76323d9f85df9563d6a65911db0bab73b99f10eef934037eda197f942414500c

Analysis

max time kernel
123s
max time network
127s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
27/04/2024, 04:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0266a88c6c51ed527ce73006b5f35110_JaffaCakes118.html
Size

30KB
MD5

0266a88c6c51ed527ce73006b5f35110
SHA1

4d5ad86c9e729ef8dd37be74e5c77eb67ddf6014
SHA256

76323d9f85df9563d6a65911db0bab73b99f10eef934037eda197f942414500c
SHA512

6182f8944d246eb1308077b44f8338c6f27a0bea4f51ea29383be1317be65306bea1026a06849d0dea990d7f852be5f95a88871177812353198ff3f9f6978c3a
SSDEEP

384:4k+R4OtjnV/ofYukKQz83OzQnD+/eGYL8ttCgjerUC/YL/g0t+SnSgLbwI:4kUjyYJCOWDceGYLSjeL/YL/jtVSiT

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420353251"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E8494BF1-044C-11EF-B33C-C2439ED6A8FF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3028	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3028	iexplore.exe
3028	iexplore.exe
2376	IEXPLORE.EXE
2376	IEXPLORE.EXE
2376	IEXPLORE.EXE
2376	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 2376	3028	iexplore.exe	28
PID 3028 wrote to memory of 2376	3028	iexplore.exe	28
PID 3028 wrote to memory of 2376	3028	iexplore.exe	28
PID 3028 wrote to memory of 2376	3028	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0266a88c6c51ed527ce73006b5f35110_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3028 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

Filesize
717B

MD5
822467b728b7a66b081c91795373789a

SHA1
d8f2f02e1eef62485a9feffd59ce837511749865

SHA256
af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9

SHA512
bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

Filesize
192B

MD5
41f61d43ebeed7996bf8580602ce65ca

SHA1
95f3589e7acdaefd23f3e82be26a14ac8f41a1e1

SHA256
f8ab56669630f7d235a8d3bc4c0ccccc40f1721c4aa9a35171851c4195594321

SHA512
22e457fc04193156981fd3c83dbfc1c8fdb32c78ac0a8be39411c72b3500ebbc4142448dc58ed3390c348d34df5620ed127c294e7a0370a58be9ed5ac07abe26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

Filesize
192B

MD5
7dccd55aa906cf85739ea451866ff678

SHA1
6c4013add5bbdca53d6151cd0dbe5fd980320e61

SHA256
81fc88f5ab035cad9d9910cf9dac391c625232e0abb143da96e8dfcbee8241ce

SHA512
cb2011dce22e31bb3f30e6cb2717ffd22c5c5d9b03e0ef915fca67765e1f2b3725ca4fa3aa544d2c0f139a2384765aedf9c34e5e7832548993dc8869fd4a6387

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
58c449a85076262fe51390ac340d39af

SHA1
f83eb339416a188744905e4c21c1c90c4638f3cf

SHA256
eb46a90e2beecebe0d4da4fb577a93f238d303ffb5d4c3a985ab441d4cde4121

SHA512
b613a76239b258d4c5ae19b78c3d74afb14de5789c2110881a053ac8fc5679d40fdd941fa4f906b0291db540e32cf3b97d3b64cf0d2f92257896416d04109b0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3e400e6376e0458f2cfcda53cca3adb9

SHA1
f7ba743aaa2923016414451ef933191d71e8b414

SHA256
bf40e794757e6c4d83fcdf2474370b015dc772f498b3965b5146baadb270d3f0

SHA512
29a9cf78838d67ef64612f9068c22ee3e8d4608b8d310bde3ed171699c2ae26207dc48f316e43e9816113df1129fcb652aa2e7a0cb35d7eddccc5d523eed1930

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
af04bf08be8496679c7e51c83269c46c

SHA1
5e1d4702db8e8a43bf0715d88705f8a7fd868cbf

SHA256
e4de0e5e3180ade7dafaf3acaf8660da210c3162d7a20ed65d3a02c74cc9653c

SHA512
5a7e11a551658c71a1b78cebdb6a5360c8b743425011aa6f52124d383b59e539fab8ea27c9fdfae004d08c242cca6d1743461ee64eb30083f3d82dab3ebcc760

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
17d49562e9d1e285ac512a6709f3ad2f

SHA1
8a77842d65ec33eb1eac3ccf0a1e8de99f28bdd4

SHA256
1598c6b452b5e941e15b5c0508cb49e18780d5c90a07fc2e9b3def0d9119571e

SHA512
4c168669969ca43807774abce5cc478ae81f6a4d8c5ff89117da07f43fbccf20308038b608192ee4ea2d5dc194e538bea0c39d233ada41e4a07689c481af6e0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
00c208e38d134a07da70db83961d0ae0

SHA1
1032a6b48f9e54b4db09736fa89ec892b1b488d0

SHA256
df753bfd2bf9ff67e5ce4efbf58bb8f620f145529f573103b613774603a72c59

SHA512
3321724065630127b7827daa8b57784a16aa01038e5b64c755b88a95d339b7382ce7480f7db5eec061a4ecf1774e3351eff36eb3d84419617a2e7c419f0558ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cdec96ac20011b4f58b57d60ebc316f8

SHA1
9c4e65e55ecaeb5f5680bab38b2b7d61a1497359

SHA256
f1a355e5f26e61ba09d05e5666b75fdd143df8a2df60712792dae7317f9806b2

SHA512
c7eb950373f17ffd17461589284b18820870ed1d7853ba19b1e5c2a3d61687a76790762db447f99eb9ed05c26c2c28992e325d9372995876a3f93aa331ecc02b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bb2d10a41047f4c5e07dce1177dd9d5f

SHA1
26aba2a7008dcded070cfa285b27f7b9dbed6c86

SHA256
ce75175264bb68a062e05f90c98f051dbf12d36d303ef1a860b50828d2092d8f

SHA512
99343abf652aa2ef3fed07fdd9398a97547cc7a16eb2a295a93766a948638e5dd0383df24460774d4b661c98c55216af271737de7e19c2e7c2a303eab845026d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
27a6bf2df19b9e43e2e30efdfa0cbbce

SHA1
bacc4748464a4caaa4341b0eade4043816446981

SHA256
4d07c74edf1967377b9cb16906166dce710a04be4e1606389a57a401ef3abd8e

SHA512
a6e2e7a7c305b836af1787e2bf214f9f2297ac27b0db5199956ff9268a98b82ab89bfe79b8a9fa7717afdf21a424141b200ff7c71833f8733e5ee057e73fc9ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cc3bc2627d89db340b1b000fa4c6156a

SHA1
d9d32f655358ecec646ec752d701f948ad7b8116

SHA256
1f24e5e19db8e9829d5ec8278dc4b380a11e340bea6168a94eb00ea384f086f0

SHA512
1eaec9b6d9891b1d4492c7a37bb9b3c71646cf086d2e48ee39cd848dc89f7d2799eb50bbaa359452bac17b5fe63dbabd313d970a1448f62e437c588b974e4803

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8f914b89a6fac9959cc5682401ba9b3c

SHA1
979b8e488003cea54e2f0af6c3a0c1fe33a04135

SHA256
2d7240b46d0f31729076a4d1da1ddb52fd693812500c293692ddc303ac4802d9

SHA512
a8bb766a4646dc5b16e7bdf22423864be54a4fe4b135b44c6f720cd5277415c782993dc1170b8b71b2bf498a8a683fc0fa847fb3854cd628d4e896bdac70e644

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
59a237b9ae8732c1ceacd254381888f6

SHA1
a021968dff8cc8f8d22fc96315b10fe13a1c13f1

SHA256
e05078c3b1a08b51e96039012c581292beb5ca15c67912be19166b5ad81da777

SHA512
4e2e77d933315e205697b9a00c9b174af13d65c737f497d312cbfb785724d32b5ff28ae5dd1d0119e6d43f1d3693b0f39fe7d971163a08065d239b96a98e0c05

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5b5881cab1e229ab6312eec16e5b41b0

SHA1
ddf3c69ba1cc239cfb2ac8e941f1d80e80681611

SHA256
6ea1cfbedef027f9345939b1e352436290aa97a93251aee1a37f02b8437beeb9

SHA512
571607e90b22134e71419372bcf5cb0dee03cc3f3c52af30137d1b4ffdbe9e11291ceb74e5c08779ca2389a308a39e47d479356b8d857ec5aac9be2dbf2dd68d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
52ebe31b6afecd4f81fd3f929d52c45d

SHA1
c9ba4f183783b6c902193a39049835a506747c8e

SHA256
4bb57eefc68a6dfed318cf84d271421f383f6a39ccd58b9ecaa731559ab34ea8

SHA512
e78d705ce9b97506432de4a1ff61fde9dfa123082c7b2455cea4af55797ed53a6f40facc037fbbcf6589b3c0886de29e28885ea91b880fd9bd9b10877e25f2c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab170C.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar171E.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1818.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit