Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 01:09
Static task
static1
Behavioral task
behavioral1
Sample
8c692a5b33c5c11d3d4dd1bb5d8474b6_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
8c692a5b33c5c11d3d4dd1bb5d8474b6_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8c692a5b33c5c11d3d4dd1bb5d8474b6_JaffaCakes118.html
-
Size
261KB
-
MD5
8c692a5b33c5c11d3d4dd1bb5d8474b6
-
SHA1
3e7673399db8cd0ec922f5cc5af3aec7bccb37d4
-
SHA256
85e1012e061914c8ba7986e1c96ef8fe3bbc7e2661dfc0371153940ccae6e524
-
SHA512
c6ca7f7503664bc4c20d2d1dc1237ae383444c3400451a109e4a0165760d514962803b33825733d2006d6d5f238d601fdae89505303892ca077fd793493cd427
-
SSDEEP
3072:S6UyfkMY+BES09JXAnyrZalI+Y0J4zjPafQI9HdmHB847iy/3:S2sMYod+X3oI+YGQLafQg+BLig
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c02d4e41cf4fdd4187f0c59c6b8bded900000000020000000000106600000001000020000000d74e8a620d15dfb332add6163a7ed7e04d587d9ce3e0478922558f5a3796eb8d000000000e80000000020000200000003ef89ea1d5822a12ed47093c4c82ca6e30d4c47e78029437f80c798423d19b0e20000000c386182738cf695d900b8ca8729d25eb3dd2b57b47fc86b4d6c275d2abdc9183400000004ff42c52dd73f9c90e5d1350d96080ba32e3fa03da5d54d8781867c3ae0959ecb0f4d92403a4a7dd3c55d7749ac1e3eb7b354068d97dbf29edcc4980371cef80 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B4CF51B1-207C-11EF-AD30-660F20EB2E2E} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f05179a289b4da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423452412" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c02d4e41cf4fdd4187f0c59c6b8bded9000000000200000000001066000000010000200000001d859484d6bed1761edc471d8ab53d3091336b92e43d4929ae005adf16b14229000000000e8000000002000020000000c46a1623ef6a45a73c12f9200e90b6173000d894fc053cdfc28fb2aefe12f1f2900000008e781f1cc6cab9b90e9c549653d711e43bd41067616c2fa3f59fd302f95b3e4ca2f41a0489bbb9ec92dfe8891841346a983f3592ce0f8ff93d22f24d8d6f18fca283f37c2db7c5eef29e79855bdc9586046abe5dfd6077ceb9a24362e7f168cecf1382b08b59f99b7ec15b913a3fb9795ab0985d5c7417455e5ba73c67fa07a9f005fba66316212b1900dfb2ac186d2a40000000097fef98b3d439a59630a7d2e1e7f87b0ca9589704bdd5c7dc34da35695817cc403c6c42afb3f48ad23932c41af880d1ab6262ebc0fd09a8ae4cd91e2b4e3527 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2088 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2088 iexplore.exe 2088 iexplore.exe 2080 IEXPLORE.EXE 2080 IEXPLORE.EXE 2080 IEXPLORE.EXE 2080 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2088 wrote to memory of 2080 2088 iexplore.exe 28 PID 2088 wrote to memory of 2080 2088 iexplore.exe 28 PID 2088 wrote to memory of 2080 2088 iexplore.exe 28 PID 2088 wrote to memory of 2080 2088 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8c692a5b33c5c11d3d4dd1bb5d8474b6_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2088 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2088 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2080
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD57cbc7843934e55cd1d064691a9f4f5c7
SHA1607989320bcad827cb4c41247dc68eac70aa36ab
SHA256e51f161a12f1fadcca4d5a2c1a6e3fba3f1f801049e555a3f0c4ac6f587b34a5
SHA512841e9462c659bfbdd5af968936bcb6bc768dc357e67755ba4590756d3ca630df7adf9476525a18c5d4267a0a31fa4fb6a6a3b3cd4c53347432406f535379384b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d79dac0787297cb280184310d508fd87
SHA1a03d8ce0387ff46108c3c3401b6b1bbdba75a39d
SHA256b60c6cd46bf8ae6e3a7e97a98bb090eda386a9b4bd370238dc4cf7bab7d81b8f
SHA5123504a669d3b0edc21a8b6b587d79e7df0e79cfc841e8a3d573f97c225c747482969295d19e659ec3d42bcc21fef9ae9bd547566982289f56a3fa95cb3b270ba6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55699a52d76218cfe885345321293f711
SHA12a62b8e85cad084d774a44c5b1fc9c78d09d4a14
SHA256fcd7d11b5c713a7ee40c23b129092c84ceb464480593fad40ecf00a8104a831a
SHA5120be7efa5af3ac1af3834718c45e9a02f18b8463720c456272a7fd8127386db411e9b84a3df2f670187c4128a5c06007a253921f10ce8dcbd36a9a93497cf85ba
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50df24673ba5d310ab194b9a67888e6dd
SHA117054da9037bdff41dbb39a49cde279a7a2088cd
SHA25642cd8071dcbeb006bf6f354bd5839e550852d793d1644bf36ef12c98d73b125a
SHA5125ad6f435e1895c7bf1a772163c52b152dcb84302c02e343e49a2b70e845595958980149cc8870f5ddb97251b7ee548c3ef3b9d76142e4a3f4074abbe71a6f3bd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53b2f108beaef6dd8b4d4755b4ba9bf73
SHA1646b5a7a5f6b6607f600f2fdd4d8b92f1320d28f
SHA256919b782519a33b82b9f59a3632df418991180d03fb76c557b5ee23862aa8f478
SHA512a6e19de5b2bc515e36004d451026d5e3b8242adb172f44775395d2bcad30c24756946007cbf6d9a4cff9ab7820af46ad29dc432d94029a8f42136248d5ce2a55
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57f453de6aa232773ea3e8ba41520e80a
SHA1abfe5732325ef936604a560897f1931d93f13aad
SHA25664c03052b9bae38c3379be5363c0d85e76a06113a6caeaee6469c1fc2411996a
SHA512e878e1dd84805d865705d7530902221d70f9fc533ace5eb556740c243266538503fd4a584e9f39a15a0024ab6c2cc9106f7288f45200c3f57a59470961182e52
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5081b8200839bb996af1426fc73e50c80
SHA1b8874b621ada3a5cbccbe1a63322a324153c952d
SHA256ca124700d44679f81725127a7f676b7e6e3cb964d49166f1f4374d31ae2372b1
SHA512de405c2ca4fb11493eb2a8fd1d8308d09b354f6bf4037abbac3eb5eb33fb3c540d06f1b6c375ce7a176579ca1daef69dd90070f1aebaece5e66681285a696f61
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e4a871ba5dda531c2500143c48802d2b
SHA1777234e498a5f83ac3ce6832bdc26e385ce4edbe
SHA2561da5da3fa2ed224e0b0d7b7492bc3457b45217ce00033ddee10bf12523a21cbc
SHA5129332b7b4625a18d6e2946aa1dbb05eafd9e7a11c2a45f6483c4a1571f8ac7f8acb46a9377bb82a502287299627c6879a350f41a997c22973d32231e1aea5f523
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c40604da4856555a70a1a9cb504d8e8a
SHA1df7514fecba7a0d07103f9ebcbf0021c7bc29e14
SHA2568316959a7e78622a16eddfb3f1589db1da4911237539a3355572990d457cab6c
SHA512aca1e0855710e7e859bb9d73dce560df13e348bc504e5f4aba8eab7f07992fec471effe815cd32bd19f506bc648cf7c0b5a2d0ee1cf6dce9b6ae6b804234db8b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD534e4e758f6a8ca172620af174bf85aea
SHA1490197466be8f193dbc34991c50330df5a2bb3b2
SHA256f037335c4414d6653e22874a591ecf81c3323a8263d8c48e14e1872b3efe42c5
SHA51222ee97f06647ad59cdd7ce63cdac4326fc8795154b9a136a6535919c210280858d12d8382151d3f10e41a47ef497289845e8bc421d74e0008b4ee2bcb6540303
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD550dba1888a7305c806315f61c1b880af
SHA12eb19489168303732acc9c4b30f60c1d69fdcc0f
SHA2562f4626d09ba0667d31c36384d3e57ebc9ab99a440a3cb20fe17453c3850e3f55
SHA5123065e5ab1b0d354cb27636b2df55e3d49f6e767be8207e4f4926b45f5ea5e7a1f829af63fc5544b7cb5a0e2ed9cd0fe1a054d4d4cff226d67ae94c25f910bc95
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59cad4e5d7c93ce762fc011b2cba6da6e
SHA11619373e084fa56a39a0be55878324c03e0e751d
SHA2560f44b3d329803d316302b72b0c3b4900c1f0cc66729a223f3da348271e96eb3a
SHA51242429b3208b9435f0ba8e11b1c747e80d1d1934552906529eefde05b46255317bd445177daab5d83b5a1de327e33e353574ae44105ae4eca8b23655b3098d33a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD51820d7a805a54c1870dc4aaa892ef1c4
SHA106b360b047b6f793ecca6fb2b243308c445cb76c
SHA2562b02bc089396174057fa90ce4515552b322f995f2a65f1dba1d605cbaf4dae86
SHA51299889e1b7cfa7aef13c9bec5b6dcda5ae0de8d3df4e59ba49844fdd961b775480a764648f2466f2a04477df3fcc109aa519f85a9cc8383dfd539e922ccb6864b
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\domain_profile[1].htm
Filesize6KB
MD52498e8e8fe847488763295340f53cff9
SHA11600da5d9d24180a8347e4606830ea26e81d1d39
SHA2566d25971a212e9f9535b56e534225e44e1e2dc73ffaf69dc164ae2f15148c407f
SHA512a8c98bcae839a47572487648561d38f0c0cebd0ed70477f799ed5b123b02e33fc9ed82c2e66b57879da5b1e3e88c4e876b75a2ef05c1dd4dd178be9a76dae1ed
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b