db9d668123bb86e83973e4302e5d4b7d6786f0ba1505b8d0faecae97175f7036

Analysis

max time kernel
134s
max time network
135s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26/04/2024, 22:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

01c22e2f0d7ed18b24532552181e7647_JaffaCakes118.html
Size

213KB
MD5

01c22e2f0d7ed18b24532552181e7647
SHA1

5199dfe59de1178d00809bf31df9aaee9a5395ee
SHA256

db9d668123bb86e83973e4302e5d4b7d6786f0ba1505b8d0faecae97175f7036
SHA512

90225517d6f34d5c83539f5c5f0213e21c8bca48272409478bbbbc2f2912ac1b577f266c809c65d3360e6a7b0010dbec70f8c13b32f5823c54f0d19981712d89
SSDEEP

3072:SoU97GtaJOiyfkMY+BES09JXAnyrZalI+YQ:SoxnnsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420330671"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{55996851-0418-11EF-AB07-4AE872E97954} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1996	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1996	iexplore.exe
1996	iexplore.exe
1336	IEXPLORE.EXE
1336	IEXPLORE.EXE
1336	IEXPLORE.EXE
1336	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 1336	1996	iexplore.exe	28
PID 1996 wrote to memory of 1336	1996	iexplore.exe	28
PID 1996 wrote to memory of 1336	1996	iexplore.exe	28
PID 1996 wrote to memory of 1336	1996	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\01c22e2f0d7ed18b24532552181e7647_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1996 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
32d4223ea7de4b0631420f8bcdcbddb7

SHA1
03e689252ac56081e393c5ccd11dede1c9938544

SHA256
8903614be185e111df1ad6e51224e216a651e48c6640bdace7e8e1f1e61f2cf9

SHA512
0724cf49ed2fe8ba5e6521f0165e0476ce161d8b59f6feb21790832a697b8d78a0d10bd3d9e2e8d99615f119bfb49d2d5f5d4f158d41b2768c1e5eef03d61165

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a2e54ab1ce09d5fc174a3bd497f5f655

SHA1
c7ecc04e304802db26900de94a35bc1be2e3802f

SHA256
01701439ac56f6ba7b69b41a495d52e8c698d218783955f5818e1b7dc9e67f58

SHA512
7aea5ae5476a3bf3ce96d60c9a60ee81f98932bf982ef9871f9f39da2536f44f935933c79ee79666a463bd47b32afaa06b6994c155346d7d8708e3975cc38b40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cb064bbed1a9aca999e2fe8b0a75fc26

SHA1
d2d4f0e47c9f243d07eef537c028c1c07f1366d5

SHA256
576e248247633b69fa9851617bbe15e38076b343b568e26dcfc1af4b7558d63c

SHA512
b2683735fd712da5640b92f2eeeb9132623ec402f1c26ace2a63bb9b6f343aeb734f4022bd663ac3d1ff4a88bba387b690debd82b5b1e0d3b014f1dab760cdd5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ac5786179a15efd5f0279884ccccaf0d

SHA1
4e5931600b766073d7ab729a56897deb555d59d1

SHA256
de32b76a26c67c18bbb89496d4e9e0f951d8df8165833ce8fe7476a1f2d779bf

SHA512
78ec8b34af205ac552493e0b5a4a7a702a79da36d29b0b32a23301dcc271eae9de89136aaa9b75905e12d9ffc719ed4b65c8f2fdc37c48db4cfc501e8820a343

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c366edf3efb32465d3d055f10f4a896b

SHA1
05e7b0b99c7623f77b8e935dbbcaa671c96c3091

SHA256
08a7067ef5ec4d90f5e502b5d5203dcdb45d16f5f8b7877a8f07ae48c10677b4

SHA512
f67d5c9af290a5eac19d53994e660fb2e1ea8649ad406129be51d4375f1d4f5f266a8487efb57751d05c45c56d6be3a86b92f9cdaaecb10638a7f72b07345a8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
27e7a93b5a8bdb2418398bd95d24ffd8

SHA1
837de654ba21e263e50cf0cf25117c4b2963eb3e

SHA256
164dda4d4ade9d7d7a8e4ffb8e200bd6dead6e61ff1404be24605e4990929c9c

SHA512
421e8db8e3923edf302f6df208cd917b968aad4f72e3be56ebe36c753788cf0b612af48927ddff680a78ee66d5252a06cbbeb1f9a6eb7f4fce1e6bc82a44f065

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a2bd6dfb73078573c45f5aa0b06fb836

SHA1
461703628b07665c0b6c22bce3172dd0be476b41

SHA256
faf16b358cebbefae749fa2b2f4b66c939cb9b7660769603383efa7108541228

SHA512
52386747e28fa2048d33f68509e9e28fe73c91be093bef8e3e5967e5b2299e5f6a777f1f737cf58a32f679a36edb57cffcf856b3783b429277dd166ea5204d05

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
87e7f77639ce7cf60d37b65039f484e5

SHA1
63c9f33fa8595ba9905d0e20bb9eb8db36c0e2bf

SHA256
f3b980e4bd7026cdd0b8402fa407d02c79a4aaf5c3bbbe8fa7978c5f3c276a66

SHA512
a65ec4595af09c2e08bf7bc3e604ca78c2a039f6786de37d0b4c85df34806e43d76bb10f7079ca374c68de57642feea6a249e89caeeb71227f9393c6ed2f8eb4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2ee07b4120d742d3d9078501b7db71ef

SHA1
c9dcc6b8fc1fb4b39f903be2516346a8a4ed3c60

SHA256
ab09d5399d3682e8d750c414840e46d7c06461e7b52ca7bb15a6c7585a9f06dd

SHA512
b1e46300cfbc4c9480dd5b3bcc5b26f4a8dcfb1fdffe87f6a8f4b31fa29c5cf5a5bb4761025894b43f010b32ab659e7ee5445cf759ef62ffeed6856e73d81b11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a131a5982d5cb6c6af5901349254b417

SHA1
56e0492499e0508e7b2c6118c99e417441bc7e97

SHA256
0ad2df0db94d9be43d90505fa9f1d45ac3cde51c81c5aaa9871e1585247182fb

SHA512
466d15e3bd1befda0e2c80fca524d5dcdc506a6c06ef64be6d5bfee4e22dd7b3e1ac1284c4e813c266420696c6c3e7489b41812fb9765588aafdc64207e32b9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b11e09395722dbb2becd10f2a5090640

SHA1
effcdc9322965d23d952cc0662789218d858545c

SHA256
43de0f461c177dcf714469090b73c6241102dc9a0cbe23d44d3c6551c22af0eb

SHA512
c350009f99703fe5ead2a57795bd56c6b42c0045999ab72b0db335a477ae3e986698d02da0e5f5c1050bce406e913db793bec4b13f29964d7cb1eb590bfc9caa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1b098415ccbce7afd250d2045f2db472

SHA1
a8d0411a4e33b88963a2374beb8084551e59aa89

SHA256
513fa6411a0dc8545c539fe294a398e934be34f7afae542d3059c303dd7abade

SHA512
6fab2dae948913da98179d3d37723f0937aa101198b48ae9664c8f9165ab0c9502db84eda40f8236c7b122700083ee8601b032cc566bf5b9c14cf099fe6d6e63

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0fdc955650c396c3bcd4ce8ddd4d9afd

SHA1
8f5630bfb9b08891b009c38e783f774aed964a32

SHA256
59215918dd6310ebaa91b287c2b0ebcdc2ce71d6220635feeeefa91745d361f1

SHA512
33352ed665f31a541e7cd40ae13ec459649516f2b99a3ac6a94ef42beeb9fb7b8bb97cd53efdd54d460f75f257cab901b2db720342f12d57d677826cf8a38a1b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a04900a77d368d8b8d80a02e3e0f04b0

SHA1
54e1780b2dd0da3e825537c9405fb9780bd7c79d

SHA256
6fa993dd7bfcbf645ab3b99143a648ed4be0a4cdf6a93d02e97fae7a0c43455f

SHA512
b22906999d44eb23611dcec16e813fe259f54582d327aa50cb60ebd39a94c0363602f3cc243d04bbc95622548a32c01522c160c9aa61d90feb6afa7b5b1ea958

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
964e362d296dc951f66f0ce6f772b080

SHA1
331727504e367d322078a97310566e286ade8588

SHA256
5c555e5a6030f5835a4369ba95f3af8a636ecd29237d488da4c527f5ce068589

SHA512
0c04595271876c1b09444b045975e425b4124cc62027e0e681545cf2ad935df86e2c5a32b550cabc7c48d202875be63509ff95e18b401f9dc973e5d4bcbbf600

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
72c29eb215c8d0e3868a8e395ce487da

SHA1
bcf71bdda84fc3b9dd3c6935017ee77a111f93f7

SHA256
a986ace391f3f6a841ac7bdc1cd43f909e64040384831957186eb3c5c287a108

SHA512
a34345732480c6b0dcecc1ebe0feb9aca86913fb7054bc2a2eac94dc6e02ec3b538db9a4d0b6e1ff077314c6d8ed4bbbe57aef4720f4585a3ce8b931761083ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cc3a74a2c0f8566dfc82e5f4aa2ac1b6

SHA1
b10aa052e02f2d81d1e61bd71f020d4577960d13

SHA256
1bade59698e6283d0dcf169fa0d9b6912c00b96b81c16f41d0728a6497bc84d8

SHA512
c0ee5a5ee81f5d9fac88de32e1b31d89c1d067c119d6bcb9deb358b997e6420ea7dd04a6f6a69aa86beda2b25c48d0a9fe7b9c9072ead48495d5ec8ce5939698

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4d460e2bfc078eb6b9dd40a2f4b8739f

SHA1
8cc85752de7793b7b54e47e7f0225fe5b693a081

SHA256
ef435e4175b5a534d5cd5eed9101e0b44b96ce27b4db07caf176cb1ce2c4d97b

SHA512
c8a0ddb087000b8ee1b204e1c51f763522556a49a53f0ae00aaec38b90d59d4ae8e277049386491a53b88f7ed2ef592a2609d9a604f7b25c0de610c1850c9860

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
08d0329340b50ce302fc8c3802fe9970

SHA1
76f8a2a1d22d14eac42535d173cc16ef784d335f

SHA256
a659ec8032f36f1ff7fe26a6a9be25192e72e18b0057280ad0821395d10faca7

SHA512
3291b63a731459e0be6934f7eae5cfd4373a2d49df6a609827f7bcf2508fb683783030eab844088554c7816d2c63a4889fa21ceb7eeb869f4b57a11feef843bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab27AE.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2890.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit