45a37cba254399ab6de6238112abb67205a6fbddd7d67552a1063ba0533ad905

Analysis

max time kernel
144s
max time network
131s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27-04-2024 22:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

03cd507334c0392963f228f627604c57_JaffaCakes118.html
Size

23KB
MD5

03cd507334c0392963f228f627604c57
SHA1

b42dcc0184743d367ca2ae12754fb5895c497ddb
SHA256

45a37cba254399ab6de6238112abb67205a6fbddd7d67552a1063ba0533ad905
SHA512

c190d7bd2752ee44e692c33287c3b981a3acde5d911b44e0276d31d2089cf71b4b02ec5b91b9855cdfa32d4c1921bf445e350c92a3c27f3e4b6d8e2a479d9014
SSDEEP

192:WLZLwKQtUO0BRUOylUdQ/uQe/gV47BlW1ThMB+gV4IuPi6blCgVm5WafW8Ohp+0t:fWRU3U2/IoR1TWZu3dd5ZE1Ty1T/nv

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dcc56832ee45b40af0f973e997a3e3e000000000200000000001066000000010000200000009ee065c9831530573cd140af03f3965ab4da20f03634730f039f980f503e98f4000000000e8000000002000020000000ac8f2664c9c0d0da04ae53a3f39272969c762cc57a97cb9c57f837d8ceb651742000000015f7dcb0bda49999ab0448fd4ef77f4acc371e78313c0aad89584f5f0cff1b8e40000000b8e41b4a19346aea74d77e868d51edfe2bc5c46964d24403d68dd7be87ba51ef9b00606828cbd6f1900727208b85111ffe890454607d2f34e95d1d68dcbf38dc	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{294FA541-04E8-11EF-B1D1-D2EFD46A7D0E} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dcc56832ee45b40af0f973e997a3e3e000000000200000000001066000000010000200000001579921077439a4270c5a48d618340891e1d1a8f8fef2abba3e85bae32bbbe9c000000000e800000000200002000000000046c32c1bdbfa3e850fd6cb24af8dec7ed707b0c396cf1f65effb2169279e79000000072eab7efd673068bbfe087d16d8eb0c7949b7610eeb7a9c0ac0fb83c0c2b8b8b6c27418883cad7447c8d06c97f2c93b451afe469d6d3c7f7aaf997fbee1bd26ed08f32c5168d2e66fdc9ac910cdd387b309dd6022cad87bcc0f5c3f2ddcf3e3bd607f4ebe5fae4257b3543000bfe54739962fc6638358629b8d22ed2c10fa32c53406b55bccdc634c324843b43234629400000006cdfda2f0a7fd259dbe3dce9d0125c765467702678f8d88e47b1c9743171358db48fee6dca456ed8684b70f617543331fcb40259ba1e4c2d86aa248944252cbf	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420419935"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20de20fef498da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

IEXPLORE.EXE

pid process

2052 IEXPLORE.EXE
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1628 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1628 iexplore.exe
1628 iexplore.exe
2052 IEXPLORE.EXE
2052 IEXPLORE.EXE
2052 IEXPLORE.EXE
2052 IEXPLORE.EXE

pid	process
2052	IEXPLORE.EXE

pid	process
1628	iexplore.exe

pid	process
1628	iexplore.exe
1628	iexplore.exe
2052	IEXPLORE.EXE
2052	IEXPLORE.EXE
2052	IEXPLORE.EXE
2052	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1628 wrote to memory of 2052	1628	iexplore.exe	IEXPLORE.EXE
PID 1628 wrote to memory of 2052	1628	iexplore.exe	IEXPLORE.EXE
PID 1628 wrote to memory of 2052	1628	iexplore.exe	IEXPLORE.EXE
PID 1628 wrote to memory of 2052	1628	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\03cd507334c0392963f228f627604c57_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1628

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1628 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
878f98b401540e972a2abab2cb5211bd

SHA1
94d1f851691ed79f6f28a0a43341c5b428e57a53

SHA256
e5b8a54128fc3bced5e8d6c900f45611c48871f75aacf790ecdc2c74ff1b928e

SHA512
2460543715964b3e52bd4aeaa44dc32991a8a33b1ec778400360fea16a8501dce2fed91839f3d2b4e1ecc62ef2c44c353f6f84210ae57eff60ad3ec5023859d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
beab8caaee896563373e34d25b5caf4c

SHA1
8a7e86c208eab8cb9e69bf59467ca2353a764fee

SHA256
4143547d62d412434f388abaa3d099b471e1573d44b912e55af05f9dc596f419

SHA512
33e2a87dc2ca876513fccc50ea2fe5c9531241f36bfb9a34c9b9d60f3f8e33921fa8cf333e8fb99f6abc1e8df53e8f7761f8a6d85b17c2579b0a23cafb2aa0dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d3ba679490559974ca8bd52dbb449b42

SHA1
4ef8c3d4f96ee8b7e4d4383c46ce976d045b58c6

SHA256
ee027e47c72f24600d108e0a6479d2b2d1bae0c2f27c247717a2da2f0b68541a

SHA512
c986b2d9f26d605d000c48de0562c7f8e676ad0558fdfeabc4aa3355e244fa4e26f24e8d101a4a0d83998a96c0866e0c1ada380b392012c8fd15633c350e9529

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e2243bcd22b40c7075ee5bb3c6e6e5ed

SHA1
410ec763a68790026d03ec9bef68d213a7d24534

SHA256
4c46a3a269129b9e3896f4d437d6ecf5ae3e271fa69b94ad84fbb5963d4a188e

SHA512
0f9acd23e43bf71f3afbeacaacb58393cfc0ae77084ef1f1d7bc6e2bab521807548222a5db33bda3f25768057f34af2b01ac67119f4884060acc389b8b9479dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b2e9553e00b5034386b2b64240dfff36

SHA1
debdbbb4aa52d925fbee873956f14cccba908ff3

SHA256
082ec4c0ca44368b33c8c2013accdc906f692b3d66c4d81df81fcee3405e662c

SHA512
c903052e1239d7075110e80ef47c4875d5234887c73d8e0b3faa14834396ca60c04f36048f550ff684389894b926f2e4ae93ea77db53c2f93cb9078a23b853bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
23509123ab8134eede67df0eeec01d24

SHA1
70760c0e6a44cb14f91138e3a74b2972019494b2

SHA256
4e264342fdb556230a6ad4bb80e5db229a4b6dc7ce716e04eb09a12df9510501

SHA512
a8e92049371b5489f0396876a8e0afe2f12b4fcf0a5fbe4a692f5bdd52ba89b2968843376fa4b0a7991f20c24d3048d1d699f15a397ad5760c4f4cce59c96d73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
10ee63880233b0374dc36eb0a978c615

SHA1
4c16d68bbd7bb10627ebc49162b63982f809dd7e

SHA256
c430f83231d806654b9c488011a3829e4c97fccb1ab963fef54fa510229fd62a

SHA512
6be7843675fdee46fb26992ba570004bb9d8b118ed6514b0354bd43a9c773a1d8d0961160bac5ad2172aa0b8192116ee00114b37d2b3fab5d3957146bd6c62f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7c81e1cde66b560ca4f63ece438a3d75

SHA1
3e850c69b3191d9cca195996b75ae6c3441048b9

SHA256
dca3439d8beb156c1ebf6847aabeb08cca5a57991c13ee19eb15a79fff19554d

SHA512
4da59353b778c0bf243f59059c024c4db7fb97cb677d9e215d799d639bef72646030272b80d3e6857215a6cedae27c5812d064ed1c66f4eecfcde8eef8e92935

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
598920850777c7372b378c4add002e1e

SHA1
e0faef0de9c634674fc6ed94b470fb32319832ec

SHA256
d06a343469892c03dc74b05f5f8b0515fdb063cf60b2c2b5926eb364d4ff7746

SHA512
0aa7ca30ee0e7bdf8237adb1d5ff912084c46157e75f0c4223fad10751c284f85b6102176df9f2ee874b47180f464661dee26fa9242407cf4e9055c83f329985

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d68e3e7548bb4d10a7fc3b1e29709dc6

SHA1
83e85fcb4c584d34db9e38740fb5c8a60e886db5

SHA256
5c1c642ffb429b7d91d34534fbbb140e64c912248ec899431fb9ade008e51ea8

SHA512
2b10b98636544b995669f3a29e89eb54a578e498abea87e21ba13eca7cb0478a5632d1ca08f463731315438162dce3a1b5981253cd6311596d988b733841c7df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c5469e8ebb2f3353a3c0e63949d340c9

SHA1
f9ca2eb7b0ccfab4afd64621f2a4e1f75b1ae64a

SHA256
7b2da75cbd8acfc594b2a686dffe39c428196cbba64bec344e24dd98c5e96346

SHA512
b6baa2d5ac4f7335fbab490c1253151104d2df54e40f84f1861a29d3f61e196efb44134a935e5ad6f91f07af17c7c6c3f5d88e11d99ae667754b5b4612915ba9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
27c8e701137c4fe6acfe549a86696acf

SHA1
110268af194d0f6b255ae2ba08f3de502dfc786e

SHA256
a518303440311f937af27b0a9864455bb7bf82857ff4566636c1f86f1a3507fb

SHA512
dcad537dbded1844b500f507f75044a4b20af6fc4b112c6e44aade7aaa98936e5051b0bb0f0f5c2a3e8d4cb8813c7612b4a036b2e85a35d285d30c481050aabc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bdae0a41639d25046118524db7e402a1

SHA1
53daaed7b579e766fcf99ebb73683926af2c37e0

SHA256
30382ff1a3a4222979bde03f44340c50004f9ca280a72b11f8b2ad0c16391045

SHA512
676cd2bcde09ddcd80bc0c180e577f637b97c026818603ebd8435fbbc30653a87e1e09a51333990378bc8ce155d90731b7215dd77b7a1943cbba5dd0243cad7e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8ecf66cb4fb8463845dbec1dd6b0c32d

SHA1
1c877aea4364acdb9cbcf418bc0fc5e545d99f1f

SHA256
7d945f11a4b382a38974200e0f5fde6bbaee590f808825083687f41657e6b026

SHA512
1873b0ae7402c7e6d4c2aa69bf865604bc07f894735db3da8b01be2e0a8393b4bb46fed9be75327e8120ddb3393a171fbb689ee169f6119fbe35814adfb55719

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
54097021c88d246ee456ad0a4eaee7eb

SHA1
a288e46128a2fbe88a4752aba019454b700d788e

SHA256
d35936da81381ddb99f22ee78aef1e1fb6a94b6b276897a7ef167e04c9b62974

SHA512
4e4b56fed2784ff33f08756be97219520ec008720a858d8f316db6aa005176d1dd957639bfec541c804fe21145d3d29107584851c1c245ebd088a5f357d150d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3803.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar38E4.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit