Analysis
-
max time kernel
133s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 04:49
Static task
static1
Behavioral task
behavioral1
Sample
8ceea173cc9726c85653dfebe0b4cc04_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
8ceea173cc9726c85653dfebe0b4cc04_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8ceea173cc9726c85653dfebe0b4cc04_JaffaCakes118.html
-
Size
254B
-
MD5
8ceea173cc9726c85653dfebe0b4cc04
-
SHA1
17b66faafaec33e5322e68fbaa0c5f2068ae080d
-
SHA256
5f9c9067329ff4ee7301f42464d3eba8c0286f4759eb6fbbb42520ffe6f54be6
-
SHA512
1dcd5cd8ab438df3a1fe84f3e8d59bedc97ecce314282637ca3f3de983bc833a020dbe465b1be58078974f4718e959c6ee476b532c42b7d8db017388eb75e37e
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8D4287B1-209B-11EF-81DB-4E87F544447C} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423465661" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a230000000002000000000010660000000100002000000037bdf7b719694d9c5357d890f2c43b10a225158b4c7f6bd7782a3e834d110c7e000000000e800000000200002000000041ba98af44a0e54a6a046f5046390267584f07fdeba127d769d01f95478e484b90000000e62400a6a54b5adcd03af3f1fad3b25f7735666724833304b5f710110bb12f066af61f2932c43fd512b2ef33f340ccb6ac24bbb820ce63db406b652463dadaadb3339c22ec303146202f68e4d0106ee9984c3afeca02ed9d702862b09b7e3e93bb05d8f4f8c630f0f6af57cf327432477abbbc4495369516dbdd3607c063a0e45e8c126da05b75a59c8b8b5e27746568400000009119090e77ba32eb08594c6fa3e0ecec677605b063f7e5e382f733b45f63de9ec9bb1cbaebecaaee955ee3ce0a9d5d6aafa8eb26448d772af144b376b545873e iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0ead461a8b4da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a23000000000200000000001066000000010000200000002f9b48e4652d7cf156fc86952bd6cf1ea46b2f4b312628f4bdaee638e002ed14000000000e8000000002000020000000324fb87115cac16007eaa715f1f235aa48be4ac0eee593b55f26dd508805756b2000000015e791b7740a662c203aae94bdfadf18702b8f6205ffc26d7f511e8d222cd1a740000000252cc665d108a397dc9fd78ff728dac2734651f32af65b402d636532ea04c7e0293add71df0e4bc5f77f749434ea710c9a5d6d572dc83a9b13f9c8091ec51985 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2180 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2180 iexplore.exe 2180 iexplore.exe 3060 IEXPLORE.EXE 3060 IEXPLORE.EXE 3060 IEXPLORE.EXE 3060 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2180 wrote to memory of 3060 2180 iexplore.exe 28 PID 2180 wrote to memory of 3060 2180 iexplore.exe 28 PID 2180 wrote to memory of 3060 2180 iexplore.exe 28 PID 2180 wrote to memory of 3060 2180 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8ceea173cc9726c85653dfebe0b4cc04_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2180 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2180 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3060
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57030e032e1525da5d58b79ba09bbf9e9
SHA13e6e9a3ec19a88f674e156fee931693dc7ba9c89
SHA256328c45c8aadf26112b2a722d6cf05b5e125b8673e0984069cc3947fc8a672daa
SHA512b4071000e616174c8a5eb7890db51082ea4d8896a42ca3c7c60f7b32081a937706d658dadb569f73e867b88f29c045dab3579bfc7889de1c1059100fdcc087aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56ee0f0521ce556aa3153ef65251872e8
SHA18e846c1cbed815f9aeba38b8d802e6a17fde1930
SHA256d7b4121b441c95df4551500bf64a0191b2633cd35bcfebc4a52f6f0fdd752311
SHA512265d0c1046b4299a311a7e8be971677c38a2838dc6c163a34f58d4f66a6ba20cc9c4372886844b5ee0fc30ac4137def773edd980fbd9221b269e4baa5351e07f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD526614bc73e6f6f9240e222915069ad8e
SHA1b89ac93a36faee16cd02882a9698d23d22375889
SHA2562a79bbef59197e302fefbe43410da77d3f8b4a436eec2bdf174fc6e873d86743
SHA51244ba0416fd850f457cc5728553ccc99054dd951cb13a680a7d53dd0276771f937413b0d932174536a34558a10054d9d910a1733ec639e9dbefb1a17b452c00cd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a416938836f7751737238927f070e219
SHA18037781d54be116b3f5f5830c5dd53fdf4c59d83
SHA256123706b16fc0cc1bef72f714995bc72f0faa9fdbcc85f8c8165d4498623fdf27
SHA512ef8ccbfd7543e7c654e1036a04ded7beb414aa7e0bb0aab92a81a6fbc42daa104c11907036314bfb7e577eee6b09ad4d9060955a44bc6511c91ef34fbe3e372f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5081da0aece20e085d0a9409697509b98
SHA152f355f3b571ff2f5d02666ed85dde1c3fedd80b
SHA2563e548263c12439e6c3d555c04d3d10fa2e68a9fd4c8d18a6178f5b031b1d65b9
SHA51220d62df01675b93b3312e9a8b0261f397c85d4a30e9c83b588d420285d6e47c8d0f81e4bcfd5778e001ec5375598147c7065dca06a226920b4fbd2996e787131
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD530469a8d59bb8ee4f519acab35ab1b93
SHA1d1b4fda298e89fb8322b6dda6e19ee1c873f226a
SHA2561da9202be5fa3f514a1ec7a725bd793163cc9afd416b7db0d7ed3bda6c9a3b46
SHA512613c607a3fb0a80cfc3b519be2d2d9a3ee02b787e316da6a9d59cc9e758fd4e09d0ba04606ae60ba6ebdab6c7f345382638c238265542a05872d3f558c5b8703
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b44409c9ed581f9f7192177240a35f7a
SHA1037c993c092334eade4626c94f6461e599923ed0
SHA2563d6cf829938853711b2769ac6049af90db97c75a90edae40ca8e61ef8d992943
SHA51264d8025fa7d23eedf3d8d557bdaa5baac03838505530859a73d0cfe56c17a56df6185b48a8a2ffad7f035b3c769e592fee438d7b19e75ec1dce51f5b9efa0ab7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52e87efe3c8a98ded97faf949e92552d1
SHA13407d2d6901d2eb99831473dc42e396c3b2f1213
SHA2569e7bc41ba8a9f144716b55bd0f7d71dd2798273568aace514bad9c8a6c7e4cf6
SHA512f97bbbe739a9a2434bce49fcc3efa9a88210ff72916c2bf99b7d04f1cf7e6ae9ded2dbc06a7268b79c504181667ab5045c87987a5eb919c4a534812caa0b1eeb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bc9c535510ee5705b32ca5c606ccaac8
SHA1bb5f543be7930f1bb801dbdc5cf80144396bfb9f
SHA25689d132516b928d94eb6f6a1b8eeefb1b3a1506e69fedba405293352dd4faaddc
SHA51241fd20e3b12e5ccb5498aa1fcc7b1a180087d4271a64eb064a02e70b1bbc4e8ba1f70cdca1bb574882bed920bd0db73aa6ca08e75ec8a7ca2d623fe81f90159f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5673e140fe8855d06fd3410b18578c5e2
SHA18210f5bf67fe1abb6be6c5ad4218802e987164f5
SHA2565b434f8a8963e9b90735c32b8e0bd3ab1ed2a34b195f9b6e64193cffbc31049c
SHA512217b83e7b410fde6c758c855058752cb703cc50265238309a30d2675c8e5a7aec04ba389ccbfe47d8271fa20468d71e43de9593064fe23a582c2a67cdb8fadc2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53b9b6dbe81ee609c01655a8a6c1e39e9
SHA13aefc2408ae3e6c862f0e0fc43d2b76fff648b04
SHA2563592f558c4387fd8e80f843e67177cca4f6f248182805b14c947ff1587504f0c
SHA5123322a0675ad6dc1780231788d36ad50f210c77a0135747335f3b6217072c460402460c166904638ebfe9f7f17f17a2fdc2d137fd990f9946b2c6acf2115e9450
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5470d48d1e64f79e6f85c690b9d9f6a99
SHA1063c12ffb661311e9879479376a12c8835f41515
SHA2561a9370077ff3e43d0de3a4b34c524f6065032a4bdb37fb53618fd67743d96b8e
SHA51265599aaade71d518a1312272107b9b5b9d5ac08e0269f65f60bad18728c6f8e84b088d4fcba8a27d787ca0e05a6e1d9f3ab5b7dc496e68b1047f819810010a6b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52a040379d9a8e25ea78917cf107be848
SHA1aef356b342a73c50c1273422ecc1be261a425916
SHA25617c8dd9def8f1f212a0500721811d29245a8d532d4db9cab38b262bf529ebde4
SHA5129d619fe80e835e18cbb34998c6d629b698cf1d5bbccff23da1b297d15accbcfc5e8146712566f446345c5142baa699a313d2219704dcfa92f541b17f0c8ff2e6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bf2e9e5e827db4bcf5d8b1147c9f5b2e
SHA141a8b82ed3dcaede600769b409cd05c559b64c51
SHA25665652d8e6089893fa1c036d5dc75082b5133b9ccccbf8c5632129ce4aa2b2799
SHA5120b46ee267b45b6c3f9b263fce54f80ab3ae7d8256e55eab1651cbd4540a451f40a4bd1dd959db37986d1cbe4461207726bb1b9740376f96510d923f43c1ca0a0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56d4e183e7829dfb2736337888fbc5f23
SHA105d55bb2b2910b2b1d242e7833934d7dd226c88a
SHA25652f5725e8e14257785bddcb828f5f81078d240c434732d0c116a9e4bb56914d3
SHA512acadc4b5451ccac89de3731e65e7d31c84dd30334b5bd4a2c61f62e5eb529c6b56a33df563210a6b446d3689c96b53c5f527758f5d2bc2b5a49fa6d12dc3ac0e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cb30b70bd67689eb33fa165c3ff3986f
SHA105aa17308ca112066a7bf8439aacb4c240350be1
SHA256448af198a667b6872adcbf339c397daa8df06e8d052b041aef6537e329247f48
SHA5122fc3be44fae06c7a11c4a79127070e9aa1cb26e18338edf2af5ea173e77a93971425deab108aaf9e09904c42851d936078486e945bc0375121a63ea005fdb89a
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b