b93f6e09e240cb07403d928de3717a696bb50220a06e20ff3bf5eb3dc0b47779

Analysis

max time kernel
117s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26/04/2024, 07:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0043a8ea5564b7f2d343bae93b67a1bc_JaffaCakes118.html
Size

139KB
MD5

0043a8ea5564b7f2d343bae93b67a1bc
SHA1

6927d87ea0a7e3e494689c8b856bb49574213593
SHA256

b93f6e09e240cb07403d928de3717a696bb50220a06e20ff3bf5eb3dc0b47779
SHA512

b7737484655361e4daed226f46cd83dc8838825597dc4c506c9539008cb053a6577cd9b1ce6d4c0d69d8538fae74973770775e8d07d0d5071c7061bf9b494992
SSDEEP

1536:SKVOGpg3l3yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTs:SK/glyfkMY+BES09JXAnyrZalI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 33 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420277869"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6475FE91-039D-11EF-B2DC-EA263619F6CB} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2892	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2892	iexplore.exe
2892	iexplore.exe
1960	IEXPLORE.EXE
1960	IEXPLORE.EXE
1960	IEXPLORE.EXE
1960	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2892 wrote to memory of 1960	2892	iexplore.exe	28
PID 2892 wrote to memory of 1960	2892	iexplore.exe	28
PID 2892 wrote to memory of 1960	2892	iexplore.exe	28
PID 2892 wrote to memory of 1960	2892	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0043a8ea5564b7f2d343bae93b67a1bc_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2892
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2892 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
89b8292c309572cc04bc3abf3af7d2af

SHA1
66ab9f7457b69fe5cee32f5a9bc442e46100760e

SHA256
fdb6f5e76e4b485c07d46c9a27b863be75efa7e08641d6ae2bb623df8a57d8dd

SHA512
d0fdb34313219c90e79de3a981f64106579752b35d9671c01b334fdac444eba121839ccce857affb146308a04b3fbe4882ba5b0b1f7fb14fe67219c1f16e4cd3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
15aef56d12bf54ecb21d441737bb57a1

SHA1
fe33799c8b3941b914b8903a6458e86a80b5e159

SHA256
36416976e810ec5b2e2dd1d85498e5ffa96aa5bad7739281589786e8538173f3

SHA512
060d75b2f17eb4045ee0b1b3ebd493211e5d249d36e39ce9bbfe3d3faa07d32ed374abe02c33c8cdcdc55842e9dfafc11aaeb26fc7f290b05b24c670a5e8dde2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
33289880822c6c7454dfe78423f76a67

SHA1
ded8fcbd94a72043827acf4efa356c7bcc4f4c66

SHA256
b3a90b631dcd34b23e1d525472d8a719780109cb549ae299f5518704cc08ce35

SHA512
3e321ad36b99ee7974d72c97f58c7ff2b5c6ecc8eba7fc2d7498a4f6b9a7ce5e115955be7c4a585a94c60af1b1d5437a0f158a50f613dd1e5c6f05e41fdfa1bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
62685df80cb33ad1562a96eb74e80904

SHA1
44dbc1fef5a5128260487baeb9ee556bbb9afe7f

SHA256
9d2ba6c60783198543f17a2462453172fb7029766c53bb4d6e86d34a8b0515c6

SHA512
8d6ca87ea3e15a4d5dc732203671f9e6e1132617d75a88629046f38814ad1e5b0dbfe271e136cea30799c0c7b9fe53995352f87764c92b778d0119045255161a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7a4311dd7cabf412856036b9adb5bd63

SHA1
398d2193eb573c690477760f6b8123055bb3d6ea

SHA256
55f8037391c462ddb91491bffa973177bf063d92ed0a16b7508fe0cc50ef998e

SHA512
d2860cdcf81b901d476cc7e83bbcb05cb7f561e56f52139f185f1661619e9893a6b7b56f602acbb37fcb077927210f5bdf723d35ecfc9d05952b0db7cb707831

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7cdc4053c1ae25084b6cd1d7ee53f947

SHA1
c50fb918e8c9588ab29f0d03202fd9c7055138b8

SHA256
e99696351019e932c5e36b1985920965cbd26912dbbb8a58ad56372e686b4e52

SHA512
5cf30df3fb86f25a8d3b7fabe481301de4fdc9af071a75fd1b5bf9a92b99033ea3be535a9c6fa3ba26bf04d0dd7a59da99f272d3a222b0f90b0aaa20ea573724

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
895a241a884cf19163a8a57042e8d0c1

SHA1
0594b28a7fbab292afdf5673ff1cde48754215fe

SHA256
e2c33f79a6e02556d2be52ffa346a90d50c73ade8ecf7457ab6230430a51226b

SHA512
d0aa1175252246263948167618995fdc57d1e6b410bdc67ed34a17702547efa73c4c8732b313a3d5efd7af0b2b54259b8ca6da03cfc3c11aa19e6b293ee80ab9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f345daf356274f67bbf063d4d67eadc6

SHA1
2ebd3c28a799b31ffae543a6c66b78004073eadc

SHA256
00721b20dc5631bebb34aa8206dd2c09238f745f0a84f5cfed857854465ef23f

SHA512
c2dba8fe0e27b5cd750133acbd43e7e144f98e2c48d6433eb51a676ad28efce85eac6d470f8e65be8ae7496ca55d849ca367244e41ec2434968ba5e745d88e2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
285f619a74653ea95d4a7cdb0321ea11

SHA1
9a59f3ce5d74b2c274b911e61cf40cd28d9994a0

SHA256
3f6e8c67fdc81ab312c2d0163e0e0cfb3f5db519b2fe5955e427e4ed6910e03c

SHA512
5b370007ce0d4bc82f6d59cb559d290391b4f08b2989189f4b6e9e66d0b16628834d9a55bce40e0799e3e5a778a47cba37681e986f41880be81e121cc3a13a88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
01d16937ad78aeeeb8463a97cd979dca

SHA1
18f65e51428f773926ed452f6f2d751cf6c61cf9

SHA256
df85779c6d1db9ab3e98ed5be39cd7cf7c868eab1feffc272d68816cbabdf8b5

SHA512
fd0bc0bb507f238ff384dedbfb1caa4f34c429ccea7e429ec42ef47c1589d6b41775b277b1e98d2065408de1d137eeb4c670ac6168e2f3c02d6926705cb118e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2ce20eb5ca10cc2fa09b2f2cde838dbb

SHA1
1a53edc8948326fee5ac5a60991d556b2fcdb15a

SHA256
9cfec7672e6c3f6437e4a9b7bcf7bed1d4646570fdfb8daef2d372fd6bfa5171

SHA512
420f4c334e0b91a151913467bf15d7049f605f8978ca8cd3b9a8332b2ed0918f1eaad72204ab4b77de5e4f491924a7b8dcf0ff0f84b65b3b23e9b343a23f628a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
37cf9bfbfc9f0f4efdc181527da8a399

SHA1
9dba7cc7bb63101b61fbef7002aa6b5fe0693083

SHA256
aa8a282745566f4c99b91ee632eb7e671cf5d5d576abc62b7b835ee4f3c3a1cd

SHA512
9fb151438b6dd9f9d55fe26564409593c447437e80ff45c5fd3cf65fcf2c20ae91d3db5941b504a96ea25a158b1aef0684c3a1e6ddcd69663676fcb5557fd0a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ded2b3eb4d180e89f675718afe80a3e1

SHA1
07dfba2ac8f40acda86f2b072035b99788bea01f

SHA256
13feb26ec962b781bc2ec69a8d64bab1495f1ad0d1a632f6e198e16e840f04de

SHA512
21a9ef3dc422e916c7e7ba6326714b40c557b8e5476e5cccf15fb4d18b5e5b8a9c4dce7746fe4d3f45b1ae82d182dd433e0dcbbee9989e8d6230f955ab536dc4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c7da27bfb14b2a56877c7d1659516f99

SHA1
e682c72e827c61e73f3abd40633f4d65565d08ab

SHA256
78275527d8624317ae72e52f74b750efff40654f1a4621866d73f52a4cbc06d9

SHA512
553d481f3be21791be2bf495055391e6381a21f6af7ce4c2f74f06dcbaf9970fdbeb850c391f1a5bd09eb7c4f76045ec202d8f8ab32ae73688307e95fef95b0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e294e3cfc0b71576b5200b2a8df9678a

SHA1
7cb4ba9bd8954f19ee0e0df0f2abbeb340f71fa4

SHA256
40708d33e675540f2a73b9e239ca1d009fdc731b43a33b7581d79c118d08dc3b

SHA512
ab76b4079db059e658fb8c916c6e49613b1d01cfb1a8a2e9572841445ec65efd00847899f9262dd312c50fa7368f068ab9baafd16184af2620b10ff211445350

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab93E8.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar94F8.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit