eae845192c63b5ce9bc962f6dbd54cbd747f97d7f75c6fc068fc807bca68d66f

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27/04/2024, 03:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

024e7866cb38b23ad88878e8d1536681_JaffaCakes118.html
Size

47KB
MD5

024e7866cb38b23ad88878e8d1536681
SHA1

14fffcff122d68c037e8ffd36d71bfcee1b9b995
SHA256

eae845192c63b5ce9bc962f6dbd54cbd747f97d7f75c6fc068fc807bca68d66f
SHA512

23b6370091c72405edc6152210546d4e3be76e578d69dffbdbe38c55b8e73154186612f74dae28a420699b2a21987f27ab0ba20956729fc5a71f0271cf0fcf8f
SSDEEP

768:SWclqPewzNb3enfH2cXTrN6MNb3N37YBeJxAO6RnouKR724VoYInKf3tuseFoyk5:SWclqPewzNb3enfH2cXTrN6MNb3N37Yq

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420350102"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{935D1BF1-0445-11EF-A8CB-6EAD7206CC74} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2220	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2220	iexplore.exe
2220	iexplore.exe
1156	IEXPLORE.EXE
1156	IEXPLORE.EXE
1156	IEXPLORE.EXE
1156	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 1156	2220	iexplore.exe	28
PID 2220 wrote to memory of 1156	2220	iexplore.exe	28
PID 2220 wrote to memory of 1156	2220	iexplore.exe	28
PID 2220 wrote to memory of 1156	2220	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\024e7866cb38b23ad88878e8d1536681_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2220 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
b135080f370f64cdd079e19fd077c88a

SHA1
bf4f8a9eb31f2c06a2eb4ffd71ae462cbe58879d

SHA256
465e2f01d9da69db9b7c5056fa5c2ee37da504c32951dbc4185820305b0e42c7

SHA512
b1a14b3163ee3185296e340a30b62cf08198ef81e35cf2c37e6f86f70149d0dee63e80139b0d64c056b44697a2a8bc8755d796fe9fcc83de7f6c803f6756447d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5e076829e2e04efc67f8d3b59a4ddd6f

SHA1
d4ee8e795bb4ade1467affbfa776807aa8d70695

SHA256
4388b718d573633ac9633bfd28a6490e055382300d90133aa7c078063df7036f

SHA512
4e9ce2ffc586d4edd8d80269121ecefe5529d5b2acf9ae4b609dd87ad33ba3415c6b5e4f736e7f8f8831c263efb6d3a396e8d030fa5447b5edac268923cfdf05

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
452f2e51b6f4244075123e464b0780f8

SHA1
1c09c9c6d5634669bed074fb17977c170580086f

SHA256
939cd2af88007266256d788fcb231495ed17c48121f5da0378031ebb74837174

SHA512
cd6486fa884f9d23f98e777d9b8b0061f7c174706ed639a78a0d2a25bb9600666394c64b51ee61d2e07ba4aa37dbd3794e14b94ab6575a08f815cc54f2723c8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c4a7059cfcb4143a2d62b1849e0c3457

SHA1
3ab1f42660b8445d33c1a7d06e52fd40ca143746

SHA256
90750c340efdac9bf95a0bc9e73e7f090611c18aac4310a7d4a4620c08edb70b

SHA512
3c959c96f3dd86b27edbc90ec3febb24888b5ede3484a94fe8a532769395c2638d2f7ca838c7b55e10aa2d96de90b0a1ad5b6666082184075aa9027a272efe82

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1ef183b9d0fc175c98f00bc80a277c3b

SHA1
b19cd5fd28990def365b9c3a98a667a17a4c9f37

SHA256
a892d5720a464594ad9cd78298bd4ee9520d26946b87c6311b66fb359693714a

SHA512
2dc39f23ba1f98fe95ca955a259c2039fbd2754dfdf71a512d26999196378b8afac3f73689ecbed338594db57fd7f7e83c6ee94a28d9a5dc220093fb900fc11c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
52cc6c47b3abe425ccdb49a8a67e6f37

SHA1
ec88f86b633732e46fc77226a028cf5fa3a78ff3

SHA256
88dc1ad13e31975b8a2e71dd92e0c306f8da0c1f96b26f726d4594b7f6b29e73

SHA512
814a53ced2f6fd5d2bdb940820844caacd8150dd5acb0df59e6951afe8d2a1b64345ef8d8891c7ffda6523053458de679e8dd1468064f5dfd819bc0449b1f35f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6f0563f9e9b3b755a6ddf28a80c710c2

SHA1
f044f28cf33e8ace3b82987eb354c74212c570f1

SHA256
5d97ae3b4307157be9d034c78ebbd76ac4315dc41d316aabacfe382b9be3454e

SHA512
675c19348ee9e5f9ba4011a2e1c43d360f25f81dbcc945caf54f20cd7b6fe30e28ccdce7096d41d8e02e1db4eaa812b8630930f50b0d43922542328e84728ed9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ebf085163f6bb7a929b313930aeddd51

SHA1
6a0cff807f860c77f293888866f91c8afcc998da

SHA256
e54ae42731f022ba1e9640ff22bb6a40dd53966ab6ec4b59846fa5ea0b4bbe2f

SHA512
1f50240c442d35f62f5a079756e76865385697bb934204b0d811e7b5456365f63ccc84ef691bd8204235648a51e6bae122817d023208bc85622f012bd415b702

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f6a1067754b4aa9e25abe0dfdefee017

SHA1
2651c3530a4180b907e361efaa74ba71d9f4b35a

SHA256
192ba820c6c407a81f1b76ae8d71f316a6acb223ff474d75f67277cfd56e6460

SHA512
6b25e129aae2c23ab22c6741ec9cabaf46a921984cb778fe1a971e3cef6237478d417d0eeedde9b1a261554967be324c9f28110951202ba5c504200e7bdb807f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aa202790f4487609464b9bb97e87f163

SHA1
688a44d7ca29186c95dad60a58bc0d0db8b813b5

SHA256
9dec06e4e4b69b6e06fa0af2fe516d379e8bee03221828e6a17118030d6a8476

SHA512
e9e87127c60333d14a3a477bbc4117b95cec58676c8dca000c5ff69958cccaf86bfeab4e67cf9e4dc94919d04cd5a1100602847b37306dd995a21256be45cd80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c468c76e90b8b1bed76bf531948778c6

SHA1
66c0156b36f8afa3e2ea37b7c6d9cedb71db8c1f

SHA256
4cae534b0b971317f56a310a8ca3c20aebe7423bb2421ee754316ec4dae30719

SHA512
ca207b5d6544546bc20b9b14568be03a69a5a68e274b127040dd8a791399aded25b94a9f57a3f01c132f7c9bc69666bc1c1b24cca231f295f509831a5e7ac162

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
29a8a1c18fbfab03dbc2914da337ba78

SHA1
e06eda85f0111ed2e01c9856387fe2a49e4bcc0c

SHA256
2c62c903b4c2ce3170620bef0fb663d7da6341d8642e9db263e675b025f2c662

SHA512
fdc522edaf2c2b38b3019da95900b793c124e26bcfa134f26a86141ddcce1aaec19571cea4c45a2b1796ed4d5c1b7b5067c291485985b4d7264906c25730afaf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b0cf44859b8f16f01f4c59d7768b2967

SHA1
297582d53486f6051314d9821accacd394dea937

SHA256
8581db5e90dd70e8a19b0c150758fd857dcb97823474a71185ed942aad3cabd0

SHA512
a035f416569833024882dd90c89c91787d77552d18f30bbae915f3e627673d7c4c8b97efce89ca72f6cd4988096b5cf8a54f56c21726b47cc9f604b1be1a096c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
480B

MD5
8bff11bdcd490b7ea3b64240b489d143

SHA1
2595d1d966a7d0440f79b0a5004ea62d624fb5ba

SHA256
ef05b02bd26c75d9e8fb2584eddde00abd4bd4ebed92ae4ead0710097404e6b0

SHA512
1c3341fe823d03643157ef8d307a5c20a7b2c90fbd27add87bd1fd76b09f8053e4dc64c095c2861d88785ebf6765b693382a1ae4e2adf3b731e6691a4083d67f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
7bab5c7a347d2d39190f0110e8a777f3

SHA1
30581888bca37765e9eb0befc20b4caeefaf5309

SHA256
0c308b87c87a09909ea697ce75cec33b147916e7c175a27b84ad6d97d893807e

SHA512
80f56a005e408aefd647c22b1bc7bd2ecac034f19a5049f9030595a8e6eaa2abdac97d93602743e3bbf6ea56ae5ea249073c3fa04123c73e01ee4c0e5c7a3f36

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1F53.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2045.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1F6A.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar205A.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit