Analysis
-
max time kernel
119s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 04:46
Static task
static1
Behavioral task
behavioral1
Sample
8ced17ea3742ca1fe0d4f5196c028717_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
8ced17ea3742ca1fe0d4f5196c028717_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8ced17ea3742ca1fe0d4f5196c028717_JaffaCakes118.html
-
Size
69KB
-
MD5
8ced17ea3742ca1fe0d4f5196c028717
-
SHA1
48f351335afb2d3b518440a4fe8f62b47b9be07a
-
SHA256
38d591e0327831e06be175e69c7a4b2e5794da7ad64854b1f69a8e82af96b14a
-
SHA512
4cd00036f3021f3d4eda94964166b299f138f88aa6d2e45f775720db72f196586ead4fa33c0f16a89e4dd57047e28ee131b0a72ad6b1f735e7b984c0e23280a4
-
SSDEEP
768:JiWgcMWR3sI2PDDnd0g6sn3PqoTyZ1wCZkoTyMdtbBnfBgN8/lboiGhcRoQFVG8o:JupTSNen0tbrga90hcJNnspv
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f40e9fd90f967046b78941829b86594800000000020000000000106600000001000020000000ce81604e94f6fd46d738dbaf0edfb46d1e54c0ae7b5956376a62937f7ce8fe64000000000e8000000002000020000000312a4d1c16653df7ebddad5539424ca8a9060a409c2e5d0650b92062f9998fe820000000a8370cc7c91f632d7bc717a83e4267d064e31577f63a8fb0748ade4e204e4b80400000003d949a19e6a2e57ba596ca28ec220a8747b86671cff34a9e887b028c5641f91e687d4de2da2ac0d1ae971909bb0097a7a1793faa3dfaa3d1e4777c02b4bc77cb iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0e70feaa7b4da01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423465462" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{156B3D41-209B-11EF-ADBF-FA30248A334C} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f40e9fd90f967046b78941829b86594800000000020000000000106600000001000020000000a1d2aed987607aec81a897b44eb1cc0d0b31793c1e143bcc12628e36c7044117000000000e8000000002000020000000458591a95c10107ff9ab57d28f4d4bd7e8476b31ded4fd329b901ba39d7769dc9000000081e86adad7901d5faa7fc957ab5551e190b5b9f6116d83b3d49eb487ef315d0bbcb42372191764238cdf08af74dbdcefa2e41c425ec17236ee7a7a352225dad361a52f0ecbbfa2a49726bdbd4ffcf6cd94eaf74fddd4f987d2f8082df15ed4bd3571f9392aac81dfa9b2990154192c15c017813d04538d65d83e394e95e8109c257f76ffdf869b45a8d3e73633dececa400000007025c958e0408c0ede7596f98000c772e6612ec6185a4cf99d75db635e3a9e86b5bd3ef8b99d37dce7f73ee9ede6017730f0eb152409451259930d972b663224 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2416 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2416 iexplore.exe 2416 iexplore.exe 2756 IEXPLORE.EXE 2756 IEXPLORE.EXE 2756 IEXPLORE.EXE 2756 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2416 wrote to memory of 2756 2416 iexplore.exe 28 PID 2416 wrote to memory of 2756 2416 iexplore.exe 28 PID 2416 wrote to memory of 2756 2416 iexplore.exe 28 PID 2416 wrote to memory of 2756 2416 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8ced17ea3742ca1fe0d4f5196c028717_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2416 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2416 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2756
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f337a807184084d81fcdcc14f8696456
SHA158f21a4e2859df6fa3670100871976861d10726a
SHA25620bcdd357158e1da6dacc03aeb6061eb2d1308caba404d2fcd56abf37062bff8
SHA51212eaaadca4cc84e3c6a83c4b503324096091d05166e7a29851661263bf21c22904c781befef3e1dd10d61d43c4e57d1aff9e2b8ef4d5286691bba6b82473e8db
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5eea39efde91770100aa58e6e68c921ec
SHA16fcd5888e955a8f12746813b9d16ea0903a5543a
SHA2560b323ff23661805b6dfcd3a7f107e8ddb8a48020a8ce4936e91a69336a34f96b
SHA51248d2b857d116d65b3187a011746c5a4cd1b2b42492e71dd958744e97ec94eb7c056034686a691c3c623f56e577029a8fbdbf027f0ee657f9575857eceef55023
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53a2148d92546def3dfb4954951cc7723
SHA1412b56b0df7018826857b7a649e62cd70661e722
SHA256baf08628198a1a477e5f4f7728a5491721cf7110c4cdde07ac1a20478598ed0a
SHA512a34dc94464319b8554509431b5000af2c6cad9dddb4b151f71dbcfdff5fae0dae2fbcca0407b334ae3beb2bd0bf2b649d24a601b9e042cb72fa35deed3fc732a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f27292415df94a3cef3a00064f3134a8
SHA1849df219b8df93ba2326bdb4157b541aa1f77805
SHA256f904980f8b4014b517cd28c01e05e244a604366cd670345e7b57fde56b3d8a1e
SHA51215e50a0a551f1d624f457a23cd6ac15f7efd84efc41452377880a8626dfe9eb18f0391ea9fe45bab4a966409cf3cea9e17d483824458d6a0662602ba3bae187e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59ed3dc41363f547446a8ee90ff561e7e
SHA1d9ad97c27b7a12cf431c8d85cd20a3559e9fb688
SHA2568a41f44dac56de5267b128a1c17798a07c44574bf18b892d7dae066eb3b0bbdf
SHA5129e763ed45f8aad64928f98b9851d2d848595c06fa9e752004a24074712fc8f8ac366759970f7f23f5ce4c141242e0eec25301239b9f78955782a68fe906da99f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cffa99ead03822b43ea0679f8284c782
SHA178f79670a8bb23c6cbe9c77dac88ce3c5dff1009
SHA2561fd19d3e346657904c77d6f2540acde19bdbf5b6b9edf71f17b364e8eb9442f3
SHA51264d99da5683b200c6f17a69a72894b7c7e9d8c966eca1ea3afc0fad98a35cb4eb09babb6e462d4ff14742a79a1481212616be14dc1d92ef29c3b5897931fc0f6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5169a8c83bbb7f4468d6ba968979a361b
SHA1136735b4c5df8e29a68cd1eb497f0d69243b5ff4
SHA2565e440ce81624ed2cb880d723d012abcc5c42965fb693fc108f7d68b97e965378
SHA512cf6cdaac47359a3c2049f97b9bd61d6239cd0b3a71a89aa5f8ffced5d616a9528b46783afa55da2f7e198c583c6c5463c10df18025d4e368727a6a2e290fa621
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5abc3af4b9f71f8ee94d62d4a61dbd4bd
SHA1b23c681d3bd1c7a7b5722ad0d140decea699016d
SHA256ebf868472ff6fdc717d65f444bd2f6b90df5c8b44fd1b9276c648b9dbb18d9a3
SHA512f77a4769c30b5ada88f087a11bfb5d594b3fb890336e39d3d5737d20889dcbe84c2769559dc3be3b089613375450ee487e33d719a57e80de5e9a79591386e5d4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD551371b9bed1cd6238db6ed87865c2044
SHA179a474eb6dbebd08369bedcf0eae2ca0df360718
SHA2562086aadd3d9ebf8ab89611474d175636181ee931216958025889c00a997f6677
SHA5126d6fcfc4998ddef454574c106cf068019b81b0296df45b27c19814f560c73b2b9975d974fbb68838c682528b63a42f7e8088184df00fba3d3dc76934be47224e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ad9c786992b834b160443df5235a73ff
SHA1c02782f52b3080ca63baee6caeb2d64636597875
SHA25604bdabf533ca1fcdcea889518531a64679806b274a27c3439ccc248441aa4219
SHA51252c06d842af9143b5ee83bd45d541db704b1b6a681ef8de02349de7312934e908f1035917960eced3c1e1036e1b0295c3c2b7eb94f6bb153d6216aab41e342d3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c7cb0fc809e890a00b23329b6b11ebe9
SHA117911eaa3bb5acc0857c55d2dd01cd6cb101b9dc
SHA2561f8c64d84049c1220a1c37d764a064d340a70d07896f4742d6a9be8202604e77
SHA5122005915bb9fb609c5029138ca475689bb576cc5dc0a47045a4ffca69a46b1f713a8d8a5e8db753765a9489e5c107ea61ba2f1d4dfcb9fafbad7b16479fff4831
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54f2166717640c8417a5c410bbe9c590b
SHA10d41019a672b7d3e96f1cf8c361a991e93fe5d25
SHA2560d29294d5d1978cded071064bd958adf800e79b00b281f5b59e4ddbda1697e8a
SHA5123d1ab74619f83f7e74bc3bb349d91e6fd6bf3ae4cd4d68ec1da6a36b936169cb3eb71bb092874b6ed44edaac6d5d90fd7b81ad70b87e9d232674e32e947ab904
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52410981e996f6e0d2871dfdbc457aeda
SHA1b5249100593b1d36aa08a6928d57accef6c2024d
SHA256f0aee6bd3677cb62a38606dd32b10939c3e7fb40992eba1e4f21cea24866b254
SHA5127ff0cd40c737453629d0787e4a04f319615f88402668bf6838c8d782a7b1dd14e582bd0dfe58a7c6ab2eb9f919747d1f00e4b59d7181e969374d0d05f0158cd4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD593ca45880238dd4494f066dd9a6c8538
SHA1a311de7ff1ca3e314e7ba0dec25896b6cf2589d0
SHA2563a7309d9eff42469bf4122455236336f1bb4e512ecd83b92555025d1190e3ebd
SHA5124dbaa245f4a77b128a45f108a400e5d7855ec0eaf7f6dc65b82ef0b3319eedd702ed9a33292f473bc329ad9c959ff7f3107b26d7964df7941801c50fbe8b8263
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b