eba218bc15e1cc166a38dc731fa53ed67ed8ad4cb03261c0ee078a493f082ed6

Analysis

max time kernel
136s
max time network
146s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26/04/2024, 22:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

01d0cf1f69c500b9abef818c42dc8f4e_JaffaCakes118.html
Size

22KB
MD5

01d0cf1f69c500b9abef818c42dc8f4e
SHA1

e3c26b44e0205dd47d5133c637bdfb8c8fb192b3
SHA256

eba218bc15e1cc166a38dc731fa53ed67ed8ad4cb03261c0ee078a493f082ed6
SHA512

5bf95db2b6c5dbc652afbf2d82390235b1b51a4f364ffd073d57136f030974dcfa115fcae9f892c34d4644a2e094d8a9b81c7548068f5339848854d8b485e8d3
SSDEEP

384:SmT6YK6Z6BM3BM5BMbBMlBM1BMjBM2BMkBMDBMJBMxFLS+8yH7xxWC/w:SmRZ6C3C5CbClC1CjC2CkCDCJC7OJybY

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{107AF131-041D-11EF-A1FB-E299A69EE862} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420332704"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2492	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2492	iexplore.exe
2492	iexplore.exe
2264	IEXPLORE.EXE
2264	IEXPLORE.EXE
2264	IEXPLORE.EXE
2264	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2492 wrote to memory of 2264	2492	iexplore.exe	28
PID 2492 wrote to memory of 2264	2492	iexplore.exe	28
PID 2492 wrote to memory of 2264	2492	iexplore.exe	28
PID 2492 wrote to memory of 2264	2492	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\01d0cf1f69c500b9abef818c42dc8f4e_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2492
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2492 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
645ffab4bf82c5053988e696ce8bcef9

SHA1
6ac11bd004d3f409c5d86d7816f101ebf22b3c6d

SHA256
a4345d76b63022467ca9fda6d937102d684e444eec3ee0463ab918e2b4577aba

SHA512
b3ba3c2ae9ae492eddc25b4fbbc4b80b019812d0e6260a8264fe71639468bafece53a7167f450daa5fc61c79575f4053808619b1a807c448f7fbba1ea5662c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
79b2715fdd65a2643be8c9b62ef66b08

SHA1
0ea75e6fdc07c4339f3dbffb2b51c7a7a819aff2

SHA256
7ef0a3db2468e52a5398690e161a661ab333e91c67f441ed0ca543eefd7c506f

SHA512
c6af40a9e8256f0db056b1e4f7ee202e9e3994efe35517992b52cd365b4963b2a25130efa1a68510feea1122b2584c2dbc99b7eea81cebe351e7ec6655cf8ad5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2a2f6608349da508b00652396f798c8a

SHA1
7751cb14bc66e148331337671e9eb66caa44e252

SHA256
57213969880ba49b65589949b072dd895cd8e08e9a8586e84e7e5a82a0daeff6

SHA512
d20723c6c1439a8993a769efe7dce2b739b5f31fc4e48301b6524fab7cce1ee47abbd734224a0b232197febbed2cc5c156b27bfe25d6895229bf053fabdec6f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0b275f9aaca0094b8989003dfdf594e4

SHA1
008ca346d836d07777560356a2dd996f26d64ecb

SHA256
7a8b94f40ff0c09e68b6fe1fa1b81ce43d405e98fe96f2842e0b6dd4e58a4582

SHA512
2d0a5c7ad6fb730c65819b92e28d3964ea9e945ad4224302e61af89a4e7478e50f857ada4776d43b820ceb2eb185898a0c29474c1f12b6621b0cb20a9453a186

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d1da0c3ee8ee970d7154e31c0dc216bf

SHA1
2740157f6408db7c406f91c9f2688f65b17503bf

SHA256
72515fd8df8602fb6f3778626f7a3d76fce1845a913562e99968c1b9cb359f9e

SHA512
578ab5f95594fbefcc34445274527595f322697e25882b7c3f33cd94e0ab948242e6ce32fd4ad93b0f7f3d60569ede34a60fdaf95e438367228f252ace13ef20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d728e1a84568eee66486440a080fddd2

SHA1
28bb85875f828429f2969deaa14a971d0f416c46

SHA256
a5c3c85f29ff05427f4042ef3b31576e778d10a7f2a25ab388add4407355d29d

SHA512
72c9092ee8f879326666cf8c08fe0b4e0eea574c730f8307fc9c99dac0453adfd46abe3fc756dc8075eb7423d64bf5f8440d661efe0886bbfedf4a1b1731db5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d201de38300187f59625b735d8a235be

SHA1
89e2e87279c39773df6155ce7e4c299c1ddad04d

SHA256
06cd923e0bc14f3bf2a140a6f1b954db41b8040d327d55de0fc63637631fb9bf

SHA512
ddecd6289aa28c8d57a2d345210d9fbc17c51496a481603e27c112dec0a0b8edf4d9614a1f3dfadbc807f04022dd675fd821e96466f01cb7470734b0a3462db6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
80ed03ce2a24f9b68b81c678ddb805dd

SHA1
174714c1c9a3c6e79668f6f74150b5bae0fbd1e6

SHA256
c977defd26b6f668e13248069ab28e744fec2d8f3e6daf9c3936109888e3628f

SHA512
6bc996c0f7fa2b90e825c981d92273b36e1c805cecb3540a603bb13b7f0f3b91bf0162fd0d6dc93746a9ab2e4b521917e7abb32738cc33fc280f9f09adb570c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
747666d37bb965eeaf8c6986beab3b80

SHA1
e41db2ac9aebc3e67cfed04d72aea4c87bc07709

SHA256
a1c20720a8fb0340a7d0c15d81ab4c410c11f7cd54d657e835ee126e73612dfd

SHA512
6883107d047d7389b83633b3db076d5315c2dd9973f640447d71080adc242e1415589958a5bdfd80b9c90246be04444556eef988b3dd98aea95da2d95b6b9ebe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
31ad148057e63d6e5ea84ea26aac6b3b

SHA1
03a7a7e3cd5d5b464717056f3e6e3296f03d669f

SHA256
eb295f508cca55dab0c0f875848694feaee3d42305ac45ce59cef463639569b6

SHA512
727dc488d615f9ae11d370b2d0ca25d47f800a009e2ff3fa9448f2a26d8df5035d93e32d7970f61986084e2fa4f108a9834f6dc48ccf95da7442e723ad79fb79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
47afc08596350ec5892620dbd4368db0

SHA1
b710357f0d62000b13685a58024563b2cf2efaee

SHA256
1645e0daff75dfae1f205e7393b8867607b5eb5a373e168dd84300aa8bc09b62

SHA512
4fb91c443e43054389ccbe952d61f67e3536fbbeaa267e95a1fb8c24ce22a9217ba4f04d7dafbf02fdf702d9f1af204c3333ab8a0ba0625d24aa151667bf92d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
70e8829d231b2cd8fe3c04a6715f2b58

SHA1
7a9fe72c97e69e052c5c793681c69c336030f103

SHA256
7245f33fa05cd34e387dad59f91c170acd62472ae311f6253109225dc6842690

SHA512
1e8a7701950fa7502c9a33c0e9f2d993889a82290faf9fab6803137f42c145367fc2cd532034f2a381ac08690107cafaa77f5fb3f933973d2a1e3923f6d3f93a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bd9fd604b3bb07363c728c5ffc5918d2

SHA1
ca1c9abb206fdaebad84fbd5d6aa72982e2ac6bd

SHA256
e9d840109b765bf5a7f21687cb88f96ebed7a858a3a23f27dd6a188fe9296e8c

SHA512
268555f698aacc69d4f3aad4fbb8bbb45f08e2d9155f805d80c8fff6f8e52804a824d923a182b993d1db05902912a0d14fc8de4460cc3870efba40c7778c2840

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6fe72b8cc47c77e14fc54b760c1163f1

SHA1
bec1b3556910dbe701428a9cc360f61d840f67b7

SHA256
dc1b6e4fcf141445c2097e91d4f1022e8efc19bc8c7856db5088eb687d39c041

SHA512
1144f4383422d4eee19031d0c01f45ca5ea1fde01ebea538dee54ea6150e05178c0cd0936eeb334de617927a441496cd52d821175ab1a81f6ee21317301f7dce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d790c0ee8330952df74d8520bdb425ae

SHA1
5bcdf9b5abe2ce67b9179754aa30fda6de142c41

SHA256
459247506c5106a5e22101d20b3b0af93c5e37362d3a5282d47df62dc3475643

SHA512
ce9ded7dd616676bbad0324011d96afeb6981dbf5f4363a4f44bfad4a347e65fa88386871f3f1c2d96c8e8f1dbafbea3b134be40d14103e029fec088b4992cfe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0fc7e74a2eb6db9752902eb8745e7e58

SHA1
98e93622429a3df6f1ab3aa377dff9b77b1b835d

SHA256
f042a1e399ec236f42a2cd5a6e9edc25f37e317d069ea64cb7e214256c877b2a

SHA512
d3fc87c2aecabe01f3d31b60c3a6695091b65c4a6a9ab2e9a9c41877cae9ac64ee0807030e1bf57ca9a27c25f37945954eeaf8580ca9150fda21308b211b0da1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6f0ad88a70353bea5e3697baa5b348c7

SHA1
d4c8d0dcc75d69b5a892c8c06b9f67886088348b

SHA256
b8ce4beda028d3cd6c7877275ad510d61d0d0c540954ff798a2feef28388157f

SHA512
4cccba63456423347bb835fa95a77939f5eefdf9c464f4cbf0851b2a5d3bf810d2faf7cbf166e0c00497a702a5fd9890237957c2d68e555f2bd05501f8f257f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
874019694ef4d4bd6126dc46fbf81c3c

SHA1
584a7301a7540bd277369d49765d15cccd274368

SHA256
bb6d44fddd4a01759d0e1f86871d061a54f7555c0ac84d7c506e0122990c71a7

SHA512
737680f542858be28e7256dbaab7676e36d20c3b56eef21965a05fec37f563c86eafcbb204b765817e2df379ba51316e30c1772b0cbb700834d3d072602bb015

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3f7b7ecc7b5d0fc56d26975c413fd62d

SHA1
0705ddb01f45a21133fd0bce3366ec09eb8e86b2

SHA256
89133a259fb43ae04b8277528c77404f5177290e57526c1e01597a3142599f78

SHA512
af3e94ae007a3919aba50fc0b814a669f70a20a5e1ebcd68ed5b335d270fa188aa8d2e917f6c793d3d68855315c4503bbcdfd195cbf7e9106a6d696748dcba54

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab75CE.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar76DE.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit