e49e62758632f01b10eccfdb8c600fdf73284d9cb97365e465c2e16d255ce586
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5870abf15b2a60bb3f17c67081c6b7c51
SHA1af32748f9189459b11985a72e27c6e8fe2b593df
SHA256bae4c598fc8d9109aa2161ebb8112132823323dfe3a9856814b39c16077a844d
SHA5120cb8f133ce9505968b70d1f5e525fe86bb67d86a39132d495838e35d3879f660296c46721256f826d71f295edefaa1c1bd70c7f60b1f7d14085285129359f3aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55b01ae581d525c4d54a24d210777aff9
SHA1ae071ca83f2a5afae77fb11c9f2c21c2ec9ad672
SHA256b9fd753d81d41261daf95d0208765315769ea912de8c901d8f9206833f878a91
SHA512dc0310694b1257613da5e4af150553b53e61be04d91f825786a9422f93f12df61c37a14219c8d2be119c99b7b811277b4bc49af928c5207a43e7af48f7448ab4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58de1f38daff5a66fbc93ace51a3907b0
SHA137df5f49228b335317e4c10f07fb4cda258485bd
SHA25653d8e14e487cac8d2d4c61d8eea3b7fe1037fd9650e98dcb87b0f7aab768224a
SHA5125bf1b197f82639bb4238313b2083873fc35496dd12fa1ca6e76821255955ce504cf2cc633eabfaa2b97596c81a0407b8a103b7d148b3293ab61507a451189ca7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bd42a8bfea3d26a5409bba81feabf2f7
SHA17f5f2428b4b6cb842bdb5e1612e23a5b7722063c
SHA256bc70e905b81418a2ab5182bbe5913be72d45e3f1cfd6a7a36dba7783d083375a
SHA512a99ce8b84b94128baebe16ce248bb82f9063fc3a32d24a0a10b378a7046ce5d4a85b5f0644800cc843ee3f92406f36b71953f3b801cba00bec887014339dc204
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58a23335b14e008858848d9cda271ea34
SHA1fc6f7646576d3497b150f6c95656eb46644b815a
SHA2562069422b863416de10bfc2c943730fe561d297388a3b3b538e093345145b7aa2
SHA5123720e3b159477106da50e87536dab644360c754938985eb512b9639320040ecc699c35c8f766816c54b64f7dea4099a658b6e6181b816a9f51583f6dc1edf653
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d6c49df42fa64b654cff01ca00e18b10
SHA10076c9635b0a30460e0015d9e220e14e96efe0aa
SHA2565591e4de3a6b44eeffe0e5d8aa0a41e924e43abc1faeade250b195b8fbae98f3
SHA512ff3567961e76740ff5f6699e79e56179b5549edc1b89e79d53fa83a218af1012dcc138400ebaceff61118fce61f7a49b6be7220fa51f8dc7a4bbd116c02eaafe
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5440b23bebdfd550a7eaffb2c2f5bf3a9
SHA1e5e69edfd8a777ca253b050712a67e9c9cee505c
SHA256c6aa173220eeeb5109a931e4e36d52dc29f814ac869c32fcb1706c6b663d0f4a
SHA512328576057fcb07e6e587c4ff67e0b10160c450c1d1219b92ae43d8fc4529d6121e2093ecdebb04a495e12a341b32b8e660d437e051d25904e659f13f2fc6124a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD5583190a493fcbe2dccad82c5953814a4
SHA167e8e1b2b5c6501f77de835faaa0d18d2f36d099
SHA256cd3fe0afa591f784f4046192ca784f5d4e07cdbc6e4af4906200bdc8f2d19c6a
SHA5125304014df4e3df0dcf0ee2f0013e43124b20f8a30e085ac4e600f233d6c3c91eb1d4df4e3f036d48fe221c2a51b60a8d95b5101e8fc83b1a1c5c9ee3e702fd3c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD5fd0685c32af4b1bcd92ec2af02bf35a1
SHA1db3be7384e4bddd7f4138f7c27affc1899af34e1
SHA25692b38879b3502524b9905fc54d30644f91bd8c1b940712c0785f20312819bf44
SHA5124a8b293bc9e7f50366db620e4b6d9cb3ddb5534819379d99866a552fc72cd77dea4feba4b44db3771dd0660d1785f5afbaa570f842cc19c49cfdd90977ff21e3
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b