Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 06:45
Static task
static1
Behavioral task
behavioral1
Sample
8d330d11367929e9c82e86befc8f37e2_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
8d330d11367929e9c82e86befc8f37e2_JaffaCakes118.html
Resource
win10v2004-20240226-en
General
-
Target
8d330d11367929e9c82e86befc8f37e2_JaffaCakes118.html
-
Size
157KB
-
MD5
8d330d11367929e9c82e86befc8f37e2
-
SHA1
c9870141dce06d20f4249b95147554249196b20d
-
SHA256
0af6585d7b083a33e50204d4bddbe653e62d128488fb5b34bdf8b8425f35f7e9
-
SHA512
a2927ceb49466cb0e0690a77f83c7c886b1f2cd23f27651a6ee2a8b5aeab82137381210f4ffb7bead39842351f7b4de3af9c2d8a82ce18b0cb0ab2a51c71a5a5
-
SSDEEP
1536:DIi9cOr0f3u7xa5Ssfssv1aANl4Fhm1wSWm6rWnDd2TGhBMmSs23ej5Q1zsVm9/E:DI7Oylpm9/ZYqS
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A351E361-20AB-11EF-A7E9-D684AC6A5058} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423472569" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2220 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2220 iexplore.exe 2220 iexplore.exe 2216 IEXPLORE.EXE 2216 IEXPLORE.EXE 2216 IEXPLORE.EXE 2216 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2220 wrote to memory of 2216 2220 iexplore.exe 28 PID 2220 wrote to memory of 2216 2220 iexplore.exe 28 PID 2220 wrote to memory of 2216 2220 iexplore.exe 28 PID 2220 wrote to memory of 2216 2220 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8d330d11367929e9c82e86befc8f37e2_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2220 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2220 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2216
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5591bfa076e1092bdb01f407ce9d1946c
SHA12a292d338de91b2615b241abf5a23c9905d00edd
SHA256f6ca539defea2d7471fc4c888295d1ce8078c8d2455a5187b2bc8ccac902f73e
SHA5127865df8e50458416e355ec11119903c517f36e1aefdf3976efe5b40028885da711d588b006f493a1144110e188e913606c0809183afe26f11a7729e7793b4379
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58fd753e4d72a6b96afe99561c4601d0e
SHA1a77c92049421b89a59c874b0d430dc4b6d26d882
SHA25616eaa92fa6d08053f1b8b306fb3e332d6e3f5fb4ed6694057a0a05ef2b98f156
SHA5127f940414a15f2341d0c3df69b2b1be85f94b41364a84d5be4cdd629132dbfcf361864b71672187bff14316955fb7cfb99e092dc1e34110a4747fa8b064daaaf6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD573d0e81f9439458dcb30234c1437b43d
SHA19445a832fd0ec6bcd9338224f3671dfbc2364381
SHA256cf560d67cbb817b7aea5df3784be35d6bd98931f21bc7f7653935660535108a2
SHA5129f562b8900914fc3762b588a377eab8ff048478060416155c88b12d07f114063966e63fe4d03239c173676fca262fb7ffe4900ad214c57e74f50371c84ae2906
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b857d75834c07397c0362f403f026f9d
SHA1a298ebd851d52e25cf6fe20ecac072eb4b8920e6
SHA25602c68c8ea6474d45b2c062bce97c149228fcd3fa02b199f6b348bc2aba78ea0c
SHA51281727eda1e60743aa6e0acb02d864551b9501e2b830fcceda9cc109d7efebc8ebd3e59ca9f729757cbe05cac572408d71dd273c19dd0752ccf2b1a7e65218503
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58bef12ec4cf5074fcd61dc39875a9541
SHA188f6dad8b175d51966b35042b3fb5705385218bc
SHA256f0082149c727b0894ee13e3ea398623cd4a44fcfce83f2f8ad47302165cf0952
SHA51260737c76a81c906529fd47101ca19ae640f44be46c86486576ba7d8c01b8810a621bab0640cb475c989ae005b9e9878a469e8d467d23ba11dc03cc682799cbac
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57fad86174afffb4804dd8db9ca0cb0e9
SHA116ca3c799144a292e1fef570c3ecd744d67e257f
SHA256c5d29cb8d787a3e6abddce8c9542dc7d292f7a132c8c6c07f035c2c1c6e6dad2
SHA512e8368359e7b209b08fdf4887e3294a571224bce07b5a94a8d40ed6af27b46c15ef5037156136cf0879380c206d85028d19b3cac94ff5e951bb6a20590ec85115
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c7af8776ebcd50e5ca32ae827cea9a3e
SHA14085cca56c7193a441e36889bbf995af1a54a350
SHA25605c723eaa624cb735051f1a78e965f21646003b27dd18f00d5506585ca9547d9
SHA5122f993a73298f6fefec7a4b77276994b824a205cd47bf4bf4caf78594ff4c78b21bfb983dca4fec323decdba23fb6de69af2a50145bf5d12591769ac0b504446c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b7e5415c5ebd2fee2beeef4fca5254fb
SHA197b29d44c878ba03ffc2a47b0a66adf2daadfcf6
SHA2569c1d98b2152db6d35d203871139fc0122e12fa0d0b49baedc8bdc4a89b9412c7
SHA5129efa8a885600df997eb362e18850b558db4f47ace852fdb40d08545dcaa4ac2a5474af9a46974151abc44d60fc623010e81b06f1da3322283b92c1f457084d97
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5fbb1265af9962bee41e50e5ce0989b66
SHA10030fae7a23a2e3bec175d41ee5dd906205c0e38
SHA256124cda6ca25964637179bd5e18b97df6a01f1eab9aee8b21d9216cfb983476f5
SHA5127930211487c23a0d1a0ebf444b3cbafefcbcb1dc810572c1c661e44d56033860420c23f054308e41f8e0d380389328edfa58800ed36d33a84b8151e73519f55c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5aa03b1fd4645310e7b510cc0debbb383
SHA18f434172ebcecde096f2c047f97e735fa2913362
SHA2562845f92ae371afe15cf0fe86921e0c84df2e6e94b916ec853be4451f1caf756a
SHA51213981a5454ed6214714b6894d06d6919770a820f56e8b0b2851bd73aa150cea8aa980391080db218ee49a32d9d099acf0aca22a9fbaf001aab3a7c65534107d5
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b