Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 06:46
Static task
static1
Behavioral task
behavioral1
Sample
8d33b33756e92071c89ba8e537b06fad_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
8d33b33756e92071c89ba8e537b06fad_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8d33b33756e92071c89ba8e537b06fad_JaffaCakes118.html
-
Size
32KB
-
MD5
8d33b33756e92071c89ba8e537b06fad
-
SHA1
abcf3a99ef1dd25601523ec3663d43f3f5e9bbff
-
SHA256
2e0ee9f955277bec811496b44f7e35a22a11aea26a96f70e96d0d1366d0e3d46
-
SHA512
25894e56c0a35093ba31cc4b7241d19f1aa8c30498ed4ee14190867472983f85d455356fd93ad63da73ccd6d0a30d7460b8d199d052402c1f2788d6c174cb404
-
SSDEEP
192:uwj6b5nD+nQjxn5Q/pnQie8Nn2nQOkEntnDnQTbnxnQmIbxNxpkNeXM/d8ohJMD+:KQ//axOt/dM/mWb2
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C838BA01-20AB-11EF-80DF-F60046394256} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423472632" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2900 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2900 iexplore.exe 2900 iexplore.exe 1564 IEXPLORE.EXE 1564 IEXPLORE.EXE 1564 IEXPLORE.EXE 1564 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2900 wrote to memory of 1564 2900 iexplore.exe 28 PID 2900 wrote to memory of 1564 2900 iexplore.exe 28 PID 2900 wrote to memory of 1564 2900 iexplore.exe 28 PID 2900 wrote to memory of 1564 2900 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8d33b33756e92071c89ba8e537b06fad_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2900 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2900 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1564
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5069f4422cb553cb6c11ce8b82b06e5ce
SHA1294374e698cbe20603feec7abb6a59f7fca02575
SHA25628d14250db14a1b7ada209f9b32bdc00a4dfbd0ac5bc7939d7b472a64229216a
SHA512efbdc293c923619c2f03bc503babbef260d88933de8a2051eb1bb783c2a50074a021621ffedcb974bdbc6e138207ece636566a22be54d62341dd0f68b5d52704
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD595033fb855ae7f9b96d71a0bc542a35c
SHA1d52f92dae41ed77baa58baf919e25d08d02798b2
SHA256c2f3fb12da3c4ef6dce13c39fd37c6c7b49eb455e5be05803c29b5b73b973447
SHA5125f118c44341110aba63ef0c43631f0440babcf354b7390caab53532baf600b64b31a60948af11395216dfdde269a064fb6c29118bda64367cc9a1dba95199dde
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5955e96dad9992d3f597322b5e87c47e4
SHA1395d7aea4f5c40710dabccd3fdc096744c2be60d
SHA2567590e0311601df37b10e88a6862c22fc954125b6e9588a5632e29b3f51a3ad8c
SHA5121e74f1d68440a5ad0e119389f28e7f9a1161957084d5b41108189ced676d4f74a36aa0c9dfd5160d9890874800becab474ecef51f32559f2277e41a519f07dd1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5de750b2b8c44d57dd228f55f2907b8d0
SHA14bd6ecc5bc17fd6a60c6708fd3e9a79b04c9e442
SHA256ffca656346ece75364672c3e2dcdab368e03df75e07ca71c34826c7cfe669f7b
SHA5126a3555c69f2ee7b823bc94c338ae660e9d2cceb57f050169b2e90170d3c6576e6df58061aaefb7a5e6b020c425428136eb39103d566bc4fdb6559d9d0fa13dec
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD516c48049afbac12509b787bc0023d1ac
SHA130591b98f6aa95bc38cfdb1b8ddb8e16b54a8713
SHA256326bd43e70be9cbf6bcf0be557a477f073eeac8b0ee970cf255ba458eb181a35
SHA51268fae4da192f783159d9505a39f21ca2e66d9f94df4623aa725cc282e5289b8aea677d9847c2b80a696974ef2c71a6577446bc81abcd2c73271b88acdd4524ce
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dc2ac6c75ec6517fc2ef32ded76f549b
SHA19072928bba2d3f901eeaa13912b07f52c34237ab
SHA25636fa470ceb6f73721c5d677a06c33fd79295de359db11d55024683aa3e894e73
SHA51234927825f778bac3de3b03e8b67f67d2fbdaba1a2262a8e99378c8a6132485bd2e50ec5ef60907c2e2ed9debca0b7c057692b729956174a89ab0b79b5248d7cd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c5df8984f22081043a0ed026d685ca85
SHA1aaedba3567fcba2df96cbd8a035eb53705c19a8f
SHA256f3855bbdfe4639fdd82006586b219903cbebb7a77554be1b71baf9b58ac8ae83
SHA512fe4b587e69a84204fbd010305cce3cf0dbdbadc96390609816073d524525c413b54f3c4c6a3180db4a0832e07dc7dc2d63d69ff1e93e1b94ecdb2f216db67262
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b45895f371daa6b1900ce87da2f67796
SHA1aea7d7a370f9621e9628ee6e5878dfc40a626dd0
SHA256068414d9870c02f491d3df618a65bfa9fdbdb90642273eedd801ed03982511d0
SHA5123ae07b1cd7e36bca89294f7892509295b492fa0ea9637c6219f5d537231f96dc343db348586426e575202ef824b555fadc34eaa4d09c564a3c75f960aa3a5a59
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD561d64a7a0fd5994eb924947fefc5cb85
SHA108b3b49449dfbdef0bebe1d0a670828bf6b3139a
SHA25610815d06b5fc8be3a627b3aeff002b2873e62427bd9239f4212fdffe881d49f0
SHA5122a36450da822141bc256abe0b047ffd9f633c186f2899d93ed305d3a5ccaba380979683588fdf311c6f8a6825acd23d748768abbdd59c36696ea9d62e7f1271c
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b