0070334afdc4e14b049d72ccd6f01ca8a1df4d6f8e973bb6d217aa1753358819

Analysis

max time kernel
144s
max time network
147s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/04/2024, 02:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f00dc7dd95b000b8f69f3d1522191c0d_JaffaCakes118.html
Size

39KB
MD5

f00dc7dd95b000b8f69f3d1522191c0d
SHA1

5f2b66607f332664fca4457a3a3dd76c1b2f54b3
SHA256

0070334afdc4e14b049d72ccd6f01ca8a1df4d6f8e973bb6d217aa1753358819
SHA512

655df00613052b53930dcf88cb7662e6e2a318777710c8691b6d852aea6d40ceed6c113d2cf21e3520b301e7c88fb3a3c9f437706efb0d5ef80d8215802f54db
SSDEEP

768:EIFjQfQO8a/up/7x22+IX6e9rCX7CesIKUKsKIopIw1DMJ/0C262A0jq+P89qW:EyjQb8Aup/F22+cF9rCX7CesI0sK3pF+

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{597D2731-FACD-11EE-8765-4AE872E97954} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "419308907"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1736	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1736	iexplore.exe
1736	iexplore.exe
1640	IEXPLORE.EXE
1640	IEXPLORE.EXE
1640	IEXPLORE.EXE
1640	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 1640	1736	iexplore.exe	28
PID 1736 wrote to memory of 1640	1736	iexplore.exe	28
PID 1736 wrote to memory of 1640	1736	iexplore.exe	28
PID 1736 wrote to memory of 1640	1736	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f00dc7dd95b000b8f69f3d1522191c0d_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1736 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
d4a2daded7cec0b5cc08c1e6819a448e

SHA1
568e28b5b85a5a8a85a6bf5af030c01797da6dd3

SHA256
d129be78954f9d530172135fc941535f50ba88eae4a51dc84395a8549c45b35b

SHA512
e58a4e390f498a565b13608387c69fb56bfd6879558294017ffa1a59223b26f782ebe388320611e295cfebe5cc5532074d7f9c80ba5aba0a8a33c18b9d4b58e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
e8b0691ffb7ee26268cfe2598fccac83

SHA1
190704cdff3b8763cd71c4868070df9472ea1ea9

SHA256
5655aa953789892cb18545d551bfb822aaa093974860c4ba6af9f730af60e1b4

SHA512
bbd0b83151f1d81eeeca175f78b23137fd58b192d3ae9855ef40c9a737fe0e3b5093b5b0b624c64ea49c27d7e8f0f9dc590d4c8d6f33d6ef682b82c710cde393

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5087f85a1218f7606b2b11944f4c6e60

SHA1
34c8d675889fa1b2ced993300d1cf89068dd66a5

SHA256
f9e9ba5d2aa5988180fc6a3349ab5164a4f182c07ea0923c0e6bc139d7485301

SHA512
51afaba5d993ac3e7ec52bc48bd4f5f08b39a47cadbfa9f6923e909668b6bd54989df46e385bd8a7f702c3ca0ffb8c91df2be8bd3b3ad2042a28329bd3cd7da9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4b40339d954391b99dc7b1499a0eb524

SHA1
14b7889764e37e0708c2fa8d730d292de80257e2

SHA256
f432e460608a73109b1ab879cb111c552a152ed93994a210d0f1059e99d45d1b

SHA512
85e995d100de4c434eaa8aa59b103a79e344c87cbddd6e826499b331755063ca0f08cdc4ea65903c321afc9b3506fb8a45bd18bc8962e02e94c9637fed4016ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1f8fdd1913af1051474ec5c71be270d3

SHA1
9301a1b4f589d8f90312dd901e758d0fc50b1783

SHA256
b3af67ceb7b00f80c3f3a2eea35d29fbc09f6c55d681cea3fceb3094f16dfac0

SHA512
d62a99c0615808b177efa1a7a9bcf18423061b93800aa1fbfec023da1443e9734b6591da2b726dd02d643410b97dfc342ca17a585c74486063dbdb78526fb5b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
085db932f1c7d1043f0c0ecf10c001b9

SHA1
a54c4fe15aa7df61e4bf051c8fc99f29219ef390

SHA256
96030725a811060f431e025b957d3786fb8c9238b55b320df74b7ba1f2e22c82

SHA512
52a80c2af1718750a660bf7bf16be65bd52e707a32dd73cfa3420bf3d6cd1a6b4776f71dddf9813ffcccb28a1c7822f8f1f2b322d8f4c1fba2e3745e4e091c8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1817a43a0e2767786d4194d75e536a55

SHA1
c5ae714e7323faee88d82b59d1cfb3e0d9208bfb

SHA256
53bf657aa300fd13a43eedc295bbbe04d8eb64f3a7c6d9baffe222842e8e94c5

SHA512
67abaa363ba71f20d3d94d4e0a91c70b4dd7931a102ec012c028bdfdf638d7380d34a4afc9b7c576f75190895d647021c55a8d4dbab7a7e8b7f7c1febac2705c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c253553bdf25424c3966d54990deca20

SHA1
78d395532601c17a9dd955b1f51a7b7be262d186

SHA256
77463ed88e7cb3689979949949259ca06352678ed13c0b4bfdc1800e63ddad3f

SHA512
2bd1c6be0f155dd2e9bf35182d5e23c89188d9679fdbdbfb271cc5c2a2b61db8e15227bdc4c4ec818154a977d26f17b645126a00a3fea24be80cfbbe5ff908bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f4976d803541977f0afb11916ddcac2e

SHA1
1f8f911b672b979736a1cd7f98c9bb2b786aa950

SHA256
c955100a533b5199d7b67c0d609e6ada32858ca0f85489229977df66568d2a7a

SHA512
32423b6630cbf2eb4a2a100d8da1a6d4756ac700ebe821d962a8983e03efcd0817d2175379da7acb95f6b346f50d9d332a4f600c0c823610a05858a7c2daad3d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aff3a49328be811cb2ab76f80c01ee0e

SHA1
d62e3505b8888d0417c1139162e274e9c4ff6d03

SHA256
8d0de30d3103bd403d2d7e9fb37248a00b1492bf3cc560b02cb2e357bd840927

SHA512
a0b82551a19bb420c95acd2cee6b8a45b61be78434b8dd85934a3b4fb12d508533426487eef3302a0ed987fe1c0c904dcd079659fef39a866d356de757f76766

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fb0426c14b229b15e9f6b0fae21536d2

SHA1
511fcf971598b1ea0d10582829107f5f194381a9

SHA256
dacc9447121694910b03f860c6d6965f7003902885e2148e202080d9c0f8ef50

SHA512
769f1f77fbb251ccef906d540bcc356f8c978eec0d58650f81b81ff7b71cc4e5043e6cf06329d7544b0c35aad9826a66419349c05bc68fe82e1d5a084a902431

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0d32ee5665adc25bad18507f73f8ef9c

SHA1
f83d69b2f8c6461e72e21ee52f031e54587742b5

SHA256
e95469ab01b2484221ed423e8f9f7b95f8fb7f0d56b3d0d302cbf0a1b98de659

SHA512
4ff47c90f5d25f06a4b41b9b11920401f1815afe0e87769079cf070c2798a7f7406b87becd025796a5f3e9e854f6e15a173e7c303977577ccc0914dee72fbae3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9032beb15f0c595379f4d34488adc237

SHA1
f50bc60f3739521365a6896af07405e53e268835

SHA256
6c9eb05f60207846952a208063e9f8c585a73d18c5b411e5da28eea824565f6c

SHA512
903b3abea9b3c2051ede34d7ba1fec849df80caba3c76089b8ceb58a31fcca571c4bbf6afc13d3e0a3e2c14b89cd1df7bd99395cc5cf8fca1e72c7c1e82dae1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
95d40dd228dbe2e11695581909f5ae94

SHA1
7ce2a38b6d92f4e277a5981e95dc0923ec0228c4

SHA256
48cce716a3da63fffeae9f9bea8f558dd6a81fdf66a70fa129ca64de3c3a15c1

SHA512
9ebcaf9366cb4dbbcf97005171f9bed990c231722c5c61b990f0ca5e1e29090d8e20585026d7224f21c9f2fbc8da7af0ebf11917594c7c309a8665f40b36d5e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
478e94f0d410e23d2c6cde1c9182ca01

SHA1
2af89a6f0a4ba5eeff26a3429dbbdf2f83463958

SHA256
34713c5122ad87e23eb49a6cda1b3a56089b18f54aee686ae7714df041acc7dc

SHA512
c3051bca5782cbce64f40e1b4f4d5601f352f24bd3082b285e2c268cfac55672ed48e9bfed96d59eb0dc58914d07ff4e0dd03a9a0c6062f358557936bc5e917a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4156.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar42D3.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit